Codebase Browser
godot
Go to App

godot/thirdparty/mbedtls/library/ssl_ciphersuites.c 

/**
 * \file ssl_ciphersuites.c
 *
 * \brief SSL ciphersuites for Mbed TLS
 *
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 */

#include "common.h"

#if defined(MBEDTLS_SSL_TLS_C)

#include "mbedtls/platform.h"

#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#endif

#include <string.h>

/*
 * Ordered from most preferred to least preferred in terms of security.
 *
 * Current rule (except weak and null which come last):
 * 1. By key exchange:
 *    Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
 * 2. By key length and cipher:
 *    ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
 * 4. By hash function used when relevant
 * 5. By key exchange/auth again: EC > non-EC
 */
static const int ciphersuite_preference[] =;

static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =;

#if defined(MBEDTLS_SSL_CIPHERSUITES)
const int *mbedtls_ssl_list_ciphersuites(void)
{
    return ciphersuite_preference;
}
#else
#define MAX_CIPHERSUITES
static int supported_ciphersuites[MAX_CIPHERSUITES];
static int supported_init =;

MBEDTLS_CHECK_RETURN_CRITICAL
static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
{}

const int *mbedtls_ssl_list_ciphersuites(void)
{}
#endif /* MBEDTLS_SSL_CIPHERSUITES */

const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
    const char *ciphersuite_name)
{}

const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
{}

const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
{}

int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
{}

size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
{}

#if defined(MBEDTLS_PK_C)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
{}

#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
{
    switch (info->key_exchange) {
        case MBEDTLS_KEY_EXCHANGE_RSA:
        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
            return PSA_ALG_RSA_PKCS1V15_CRYPT;
        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
            return PSA_ALG_RSA_PKCS1V15_SIGN(
                mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));

        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
            return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));

        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
            return PSA_ALG_ECDH;

        default:
            return PSA_ALG_NONE;
    }
}

psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
{
    switch (info->key_exchange) {
        case MBEDTLS_KEY_EXCHANGE_RSA:
        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
            return PSA_KEY_USAGE_DECRYPT;
        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
            return PSA_KEY_USAGE_SIGN_HASH;

        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
            return PSA_KEY_USAGE_DERIVE;

        default:
            return 0;
    }
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */

mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
{}

#endif /* MBEDTLS_PK_C */

#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
    defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
{}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
        * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
        * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/

#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
{}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */

#endif /* MBEDTLS_SSL_TLS_C */