1 /**
2  * \file ssl_ciphersuites_internal.h
3  *
4  * \brief Internal part of the public "ssl_ciphersuites.h".
5  */
6 /*
7  *  Copyright The Mbed TLS Contributors
8  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  */
10 #ifndef MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
11 #define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
12 
13 #include "mbedtls/pk.h"
14 #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
15 #include <mbedtls/private/pk_private.h>
16 #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
17 
18 #if defined(MBEDTLS_PK_C)
19 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
20 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
21 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
22 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
23 #endif /* MBEDTLS_PK_C */
24 
25 int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
26 int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
27 
28 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t * info)29 static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
30 {
31     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
32         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
33         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
34         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
35         case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
36             return 1;
37 
38         default:
39             return 0;
40     }
41 }
42 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
43 
44 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t * info)45 static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
46 {
47     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
48         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
49         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
50         case MBEDTLS_KEY_EXCHANGE_PSK:
51             return 1;
52 
53         default:
54             return 0;
55     }
56 }
57 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
58 
59 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t * info)60 static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
61 {
62     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
63         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
64         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
65             return 1;
66 
67         default:
68             return 0;
69     }
70 }
71 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
72 
mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t * info)73 static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
74 {
75     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
76         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
77         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
78         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
79         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
80             return 1;
81 
82         default:
83             return 0;
84     }
85 }
86 
mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t * info)87 static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
88 {
89     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
90         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
91         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
92         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
93         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
94             return 1;
95 
96         default:
97             return 0;
98     }
99 }
100 
101 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t * info)102 static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
103 {
104     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
105         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
106         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
107         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
108             return 1;
109 
110         default:
111             return 0;
112     }
113 }
114 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
115 
116 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t * info)117 static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
118     const mbedtls_ssl_ciphersuite_t *info)
119 {
120     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
121         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
122         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
123             return 1;
124 
125         default:
126             return 0;
127     }
128 }
129 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
130 
131 #endif /* MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H */
132