mbed TLS v2.16.3
ssl_ciphersuites.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  *
22  * This file is part of mbed TLS (https://tls.mbed.org)
23  */
24 #ifndef MBEDTLS_SSL_CIPHERSUITES_H
25 #define MBEDTLS_SSL_CIPHERSUITES_H
26 
27 #if !defined(MBEDTLS_CONFIG_FILE)
28 #include "config.h"
29 #else
30 #include MBEDTLS_CONFIG_FILE
31 #endif
32 
33 #include "pk.h"
34 #include "cipher.h"
35 #include "md.h"
36 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
41 /*
42  * Supported ciphersuites (Official IANA names)
43  */
44 #define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
45 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
47 #define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04
48 #define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05
49 #define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09
51 #define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
52 
53 #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15
54 #define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
55 
56 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
57 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
58 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
59 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
60 
61 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
62 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
63 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
64 
65 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
66 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
67 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
69 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
70 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
71 
72 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
73 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
75 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
76 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
77 
78 #define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A
79 #define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
80 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
81 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
82 
83 #define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
84 #define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
85 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
86 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
87 
88 #define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
89 #define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
90 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
91 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
92 
93 #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
94 #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
95 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
96 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
98 #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
99 #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
100 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
101 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
102 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
103 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
105 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
106 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
107 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
108 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
110 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
111 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
112 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
113 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
115 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
116 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
117 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
118 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
120 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
121 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE
123 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
124 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4
126 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
127 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
128 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
129 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
130 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
132 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
133 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
134 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
135 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
136 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
138 #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
139 #define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
140 #define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
141 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
142 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
144 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
145 #define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
146 #define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
147 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
148 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
150 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
151 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
152 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
153 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
154 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
155 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
156 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
157 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
159 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
160 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
161 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
162 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
163 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
164 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
165 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
166 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
168 #define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033
169 #define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034
170 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
171 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
172 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
173 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
174 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
175 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
176 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
178 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
179 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
180 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
181 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
182 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048
183 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049
184 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
185 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
186 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
187 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
188 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
189 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
190 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
191 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
192 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
193 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
194 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C
195 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D
196 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
197 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
198 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
199 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
200 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
201 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
202 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
203 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
204 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
205 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
206 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
207 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
208 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
209 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
210 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
211 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
212 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
213 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
214 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
215 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
217 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
218 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
219 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074
220 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075
221 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076
222 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077
223 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
224 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
226 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
227 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
228 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
229 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
230 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
231 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087
232 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
233 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
234 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
235 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
236 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
237 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
239 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
240 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
241 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
242 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
243 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
244 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
246 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
247 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
248 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
249 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
250 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
251 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
252 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
253 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
255 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
256 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
257 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
258 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
259 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
260 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
261 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
262 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
263 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
264 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
265 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
266 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
267 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
268 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
269 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
270 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
271 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */
272 
273 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
274 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
275 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
276 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
278 #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
280 /* RFC 7905 */
281 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
282 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
283 #define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
284 #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
285 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
286 #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
287 #define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
289 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
290  * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
291  */
292 typedef enum {
306 
307 /* Key exchanges using a certificate */
308 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
309  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
310  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
311  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
312  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
313  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
314  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
315 #define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
316 #endif
317 
318 /* Key exchanges allowing client certificate requests */
319 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
320  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
321  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
322  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
323  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
324  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
325 #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
326 #endif
327 
328 /* Key exchanges involving server signature in ServerKeyExchange */
329 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
330  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
331  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
332 #define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED
333 #endif
334 
335 /* Key exchanges using ECDH */
336 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
337  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
338 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED
339 #endif
340 
341 /* Key exchanges that don't involve ephemeral keys */
342 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
343  defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
344  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
345  defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
346 #define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED
347 #endif
348 
349 /* Key exchanges that involve ephemeral keys */
350 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
351  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
352  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
353  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
354  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
355  defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
356 #define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED
357 #endif
358 
359 /* Key exchanges using a PSK */
360 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
361  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
362  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
363  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
364 #define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
365 #endif
366 
367 /* Key exchanges using DHE */
368 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
369  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
370 #define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED
371 #endif
372 
373 /* Key exchanges using ECDHE */
374 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
375  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
376  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
377 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
378 #endif
379 
381 
382 #define MBEDTLS_CIPHERSUITE_WEAK 0x01
383 #define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
385 #define MBEDTLS_CIPHERSUITE_NODTLS 0x04
390 struct mbedtls_ssl_ciphersuite_t
391 {
392  int id;
393  const char * name;
394 
398 
403 
404  unsigned char flags;
405 };
406 
407 const int *mbedtls_ssl_list_ciphersuites( void );
408 
409 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
411 
412 #if defined(MBEDTLS_PK_C)
415 #endif
416 
419 
420 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
422 {
423  switch( info->key_exchange )
424  {
431  return( 1 );
432 
433  default:
434  return( 0 );
435  }
436 }
437 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
438 
439 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
441 {
442  switch( info->key_exchange )
443  {
449  return( 1 );
450 
451  default:
452  return( 0 );
453  }
454 }
455 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
456 
457 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
459 {
460  switch( info->key_exchange )
461  {
464  return( 1 );
465 
466  default:
467  return( 0 );
468  }
469 }
470 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
471 
473 {
474  switch( info->key_exchange )
475  {
482  return( 1 );
483 
484  default:
485  return( 0 );
486  }
487 }
488 
489 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
491 {
492  switch( info->key_exchange )
493  {
496  return( 1 );
497 
498  default:
499  return( 0 );
500  }
501 }
502 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */
503 
504 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
506 {
507  switch( info->key_exchange )
508  {
512  return( 1 );
513 
514  default:
515  return( 0 );
516  }
517 }
518 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */
519 
520 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
522 {
523  switch( info->key_exchange )
524  {
528  return( 1 );
529 
530  default:
531  return( 0 );
532  }
533 }
534 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
535 
536 #ifdef __cplusplus
537 }
538 #endif
539 
540 #endif /* ssl_ciphersuites.h */
mbedtls_ssl_ciphersuite_t
This structure is used for storing ciphersuite information.
Definition: ssl_ciphersuites.h:390
mbedtls_ssl_ciphersuite_from_string
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name)
MBEDTLS_KEY_EXCHANGE_NONE
@ MBEDTLS_KEY_EXCHANGE_NONE
Definition: ssl_ciphersuites.h:293
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
Definition: ssl_ciphersuites.h:301
mbedtls_md_type_t
mbedtls_md_type_t
Supported message digests.
Definition: md.h:58
mbedtls_ssl_ciphersuite_uses_ecdhe
static int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:505
mbedtls_key_exchange_type_t
mbedtls_key_exchange_type_t
Definition: ssl_ciphersuites.h:292
mbedtls_ssl_ciphersuite_t::min_minor_ver
int min_minor_ver
Definition: ssl_ciphersuites.h:400
mbedtls_ssl_ciphersuite_t::max_major_ver
int max_major_ver
Definition: ssl_ciphersuites.h:401
md.h
This file contains the generic message-digest wrapper.
mbedtls_ssl_ciphersuite_t::flags
unsigned char flags
Definition: ssl_ciphersuites.h:404
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
@ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
Definition: ssl_ciphersuites.h:303
mbedtls_ssl_ciphersuite_uses_ec
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
MBEDTLS_KEY_EXCHANGE_ECDH_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDH_RSA
Definition: ssl_ciphersuites.h:302
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
@ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
Definition: ssl_ciphersuites.h:297
mbedtls_ssl_ciphersuite_uses_dhe
static int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:490
MBEDTLS_KEY_EXCHANGE_DHE_PSK
@ MBEDTLS_KEY_EXCHANGE_DHE_PSK
Definition: ssl_ciphersuites.h:299
mbedtls_ssl_ciphersuite_t::key_exchange
mbedtls_key_exchange_type_t key_exchange
Definition: ssl_ciphersuites.h:397
mbedtls_ssl_ciphersuite_uses_psk
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_ssl_get_ciphersuite_sig_alg
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_ssl_ciphersuite_t::max_minor_ver
int max_minor_ver
Definition: ssl_ciphersuites.h:402
mbedtls_ssl_ciphersuite_t::mac
mbedtls_md_type_t mac
Definition: ssl_ciphersuites.h:396
mbedtls_ssl_ciphersuite_has_pfs
static int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:421
MBEDTLS_KEY_EXCHANGE_ECJPAKE
@ MBEDTLS_KEY_EXCHANGE_ECJPAKE
Definition: ssl_ciphersuites.h:304
cipher.h
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
mbedtls_ssl_ciphersuite_t::cipher
mbedtls_cipher_type_t cipher
Definition: ssl_ciphersuites.h:395
MBEDTLS_KEY_EXCHANGE_DHE_RSA
@ MBEDTLS_KEY_EXCHANGE_DHE_RSA
Definition: ssl_ciphersuites.h:295
mbedtls_ssl_ciphersuite_uses_server_signature
static int mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:521
mbedtls_ssl_ciphersuite_uses_ecdh
static int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:458
mbedtls_pk_type_t
mbedtls_pk_type_t
Public key types.
Definition: pk.h:78
mbedtls_ssl_ciphersuite_t::name
const char * name
Definition: ssl_ciphersuites.h:393
mbedtls_ssl_get_ciphersuite_sig_pk_alg
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_ssl_ciphersuite_t::id
int id
Definition: ssl_ciphersuites.h:392
mbedtls_ssl_ciphersuite_cert_req_allowed
static int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:472
pk.h
Public Key abstraction layer.
config.h
Configuration options (set of defines)
mbedtls_ssl_ciphersuite_no_pfs
static int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:440
MBEDTLS_KEY_EXCHANGE_PSK
@ MBEDTLS_KEY_EXCHANGE_PSK
Definition: ssl_ciphersuites.h:298
mbedtls_ssl_list_ciphersuites
const int * mbedtls_ssl_list_ciphersuites(void)
mbedtls_ssl_ciphersuite_t::min_major_ver
int min_major_ver
Definition: ssl_ciphersuites.h:399
MBEDTLS_KEY_EXCHANGE_RSA_PSK
@ MBEDTLS_KEY_EXCHANGE_RSA_PSK
Definition: ssl_ciphersuites.h:300
MBEDTLS_KEY_EXCHANGE_RSA
@ MBEDTLS_KEY_EXCHANGE_RSA
Definition: ssl_ciphersuites.h:294
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
Definition: ssl_ciphersuites.h:296
mbedtls_cipher_type_t
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:104
mbedtls_ssl_ciphersuite_from_id
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id)