1/**
2 * \file ssl_ciphersuites_internal.h
3 *
4 * \brief Internal part of the public "ssl_ciphersuites.h".
5 */
6/*
7 *  Copyright The Mbed TLS Contributors
8 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 */
10#ifndef MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
11#define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
12
13#include "mbedtls/pk.h"
14
15#if defined(MBEDTLS_PK_C)
16mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
17#if defined(MBEDTLS_USE_PSA_CRYPTO)
18psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
19psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
20#endif /* MBEDTLS_USE_PSA_CRYPTO */
21mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
22#endif /* MBEDTLS_PK_C */
23
24int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
25int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
26
27#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
28static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
29{
30    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
31        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
32        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
33        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
34        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
35        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
36        case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
37            return 1;
38
39        default:
40            return 0;
41    }
42}
43#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
44
45#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
46static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
47{
48    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
49        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
50        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
51        case MBEDTLS_KEY_EXCHANGE_RSA:
52        case MBEDTLS_KEY_EXCHANGE_PSK:
53        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
54            return 1;
55
56        default:
57            return 0;
58    }
59}
60#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
61
62#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
63static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
64{
65    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
66        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
67        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
68            return 1;
69
70        default:
71            return 0;
72    }
73}
74#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
75
76static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
77{
78    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
79        case MBEDTLS_KEY_EXCHANGE_RSA:
80        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
81        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
82        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
83        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
84        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
85            return 1;
86
87        default:
88            return 0;
89    }
90}
91
92static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
93{
94    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
95        case MBEDTLS_KEY_EXCHANGE_RSA:
96        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
97        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
98        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
99        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
100        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
101        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
102            return 1;
103
104        default:
105            return 0;
106    }
107}
108
109#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
110static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
111{
112    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
113        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
114        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
115            return 1;
116
117        default:
118            return 0;
119    }
120}
121#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
122
123#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
124static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
125{
126    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
127        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
128        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
129        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
130            return 1;
131
132        default:
133            return 0;
134    }
135}
136#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
137
138#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
139static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
140    const mbedtls_ssl_ciphersuite_t *info)
141{
142    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
143        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
144        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
145        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
146            return 1;
147
148        default:
149            return 0;
150    }
151}
152#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
153
154#endif /* MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H */
155