ReactOS 0.4.15-dev-7924-g5949c20
ssl_ciphersuites.h
Go to the documentation of this file.
1
6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 *
10 * This file is provided under the Apache License 2.0, or the
11 * GNU General Public License v2.0 or later.
12 *
13 * **********
14 * Apache License 2.0:
15 *
16 * Licensed under the Apache License, Version 2.0 (the "License"); you may
17 * not use this file except in compliance with the License.
18 * You may obtain a copy of the License at
19 *
20 * http://www.apache.org/licenses/LICENSE-2.0
21 *
22 * Unless required by applicable law or agreed to in writing, software
23 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
24 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25 * See the License for the specific language governing permissions and
26 * limitations under the License.
27 *
28 * **********
29 *
30 * **********
31 * GNU General Public License v2.0 or later:
32 *
33 * This program is free software; you can redistribute it and/or modify
34 * it under the terms of the GNU General Public License as published by
35 * the Free Software Foundation; either version 2 of the License, or
36 * (at your option) any later version.
37 *
38 * This program is distributed in the hope that it will be useful,
39 * but WITHOUT ANY WARRANTY; without even the implied warranty of
40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41 * GNU General Public License for more details.
42 *
43 * You should have received a copy of the GNU General Public License along
44 * with this program; if not, write to the Free Software Foundation, Inc.,
45 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
46 *
47 * **********
48 */
49#ifndef MBEDTLS_SSL_CIPHERSUITES_H
50#define MBEDTLS_SSL_CIPHERSUITES_H
51
52#if !defined(MBEDTLS_CONFIG_FILE)
53#include "config.h"
54#else
55#include MBEDTLS_CONFIG_FILE
56#endif
57
58#include "pk.h"
59#include "cipher.h"
60#include "md.h"
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/*
67 * Supported ciphersuites (Official IANA names)
68 */
69#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
70#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
72#define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04
73#define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05
74#define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09
76#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
77
78#define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15
79#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
80
81#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
82#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
83#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
84#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
85
86#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
87#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
88#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
89
90#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
91#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
92#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
94#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
95#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
96
97#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
98#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
100#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
101#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
102
103#define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A
104#define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
105#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
106#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
107
108#define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
109#define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
110#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
111#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
112
113#define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
114#define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
115#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
116#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
117
118#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
119#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
120#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
121#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
123#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
124#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
125#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
126#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
127#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
128#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
130#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
131#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
132#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
133#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
135#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
136#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
137#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
138#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
140#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
141#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
142#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
143#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
145#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
146#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE
148#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
149#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4
151#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
152#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
153#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
154#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
155#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
157#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
158#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
159#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
160#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
161#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
163#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
164#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
165#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
166#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
167#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
169#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
170#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
171#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
172#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
173#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
175#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
176#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
177#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
178#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
179#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
180#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
181#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
182#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
184#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
185#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
186#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
187#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
188#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
189#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
190#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
191#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
193#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033
194#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034
195#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
196#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
197#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
198#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
199#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
200#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
201#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
203#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
204#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
205#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
206#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
207#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048
208#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049
209#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
210#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
211#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
212#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
213#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
214#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
215#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
216#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
217#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
218#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
219#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C
220#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D
221#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
222#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
223#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
224#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
225#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
226#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
227#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
228#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
229#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
230#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
231#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
232#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
233#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
234#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
235#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
236#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
237#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
238#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
239#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
240#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
242#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
243#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
244#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074
245#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075
246#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076
247#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077
248#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
249#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
251#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
252#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
253#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
254#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
255#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
256#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087
257#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
258#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
259#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
260#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
261#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
262#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
264#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
265#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
266#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
267#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
268#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
269#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
271#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
272#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
273#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
274#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
275#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
276#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
277#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
278#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
280#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
281#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
282#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
283#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
284#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
285#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
286#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
287#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
288#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
289#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
290#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
291#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
292#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
293#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
294#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
295#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
296/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
297
298#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
299#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
300#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
301#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
303#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
305/* RFC 7905 */
306#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
307#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
308#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
309#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
310#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
311#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
312#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
314/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
315 * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
316 */
317typedef enum {
318 MBEDTLS_KEY_EXCHANGE_NONE = 0,
319 MBEDTLS_KEY_EXCHANGE_RSA,
320 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
321 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
322 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
323 MBEDTLS_KEY_EXCHANGE_PSK,
324 MBEDTLS_KEY_EXCHANGE_DHE_PSK,
325 MBEDTLS_KEY_EXCHANGE_RSA_PSK,
326 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
327 MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
328 MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
329 MBEDTLS_KEY_EXCHANGE_ECJPAKE,
330} mbedtls_key_exchange_type_t;
331
332/* Key exchanges using a certificate */
333#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
334 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
335 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
336 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
337 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
338 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
339 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
340#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
341#endif
342
343/* Key exchanges allowing client certificate requests */
344#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
345 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
346 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
347 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
348 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
349 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
350#define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
351#endif
352
353/* Key exchanges involving server signature in ServerKeyExchange */
354#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
355 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
356 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
357#define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED
358#endif
359
360/* Key exchanges using ECDH */
361#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
362 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
363#define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED
364#endif
365
366/* Key exchanges that don't involve ephemeral keys */
367#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
368 defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
369 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
370 defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
371#define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED
372#endif
373
374/* Key exchanges that involve ephemeral keys */
375#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
376 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
377 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
378 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
379 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
380 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
381#define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED
382#endif
383
384/* Key exchanges using a PSK */
385#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
386 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
387 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
388 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
389#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
390#endif
391
392/* Key exchanges using DHE */
393#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
394 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
395#define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED
396#endif
397
398/* Key exchanges using ECDHE */
399#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
400 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
401 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
402#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
403#endif
404
405typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
406
407#define MBEDTLS_CIPHERSUITE_WEAK 0x01
408#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
410#define MBEDTLS_CIPHERSUITE_NODTLS 0x04
415struct mbedtls_ssl_ciphersuite_t
416{
417 int id;
418 const char * name;
419
420 mbedtls_cipher_type_t cipher;
421 mbedtls_md_type_t mac;
422 mbedtls_key_exchange_type_t key_exchange;
423
424 int min_major_ver;
425 int min_minor_ver;
426 int max_major_ver;
427 int max_minor_ver;
428
429 unsigned char flags;
430};
431
432const int *mbedtls_ssl_list_ciphersuites( void );
433
434const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
435const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
436
437#if defined(MBEDTLS_PK_C)
438mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
439mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info );
440#endif
441
442int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
443int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
444
445#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
446static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
447{
448 switch( info->key_exchange )
449 {
450 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
451 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
452 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
453 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
454 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
455 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
456 return( 1 );
457
458 default:
459 return( 0 );
460 }
461}
462#endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
463
464#if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
465static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
466{
467 switch( info->key_exchange )
468 {
469 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
470 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
471 case MBEDTLS_KEY_EXCHANGE_RSA:
472 case MBEDTLS_KEY_EXCHANGE_PSK:
473 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
474 return( 1 );
475
476 default:
477 return( 0 );
478 }
479}
480#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
481
482#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
483static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
484{
485 switch( info->key_exchange )
486 {
487 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
488 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
489 return( 1 );
490
491 default:
492 return( 0 );
493 }
494}
495#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
496
497static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
498{
499 switch( info->key_exchange )
500 {
501 case MBEDTLS_KEY_EXCHANGE_RSA:
502 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
503 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
504 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
505 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
506 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
507 return( 1 );
508
509 default:
510 return( 0 );
511 }
512}
513
514#if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
515static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
516{
517 switch( info->key_exchange )
518 {
519 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
520 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
521 return( 1 );
522
523 default:
524 return( 0 );
525 }
526}
527#endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */
528
529#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
530static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
531{
532 switch( info->key_exchange )
533 {
534 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
535 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
536 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
537 return( 1 );
538
539 default:
540 return( 0 );
541 }
542}
543#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */
544
545#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
546static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
547{
548 switch( info->key_exchange )
549 {
550 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
551 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
552 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
553 return( 1 );
554
555 default:
556 return( 0 );
557 }
558}
559#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
560
561#ifdef __cplusplus
562}
563#endif
564
565#endif /* ssl_ciphersuites.h */
cipher.h
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
mbedtls_cipher_type_t
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:129
md.h
This file contains the generic message-digest wrapper.
mbedtls_md_type_t
mbedtls_md_type_t
Supported message digests.
Definition: md.h:83
pk.h
Public Key abstraction layer.
mbedtls_pk_type_t
mbedtls_pk_type_t
Public key types.
Definition: pk.h:103
mbedtls_ssl_ciphersuite_from_id
#define mbedtls_ssl_ciphersuite_from_id
Definition: schannel_mbedtls_lazyload.h:148
mbedtls_ssl_ciphersuite_uses_psk
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_ssl_ciphersuite_has_pfs
static int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:446
mbedtls_ssl_ciphersuite_uses_ec
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_ssl_list_ciphersuites
const int * mbedtls_ssl_list_ciphersuites(void)
mbedtls_ssl_get_ciphersuite_sig_alg
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_ssl_get_ciphersuite_sig_pk_alg
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_ssl_ciphersuite_no_pfs
static int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:465
mbedtls_ssl_ciphersuite_from_string
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name)
mbedtls_ssl_ciphersuite_cert_req_allowed
static int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:497
mbedtls_ssl_ciphersuite_uses_ecdhe
static int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:530
mbedtls_ssl_ciphersuite_uses_dhe
static int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:515
mbedtls_ssl_ciphersuite_uses_ecdh
static int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:483
mbedtls_ssl_ciphersuite_uses_server_signature
static int mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:546
mbedtls_key_exchange_type_t
mbedtls_key_exchange_type_t
Definition: ssl_ciphersuites.h:317
MBEDTLS_KEY_EXCHANGE_PSK
@ MBEDTLS_KEY_EXCHANGE_PSK
Definition: ssl_ciphersuites.h:323
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
@ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
Definition: ssl_ciphersuites.h:328
MBEDTLS_KEY_EXCHANGE_DHE_PSK
@ MBEDTLS_KEY_EXCHANGE_DHE_PSK
Definition: ssl_ciphersuites.h:324
MBEDTLS_KEY_EXCHANGE_DHE_RSA
@ MBEDTLS_KEY_EXCHANGE_DHE_RSA
Definition: ssl_ciphersuites.h:320
MBEDTLS_KEY_EXCHANGE_ECDH_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDH_RSA
Definition: ssl_ciphersuites.h:327
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
@ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
Definition: ssl_ciphersuites.h:322
MBEDTLS_KEY_EXCHANGE_RSA
@ MBEDTLS_KEY_EXCHANGE_RSA
Definition: ssl_ciphersuites.h:319
MBEDTLS_KEY_EXCHANGE_ECJPAKE
@ MBEDTLS_KEY_EXCHANGE_ECJPAKE
Definition: ssl_ciphersuites.h:329
MBEDTLS_KEY_EXCHANGE_RSA_PSK
@ MBEDTLS_KEY_EXCHANGE_RSA_PSK
Definition: ssl_ciphersuites.h:325
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
Definition: ssl_ciphersuites.h:326
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
Definition: ssl_ciphersuites.h:321
MBEDTLS_KEY_EXCHANGE_NONE
@ MBEDTLS_KEY_EXCHANGE_NONE
Definition: ssl_ciphersuites.h:318
mbedtls_ssl_ciphersuite_t
This structure is used for storing ciphersuite information.
Definition: ssl_ciphersuites.h:416
mbedtls_ssl_ciphersuite_t::id
int id
Definition: ssl_ciphersuites.h:417
mbedtls_ssl_ciphersuite_t::min_major_ver
int min_major_ver
Definition: ssl_ciphersuites.h:424
mbedtls_ssl_ciphersuite_t::max_minor_ver
int max_minor_ver
Definition: ssl_ciphersuites.h:427
mbedtls_ssl_ciphersuite_t::key_exchange
mbedtls_key_exchange_type_t key_exchange
Definition: ssl_ciphersuites.h:422
mbedtls_ssl_ciphersuite_t::mac
mbedtls_md_type_t mac
Definition: ssl_ciphersuites.h:421
mbedtls_ssl_ciphersuite_t::flags
unsigned char flags
Definition: ssl_ciphersuites.h:429
mbedtls_ssl_ciphersuite_t::max_major_ver
int max_major_ver
Definition: ssl_ciphersuites.h:426
mbedtls_ssl_ciphersuite_t::name
const char * name
Definition: ssl_ciphersuites.h:418
mbedtls_ssl_ciphersuite_t::cipher
mbedtls_cipher_type_t cipher
Definition: ssl_ciphersuites.h:420
mbedtls_ssl_ciphersuite_t::min_minor_ver
int min_minor_ver
Definition: ssl_ciphersuites.h:425