Mbed TLS v2.28.8
ssl_ciphersuites.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright The Mbed TLS Contributors
8  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  */
10 #ifndef MBEDTLS_SSL_CIPHERSUITES_H
11 #define MBEDTLS_SSL_CIPHERSUITES_H
12 
13 #if !defined(MBEDTLS_CONFIG_FILE)
14 #include "mbedtls/config.h"
15 #else
16 #include MBEDTLS_CONFIG_FILE
17 #endif
18 
19 #include "mbedtls/pk.h"
20 #include "mbedtls/cipher.h"
21 #include "mbedtls/md.h"
22 
23 #ifdef __cplusplus
24 extern "C" {
25 #endif
26 
27 /*
28  * Supported ciphersuites (Official IANA names)
29  */
30 #define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
31 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
33 #define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04
34 #define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05
35 #define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09
37 #define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
38 
39 #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15
40 #define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
41 
42 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
43 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
44 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
45 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
46 
47 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
48 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
49 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
50 
51 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
52 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
53 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
55 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
56 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
57 
58 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
59 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
61 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
62 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
63 
64 #define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A
65 #define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
66 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
67 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
68 
69 #define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
70 #define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
71 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
72 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
73 
74 #define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
75 #define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
76 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
77 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
78 
79 #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
80 #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
81 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
82 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
84 #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
85 #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
86 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
87 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
88 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
89 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
91 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
92 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
93 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
94 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
96 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
97 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
98 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
99 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
101 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
102 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
103 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
104 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
106 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
107 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE
109 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
110 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4
112 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
113 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
114 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
115 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
116 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
118 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
119 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
120 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
121 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
122 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
124 #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
125 #define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
126 #define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
127 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
128 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
130 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
131 #define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
132 #define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
133 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
134 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
136 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
137 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
138 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
139 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
140 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
141 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
142 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
143 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
145 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
146 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
147 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
148 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
149 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
150 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
151 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
152 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
154 #define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033
155 #define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034
156 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
157 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
158 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
159 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
160 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
161 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
162 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
164 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
165 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
166 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
167 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
168 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048
169 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049
170 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
171 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
172 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
173 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
174 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
175 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
176 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
177 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
178 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
179 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
180 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C
181 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D
182 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
183 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
184 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
185 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
186 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
187 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
188 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
189 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
190 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
191 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
192 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
193 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
194 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
195 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
196 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
197 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
198 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
199 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
200 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
201 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
203 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
204 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
205 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074
206 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075
207 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076
208 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077
209 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
210 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
212 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
213 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
214 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
215 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
216 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
217 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087
218 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
219 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
220 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
221 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
222 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
223 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
225 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
226 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
227 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
228 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
229 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
230 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
232 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
233 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
234 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
235 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
236 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
237 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
238 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
239 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
241 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
242 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
243 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
244 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
245 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
246 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
247 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
248 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
249 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
250 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
251 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
252 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
253 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
254 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
255 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
256 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
257 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */
258 
259 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
260 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
261 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
262 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
264 #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
266 /* RFC 7905 */
267 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
268 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
269 #define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
270 #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
271 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
272 #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
273 #define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
275 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
276  * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
277  */
278 typedef enum {
292 
293 /* Key exchanges using a certificate */
294 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
295  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
296  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
297  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
298  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
299  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
300  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
301 #define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
302 #endif
303 
304 /* Key exchanges allowing client certificate requests */
305 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
306  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
307  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
308  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
309  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
310  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
311 #define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
312 #endif
313 
314 /* Key exchanges involving server signature in ServerKeyExchange */
315 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
316  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
317  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
318 #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
319 #endif
320 
321 /* Key exchanges using ECDH */
322 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
323  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
324 #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
325 #endif
326 
327 /* Key exchanges that don't involve ephemeral keys */
328 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
329  defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
330  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
331  defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
332 #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
333 #endif
334 
335 /* Key exchanges that involve ephemeral keys */
336 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
337  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
338  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
339  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
340  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
341  defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
342 #define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
343 #endif
344 
345 /* Key exchanges using a PSK */
346 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
347  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
348  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
349  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
350 #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
351 #endif
352 
353 /* Key exchanges using DHE */
354 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
355  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
356 #define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
357 #endif
358 
359 /* Key exchanges using ECDHE */
360 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
361  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
362  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
363 #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
364 #endif
365 
367 
368 #define MBEDTLS_CIPHERSUITE_WEAK 0x01
369 #define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
371 #define MBEDTLS_CIPHERSUITE_NODTLS 0x04
376 struct mbedtls_ssl_ciphersuite_t {
377  int id;
378  const char *name;
379 
383 
388 
389  unsigned char flags;
390 };
391 
392 const int *mbedtls_ssl_list_ciphersuites(void);
393 
394 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name);
396 
397 #if defined(MBEDTLS_PK_C)
400 #endif
401 
404 
405 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
407 {
408  switch (info->key_exchange) {
415  return 1;
416 
417  default:
418  return 0;
419  }
420 }
421 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
422 
423 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
425 {
426  switch (info->key_exchange) {
432  return 1;
433 
434  default:
435  return 0;
436  }
437 }
438 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
439 
440 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
442 {
443  switch (info->key_exchange) {
446  return 1;
447 
448  default:
449  return 0;
450  }
451 }
452 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
453 
455 {
456  switch (info->key_exchange) {
463  return 1;
464 
465  default:
466  return 0;
467  }
468 }
469 
471 {
472  switch (info->key_exchange) {
480  return 1;
481 
482  default:
483  return 0;
484  }
485 }
486 
487 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
489 {
490  switch (info->key_exchange) {
493  return 1;
494 
495  default:
496  return 0;
497  }
498 }
499 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
500 
501 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
503 {
504  switch (info->key_exchange) {
508  return 1;
509 
510  default:
511  return 0;
512  }
513 }
514 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
515 
516 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
518  const mbedtls_ssl_ciphersuite_t *info)
519 {
520  switch (info->key_exchange) {
524  return 1;
525 
526  default:
527  return 0;
528  }
529 }
530 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
531 
532 #ifdef __cplusplus
533 }
534 #endif
535 
536 #endif /* ssl_ciphersuites.h */
mbedtls_ssl_ciphersuite_t
This structure is used for storing ciphersuite information.
Definition: ssl_ciphersuites.h:376
mbedtls_ssl_ciphersuite_from_string
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name)
MBEDTLS_KEY_EXCHANGE_NONE
@ MBEDTLS_KEY_EXCHANGE_NONE
Definition: ssl_ciphersuites.h:279
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
Definition: ssl_ciphersuites.h:287
mbedtls_md_type_t
mbedtls_md_type_t
Supported message digests.
Definition: md.h:50
mbedtls_ssl_ciphersuite_uses_ecdhe
static int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:502
mbedtls_ssl_ciphersuite_uses_srv_cert
static int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:470
mbedtls_key_exchange_type_t
mbedtls_key_exchange_type_t
Definition: ssl_ciphersuites.h:278
mbedtls_ssl_ciphersuite_t::min_minor_ver
int min_minor_ver
Definition: ssl_ciphersuites.h:385
mbedtls_ssl_ciphersuite_t::max_major_ver
int max_major_ver
Definition: ssl_ciphersuites.h:386
md.h
This file contains the generic message-digest wrapper.
mbedtls_ssl_ciphersuite_t::flags
unsigned char flags
Definition: ssl_ciphersuites.h:389
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
@ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
Definition: ssl_ciphersuites.h:289
mbedtls_ssl_ciphersuite_uses_ec
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
MBEDTLS_KEY_EXCHANGE_ECDH_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDH_RSA
Definition: ssl_ciphersuites.h:288
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
@ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
Definition: ssl_ciphersuites.h:283
mbedtls_ssl_ciphersuite_uses_dhe
static int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:488
MBEDTLS_KEY_EXCHANGE_DHE_PSK
@ MBEDTLS_KEY_EXCHANGE_DHE_PSK
Definition: ssl_ciphersuites.h:285
mbedtls_ssl_ciphersuite_t::key_exchange
mbedtls_key_exchange_type_t key_exchange
Definition: ssl_ciphersuites.h:382
mbedtls_ssl_ciphersuite_uses_psk
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_ssl_get_ciphersuite_sig_alg
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_ssl_ciphersuite_t::max_minor_ver
int max_minor_ver
Definition: ssl_ciphersuites.h:387
mbedtls_ssl_ciphersuite_t::mac
mbedtls_md_type_t mac
Definition: ssl_ciphersuites.h:381
mbedtls_ssl_ciphersuite_has_pfs
static int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:406
MBEDTLS_KEY_EXCHANGE_ECJPAKE
@ MBEDTLS_KEY_EXCHANGE_ECJPAKE
Definition: ssl_ciphersuites.h:290
cipher.h
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
mbedtls_ssl_ciphersuite_t::cipher
mbedtls_cipher_type_t cipher
Definition: ssl_ciphersuites.h:380
MBEDTLS_KEY_EXCHANGE_DHE_RSA
@ MBEDTLS_KEY_EXCHANGE_DHE_RSA
Definition: ssl_ciphersuites.h:281
mbedtls_ssl_ciphersuite_uses_server_signature
static int mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:517
mbedtls_ssl_ciphersuite_uses_ecdh
static int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:441
mbedtls_pk_type_t
mbedtls_pk_type_t
Public key types.
Definition: pk.h:83
mbedtls_ssl_ciphersuite_t::name
const char * name
Definition: ssl_ciphersuites.h:378
mbedtls_ssl_get_ciphersuite_sig_pk_alg
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_ssl_ciphersuite_t::id
int id
Definition: ssl_ciphersuites.h:377
mbedtls_ssl_ciphersuite_cert_req_allowed
static int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:454
pk.h
Public Key abstraction layer.
config.h
Configuration options (set of defines)
mbedtls_ssl_ciphersuite_no_pfs
static int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
Definition: ssl_ciphersuites.h:424
MBEDTLS_KEY_EXCHANGE_PSK
@ MBEDTLS_KEY_EXCHANGE_PSK
Definition: ssl_ciphersuites.h:284
mbedtls_ssl_list_ciphersuites
const int * mbedtls_ssl_list_ciphersuites(void)
mbedtls_ssl_ciphersuite_t::min_major_ver
int min_major_ver
Definition: ssl_ciphersuites.h:384
MBEDTLS_KEY_EXCHANGE_RSA_PSK
@ MBEDTLS_KEY_EXCHANGE_RSA_PSK
Definition: ssl_ciphersuites.h:286
MBEDTLS_KEY_EXCHANGE_RSA
@ MBEDTLS_KEY_EXCHANGE_RSA
Definition: ssl_ciphersuites.h:280
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
Definition: ssl_ciphersuites.h:282
mbedtls_cipher_type_t
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:98
mbedtls_ssl_ciphersuite_from_id
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id)