1 /** 2 * \file ssl_ciphersuites_internal.h 3 * 4 * \brief Internal part of the public "ssl_ciphersuites.h". 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 */ 10 #ifndef MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H 11 #define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H 12 13 #include "mbedtls/pk.h" 14 15 #if defined(MBEDTLS_PK_C) 16 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); 17 #if defined(MBEDTLS_USE_PSA_CRYPTO) 18 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info); 19 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info); 20 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 21 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); 22 #endif /* MBEDTLS_PK_C */ 23 24 int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info); 25 int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info); 26 27 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t * info)28static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info) 29 { 30 switch (info->MBEDTLS_PRIVATE(key_exchange)) { 31 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 32 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 33 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 34 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 35 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 36 case MBEDTLS_KEY_EXCHANGE_ECJPAKE: 37 return 1; 38 39 default: 40 return 0; 41 } 42 } 43 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ 44 45 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t * info)46static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) 47 { 48 switch (info->MBEDTLS_PRIVATE(key_exchange)) { 49 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 50 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 51 case MBEDTLS_KEY_EXCHANGE_RSA: 52 case MBEDTLS_KEY_EXCHANGE_PSK: 53 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 54 return 1; 55 56 default: 57 return 0; 58 } 59 } 60 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ 61 62 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t * info)63static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) 64 { 65 switch (info->MBEDTLS_PRIVATE(key_exchange)) { 66 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 67 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 68 return 1; 69 70 default: 71 return 0; 72 } 73 } 74 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ 75 mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t * info)76static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) 77 { 78 switch (info->MBEDTLS_PRIVATE(key_exchange)) { 79 case MBEDTLS_KEY_EXCHANGE_RSA: 80 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 81 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 82 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 83 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 84 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 85 return 1; 86 87 default: 88 return 0; 89 } 90 } 91 mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t * info)92static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) 93 { 94 switch (info->MBEDTLS_PRIVATE(key_exchange)) { 95 case MBEDTLS_KEY_EXCHANGE_RSA: 96 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 97 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 98 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 99 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 100 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 101 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 102 return 1; 103 104 default: 105 return 0; 106 } 107 } 108 109 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t * info)110static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info) 111 { 112 switch (info->MBEDTLS_PRIVATE(key_exchange)) { 113 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 114 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 115 return 1; 116 117 default: 118 return 0; 119 } 120 } 121 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */ 122 123 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t * info)124static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info) 125 { 126 switch (info->MBEDTLS_PRIVATE(key_exchange)) { 127 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 128 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 129 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 130 return 1; 131 132 default: 133 return 0; 134 } 135 } 136 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */ 137 138 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t * info)139static inline int mbedtls_ssl_ciphersuite_uses_server_signature( 140 const mbedtls_ssl_ciphersuite_t *info) 141 { 142 switch (info->MBEDTLS_PRIVATE(key_exchange)) { 143 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 144 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 145 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 146 return 1; 147 148 default: 149 return 0; 150 } 151 } 152 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ 153 154 #endif /* MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H */ 155
