Back to home page

EIC code displayed by LXR
 
 

    

File indexing completed on 2025-08-27 09:37:34 

0001 /**
0002  * \file ssl_ciphersuites.h
0003  *
0004  * \brief SSL Ciphersuites for Mbed TLS
0005  */
0006 /*
0007  *  Copyright The Mbed TLS Contributors
0008  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
0009  */
0010 #ifndef MBEDTLS_SSL_CIPHERSUITES_H
0011 #define MBEDTLS_SSL_CIPHERSUITES_H
0012 #include "mbedtls/private_access.h"
0013 
0014 #include "mbedtls/build_info.h"
0015 
0016 #include "mbedtls/pk.h"
0017 #include "mbedtls/cipher.h"
0018 #include "mbedtls/md.h"
0019 
0020 #ifdef __cplusplus
0021 extern "C" {
0022 #endif
0023 
0024 /*
0025  * Supported ciphersuites (Official IANA names)
0026  */
0027 #define MBEDTLS_TLS_RSA_WITH_NULL_MD5                    0x01   /**< Weak! */
0028 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA                    0x02   /**< Weak! */
0029 
0030 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA                    0x2C   /**< Weak! */
0031 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA                0x2D   /**< Weak! */
0032 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA                0x2E   /**< Weak! */
0033 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA             0x2F
0034 
0035 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x33
0036 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA             0x35
0037 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA         0x39
0038 
0039 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256                 0x3B   /**< Weak! */
0040 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256          0x3C   /**< TLS 1.2 */
0041 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D   /**< TLS 1.2 */
0042 
0043 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        0x41
0044 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    0x45
0045 
0046 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      0x67   /**< TLS 1.2 */
0047 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      0x6B   /**< TLS 1.2 */
0048 
0049 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x84
0050 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x88
0051 
0052 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA             0x8C
0053 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA             0x8D
0054 
0055 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA         0x90
0056 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA         0x91
0057 
0058 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA         0x94
0059 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA         0x95
0060 
0061 #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256          0x9C   /**< TLS 1.2 */
0062 #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384          0x9D   /**< TLS 1.2 */
0063 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      0x9E   /**< TLS 1.2 */
0064 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      0x9F   /**< TLS 1.2 */
0065 
0066 #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256          0xA8   /**< TLS 1.2 */
0067 #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384          0xA9   /**< TLS 1.2 */
0068 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      0xAA   /**< TLS 1.2 */
0069 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      0xAB   /**< TLS 1.2 */
0070 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      0xAC   /**< TLS 1.2 */
0071 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      0xAD   /**< TLS 1.2 */
0072 
0073 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256          0xAE
0074 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384          0xAF
0075 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256                 0xB0   /**< Weak! */
0076 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384                 0xB1   /**< Weak! */
0077 
0078 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      0xB2
0079 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      0xB3
0080 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256             0xB4   /**< Weak! */
0081 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384             0xB5   /**< Weak! */
0082 
0083 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      0xB6
0084 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      0xB7
0085 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256             0xB8   /**< Weak! */
0086 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384             0xB9   /**< Weak! */
0087 
0088 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0xBA   /**< TLS 1.2 */
0089 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE   /**< TLS 1.2 */
0090 
0091 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     0xC0   /**< TLS 1.2 */
0092 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4   /**< TLS 1.2 */
0093 
0094 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA             0xC001 /**< Weak! */
0095 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      0xC004
0096 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      0xC005
0097 
0098 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA            0xC006 /**< Weak! */
0099 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009
0100 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A
0101 
0102 #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA               0xC00B /**< Weak! */
0103 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        0xC00E
0104 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        0xC00F
0105 
0106 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA              0xC010 /**< Weak! */
0107 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       0xC013
0108 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       0xC014
0109 
0110 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023 /**< TLS 1.2 */
0111 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024 /**< TLS 1.2 */
0112 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256   0xC025 /**< TLS 1.2 */
0113 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   0xC026 /**< TLS 1.2 */
0114 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    0xC027 /**< TLS 1.2 */
0115 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    0xC028 /**< TLS 1.2 */
0116 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256     0xC029 /**< TLS 1.2 */
0117 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384     0xC02A /**< TLS 1.2 */
0118 
0119 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B /**< TLS 1.2 */
0120 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C /**< TLS 1.2 */
0121 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   0xC02D /**< TLS 1.2 */
0122 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   0xC02E /**< TLS 1.2 */
0123 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    0xC02F /**< TLS 1.2 */
0124 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    0xC030 /**< TLS 1.2 */
0125 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     0xC031 /**< TLS 1.2 */
0126 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     0xC032 /**< TLS 1.2 */
0127 
0128 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035
0129 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036
0130 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037
0131 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038
0132 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA              0xC039
0133 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A
0134 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B
0135 
0136 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256         0xC03C /**< TLS 1.2 */
0137 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384         0xC03D /**< TLS 1.2 */
0138 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256     0xC044 /**< TLS 1.2 */
0139 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384     0xC045 /**< TLS 1.2 */
0140 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */
0141 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */
0142 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256  0xC04A /**< TLS 1.2 */
0143 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384  0xC04B /**< TLS 1.2 */
0144 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256   0xC04C /**< TLS 1.2 */
0145 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384   0xC04D /**< TLS 1.2 */
0146 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256    0xC04E /**< TLS 1.2 */
0147 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384    0xC04F /**< TLS 1.2 */
0148 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256         0xC050 /**< TLS 1.2 */
0149 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384         0xC051 /**< TLS 1.2 */
0150 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256     0xC052 /**< TLS 1.2 */
0151 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384     0xC053 /**< TLS 1.2 */
0152 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */
0153 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */
0154 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256  0xC05E /**< TLS 1.2 */
0155 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384  0xC05F /**< TLS 1.2 */
0156 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256   0xC060 /**< TLS 1.2 */
0157 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384   0xC061 /**< TLS 1.2 */
0158 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256    0xC062 /**< TLS 1.2 */
0159 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384    0xC063 /**< TLS 1.2 */
0160 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256         0xC064 /**< TLS 1.2 */
0161 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384         0xC065 /**< TLS 1.2 */
0162 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256     0xC066 /**< TLS 1.2 */
0163 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384     0xC067 /**< TLS 1.2 */
0164 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256     0xC068 /**< TLS 1.2 */
0165 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384     0xC069 /**< TLS 1.2 */
0166 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256         0xC06A /**< TLS 1.2 */
0167 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384         0xC06B /**< TLS 1.2 */
0168 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256     0xC06C /**< TLS 1.2 */
0169 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384     0xC06D /**< TLS 1.2 */
0170 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256     0xC06E /**< TLS 1.2 */
0171 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384     0xC06F /**< TLS 1.2 */
0172 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256   0xC070 /**< TLS 1.2 */
0173 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384   0xC071 /**< TLS 1.2 */
0174 
0175 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
0176 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
0177 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0xC074
0178 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0xC075
0179 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076
0180 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077
0181 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0xC078
0182 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0xC079
0183 
0184 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         0xC07A /**< TLS 1.2 */
0185 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         0xC07B /**< TLS 1.2 */
0186 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256     0xC07C /**< TLS 1.2 */
0187 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384     0xC07D /**< TLS 1.2 */
0188 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
0189 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
0190 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  0xC088 /**< TLS 1.2 */
0191 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  0xC089 /**< TLS 1.2 */
0192 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   0xC08A /**< TLS 1.2 */
0193 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   0xC08B /**< TLS 1.2 */
0194 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256    0xC08C /**< TLS 1.2 */
0195 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384    0xC08D /**< TLS 1.2 */
0196 
0197 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256       0xC08E /**< TLS 1.2 */
0198 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384       0xC08F /**< TLS 1.2 */
0199 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC090 /**< TLS 1.2 */
0200 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC091 /**< TLS 1.2 */
0201 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC092 /**< TLS 1.2 */
0202 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC093 /**< TLS 1.2 */
0203 
0204 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256       0xC094
0205 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384       0xC095
0206 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC096
0207 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC097
0208 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC098
0209 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC099
0210 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
0211 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
0212 
0213 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM                0xC09C  /**< TLS 1.2 */
0214 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM                0xC09D  /**< TLS 1.2 */
0215 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM            0xC09E  /**< TLS 1.2 */
0216 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM            0xC09F  /**< TLS 1.2 */
0217 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8              0xC0A0  /**< TLS 1.2 */
0218 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8              0xC0A1  /**< TLS 1.2 */
0219 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8          0xC0A2  /**< TLS 1.2 */
0220 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8          0xC0A3  /**< TLS 1.2 */
0221 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM                0xC0A4  /**< TLS 1.2 */
0222 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM                0xC0A5  /**< TLS 1.2 */
0223 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM            0xC0A6  /**< TLS 1.2 */
0224 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM            0xC0A7  /**< TLS 1.2 */
0225 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8              0xC0A8  /**< TLS 1.2 */
0226 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8              0xC0A9  /**< TLS 1.2 */
0227 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8          0xC0AA  /**< TLS 1.2 */
0228 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8          0xC0AB  /**< TLS 1.2 */
0229 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */
0230 
0231 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM        0xC0AC  /**< TLS 1.2 */
0232 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM        0xC0AD  /**< TLS 1.2 */
0233 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8      0xC0AE  /**< TLS 1.2 */
0234 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8      0xC0AF  /**< TLS 1.2 */
0235 
0236 #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8          0xC0FF  /**< experimental */
0237 
0238 /* RFC 7905 */
0239 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   0xCCA8 /**< TLS 1.2 */
0240 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */
0241 #define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     0xCCAA /**< TLS 1.2 */
0242 #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256         0xCCAB /**< TLS 1.2 */
0243 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256   0xCCAC /**< TLS 1.2 */
0244 #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256     0xCCAD /**< TLS 1.2 */
0245 #define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256     0xCCAE /**< TLS 1.2 */
0246 
0247 /* RFC 8446, Appendix B.4 */
0248 #define MBEDTLS_TLS1_3_AES_128_GCM_SHA256                     0x1301 /**< TLS 1.3 */
0249 #define MBEDTLS_TLS1_3_AES_256_GCM_SHA384                     0x1302 /**< TLS 1.3 */
0250 #define MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256               0x1303 /**< TLS 1.3 */
0251 #define MBEDTLS_TLS1_3_AES_128_CCM_SHA256                     0x1304 /**< TLS 1.3 */
0252 #define MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256                   0x1305 /**< TLS 1.3 */
0253 
0254 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
0255  * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
0256  */
0257 typedef enum {
0258     MBEDTLS_KEY_EXCHANGE_NONE = 0,
0259     MBEDTLS_KEY_EXCHANGE_RSA,
0260     MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0261     MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0262     MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0263     MBEDTLS_KEY_EXCHANGE_PSK,
0264     MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0265     MBEDTLS_KEY_EXCHANGE_RSA_PSK,
0266     MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
0267     MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0268     MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0269     MBEDTLS_KEY_EXCHANGE_ECJPAKE,
0270 } mbedtls_key_exchange_type_t;
0271 
0272 /* Key exchanges using a certificate */
0273 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           || \
0274     defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
0275     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
0276     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
0277     defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
0278     defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
0279     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
0280 #define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
0281 #endif
0282 
0283 /* Key exchanges in either TLS 1.2 or 1.3 which are using an ECDSA
0284  * signature */
0285 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
0286     defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
0287 #define MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED
0288 #endif
0289 
0290 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
0291     defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
0292 #define MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
0293 #endif
0294 
0295 /* Key exchanges allowing client certificate requests.
0296  *
0297  * Note: that's almost the same as MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
0298  * above, except RSA-PSK uses a server certificate but no client cert.
0299  *
0300  * Note: this difference is specific to TLS 1.2, as with TLS 1.3, things are
0301  * more symmetrical: client certs and server certs are either both allowed
0302  * (Ephemeral mode) or both disallowed (PSK and PKS-Ephemeral modes).
0303  */
0304 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           ||       \
0305     defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       ||       \
0306     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     ||       \
0307     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   ||       \
0308     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)    ||       \
0309     defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
0310 #define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
0311 #endif
0312 
0313 /* Helper to state that certificate-based client authentication through ECDSA
0314  * is supported in TLS 1.2 */
0315 #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) && \
0316     defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && defined(MBEDTLS_PK_CAN_ECDSA_VERIFY)
0317 #define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED
0318 #endif
0319 
0320 /* ECDSA required for certificates in either TLS 1.2 or 1.3 */
0321 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
0322     defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
0323 #define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED
0324 #endif
0325 
0326 /* Key exchanges involving server signature in ServerKeyExchange */
0327 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
0328     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
0329     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
0330 #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
0331 #endif
0332 
0333 /* Key exchanges using ECDH */
0334 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
0335     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
0336 #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
0337 #endif
0338 
0339 /* Key exchanges that don't involve ephemeral keys */
0340 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           || \
0341     defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
0342     defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
0343     defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
0344 #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
0345 #endif
0346 
0347 /* Key exchanges that involve ephemeral keys */
0348 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
0349     defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)       || \
0350     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
0351     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)     || \
0352     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
0353     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
0354 #define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
0355 #endif
0356 
0357 /* Key exchanges using a PSK */
0358 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
0359     defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
0360     defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)       || \
0361     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
0362 #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
0363 #endif
0364 
0365 /* Key exchanges using DHE */
0366 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
0367     defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
0368 #define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
0369 #endif
0370 
0371 /* Key exchanges using ECDHE */
0372 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
0373     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
0374     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
0375 #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
0376 #endif
0377 
0378 /* TLS 1.2 key exchanges using ECDH or ECDHE*/
0379 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \
0380     defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
0381 #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED
0382 #endif
0383 
0384 /* TLS 1.3 PSK key exchanges */
0385 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \
0386     defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
0387 #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
0388 #endif
0389 
0390 /* TLS 1.2 or 1.3 key exchanges with PSK */
0391 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \
0392     defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
0393 #define MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
0394 #endif
0395 
0396 /* TLS 1.3 ephemeral key exchanges */
0397 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \
0398     defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
0399 #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED
0400 #endif
0401 
0402 /* TLS 1.3 key exchanges using ECDHE */
0403 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
0404     defined(PSA_WANT_ALG_ECDH)
0405 #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED
0406 #endif
0407 
0408 /* TLS 1.2 or 1.3 key exchanges using ECDH or ECDHE */
0409 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
0410     defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED)
0411 #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED
0412 #endif
0413 
0414 /* TLS 1.2 XXDH key exchanges: ECDH or ECDHE or FFDH */
0415 #if (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
0416     defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED))
0417 #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED
0418 #endif
0419 
0420 /* The handshake params structure has a set of fields called xxdh_psa which are used:
0421  * - by TLS 1.2 with `USE_PSA` to do ECDH or ECDHE;
0422  * - by TLS 1.3 to do ECDHE or FFDHE.
0423  * The following macros can be used to guard their declaration and use.
0424  */
0425 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) && \
0426     defined(MBEDTLS_USE_PSA_CRYPTO)
0427 #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED
0428 #endif
0429 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED) || \
0430     defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
0431 #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED
0432 #endif
0433 
0434 typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
0435 
0436 #define MBEDTLS_CIPHERSUITE_WEAK       0x01    /**< Weak ciphersuite flag  */
0437 #define MBEDTLS_CIPHERSUITE_SHORT_TAG  0x02    /**< Short authentication tag,
0438                                                      eg for CCM_8 */
0439 #define MBEDTLS_CIPHERSUITE_NODTLS     0x04    /**< Can't be used with DTLS */
0440 
0441 /**
0442  * \brief   This structure is used for storing ciphersuite information
0443  *
0444  * \note    members are defined using integral types instead of enums
0445  *          in order to pack structure and reduce memory usage by internal
0446  *          \c ciphersuite_definitions[]
0447  */
0448 struct mbedtls_ssl_ciphersuite_t {
0449     int MBEDTLS_PRIVATE(id);
0450     const char *MBEDTLS_PRIVATE(name);
0451 
0452     uint8_t MBEDTLS_PRIVATE(cipher);           /* mbedtls_cipher_type_t */
0453     uint8_t MBEDTLS_PRIVATE(mac);              /* mbedtls_md_type_t */
0454     uint8_t MBEDTLS_PRIVATE(key_exchange);     /* mbedtls_key_exchange_type_t */
0455     uint8_t MBEDTLS_PRIVATE(flags);
0456 
0457     uint16_t MBEDTLS_PRIVATE(min_tls_version); /* mbedtls_ssl_protocol_version */
0458     uint16_t MBEDTLS_PRIVATE(max_tls_version); /* mbedtls_ssl_protocol_version */
0459 };
0460 
0461 const int *mbedtls_ssl_list_ciphersuites(void);
0462 
0463 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name);
0464 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id);
0465 
0466 static inline const char *mbedtls_ssl_ciphersuite_get_name(const mbedtls_ssl_ciphersuite_t *info)
0467 {
0468     return info->MBEDTLS_PRIVATE(name);
0469 }
0470 
0471 static inline int mbedtls_ssl_ciphersuite_get_id(const mbedtls_ssl_ciphersuite_t *info)
0472 {
0473     return info->MBEDTLS_PRIVATE(id);
0474 }
0475 
0476 size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info);
0477 
0478 #ifdef __cplusplus
0479 }
0480 #endif
0481 
0482 #endif /* ssl_ciphersuites.h */
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.3.7 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!