/** * \file ssl_ciphersuites.h * * \brief SSL Ciphersuites for Mbed TLS */ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_CIPHERSUITES_H #define MBEDTLS_SSL_CIPHERSUITES_H #include "mbedtls/private_access.h" #include "mbedtls/build_info.h" #include "mbedtls/pk.h" #include "mbedtls/cipher.h" #include "mbedtls/md.h" #ifdef __cplusplus extern "C" { #endif /* * Supported ciphersuites (Official IANA names) */ #define MBEDTLS_TLS_RSA_WITH_NULL_MD5 … #define MBEDTLS_TLS_RSA_WITH_NULL_SHA … #define MBEDTLS_TLS_PSK_WITH_NULL_SHA … #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA … #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA … #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA … #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA … #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA … #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA … #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 … #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 … #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 … #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA … #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA … #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 … #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 … #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA … #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA … #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA … #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA … #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA … #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA … #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA … #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA … #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 … #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 … #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 … #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 … #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 … #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 … #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 … #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 … #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 … #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 … #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 … #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 … #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 … #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 … #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 … #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 … #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 … #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 … #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 … #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 … #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 … #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 … #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 … #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 … #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 … #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA … #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA … #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA … #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA … #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA … #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA … #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA … #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA … #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA … #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 … #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 … #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 … #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 … #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 … #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 … #define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 … #define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 … #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 … #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 … #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 … #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 … #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 … #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 … #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 … #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 … #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 … #define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 … #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 … #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 … #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 … #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 … #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 … #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 … #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 … #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 … #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 … #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 … #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 … #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 … #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 … #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 … #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 … #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 … #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 … #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 … #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 … #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 … #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 … #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 … #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 … #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 … #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM … #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM … #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM … #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM … #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 … #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 … #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 … #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 … #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM … #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM … #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM … #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM … #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 … #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 … #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 … #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 … /* The last two are named with PSK_DHE in the RFC, which looks like a typo */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 … #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 … /* RFC 7905 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 … #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 … #define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 … #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 … #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 … #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 … #define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 … /* RFC 8446, Appendix B.4 */ #define MBEDTLS_TLS1_3_AES_128_GCM_SHA256 … #define MBEDTLS_TLS1_3_AES_256_GCM_SHA384 … #define MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256 … #define MBEDTLS_TLS1_3_AES_128_CCM_SHA256 … #define MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256 … /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange. * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below */ mbedtls_key_exchange_type_t; /* Key exchanges using a certificate */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED #endif /* Key exchanges in either TLS 1.2 or 1.3 which are using an ECDSA * signature */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) #define MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED #endif #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) #define MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED #endif /* Key exchanges allowing client certificate requests. * * Note: that's almost the same as MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED * above, except RSA-PSK uses a server certificate but no client cert. * * Note: this difference is specific to TLS 1.2, as with TLS 1.3, things are * more symmetrical: client certs and server certs are either both allowed * (Ephemeral mode) or both disallowed (PSK and PKS-Ephemeral modes). */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED #endif /* Helper to state that certificate-based client authentication through ECDSA * is supported in TLS 1.2 */ #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) && \ defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) #define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED #endif /* ECDSA required for certificates in either TLS 1.2 or 1.3 */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) #define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED #endif /* Key exchanges involving server signature in ServerKeyExchange */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED #endif /* Key exchanges using ECDH */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED #endif /* Key exchanges that don't involve ephemeral keys */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif /* Key exchanges that involve ephemeral keys */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED #endif /* Key exchanges using a PSK */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif /* Key exchanges using DHE */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED #endif /* Key exchanges using ECDHE */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif /* TLS 1.2 key exchanges using ECDH or ECDHE*/ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif /* TLS 1.3 PSK key exchanges */ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED #endif /* TLS 1.2 or 1.3 key exchanges with PSK */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) #define MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED #endif /* TLS 1.3 ephemeral key exchanges */ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED #endif /* TLS 1.3 key exchanges using ECDHE */ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_ECDH) #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED #endif /* TLS 1.2 or 1.3 key exchanges using ECDH or ECDHE */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED #endif /* TLS 1.2 XXDH key exchanges: ECDH or ECDHE or FFDH */ #if (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)) #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED #endif /* The handshake params structure has a set of fields called xxdh_psa which are used: * - by TLS 1.2 with `USE_PSA` to do ECDH or ECDHE; * - by TLS 1.3 to do ECDHE or FFDHE. * The following macros can be used to guard their declaration and use. */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED #endif mbedtls_ssl_ciphersuite_t; #define MBEDTLS_CIPHERSUITE_WEAK … #define MBEDTLS_CIPHERSUITE_SHORT_TAG … #define MBEDTLS_CIPHERSUITE_NODTLS … /** * \brief This structure is used for storing ciphersuite information * * \note members are defined using integral types instead of enums * in order to pack structure and reduce memory usage by internal * \c ciphersuite_definitions[] */ struct mbedtls_ssl_ciphersuite_t { … }; const int *mbedtls_ssl_list_ciphersuites(void); const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name); const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id); static inline const char *mbedtls_ssl_ciphersuite_get_name(const mbedtls_ssl_ciphersuite_t *info) { … } static inline int mbedtls_ssl_ciphersuite_get_id(const mbedtls_ssl_ciphersuite_t *info) { … } size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info); #ifdef __cplusplus } #endif #endif /* ssl_ciphersuites.h */
Codebase Browser
godot