tls_cipher_suites.h
Go to the documentation of this file.
1 /**
2  * @file tls_cipher_suites.h
3  * @brief TLS cipher suites
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneSSL Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @author Oryx Embedded SARL (www.oryx-embedded.com)
26  * @version 1.9.0
27  **/
28 
29 #ifndef _TLS_CIPHER_SUITES_H
30 #define _TLS_CIPHER_SUITES_H
31 
32 //Dependencies
33 #include "core/crypto.h"
34 #include "tls.h"
35 
36 //Macro for defining a cipher suite
37 #define TLS_CIPHER_SUITE(identifier, keyExchMethod, cipherAlgo, cipherMode, hashAlgo, prfHashAlgo, \
38  macKeyLen, encKeyLen, fixedIvLen, recordIvLen, authTagLen, verifyDataLen) \
39  {identifier, #identifier, keyExchMethod, cipherAlgo, cipherMode, hashAlgo, prfHashAlgo, \
40  macKeyLen, encKeyLen, fixedIvLen, recordIvLen, authTagLen, verifyDataLen}
41 
42 //C++ guard
43 #ifdef __cplusplus
44  extern "C" {
45 #endif
46 
47 
48 /**
49  * @brief TLS cipher suites
50  **/
51 
52 typedef enum
53 {
54  TLS_NULL_WITH_NULL_NULL = 0x0000, //RFC 2246
55 
56  TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, //RFC 2246
58  TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, //RFC 2246
59  TLS_RSA_WITH_NULL_MD5 = 0x0001, //RFC 2246
60  TLS_RSA_WITH_NULL_SHA = 0x0002, //RFC 2246
61  TLS_RSA_WITH_NULL_SHA256 = 0x003B, //RFC 5246
62  TLS_RSA_WITH_RC4_128_MD5 = 0x0004, //RFC 2246
63  TLS_RSA_WITH_RC4_128_SHA = 0x0005, //RFC 2246
64  TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007, //RFC 2246
65  TLS_RSA_WITH_DES_CBC_SHA = 0x0009, //RFC 2246
66  TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, //RFC 2246
67  TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, //RFC 3268
68  TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, //RFC 3268
69  TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, //RFC 5246
70  TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, //RFC 5246
71  TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, //RFC 5288
72  TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, //RFC 5288
73  TLS_RSA_WITH_AES_128_CCM = 0xC09C, //RFC 6655
74  TLS_RSA_WITH_AES_256_CCM = 0xC09D, //RFC 6655
75  TLS_RSA_WITH_AES_128_CCM_8 = 0xC0A0, //RFC 6655
76  TLS_RSA_WITH_AES_256_CCM_8 = 0xC0A1, //RFC 6655
77  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041, //RFC 5932
78  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084, //RFC 5932
83  TLS_RSA_WITH_SEED_CBC_SHA = 0x0096, //RFC 4162
84  TLS_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC03C, //RFC 6209
85  TLS_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC03D, //RFC 6209
86  TLS_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC050, //RFC 6209
87  TLS_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC051, //RFC 6209
88 
90  TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F, //RFC 2246
91  TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, //RFC 2246
92  TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, //RFC 3268
93  TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, //RFC 3268
104  TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098, //RFC 4162
109 
111  TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, //RFC 2246
113  TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, //RFC 3268
114  TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, //RFC 3268
119  TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E, //RFC 6655
120  TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F, //RFC 6655
121  TLS_DHE_RSA_WITH_AES_128_CCM_8 = 0xC0A2, //RFC 6655
122  TLS_DHE_RSA_WITH_AES_256_CCM_8 = 0xC0A3, //RFC 6655
129  TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A, //RFC 4162
135 
137  TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C, //RFC 2246
138  TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, //RFC 2246
139  TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, //RFC 3268
140  TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, //RFC 3268
151  TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097, //RFC 4162
156 
158  TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, //RFC 2246
160  TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, //RFC 3268
161  TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, //RFC 3268
172  TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099, //RFC 4162
177 
180  TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018, //RFC 2246
181  TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A, //RFC 2246
183  TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034, //RFC 3268
184  TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A, //RFC 3268
195  TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B, //RFC 4162
200 
201  TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B, //RFC 4492
202  TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C, //RFC 4492
218 
219  TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010, //RFC 4492
220  TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011, //RFC 4492
237 
238  TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001, //RFC 4492
239  TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002, //RFC 4492
255 
256  TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006, //RFC 4492
257  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007, //RFC 4492
265  TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC, //RFC 7251
266  TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD, //RFC 7251
278 
279  TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015, //RFC 4492
280  TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016, //RFC 4492
284 
285  TLS_PSK_WITH_NULL_SHA = 0x002C, //RFC 4785
286  TLS_PSK_WITH_NULL_SHA256 = 0x00B0, //RFC 5487
287  TLS_PSK_WITH_NULL_SHA384 = 0x00B1, //RFC 5487
288  TLS_PSK_WITH_RC4_128_SHA = 0x008A, //RFC 4279
289  TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, //RFC 4279
290  TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C, //RFC 4279
291  TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D, //RFC 4279
292  TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE, //RFC 5487
293  TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF, //RFC 5487
294  TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, //RFC 5487
295  TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, //RFC 5487
296  TLS_PSK_WITH_AES_128_CCM = 0xC0A4, //RFC 6655
297  TLS_PSK_WITH_AES_256_CCM = 0xC0A5, //RFC 6655
298  TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8, //RFC 6655
299  TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9, //RFC 6655
304  TLS_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC064, //RFC 6209
305  TLS_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC065, //RFC 6209
306  TLS_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06A, //RFC 6209
307  TLS_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06B, //RFC 6209
309 
310  TLS_RSA_PSK_WITH_NULL_SHA = 0x002E, //RFC 4785
311  TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8, //RFC 5487
312  TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9, //RFC 5487
313  TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092, //RFC 4279
315  TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094, //RFC 4279
316  TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095, //RFC 4279
330 
331  TLS_DHE_PSK_WITH_NULL_SHA = 0x002D, //RFC 4785
332  TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4, //RFC 5487
333  TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5, //RFC 5487
334  TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E, //RFC 4279
336  TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090, //RFC 4279
337  TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091, //RFC 4279
342  TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6, //RFC 6655
343  TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7, //RFC 6655
344  TLS_DHE_PSK_WITH_AES_128_CCM_8 = 0xC0AA, //RFC 6655
345  TLS_DHE_PSK_WITH_AES_256_CCM_8 = 0xC0AB, //RFC 6655
355 
356  TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039, //RFC 5489
357  TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A, //RFC 5489
358  TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B, //RFC 5489
359  TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033, //RFC 5489
374 
375  TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B, //RFC 2712
376  TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028, //RFC 2712
381  TLS_KRB5_WITH_RC4_128_MD5 = 0x0024, //RFC 2712
382  TLS_KRB5_WITH_RC4_128_SHA = 0x0020, //RFC 2712
383  TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025, //RFC 2712
384  TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021, //RFC 2712
385  TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022, //RFC 2712
386  TLS_KRB5_WITH_DES_CBC_SHA = 0x001E, //RFC 2712
387  TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023, //RFC 2712
388  TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F, //RFC 2712
389 
391  TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D, //RFC 5054
392  TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020, //RFC 5054
399 
400  TLS_AES_128_GCM_SHA256 = 0x1301, //RFC 8446
401  TLS_AES_256_GCM_SHA384 = 0x1302, //RFC 8446
402  TLS_AES_128_CCM_SHA256 = 0x1304, //RFC 8446
403  TLS_AES_128_CCM_8_SHA256 = 0x1305, //RFC 8446
404  TLS_CHACHA20_POLY1305_SHA256 = 0x1303, //RFC 8446
405 
407  TLS_FALLBACK_SCSV = 0x5600 //RFC 7507
409 
410 
411 /**
412  * @brief Cipher suite types
413  **/
414 
415 typedef enum
416 {
422 
423 
424 //List of supported cipher suites
426 
427 //TLS related functions
429 const char_t *tlsGetCipherSuiteName(uint16_t identifier);
430 
432  uint16_t minVersion, uint16_t maxVersion,
433  TlsTransportProtocol transportProtocol);
434 
436 
437 //C++ guard
438 #ifdef __cplusplus
439  }
440 #endif
441 
442 #endif
TLS (Transport Layer Security)
char char_t
Definition: compiler_port.h:41
TlsCipherSuiteType
Cipher suite types.
bool_t tlsIsCipherSuiteAcceptable(const TlsCipherSuiteInfo *cipherSuite, uint16_t minVersion, uint16_t maxVersion, TlsTransportProtocol transportProtocol)
Check whether a cipher suite can be used with a given protocol version.
General definitions for cryptographic algorithms.
const TlsCipherSuiteInfo tlsSupportedCipherSuites[]
TlsCipherSuiteList
TLS cipher suites.
Structure describing a cipher suite.
Definition: tls.h:1798
uint8_t identifier[]
uint16_t cipherSuite
Cipher suite identifier.
Definition: tls13_misc.h:367
TlsTransportProtocol
TLS transport protocols.
Definition: tls.h:844
const char_t * tlsGetCipherSuiteName(uint16_t identifier)
Convert cipher suite identifier to string representation.
unsigned int uint_t
Definition: compiler_port.h:43
uint_t tlsGetNumSupportedCipherSuites(void)
Determine the number of cipher suites supported.
TlsCipherSuiteType tlsGetCipherSuiteType(uint16_t identifier)
Check whether the specified identifier matches an ECC or FFDHE cipher suite.
int bool_t
Definition: compiler_port.h:47