Blame - include/polarssl/ssl_ciphersuites.h - mirror/mbed-tls

blob: 714cdcdfacdc33cfe6527e9ca319ebb8db9bac75 [file] [log] [blame]

Paul Bakker	68884e3	2013-01-07 18:20:04 +0100	[diff] [blame]	1	/**
				2	* \file ssl_ciphersuites.h
				3	*
				4	* \brief SSL Ciphersuites for PolarSSL
				5	*
				6	* Copyright (C) 2006-2013, Brainspark B.V.
				7	*
				8	* This file is part of PolarSSL (http://www.polarssl.org)
				9	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
				10	*
				11	* All rights reserved.
				12	*
				13	* This program is free software; you can redistribute it and/or modify
				14	* it under the terms of the GNU General Public License as published by
				15	* the Free Software Foundation; either version 2 of the License, or
				16	* (at your option) any later version.
				17	*
				18	* This program is distributed in the hope that it will be useful,
				19	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				20	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				21	* GNU General Public License for more details.
				22	*
				23	* You should have received a copy of the GNU General Public License along
				24	* with this program; if not, write to the Free Software Foundation, Inc.,
				25	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				26	*/
				27	#ifndef POLARSSL_SSL_CIPHERSUITES_H
				28	#define POLARSSL_SSL_CIPHERSUITES_H
				29
				30	#include "cipher.h"
				31	#include "md.h"
				32
				33	#ifdef __cplusplus
				34	extern "C" {
				35	#endif
				36
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	37	/*
				38	* Supported ciphersuites (Official IANA names)
				39	*/
				40	#define TLS_RSA_WITH_NULL_MD5 0x01 /*< Weak! /
				41	#define TLS_RSA_WITH_NULL_SHA 0x02 /*< Weak! /
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	42
Paul Bakker	f16db18	2013-07-25 11:30:31 +0200	[diff] [blame]	43	#define TLS_RSA_WITH_RC4_128_MD5 0x04
				44	#define TLS_RSA_WITH_RC4_128_SHA 0x05
Paul Bakker	0c5fac2	2013-04-19 21:10:51 +0200	[diff] [blame]	45	#define TLS_RSA_WITH_DES_CBC_SHA 0x09 /*< Weak! Not in TLS 1.2 /
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	46
				47	#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
Paul Bakker	0c5fac2	2013-04-19 21:10:51 +0200	[diff] [blame]	48
				49	#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /*< Weak! Not in TLS 1.2 /
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	50	#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
				51
Paul Bakker	f16db18	2013-07-25 11:30:31 +0200	[diff] [blame]	52	#define TLS_PSK_WITH_NULL_SHA 0x2C /*< Weak! /
				53	#define TLS_DHE_PSK_WITH_NULL_SHA 0x2D /*< Weak! /
				54	#define TLS_RSA_PSK_WITH_NULL_SHA 0x2E /*< Weak! /
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	55	#define TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
Paul Bakker	0c5fac2	2013-04-19 21:10:51 +0200	[diff] [blame]	56
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	57	#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
				58	#define TLS_RSA_WITH_AES_256_CBC_SHA 0x35
				59	#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
Paul Bakker	d4a56ec	2013-04-16 18:05:29 +0200	[diff] [blame]	60
Paul Bakker	0c5fac2	2013-04-19 21:10:51 +0200	[diff] [blame]	61	#define TLS_RSA_WITH_NULL_SHA256 0x3B /*< Weak! /
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	62	#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /*< TLS 1.2 /
				63	#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /*< TLS 1.2 /
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	64
				65	#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
				66	#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
Paul Bakker	0c5fac2	2013-04-19 21:10:51 +0200	[diff] [blame]	67
				68	#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /*< TLS 1.2 /
				69	#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /*< TLS 1.2 /
				70
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	71	#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
				72	#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
Paul Bakker	d4a56ec	2013-04-16 18:05:29 +0200	[diff] [blame]	73
				74	#define TLS_PSK_WITH_RC4_128_SHA 0x8A
				75	#define TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
				76	#define TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
				77	#define TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
				78
				79	#define TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
				80	#define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
				81	#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
				82	#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
				83
				84	#define TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
				85	#define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
				86	#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
				87	#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
				88
Paul Bakker	f16db18	2013-07-25 11:30:31 +0200	[diff] [blame]	89	#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /*< TLS 1.2 /
				90	#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /*< TLS 1.2 /
				91	#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /*< TLS 1.2 /
				92	#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /*< TLS 1.2 /
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	93
Paul Bakker	40afb4b	2013-04-19 22:03:30 +0200	[diff] [blame]	94	#define TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /*< TLS 1.2 /
				95	#define TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /*< TLS 1.2 /
				96	#define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /*< TLS 1.2 /
				97	#define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /*< TLS 1.2 /
				98	#define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC /*< TLS 1.2 /
				99	#define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD /*< TLS 1.2 /
				100
				101	#define TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE /*< TLS 1.2 /
				102	#define TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF /*< TLS 1.2 /
Paul Bakker	f16db18	2013-07-25 11:30:31 +0200	[diff] [blame]	103	#define TLS_PSK_WITH_NULL_SHA256 0xB0 /*< Weak! TLS 1.2 /
				104	#define TLS_PSK_WITH_NULL_SHA384 0xB1 /*< Weak! TLS 1.2 /
Paul Bakker	40afb4b	2013-04-19 22:03:30 +0200	[diff] [blame]	105
				106	#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2 /*< TLS 1.2 /
				107	#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3 /*< TLS 1.2 /
Paul Bakker	f16db18	2013-07-25 11:30:31 +0200	[diff] [blame]	108	#define TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /*< Weak! TLS 1.2 /
				109	#define TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /*< Weak! TLS 1.2 /
Paul Bakker	40afb4b	2013-04-19 22:03:30 +0200	[diff] [blame]	110
				111	#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6 /*< TLS 1.2 /
				112	#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7 /*< TLS 1.2 /
Paul Bakker	f16db18	2013-07-25 11:30:31 +0200	[diff] [blame]	113	#define TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 /*< Weak! TLS 1.2 /
				114	#define TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 /*< Weak! TLS 1.2 /
Paul Bakker	40afb4b	2013-04-19 22:03:30 +0200	[diff] [blame]	115
Paul Bakker	0c5fac2	2013-04-19 21:10:51 +0200	[diff] [blame]	116	#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /*< TLS 1.2 /
				117	#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /*< TLS 1.2 /
				118
				119	#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /*< TLS 1.2 /
				120	#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /*< TLS 1.2 /
				121
Manuel Pégourié-Gonnard	32ea60a	2013-08-17 17:39:04 +0200	[diff] [blame^]	122	#define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /*< Weak! /
				123	#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /*< Not in SSL3! /
				124	#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /*< Not in SSL3! /
				125	#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /*< Not in SSL3! /
				126	#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /*< Not in SSL3! /
				127
Paul Bakker	f16db18	2013-07-25 11:30:31 +0200	[diff] [blame]	128	#define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /*< Weak! /
				129	#define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /*< Not in SSL3! /
				130	#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /*< Not in SSL3! /
				131	#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /*< Not in SSL3! /
				132	#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /*< Not in SSL3! /
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	133
Manuel Pégourié-Gonnard	32ea60a	2013-08-17 17:39:04 +0200	[diff] [blame^]	134	#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /*< TLS 1.2 /
				135	#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /*< TLS 1.2 /
				136
Paul Bakker	f16db18	2013-07-25 11:30:31 +0200	[diff] [blame]	137	#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /*< TLS 1.2 /
				138	#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /*< TLS 1.2 /
Paul Bakker	0c5fac2	2013-04-19 21:10:51 +0200	[diff] [blame]	139
Manuel Pégourié-Gonnard	32ea60a	2013-08-17 17:39:04 +0200	[diff] [blame^]	140	#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /*< TLS 1.2 /
				141	#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /*< TLS 1.2 /
				142
Paul Bakker	f16db18	2013-07-25 11:30:31 +0200	[diff] [blame]	143	#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /*< TLS 1.2 /
				144	#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /*< TLS 1.2 /
Paul Bakker	a54e493	2013-03-20 15:31:54 +0100	[diff] [blame]	145
Manuel Pégourié-Gonnard	32ea60a	2013-08-17 17:39:04 +0200	[diff] [blame^]	146	#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /*< TLS 1.2 /
				147	#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /*< TLS 1.2 /
				148
Paul Bakker	f16db18	2013-07-25 11:30:31 +0200	[diff] [blame]	149	#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /*< TLS 1.2 /
				150	#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /*< TLS 1.2 /
Paul Bakker	27714b1	2013-04-07 23:07:12 +0200	[diff] [blame]	151
Paul Bakker	0f2f0bf	2013-07-26 15:03:31 +0200	[diff] [blame]	152	#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 /*< TLS 1.2 /
				153	#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 /*< TLS 1.2 /
				154	#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 /*< TLS 1.2 /
				155	#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /*< TLS 1.2 /
				156	#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /*< TLS 1.2 /
				157	#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /*< TLS 1.2 /
				158
Paul Bakker	68884e3	2013-01-07 18:20:04 +0100	[diff] [blame]	159	typedef enum {
				160	POLARSSL_KEY_EXCHANGE_NONE = 0,
				161	POLARSSL_KEY_EXCHANGE_RSA,
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	162	POLARSSL_KEY_EXCHANGE_DHE_RSA,
				163	POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
Manuel Pégourié-Gonnard	32ea60a	2013-08-17 17:39:04 +0200	[diff] [blame^]	164	POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
Paul Bakker	d4a56ec	2013-04-16 18:05:29 +0200	[diff] [blame]	165	POLARSSL_KEY_EXCHANGE_PSK,
				166	POLARSSL_KEY_EXCHANGE_DHE_PSK,
				167	POLARSSL_KEY_EXCHANGE_RSA_PSK,
Paul Bakker	68884e3	2013-01-07 18:20:04 +0100	[diff] [blame]	168	} key_exchange_type_t;
				169
				170	typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
				171
Paul Bakker	41c83d3	2013-03-20 14:39:14 +0100	[diff] [blame]	172	#define POLARSSL_CIPHERSUITE_WEAK 0x01 /<! Weak ciphersuite flag /
				173	#define POLARSSL_CIPHERSUITE_EC 0x02 /<! EC-based ciphersuite flag /
Paul Bakker	68884e3	2013-01-07 18:20:04 +0100	[diff] [blame]	174
				175	/**
				176	* \brief This structure is used for storing ciphersuite information
				177	*/
				178	struct _ssl_ciphersuite_t
				179	{
				180	int id;
				181	const char * name;
				182
				183	cipher_type_t cipher;
				184	md_type_t mac;
				185	key_exchange_type_t key_exchange;
				186
				187	int min_major_ver;
				188	int min_minor_ver;
				189	int max_major_ver;
				190	int max_minor_ver;
				191
				192	unsigned char flags;
				193	};
				194
				195	const int *ssl_ciphersuites_list( void );
				196
				197	const ssl_ciphersuite_t ssl_ciphersuite_from_string( const char ciphersuite_name );
				198	const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id );
				199
				200	#ifdef __cplusplus
				201	}
				202	#endif
				203
				204	#endif /* ssl_ciphersuites.h */