1*b0563631STom Van Eyck /** 2*b0563631STom Van Eyck * \file ssl_ciphersuites_internal.h 3*b0563631STom Van Eyck * 4*b0563631STom Van Eyck * \brief Internal part of the public "ssl_ciphersuites.h". 5*b0563631STom Van Eyck */ 6*b0563631STom Van Eyck /* 7*b0563631STom Van Eyck * Copyright The Mbed TLS Contributors 8*b0563631STom Van Eyck * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9*b0563631STom Van Eyck */ 10*b0563631STom Van Eyck #ifndef MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H 11*b0563631STom Van Eyck #define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H 12*b0563631STom Van Eyck 13*b0563631STom Van Eyck #include "mbedtls/pk.h" 14*b0563631STom Van Eyck 15*b0563631STom Van Eyck #if defined(MBEDTLS_PK_C) 16*b0563631STom Van Eyck mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); 17*b0563631STom Van Eyck #if defined(MBEDTLS_USE_PSA_CRYPTO) 18*b0563631STom Van Eyck psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info); 19*b0563631STom Van Eyck psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info); 20*b0563631STom Van Eyck #endif /* MBEDTLS_USE_PSA_CRYPTO */ 21*b0563631STom Van Eyck mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); 22*b0563631STom Van Eyck #endif /* MBEDTLS_PK_C */ 23*b0563631STom Van Eyck 24*b0563631STom Van Eyck int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info); 25*b0563631STom Van Eyck int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info); 26*b0563631STom Van Eyck 27*b0563631STom Van Eyck #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t * info)28*b0563631STom Van Eyckstatic inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info) 29*b0563631STom Van Eyck { 30*b0563631STom Van Eyck switch (info->MBEDTLS_PRIVATE(key_exchange)) { 31*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 32*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 33*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 34*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 35*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 36*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECJPAKE: 37*b0563631STom Van Eyck return 1; 38*b0563631STom Van Eyck 39*b0563631STom Van Eyck default: 40*b0563631STom Van Eyck return 0; 41*b0563631STom Van Eyck } 42*b0563631STom Van Eyck } 43*b0563631STom Van Eyck #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ 44*b0563631STom Van Eyck 45*b0563631STom Van Eyck #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t * info)46*b0563631STom Van Eyckstatic inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) 47*b0563631STom Van Eyck { 48*b0563631STom Van Eyck switch (info->MBEDTLS_PRIVATE(key_exchange)) { 49*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 50*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 51*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_RSA: 52*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_PSK: 53*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 54*b0563631STom Van Eyck return 1; 55*b0563631STom Van Eyck 56*b0563631STom Van Eyck default: 57*b0563631STom Van Eyck return 0; 58*b0563631STom Van Eyck } 59*b0563631STom Van Eyck } 60*b0563631STom Van Eyck #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ 61*b0563631STom Van Eyck 62*b0563631STom Van Eyck #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t * info)63*b0563631STom Van Eyckstatic inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) 64*b0563631STom Van Eyck { 65*b0563631STom Van Eyck switch (info->MBEDTLS_PRIVATE(key_exchange)) { 66*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 67*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 68*b0563631STom Van Eyck return 1; 69*b0563631STom Van Eyck 70*b0563631STom Van Eyck default: 71*b0563631STom Van Eyck return 0; 72*b0563631STom Van Eyck } 73*b0563631STom Van Eyck } 74*b0563631STom Van Eyck #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ 75*b0563631STom Van Eyck mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t * info)76*b0563631STom Van Eyckstatic inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) 77*b0563631STom Van Eyck { 78*b0563631STom Van Eyck switch (info->MBEDTLS_PRIVATE(key_exchange)) { 79*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_RSA: 80*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 81*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 82*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 83*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 84*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 85*b0563631STom Van Eyck return 1; 86*b0563631STom Van Eyck 87*b0563631STom Van Eyck default: 88*b0563631STom Van Eyck return 0; 89*b0563631STom Van Eyck } 90*b0563631STom Van Eyck } 91*b0563631STom Van Eyck mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t * info)92*b0563631STom Van Eyckstatic inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) 93*b0563631STom Van Eyck { 94*b0563631STom Van Eyck switch (info->MBEDTLS_PRIVATE(key_exchange)) { 95*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_RSA: 96*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 97*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 98*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 99*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 100*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 101*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 102*b0563631STom Van Eyck return 1; 103*b0563631STom Van Eyck 104*b0563631STom Van Eyck default: 105*b0563631STom Van Eyck return 0; 106*b0563631STom Van Eyck } 107*b0563631STom Van Eyck } 108*b0563631STom Van Eyck 109*b0563631STom Van Eyck #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t * info)110*b0563631STom Van Eyckstatic inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info) 111*b0563631STom Van Eyck { 112*b0563631STom Van Eyck switch (info->MBEDTLS_PRIVATE(key_exchange)) { 113*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 114*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 115*b0563631STom Van Eyck return 1; 116*b0563631STom Van Eyck 117*b0563631STom Van Eyck default: 118*b0563631STom Van Eyck return 0; 119*b0563631STom Van Eyck } 120*b0563631STom Van Eyck } 121*b0563631STom Van Eyck #endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */ 122*b0563631STom Van Eyck 123*b0563631STom Van Eyck #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t * info)124*b0563631STom Van Eyckstatic inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info) 125*b0563631STom Van Eyck { 126*b0563631STom Van Eyck switch (info->MBEDTLS_PRIVATE(key_exchange)) { 127*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 128*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 129*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 130*b0563631STom Van Eyck return 1; 131*b0563631STom Van Eyck 132*b0563631STom Van Eyck default: 133*b0563631STom Van Eyck return 0; 134*b0563631STom Van Eyck } 135*b0563631STom Van Eyck } 136*b0563631STom Van Eyck #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */ 137*b0563631STom Van Eyck 138*b0563631STom Van Eyck #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t * info)139*b0563631STom Van Eyckstatic inline int mbedtls_ssl_ciphersuite_uses_server_signature( 140*b0563631STom Van Eyck const mbedtls_ssl_ciphersuite_t *info) 141*b0563631STom Van Eyck { 142*b0563631STom Van Eyck switch (info->MBEDTLS_PRIVATE(key_exchange)) { 143*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 144*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 145*b0563631STom Van Eyck case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 146*b0563631STom Van Eyck return 1; 147*b0563631STom Van Eyck 148*b0563631STom Van Eyck default: 149*b0563631STom Van Eyck return 0; 150*b0563631STom Van Eyck } 151*b0563631STom Van Eyck } 152*b0563631STom Van Eyck #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ 153*b0563631STom Van Eyck 154*b0563631STom Van Eyck #endif /* MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H */ 155