1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #include "securec.h"
18 #include "tls_binlog_id.h"
19 #include "bsl_log_internal.h"
20 #include "bsl_log.h"
21 #include "bsl_sal.h"
22 #include "bsl_err_internal.h"
23 #include "hitls_error.h"
24 #include "tls.h"
25 #include "tls_config.h"
26 #include "cipher_suite.h"
27 #include "config_type.h"
28
29 #ifndef HITLS_TLS_CONFIG_CIPHER_SUITE
30 #define CIPHER_NAME(name) NULL
31 #else
32 #define CIPHER_NAME(name) name
33 #endif
34 #define KEY_BLOCK_PARTITON_LENGTH(fixedIvLth, encKeyLth, macKeyLth, blockLth, recordIvLth, macLth) \
35 .fixedIvLength = (fixedIvLth), \
36 .encKeyLen = (encKeyLth), \
37 .macKeyLen = (macKeyLth), \
38 .blockLength = (blockLth), \
39 .recordIvLength = (recordIvLth), \
40 .macLen = (macLth) \
41
42 #define VERSION_SCOPE(minV, maxV, minDtlsV, maxDtlsV) \
43 .minVersion = (minV), \
44 .maxVersion = (maxV), \
45 .minDtlsVersion = (minDtlsV), \
46 .maxDtlsVersion = (maxDtlsV)
47
48 #ifdef HITLS_TLS_CONFIG_CIPHER_SUITE
49 #define CIPHERSUITE_DESCRIPTION_MAXLEN 128
50 #endif
51
52 /* If cipher suites need to be added in the future, you need to consider whether the cipher suites are suitable for DTLS
53 in terms of design. If DTLS is not supported, perform related operations. For example, the RC4 stream encryption
54 algorithm is not applicable to DTLS. */
55 static const CipherSuiteInfo g_cipherSuiteList[] = {
56 #ifdef HITLS_TLS_SUITE_AES_128_GCM_SHA256
57 {.enable = true,
58 .name = CIPHER_NAME("HITLS_AES_128_GCM_SHA256"),
59 .stdName = CIPHER_NAME("TLS_AES_128_GCM_SHA256"),
60 .cipherSuite = HITLS_AES_128_GCM_SHA256,
61 .cipherAlg = HITLS_CIPHER_AES_128_GCM,
62 .kxAlg = HITLS_KEY_EXCH_NULL,
63 .authAlg = HITLS_AUTH_ANY,
64 .macAlg = HITLS_MAC_AEAD,
65 .hashAlg = HITLS_HASH_SHA_256,
66 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
67 KEY_BLOCK_PARTITON_LENGTH(12u, 16u, 0u, 0u, 0u, 16u),
68 VERSION_SCOPE(HITLS_VERSION_TLS13, HITLS_VERSION_TLS13, 0u, 0u),
69 .cipherType = HITLS_AEAD_CIPHER,
70 .strengthBits = 128},
71 #endif
72 #ifdef HITLS_TLS_SUITE_AES_256_GCM_SHA384
73 {.enable = true,
74 .name = CIPHER_NAME("HITLS_AES_256_GCM_SHA384"),
75 .stdName = CIPHER_NAME("TLS_AES_256_GCM_SHA384"),
76 .cipherSuite = HITLS_AES_256_GCM_SHA384,
77 .cipherAlg = HITLS_CIPHER_AES_256_GCM,
78 .kxAlg = HITLS_KEY_EXCH_NULL,
79 .authAlg = HITLS_AUTH_ANY,
80 .macAlg = HITLS_MAC_AEAD,
81 .hashAlg = HITLS_HASH_SHA_384,
82 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
83 KEY_BLOCK_PARTITON_LENGTH(12u, 32u, 0u, 0u, 0u, 16u),
84 VERSION_SCOPE(HITLS_VERSION_TLS13, HITLS_VERSION_TLS13, 0u, 0u),
85 .cipherType = HITLS_AEAD_CIPHER,
86 .strengthBits = 256},
87 #endif
88 #ifdef HITLS_TLS_SUITE_CHACHA20_POLY1305_SHA256
89 {.enable = true,
90 .name = CIPHER_NAME("HITLS_CHACHA20_POLY1305_SHA256"),
91 .stdName = CIPHER_NAME("TLS_CHACHA20_POLY1305_SHA256"),
92 .cipherSuite = HITLS_CHACHA20_POLY1305_SHA256,
93 .cipherAlg = HITLS_CIPHER_CHACHA20_POLY1305,
94 .kxAlg = HITLS_KEY_EXCH_NULL,
95 .authAlg = HITLS_AUTH_ANY,
96 .macAlg = HITLS_MAC_AEAD,
97 .hashAlg = HITLS_HASH_SHA_256,
98 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
99 KEY_BLOCK_PARTITON_LENGTH(12u, 32u, 0u, 0u, 0u, 16u),
100 VERSION_SCOPE(HITLS_VERSION_TLS13, HITLS_VERSION_TLS13, 0u, 0u),
101 .cipherType = HITLS_AEAD_CIPHER,
102 .strengthBits = 256},
103 #endif
104 #ifdef HITLS_TLS_SUITE_AES_128_CCM_SHA256
105 {.enable = true,
106 .name = CIPHER_NAME("HITLS_AES_128_CCM_SHA256"),
107 .stdName = CIPHER_NAME("TLS_AES_128_CCM_SHA256"),
108 .cipherSuite = HITLS_AES_128_CCM_SHA256,
109 .cipherAlg = HITLS_CIPHER_AES_128_CCM,
110 .kxAlg = HITLS_KEY_EXCH_NULL,
111 .authAlg = HITLS_AUTH_ANY,
112 .macAlg = HITLS_MAC_AEAD,
113 .hashAlg = HITLS_HASH_SHA_256,
114 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
115 KEY_BLOCK_PARTITON_LENGTH(12u, 16u, 0u, 0u, 0u, 16u),
116 VERSION_SCOPE(HITLS_VERSION_TLS13, HITLS_VERSION_TLS13, 0u, 0u),
117 .cipherType = HITLS_AEAD_CIPHER,
118 .strengthBits = 128},
119 #endif
120 #ifdef HITLS_TLS_SUITE_AES_128_CCM_8_SHA256
121 {.enable = true,
122 .name = CIPHER_NAME("HITLS_AES_128_CCM_8_SHA256"),
123 .stdName = CIPHER_NAME("TLS_AES_128_CCM_8_SHA256"),
124 .cipherSuite = HITLS_AES_128_CCM_8_SHA256,
125 .cipherAlg = HITLS_CIPHER_AES_128_CCM8,
126 .kxAlg = HITLS_KEY_EXCH_NULL,
127 .authAlg = HITLS_AUTH_ANY,
128 .macAlg = HITLS_MAC_AEAD,
129 .hashAlg = HITLS_HASH_SHA_256,
130 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
131 KEY_BLOCK_PARTITON_LENGTH(12u, 16u, 0u, 0u, 0u, 8u),
132 VERSION_SCOPE(HITLS_VERSION_TLS13, HITLS_VERSION_TLS13, 0u, 0u),
133 .cipherType = HITLS_AEAD_CIPHER,
134 .strengthBits = 128},
135 #endif
136 #ifdef HITLS_TLS_SUITE_RSA_WITH_AES_128_CBC_SHA
137 {.enable = true,
138 .name = CIPHER_NAME("HITLS_RSA_WITH_AES_128_CBC_SHA"),
139 .stdName = CIPHER_NAME("TLS_RSA_WITH_AES_128_CBC_SHA"),
140 .cipherSuite = HITLS_RSA_WITH_AES_128_CBC_SHA,
141 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
142 .kxAlg = HITLS_KEY_EXCH_RSA,
143 .authAlg = HITLS_AUTH_RSA,
144 .macAlg = HITLS_MAC_1,
145 .hashAlg = HITLS_HASH_SHA1,
146 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
147 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 20u, 16u, 16u, 20u),
148 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
149 .cipherType = HITLS_CBC_CIPHER,
150 .strengthBits = 128},
151 #endif
152 #ifdef HITLS_TLS_SUITE_RSA_WITH_AES_256_CBC_SHA
153 {.enable = true,
154 .name = CIPHER_NAME("HITLS_RSA_WITH_AES_256_CBC_SHA"),
155 .stdName = CIPHER_NAME("TLS_RSA_WITH_AES_256_CBC_SHA"),
156 .cipherSuite = HITLS_RSA_WITH_AES_256_CBC_SHA,
157 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
158 .kxAlg = HITLS_KEY_EXCH_RSA,
159 .authAlg = HITLS_AUTH_RSA,
160 .macAlg = HITLS_MAC_1,
161 .hashAlg = HITLS_HASH_SHA1,
162 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
163 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 20u, 16u, 16u, 20u),
164 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
165 .cipherType = HITLS_CBC_CIPHER,
166 .strengthBits = 256},
167 #endif
168 #ifdef HITLS_TLS_SUITE_RSA_WITH_AES_128_CBC_SHA256
169 {.enable = true,
170 .name = CIPHER_NAME("HITLS_RSA_WITH_AES_128_CBC_SHA256"),
171 .stdName = CIPHER_NAME("TLS_RSA_WITH_AES_128_CBC_SHA256"),
172 .cipherSuite = HITLS_RSA_WITH_AES_128_CBC_SHA256,
173 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
174 .kxAlg = HITLS_KEY_EXCH_RSA,
175 .authAlg = HITLS_AUTH_RSA,
176 .macAlg = HITLS_MAC_256,
177 .hashAlg = HITLS_HASH_SHA_256,
178 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
179 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
180 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
181 .cipherType = HITLS_CBC_CIPHER,
182 .strengthBits = 128},
183 #endif
184 #ifdef HITLS_TLS_SUITE_RSA_WITH_AES_256_CBC_SHA256
185 {.enable = true,
186 .name = CIPHER_NAME("HITLS_RSA_WITH_AES_256_CBC_SHA256"),
187 .stdName = CIPHER_NAME("TLS_RSA_WITH_AES_256_CBC_SHA256"),
188 .cipherSuite = HITLS_RSA_WITH_AES_256_CBC_SHA256,
189 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
190 .kxAlg = HITLS_KEY_EXCH_RSA,
191 .authAlg = HITLS_AUTH_RSA,
192 .macAlg = HITLS_MAC_256,
193 .hashAlg = HITLS_HASH_SHA_256,
194 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
195 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 32u, 16u, 16u, 32u),
196 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
197 .cipherType = HITLS_CBC_CIPHER,
198 .strengthBits = 256},
199 #endif
200 #ifdef HITLS_TLS_SUITE_RSA_WITH_AES_128_GCM_SHA256
201 {.enable = true,
202 .name = CIPHER_NAME("HITLS_RSA_WITH_AES_128_GCM_SHA256"),
203 .stdName = CIPHER_NAME("TLS_RSA_WITH_AES_128_GCM_SHA256"),
204 .cipherSuite = HITLS_RSA_WITH_AES_128_GCM_SHA256,
205 .cipherAlg = HITLS_CIPHER_AES_128_GCM,
206 .kxAlg = HITLS_KEY_EXCH_RSA,
207 .authAlg = HITLS_AUTH_RSA,
208 .macAlg = HITLS_MAC_AEAD,
209 .hashAlg = HITLS_HASH_SHA_256,
210 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
211 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
212 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
213 .cipherType = HITLS_AEAD_CIPHER,
214 .strengthBits = 128},
215 #endif
216 #ifdef HITLS_TLS_SUITE_RSA_WITH_AES_256_GCM_SHA384
217 {.enable = true,
218 .name = CIPHER_NAME("HITLS_RSA_WITH_AES_256_GCM_SHA384"),
219 .stdName = CIPHER_NAME("TLS_RSA_WITH_AES_256_GCM_SHA384"),
220 .cipherSuite = HITLS_RSA_WITH_AES_256_GCM_SHA384,
221 .cipherAlg = HITLS_CIPHER_AES_256_GCM,
222 .kxAlg = HITLS_KEY_EXCH_RSA,
223 .authAlg = HITLS_AUTH_RSA,
224 .macAlg = HITLS_MAC_AEAD,
225 .hashAlg = HITLS_HASH_SHA_384,
226 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
227 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
228 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
229 .cipherType = HITLS_AEAD_CIPHER,
230 .strengthBits = 256},
231 #endif
232 #ifdef HITLS_TLS_SUITE_DHE_RSA_WITH_AES_128_GCM_SHA256
233 {.enable = true,
234 .name = CIPHER_NAME("HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256"),
235 .stdName = CIPHER_NAME("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"),
236 .cipherSuite = HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
237 .cipherAlg = HITLS_CIPHER_AES_128_GCM,
238 .kxAlg = HITLS_KEY_EXCH_DHE,
239 .authAlg = HITLS_AUTH_RSA,
240 .macAlg = HITLS_MAC_AEAD,
241 .hashAlg = HITLS_HASH_SHA_256,
242 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
243 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
244 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
245 .cipherType = HITLS_AEAD_CIPHER,
246 .strengthBits = 128},
247 #endif
248 #ifdef HITLS_TLS_SUITE_DHE_RSA_WITH_AES_256_GCM_SHA384
249 {.enable = true,
250 .name = CIPHER_NAME("HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384"),
251 .stdName = CIPHER_NAME("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"),
252 .cipherSuite = HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
253 .cipherAlg = HITLS_CIPHER_AES_256_GCM,
254 .kxAlg = HITLS_KEY_EXCH_DHE,
255 .authAlg = HITLS_AUTH_RSA,
256 .macAlg = HITLS_MAC_AEAD,
257 .hashAlg = HITLS_HASH_SHA_384,
258 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
259 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
260 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
261 .cipherType = HITLS_AEAD_CIPHER,
262 .strengthBits = 256},
263 #endif
264 #ifdef HITLS_TLS_SUITE_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
265 {.enable = true,
266 .name = CIPHER_NAME("HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"),
267 .stdName = CIPHER_NAME("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"),
268 .cipherSuite = HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
269 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
270 .kxAlg = HITLS_KEY_EXCH_ECDHE,
271 .authAlg = HITLS_AUTH_ECDSA,
272 .macAlg = HITLS_MAC_1,
273 .hashAlg = HITLS_HASH_SHA1,
274 .signScheme = CERT_SIG_SCHEME_ECDSA_SHA1,
275 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 20u, 16u, 16u, 20u),
276 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
277 .cipherType = HITLS_CBC_CIPHER,
278 .strengthBits = 128},
279 #endif
280 #ifdef HITLS_TLS_SUITE_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
281 {.enable = true,
282 .name = CIPHER_NAME("HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"),
283 .stdName = CIPHER_NAME("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"),
284 .cipherSuite = HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
285 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
286 .kxAlg = HITLS_KEY_EXCH_ECDHE,
287 .authAlg = HITLS_AUTH_ECDSA,
288 .macAlg = HITLS_MAC_1,
289 .hashAlg = HITLS_HASH_SHA1,
290 .signScheme = CERT_SIG_SCHEME_ECDSA_SHA1,
291 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 20u, 16u, 16u, 20u),
292 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
293 .cipherType = HITLS_CBC_CIPHER,
294 .strengthBits = 256},
295 #endif
296 #ifdef HITLS_TLS_SUITE_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
297 {.enable = true,
298 .name = CIPHER_NAME("HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"),
299 .stdName = CIPHER_NAME("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"),
300 .cipherSuite = HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
301 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
302 .kxAlg = HITLS_KEY_EXCH_ECDHE,
303 .authAlg = HITLS_AUTH_ECDSA,
304 .macAlg = HITLS_MAC_256,
305 .hashAlg = HITLS_HASH_SHA_256,
306 .signScheme = CERT_SIG_SCHEME_ECDSA_SHA1,
307 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
308 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
309 .cipherType = HITLS_CBC_CIPHER,
310 .strengthBits = 128},
311 #endif
312 #ifdef HITLS_TLS_SUITE_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
313 {.enable = true,
314 .name = CIPHER_NAME("HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"),
315 .stdName = CIPHER_NAME("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"),
316 .cipherSuite = HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
317 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
318 .kxAlg = HITLS_KEY_EXCH_ECDHE,
319 .authAlg = HITLS_AUTH_ECDSA,
320 .macAlg = HITLS_MAC_384,
321 .hashAlg = HITLS_HASH_SHA_384,
322 .signScheme = CERT_SIG_SCHEME_ECDSA_SHA1,
323 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 48u, 16u, 16u, 48u),
324 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
325 .cipherType = HITLS_CBC_CIPHER,
326 .strengthBits = 256},
327 #endif
328 #ifdef HITLS_TLS_SUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
329 {.enable = true,
330 .name = CIPHER_NAME("HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"),
331 .stdName = CIPHER_NAME("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"),
332 .cipherSuite = HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
333 .cipherAlg = HITLS_CIPHER_AES_128_GCM,
334 .kxAlg = HITLS_KEY_EXCH_ECDHE,
335 .authAlg = HITLS_AUTH_ECDSA,
336 .macAlg = HITLS_MAC_AEAD,
337 .hashAlg = HITLS_HASH_SHA_256,
338 .signScheme = CERT_SIG_SCHEME_ECDSA_SHA1,
339 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
340 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
341 .cipherType = HITLS_AEAD_CIPHER,
342 .strengthBits = 128},
343 #endif
344 #ifdef HITLS_TLS_SUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
345 {.enable = true,
346 .name = CIPHER_NAME("HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"),
347 .stdName = CIPHER_NAME("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"),
348 .cipherSuite = HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
349 .cipherAlg = HITLS_CIPHER_AES_256_GCM,
350 .kxAlg = HITLS_KEY_EXCH_ECDHE,
351 .authAlg = HITLS_AUTH_ECDSA,
352 .macAlg = HITLS_MAC_AEAD,
353 .hashAlg = HITLS_HASH_SHA_384,
354 .signScheme = CERT_SIG_SCHEME_ECDSA_SHA1,
355 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
356 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
357 .cipherType = HITLS_AEAD_CIPHER,
358 .strengthBits = 256},
359 #endif
360 #ifdef HITLS_TLS_SUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA
361 {.enable = true,
362 .name = CIPHER_NAME("HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"),
363 .stdName = CIPHER_NAME("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"),
364 .cipherSuite = HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
365 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
366 .kxAlg = HITLS_KEY_EXCH_ECDHE,
367 .authAlg = HITLS_AUTH_RSA,
368 .macAlg = HITLS_MAC_1,
369 .hashAlg = HITLS_HASH_SHA1,
370 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
371 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 20u, 16u, 16u, 20u),
372 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
373 .cipherType = HITLS_CBC_CIPHER,
374 .strengthBits = 128},
375 #endif
376 #ifdef HITLS_TLS_SUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA
377 {.enable = true,
378 .name = CIPHER_NAME("HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"),
379 .stdName = CIPHER_NAME("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"),
380 .cipherSuite = HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
381 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
382 .kxAlg = HITLS_KEY_EXCH_ECDHE,
383 .authAlg = HITLS_AUTH_RSA,
384 .macAlg = HITLS_MAC_1,
385 .hashAlg = HITLS_HASH_SHA1,
386 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
387 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 20u, 16u, 16u, 20u),
388 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
389 .cipherType = HITLS_CBC_CIPHER,
390 .strengthBits = 256},
391 #endif
392 #ifdef HITLS_TLS_SUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256
393 {.enable = true,
394 .name = CIPHER_NAME("HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"),
395 .stdName = CIPHER_NAME("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"),
396 .cipherSuite = HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
397 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
398 .kxAlg = HITLS_KEY_EXCH_ECDHE,
399 .authAlg = HITLS_AUTH_RSA,
400 .macAlg = HITLS_MAC_256,
401 .hashAlg = HITLS_HASH_SHA_256,
402 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
403 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
404 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
405 .cipherType = HITLS_CBC_CIPHER,
406 .strengthBits = 128},
407 #endif
408 #ifdef HITLS_TLS_SUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA384
409 {.enable = true,
410 .name = CIPHER_NAME("HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"),
411 .stdName = CIPHER_NAME("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"),
412 .cipherSuite = HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
413 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
414 .kxAlg = HITLS_KEY_EXCH_ECDHE,
415 .authAlg = HITLS_AUTH_RSA,
416 .macAlg = HITLS_MAC_384,
417 .hashAlg = HITLS_HASH_SHA_384,
418 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
419 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 48u, 16u, 16u, 48u),
420 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
421 .cipherType = HITLS_CBC_CIPHER,
422 .strengthBits = 256},
423 #endif
424 #ifdef HITLS_TLS_SUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256
425 {.enable = true,
426 .name = CIPHER_NAME("HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"),
427 .stdName = CIPHER_NAME("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"),
428 .cipherSuite = HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
429 .cipherAlg = HITLS_CIPHER_AES_128_GCM,
430 .kxAlg = HITLS_KEY_EXCH_ECDHE,
431 .authAlg = HITLS_AUTH_RSA,
432 .macAlg = HITLS_MAC_AEAD,
433 .hashAlg = HITLS_HASH_SHA_256,
434 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
435 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
436 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
437 .cipherType = HITLS_AEAD_CIPHER,
438 .strengthBits = 128},
439 #endif
440 #ifdef HITLS_TLS_SUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384
441 {.enable = true,
442 .name = CIPHER_NAME("HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"),
443 .stdName = CIPHER_NAME("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"),
444 .cipherSuite = HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
445 .cipherAlg = HITLS_CIPHER_AES_256_GCM,
446 .kxAlg = HITLS_KEY_EXCH_ECDHE,
447 .authAlg = HITLS_AUTH_RSA,
448 .macAlg = HITLS_MAC_AEAD,
449 .hashAlg = HITLS_HASH_SHA_384,
450 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
451 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
452 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
453 .cipherType = HITLS_AEAD_CIPHER,
454 .strengthBits = 256},
455 #endif
456 #ifdef HITLS_TLS_SUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
457 {.enable = true,
458 .name = CIPHER_NAME("HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"),
459 .stdName = CIPHER_NAME("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"),
460 .cipherSuite = HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
461 .cipherAlg = HITLS_CIPHER_CHACHA20_POLY1305,
462 .kxAlg = HITLS_KEY_EXCH_ECDHE,
463 .authAlg = HITLS_AUTH_RSA,
464 .macAlg = HITLS_MAC_AEAD,
465 .hashAlg = HITLS_HASH_SHA_256,
466 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
467 KEY_BLOCK_PARTITON_LENGTH(12u, 32u, 0u, 0u, 0u, 16u),
468 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
469 .cipherType = HITLS_AEAD_CIPHER,
470 .strengthBits = 256},
471 #endif
472 #ifdef HITLS_TLS_SUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
473 {.enable = true,
474 .name = CIPHER_NAME("HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"),
475 .stdName = CIPHER_NAME("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"),
476 .cipherSuite = HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
477 .cipherAlg = HITLS_CIPHER_CHACHA20_POLY1305,
478 .kxAlg = HITLS_KEY_EXCH_ECDHE,
479 .authAlg = HITLS_AUTH_ECDSA,
480 .macAlg = HITLS_MAC_AEAD,
481 .hashAlg = HITLS_HASH_SHA_256,
482 .signScheme = CERT_SIG_SCHEME_ECDSA_SHA1,
483 KEY_BLOCK_PARTITON_LENGTH(12u, 32u, 0u, 0u, 0u, 16u),
484 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
485 .cipherType = HITLS_AEAD_CIPHER,
486 .strengthBits = 256},
487 #endif
488 #ifdef HITLS_TLS_SUITE_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
489 {.enable = true,
490 .name = CIPHER_NAME("HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"),
491 .stdName = CIPHER_NAME("TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"),
492 .cipherSuite = HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
493 .cipherAlg = HITLS_CIPHER_CHACHA20_POLY1305,
494 .kxAlg = HITLS_KEY_EXCH_DHE,
495 .authAlg = HITLS_AUTH_RSA,
496 .macAlg = HITLS_MAC_AEAD,
497 .hashAlg = HITLS_HASH_SHA_256,
498 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
499 KEY_BLOCK_PARTITON_LENGTH(12u, 32u, 0u, 0u, 0u, 16u),
500 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
501 .cipherType = HITLS_AEAD_CIPHER,
502 .strengthBits = 256},
503 #endif
504 #ifdef HITLS_TLS_SUITE_DHE_DSS_WITH_AES_128_GCM_SHA256
505 {.enable = true,
506 .name = CIPHER_NAME("HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256"),
507 .stdName = CIPHER_NAME("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"),
508 .cipherSuite = HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
509 .cipherAlg = HITLS_CIPHER_AES_128_GCM,
510 .kxAlg = HITLS_KEY_EXCH_DHE,
511 .authAlg = HITLS_AUTH_DSS,
512 .macAlg = HITLS_MAC_AEAD,
513 .hashAlg = HITLS_HASH_SHA_256,
514 .signScheme = CERT_SIG_SCHEME_DSA_SHA1,
515 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
516 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
517 .cipherType = HITLS_AEAD_CIPHER,
518 .strengthBits = 128},
519 #endif
520 #ifdef HITLS_TLS_SUITE_DHE_DSS_WITH_AES_256_GCM_SHA384
521 {.enable = true,
522 .name = CIPHER_NAME("HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384"),
523 .stdName = CIPHER_NAME("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"),
524 .cipherSuite = HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
525 .cipherAlg = HITLS_CIPHER_AES_256_GCM,
526 .kxAlg = HITLS_KEY_EXCH_DHE,
527 .authAlg = HITLS_AUTH_DSS,
528 .macAlg = HITLS_MAC_AEAD,
529 .hashAlg = HITLS_HASH_SHA_384,
530 .signScheme = CERT_SIG_SCHEME_DSA_SHA1,
531 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
532 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
533 .cipherType = HITLS_AEAD_CIPHER,
534 .strengthBits = 256},
535 #endif
536 #ifdef HITLS_TLS_SUITE_DHE_DSS_WITH_AES_128_CBC_SHA
537 {.enable = true,
538 .name = CIPHER_NAME("HITLS_DHE_DSS_WITH_AES_128_CBC_SHA"),
539 .stdName = CIPHER_NAME("TLS_DHE_DSS_WITH_AES_128_CBC_SHA"),
540 .cipherSuite = HITLS_DHE_DSS_WITH_AES_128_CBC_SHA,
541 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
542 .kxAlg = HITLS_KEY_EXCH_DHE,
543 .authAlg = HITLS_AUTH_DSS,
544 .macAlg = HITLS_MAC_1,
545 .hashAlg = HITLS_HASH_SHA1,
546 .signScheme = CERT_SIG_SCHEME_DSA_SHA1,
547 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 20u, 16u, 16u, 20u),
548 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
549 .cipherType = HITLS_CBC_CIPHER,
550 .strengthBits = 128},
551 #endif
552 #ifdef HITLS_TLS_SUITE_DHE_DSS_WITH_AES_256_CBC_SHA
553 {.enable = true,
554 .name = CIPHER_NAME("HITLS_DHE_DSS_WITH_AES_256_CBC_SHA"),
555 .stdName = CIPHER_NAME("TLS_DHE_DSS_WITH_AES_256_CBC_SHA"),
556 .cipherSuite = HITLS_DHE_DSS_WITH_AES_256_CBC_SHA,
557 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
558 .kxAlg = HITLS_KEY_EXCH_DHE,
559 .authAlg = HITLS_AUTH_DSS,
560 .macAlg = HITLS_MAC_1,
561 .hashAlg = HITLS_HASH_SHA1,
562 .signScheme = CERT_SIG_SCHEME_DSA_SHA1,
563 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 20u, 16u, 16u, 20u),
564 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
565 .cipherType = HITLS_CBC_CIPHER,
566 .strengthBits = 256},
567 #endif
568 #ifdef HITLS_TLS_SUITE_DHE_DSS_WITH_AES_128_CBC_SHA256
569 {.enable = true,
570 .name = CIPHER_NAME("HITLS_DHE_DSS_WITH_AES_128_CBC_SHA256"),
571 .stdName = CIPHER_NAME("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"),
572 .cipherSuite = HITLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
573 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
574 .kxAlg = HITLS_KEY_EXCH_DHE,
575 .authAlg = HITLS_AUTH_DSS,
576 .macAlg = HITLS_MAC_256,
577 .hashAlg = HITLS_HASH_SHA_256,
578 .signScheme = CERT_SIG_SCHEME_DSA_SHA1,
579 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
580 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
581 .cipherType = HITLS_CBC_CIPHER,
582 .strengthBits = 128},
583 #endif
584 #ifdef HITLS_TLS_SUITE_DHE_DSS_WITH_AES_256_CBC_SHA256
585 {.enable = true,
586 .name = CIPHER_NAME("HITLS_DHE_DSS_WITH_AES_256_CBC_SHA256"),
587 .stdName = CIPHER_NAME("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"),
588 .cipherSuite = HITLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
589 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
590 .kxAlg = HITLS_KEY_EXCH_DHE,
591 .authAlg = HITLS_AUTH_DSS,
592 .macAlg = HITLS_MAC_256,
593 .hashAlg = HITLS_HASH_SHA_256,
594 .signScheme = CERT_SIG_SCHEME_DSA_SHA1,
595 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 32u, 16u, 16u, 32u),
596 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
597 .cipherType = HITLS_CBC_CIPHER,
598 .strengthBits = 256},
599 #endif
600 #ifdef HITLS_TLS_SUITE_DHE_RSA_WITH_AES_128_CBC_SHA
601 {.enable = true,
602 .name = CIPHER_NAME("HITLS_DHE_RSA_WITH_AES_128_CBC_SHA"),
603 .stdName = CIPHER_NAME("TLS_DHE_RSA_WITH_AES_128_CBC_SHA"),
604 .cipherSuite = HITLS_DHE_RSA_WITH_AES_128_CBC_SHA,
605 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
606 .kxAlg = HITLS_KEY_EXCH_DHE,
607 .authAlg = HITLS_AUTH_RSA,
608 .macAlg = HITLS_MAC_1,
609 .hashAlg = HITLS_HASH_SHA1,
610 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
611 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 20u, 16u, 16u, 20u),
612 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
613 .cipherType = HITLS_CBC_CIPHER,
614 .strengthBits = 128},
615 #endif
616 #ifdef HITLS_TLS_SUITE_DHE_RSA_WITH_AES_256_CBC_SHA
617 {.enable = true,
618 .name = CIPHER_NAME("HITLS_DHE_RSA_WITH_AES_256_CBC_SHA"),
619 .stdName = CIPHER_NAME("TLS_DHE_RSA_WITH_AES_256_CBC_SHA"),
620 .cipherSuite = HITLS_DHE_RSA_WITH_AES_256_CBC_SHA,
621 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
622 .kxAlg = HITLS_KEY_EXCH_DHE,
623 .authAlg = HITLS_AUTH_RSA,
624 .macAlg = HITLS_MAC_1,
625 .hashAlg = HITLS_HASH_SHA1,
626 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
627 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 20u, 16u, 16u, 20u),
628 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
629 .cipherType = HITLS_CBC_CIPHER,
630 .strengthBits = 256},
631 #endif
632 #ifdef HITLS_TLS_SUITE_DHE_RSA_WITH_AES_128_CBC_SHA256
633 {.enable = true,
634 .name = CIPHER_NAME("HITLS_DHE_RSA_WITH_AES_128_CBC_SHA256"),
635 .stdName = CIPHER_NAME("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"),
636 .cipherSuite = HITLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
637 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
638 .kxAlg = HITLS_KEY_EXCH_DHE,
639 .authAlg = HITLS_AUTH_RSA,
640 .macAlg = HITLS_MAC_256,
641 .hashAlg = HITLS_HASH_SHA_256,
642 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
643 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
644 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
645 .cipherType = HITLS_CBC_CIPHER,
646 .strengthBits = 128},
647 #endif
648 #ifdef HITLS_TLS_SUITE_DHE_RSA_WITH_AES_256_CBC_SHA256
649 {.enable = true,
650 .name = CIPHER_NAME("HITLS_DHE_RSA_WITH_AES_256_CBC_SHA256"),
651 .stdName = CIPHER_NAME("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"),
652 .cipherSuite = HITLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
653 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
654 .kxAlg = HITLS_KEY_EXCH_DHE,
655 .authAlg = HITLS_AUTH_RSA,
656 .macAlg = HITLS_MAC_256,
657 .hashAlg = HITLS_HASH_SHA_256,
658 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
659 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 32u, 16u, 16u, 32u),
660 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
661 .cipherType = HITLS_CBC_CIPHER,
662 .strengthBits = 256},
663 #endif
664 // psk nego
665 #ifdef HITLS_TLS_SUITE_PSK_WITH_AES_128_CBC_SHA
666 {.enable = true,
667 .name = CIPHER_NAME("HITLS_PSK_WITH_AES_128_CBC_SHA"),
668 .stdName = CIPHER_NAME("TLS_PSK_WITH_AES_128_CBC_SHA"),
669 .cipherSuite = HITLS_PSK_WITH_AES_128_CBC_SHA,
670 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
671 .kxAlg = HITLS_KEY_EXCH_PSK,
672 .authAlg = HITLS_AUTH_PSK,
673 .macAlg = HITLS_MAC_1,
674 .hashAlg = HITLS_HASH_SHA1,
675 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
676 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 20u, 16u, 16u, 20u),
677 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
678 .cipherType = HITLS_CBC_CIPHER,
679 .strengthBits = 128},
680 #endif
681 #ifdef HITLS_TLS_SUITE_PSK_WITH_AES_256_CBC_SHA
682 {.enable = true,
683 .name = CIPHER_NAME("HITLS_PSK_WITH_AES_256_CBC_SHA"),
684 .stdName = CIPHER_NAME("TLS_PSK_WITH_AES_256_CBC_SHA"),
685 .cipherSuite = HITLS_PSK_WITH_AES_256_CBC_SHA,
686 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
687 .kxAlg = HITLS_KEY_EXCH_PSK,
688 .authAlg = HITLS_AUTH_PSK,
689 .macAlg = HITLS_MAC_1,
690 .hashAlg = HITLS_HASH_SHA1,
691 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
692 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 20u, 16u, 16u, 20u),
693 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
694 .cipherType = HITLS_CBC_CIPHER,
695 .strengthBits = 256},
696 #endif
697 #ifdef HITLS_TLS_SUITE_DHE_PSK_WITH_AES_128_CBC_SHA
698 {.enable = true,
699 .name = CIPHER_NAME("HITLS_DHE_PSK_WITH_AES_128_CBC_SHA"),
700 .stdName = CIPHER_NAME("TLS_DHE_PSK_WITH_AES_128_CBC_SHA"),
701 .cipherSuite = HITLS_DHE_PSK_WITH_AES_128_CBC_SHA,
702 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
703 .kxAlg = HITLS_KEY_EXCH_DHE_PSK,
704 .authAlg = HITLS_AUTH_PSK,
705 .macAlg = HITLS_MAC_1,
706 .hashAlg = HITLS_HASH_SHA1,
707 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
708 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 20u, 16u, 16u, 20u),
709 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
710 .cipherType = HITLS_CBC_CIPHER,
711 .strengthBits = 128},
712 #endif
713 #ifdef HITLS_TLS_SUITE_DHE_PSK_WITH_AES_256_CBC_SHA
714 {.enable = true,
715 .name = CIPHER_NAME("HITLS_DHE_PSK_WITH_AES_256_CBC_SHA"),
716 .stdName = CIPHER_NAME("TLS_DHE_PSK_WITH_AES_256_CBC_SHA"),
717 .cipherSuite = HITLS_DHE_PSK_WITH_AES_256_CBC_SHA,
718 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
719 .kxAlg = HITLS_KEY_EXCH_DHE_PSK,
720 .authAlg = HITLS_AUTH_PSK,
721 .macAlg = HITLS_MAC_1,
722 .hashAlg = HITLS_HASH_SHA1,
723 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
724 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 20u, 16u, 16u, 20u),
725 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
726 .cipherType = HITLS_CBC_CIPHER,
727 .strengthBits = 256},
728 #endif
729 #ifdef HITLS_TLS_SUITE_RSA_PSK_WITH_AES_128_CBC_SHA
730 {.enable = true,
731 .name = CIPHER_NAME("HITLS_RSA_PSK_WITH_AES_128_CBC_SHA"),
732 .stdName = CIPHER_NAME("TLS_RSA_PSK_WITH_AES_128_CBC_SHA"),
733 .cipherSuite = HITLS_RSA_PSK_WITH_AES_128_CBC_SHA,
734 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
735 .kxAlg = HITLS_KEY_EXCH_RSA_PSK,
736 .authAlg = HITLS_AUTH_RSA,
737 .macAlg = HITLS_MAC_1,
738 .hashAlg = HITLS_HASH_SHA1,
739 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
740 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 20u, 16u, 16u, 20u),
741 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
742 .cipherType = HITLS_CBC_CIPHER,
743 .strengthBits = 128},
744 #endif
745 #ifdef HITLS_TLS_SUITE_RSA_PSK_WITH_AES_256_CBC_SHA
746 {.enable = true,
747 .name = CIPHER_NAME("HITLS_RSA_PSK_WITH_AES_256_CBC_SHA"),
748 .stdName = CIPHER_NAME("TLS_RSA_PSK_WITH_AES_256_CBC_SHA"),
749 .cipherSuite = HITLS_RSA_PSK_WITH_AES_256_CBC_SHA,
750 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
751 .kxAlg = HITLS_KEY_EXCH_RSA_PSK,
752 .authAlg = HITLS_AUTH_RSA,
753 .macAlg = HITLS_MAC_1,
754 .hashAlg = HITLS_HASH_SHA1,
755 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
756 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 20u, 16u, 16u, 20u),
757 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
758 .cipherType = HITLS_CBC_CIPHER,
759 .strengthBits = 256},
760 #endif
761 #ifdef HITLS_TLS_SUITE_PSK_WITH_AES_128_GCM_SHA256
762 {.enable = true,
763 .name = CIPHER_NAME("HITLS_PSK_WITH_AES_128_GCM_SHA256"),
764 .stdName = CIPHER_NAME("TLS_PSK_WITH_AES_128_GCM_SHA256"),
765 .cipherSuite = HITLS_PSK_WITH_AES_128_GCM_SHA256,
766 .cipherAlg = HITLS_CIPHER_AES_128_GCM,
767 .kxAlg = HITLS_KEY_EXCH_PSK,
768 .authAlg = HITLS_AUTH_PSK,
769 .macAlg = HITLS_MAC_AEAD,
770 .hashAlg = HITLS_HASH_SHA_256,
771 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
772 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
773 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
774 .cipherType = HITLS_AEAD_CIPHER,
775 .strengthBits = 128},
776 #endif
777 #ifdef HITLS_TLS_SUITE_PSK_WITH_AES_256_GCM_SHA384
778 {.enable = true,
779 .name = CIPHER_NAME("HITLS_PSK_WITH_AES_256_GCM_SHA384"),
780 .stdName = CIPHER_NAME("TLS_PSK_WITH_AES_256_GCM_SHA384"),
781 .cipherSuite = HITLS_PSK_WITH_AES_256_GCM_SHA384,
782 .cipherAlg = HITLS_CIPHER_AES_256_GCM,
783 .kxAlg = HITLS_KEY_EXCH_PSK,
784 .authAlg = HITLS_AUTH_PSK,
785 .macAlg = HITLS_MAC_AEAD,
786 .hashAlg = HITLS_HASH_SHA_384,
787 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
788 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
789 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
790 .cipherType = HITLS_AEAD_CIPHER,
791 .strengthBits = 256},
792 #endif
793 #ifdef HITLS_TLS_SUITE_PSK_WITH_AES_256_CCM
794 {.enable = true,
795 .name = CIPHER_NAME("HITLS_PSK_WITH_AES_256_CCM"),
796 .stdName = CIPHER_NAME("TLS_PSK_WITH_AES_256_CCM"),
797 .cipherSuite = HITLS_PSK_WITH_AES_256_CCM,
798 .cipherAlg = HITLS_CIPHER_AES_256_CCM,
799 .kxAlg = HITLS_KEY_EXCH_PSK,
800 .authAlg = HITLS_AUTH_PSK,
801 .macAlg = HITLS_MAC_AEAD,
802 .hashAlg = HITLS_HASH_SHA_256,
803 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
804 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
805 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
806 .cipherType = HITLS_AEAD_CIPHER,
807 .strengthBits = 256},
808 #endif
809 #ifdef HITLS_TLS_SUITE_DHE_PSK_WITH_AES_128_GCM_SHA256
810 {.enable = true,
811 .name = CIPHER_NAME("HITLS_DHE_PSK_WITH_AES_128_GCM_SHA256"),
812 .stdName = CIPHER_NAME("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"),
813 .cipherSuite = HITLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
814 .cipherAlg = HITLS_CIPHER_AES_128_GCM,
815 .kxAlg = HITLS_KEY_EXCH_DHE_PSK,
816 .authAlg = HITLS_AUTH_PSK,
817 .macAlg = HITLS_MAC_AEAD,
818 .hashAlg = HITLS_HASH_SHA_256,
819 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
820 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
821 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
822 .cipherType = HITLS_AEAD_CIPHER,
823 .strengthBits = 128},
824 #endif
825 #ifdef HITLS_TLS_SUITE_DHE_PSK_WITH_AES_256_GCM_SHA384
826 {.enable = true,
827 .name = CIPHER_NAME("HITLS_DHE_PSK_WITH_AES_256_GCM_SHA384"),
828 .stdName = CIPHER_NAME("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"),
829 .cipherSuite = HITLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
830 .cipherAlg = HITLS_CIPHER_AES_256_GCM,
831 .kxAlg = HITLS_KEY_EXCH_DHE_PSK,
832 .authAlg = HITLS_AUTH_PSK,
833 .macAlg = HITLS_MAC_AEAD,
834 .hashAlg = HITLS_HASH_SHA_384,
835 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
836 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
837 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
838 .cipherType = HITLS_AEAD_CIPHER,
839 .strengthBits = 256},
840 #endif
841 #ifdef HITLS_TLS_SUITE_DHE_PSK_WITH_AES_128_CCM
842 {.enable = true,
843 .name = CIPHER_NAME("HITLS_DHE_PSK_WITH_AES_128_CCM"),
844 .stdName = CIPHER_NAME("TLS_DHE_PSK_WITH_AES_128_CCM"),
845 .cipherSuite = HITLS_DHE_PSK_WITH_AES_128_CCM,
846 .cipherAlg = HITLS_CIPHER_AES_128_CCM,
847 .kxAlg = HITLS_KEY_EXCH_DHE_PSK,
848 .authAlg = HITLS_AUTH_PSK,
849 .macAlg = HITLS_MAC_AEAD,
850 .hashAlg = HITLS_HASH_SHA_256,
851 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
852 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
853 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
854 .cipherType = HITLS_AEAD_CIPHER,
855 .strengthBits = 128},
856 #endif
857 #ifdef HITLS_TLS_SUITE_DHE_PSK_WITH_AES_256_CCM
858 {.enable = true,
859 .name = CIPHER_NAME("HITLS_DHE_PSK_WITH_AES_256_CCM"),
860 .stdName = CIPHER_NAME("TLS_DHE_PSK_WITH_AES_256_CCM"),
861 .cipherSuite = HITLS_DHE_PSK_WITH_AES_256_CCM,
862 .cipherAlg = HITLS_CIPHER_AES_256_CCM,
863 .kxAlg = HITLS_KEY_EXCH_DHE_PSK,
864 .authAlg = HITLS_AUTH_PSK,
865 .macAlg = HITLS_MAC_AEAD,
866 .hashAlg = HITLS_HASH_SHA_256,
867 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
868 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
869 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
870 .cipherType = HITLS_AEAD_CIPHER,
871 .strengthBits = 256},
872 #endif
873 #ifdef HITLS_TLS_SUITE_RSA_PSK_WITH_AES_128_GCM_SHA256
874 {.enable = true,
875 .name = CIPHER_NAME("HITLS_RSA_PSK_WITH_AES_128_GCM_SHA256"),
876 .stdName = CIPHER_NAME("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"),
877 .cipherSuite = HITLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
878 .cipherAlg = HITLS_CIPHER_AES_128_GCM,
879 .kxAlg = HITLS_KEY_EXCH_RSA_PSK,
880 .authAlg = HITLS_AUTH_RSA,
881 .macAlg = HITLS_MAC_AEAD,
882 .hashAlg = HITLS_HASH_SHA_256,
883 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
884 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
885 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
886 .cipherType = HITLS_AEAD_CIPHER,
887 .strengthBits = 128},
888 #endif
889 #ifdef HITLS_TLS_SUITE_RSA_PSK_WITH_AES_256_GCM_SHA384
890 {.enable = true,
891 .name = CIPHER_NAME("HITLS_RSA_PSK_WITH_AES_256_GCM_SHA384"),
892 .stdName = CIPHER_NAME("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"),
893 .cipherSuite = HITLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
894 .cipherAlg = HITLS_CIPHER_AES_256_GCM,
895 .kxAlg = HITLS_KEY_EXCH_RSA_PSK,
896 .authAlg = HITLS_AUTH_RSA,
897 .macAlg = HITLS_MAC_AEAD,
898 .hashAlg = HITLS_HASH_SHA_384,
899 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
900 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
901 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
902 .cipherType = HITLS_AEAD_CIPHER,
903 .strengthBits = 256},
904 #endif
905 #ifdef HITLS_TLS_SUITE_PSK_WITH_AES_128_CBC_SHA256
906 {.enable = true,
907 .name = CIPHER_NAME("HITLS_PSK_WITH_AES_128_CBC_SHA256"),
908 .stdName = CIPHER_NAME("TLS_PSK_WITH_AES_128_CBC_SHA256"),
909 .cipherSuite = HITLS_PSK_WITH_AES_128_CBC_SHA256,
910 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
911 .kxAlg = HITLS_KEY_EXCH_PSK,
912 .authAlg = HITLS_AUTH_PSK,
913 .macAlg = HITLS_MAC_256,
914 .hashAlg = HITLS_HASH_SHA_256,
915 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
916 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
917 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
918 .cipherType = HITLS_CBC_CIPHER,
919 .strengthBits = 128},
920 #endif
921 #ifdef HITLS_TLS_SUITE_PSK_WITH_AES_256_CBC_SHA384
922 {.enable = true,
923 .name = CIPHER_NAME("HITLS_PSK_WITH_AES_256_CBC_SHA384"),
924 .stdName = CIPHER_NAME("TLS_PSK_WITH_AES_256_CBC_SHA384"),
925 .cipherSuite = HITLS_PSK_WITH_AES_256_CBC_SHA384,
926 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
927 .kxAlg = HITLS_KEY_EXCH_PSK,
928 .authAlg = HITLS_AUTH_PSK,
929 .macAlg = HITLS_MAC_384,
930 .hashAlg = HITLS_HASH_SHA_384,
931 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
932 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 48u, 16u, 16u, 48u),
933 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
934 .cipherType = HITLS_CBC_CIPHER,
935 .strengthBits = 256},
936 #endif
937 #ifdef HITLS_TLS_SUITE_DHE_PSK_WITH_AES_128_CBC_SHA256
938 {.enable = true,
939 .name = CIPHER_NAME("HITLS_DHE_PSK_WITH_AES_128_CBC_SHA256"),
940 .stdName = CIPHER_NAME("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"),
941 .cipherSuite = HITLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
942 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
943 .kxAlg = HITLS_KEY_EXCH_DHE_PSK,
944 .authAlg = HITLS_AUTH_PSK,
945 .macAlg = HITLS_MAC_256,
946 .hashAlg = HITLS_HASH_SHA_256,
947 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
948 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
949 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
950 .cipherType = HITLS_CBC_CIPHER,
951 .strengthBits = 128},
952 #endif
953 #ifdef HITLS_TLS_SUITE_DHE_PSK_WITH_AES_256_CBC_SHA384
954 {.enable = true,
955 .name = CIPHER_NAME("HITLS_DHE_PSK_WITH_AES_256_CBC_SHA384"),
956 .stdName = CIPHER_NAME("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"),
957 .cipherSuite = HITLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
958 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
959 .kxAlg = HITLS_KEY_EXCH_DHE_PSK,
960 .authAlg = HITLS_AUTH_PSK,
961 .macAlg = HITLS_MAC_384,
962 .hashAlg = HITLS_HASH_SHA_384,
963 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
964 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 48u, 16u, 16u, 48u),
965 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
966 .cipherType = HITLS_CBC_CIPHER,
967 .strengthBits = 256},
968 #endif
969 #ifdef HITLS_TLS_SUITE_RSA_PSK_WITH_AES_128_CBC_SHA256
970 {.enable = true,
971 .name = CIPHER_NAME("HITLS_RSA_PSK_WITH_AES_128_CBC_SHA256"),
972 .stdName = CIPHER_NAME("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"),
973 .cipherSuite = HITLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
974 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
975 .kxAlg = HITLS_KEY_EXCH_RSA_PSK,
976 .authAlg = HITLS_AUTH_RSA,
977 .macAlg = HITLS_MAC_256,
978 .hashAlg = HITLS_HASH_SHA_256,
979 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
980 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
981 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
982 .cipherType = HITLS_CBC_CIPHER,
983 .strengthBits = 128},
984 #endif
985 #ifdef HITLS_TLS_SUITE_RSA_PSK_WITH_AES_256_CBC_SHA384
986 {.enable = true,
987 .name = CIPHER_NAME("HITLS_RSA_PSK_WITH_AES_256_CBC_SHA384"),
988 .stdName = CIPHER_NAME("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"),
989 .cipherSuite = HITLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
990 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
991 .kxAlg = HITLS_KEY_EXCH_RSA_PSK,
992 .authAlg = HITLS_AUTH_RSA,
993 .macAlg = HITLS_MAC_384,
994 .hashAlg = HITLS_HASH_SHA_384,
995 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
996 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 48u, 16u, 16u, 48u),
997 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
998 .cipherType = HITLS_CBC_CIPHER,
999 .strengthBits = 256},
1000 #endif
1001 #ifdef HITLS_TLS_SUITE_ECDHE_PSK_WITH_AES_128_CBC_SHA
1002 {.enable = true,
1003 .name = CIPHER_NAME("HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"),
1004 .stdName = CIPHER_NAME("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"),
1005 .cipherSuite = HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
1006 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
1007 .kxAlg = HITLS_KEY_EXCH_ECDHE_PSK,
1008 .authAlg = HITLS_AUTH_PSK,
1009 .macAlg = HITLS_MAC_1,
1010 .hashAlg = HITLS_HASH_SHA1,
1011 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1012 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 20u, 16u, 16u, 20u),
1013 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1014 .cipherType = HITLS_CBC_CIPHER,
1015 .strengthBits = 128},
1016 #endif
1017 #ifdef HITLS_TLS_SUITE_ECDHE_PSK_WITH_AES_256_CBC_SHA
1018 {.enable = true,
1019 .name = CIPHER_NAME("HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"),
1020 .stdName = CIPHER_NAME("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"),
1021 .cipherSuite = HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
1022 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
1023 .kxAlg = HITLS_KEY_EXCH_ECDHE_PSK,
1024 .authAlg = HITLS_AUTH_PSK,
1025 .macAlg = HITLS_MAC_1,
1026 .hashAlg = HITLS_HASH_SHA1,
1027 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1028 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 20u, 16u, 16u, 20u),
1029 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1030 .cipherType = HITLS_CBC_CIPHER,
1031 .strengthBits = 256},
1032 #endif
1033 #ifdef HITLS_TLS_SUITE_ECDHE_PSK_WITH_AES_128_CBC_SHA256
1034 {.enable = true,
1035 .name = CIPHER_NAME("HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"),
1036 .stdName = CIPHER_NAME("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"),
1037 .cipherSuite = HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
1038 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
1039 .kxAlg = HITLS_KEY_EXCH_ECDHE_PSK,
1040 .authAlg = HITLS_AUTH_PSK,
1041 .macAlg = HITLS_MAC_256,
1042 .hashAlg = HITLS_HASH_SHA_256,
1043 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1044 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
1045 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1046 .cipherType = HITLS_CBC_CIPHER,
1047 .strengthBits = 128},
1048 #endif
1049 #ifdef HITLS_TLS_SUITE_ECDHE_PSK_WITH_AES_256_CBC_SHA384
1050 {.enable = true,
1051 .name = CIPHER_NAME("HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"),
1052 .stdName = CIPHER_NAME("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"),
1053 .cipherSuite = HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
1054 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
1055 .kxAlg = HITLS_KEY_EXCH_ECDHE_PSK,
1056 .authAlg = HITLS_AUTH_PSK,
1057 .macAlg = HITLS_MAC_384,
1058 .hashAlg = HITLS_HASH_SHA_384,
1059 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1060 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 48u, 16u, 16u, 48u),
1061 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1062 .cipherType = HITLS_CBC_CIPHER,
1063 .strengthBits = 256},
1064 #endif
1065 #ifdef HITLS_TLS_SUITE_PSK_WITH_CHACHA20_POLY1305_SHA256
1066 {.enable = true,
1067 .name = CIPHER_NAME("HITLS_PSK_WITH_CHACHA20_POLY1305_SHA256"),
1068 .stdName = CIPHER_NAME("TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"),
1069 .cipherSuite = HITLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
1070 .cipherAlg = HITLS_CIPHER_CHACHA20_POLY1305,
1071 .kxAlg = HITLS_KEY_EXCH_PSK,
1072 .authAlg = HITLS_AUTH_PSK,
1073 .macAlg = HITLS_MAC_AEAD,
1074 .hashAlg = HITLS_HASH_SHA_256,
1075 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1076 KEY_BLOCK_PARTITON_LENGTH(12u, 32u, 0u, 0u, 0u, 16u),
1077 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1078 .cipherType = HITLS_AEAD_CIPHER,
1079 .strengthBits = 256},
1080 #endif
1081 #ifdef HITLS_TLS_SUITE_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
1082 {.enable = true,
1083 .name = CIPHER_NAME("HITLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"),
1084 .stdName = CIPHER_NAME("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"),
1085 .cipherSuite = HITLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
1086 .cipherAlg = HITLS_CIPHER_CHACHA20_POLY1305,
1087 .kxAlg = HITLS_KEY_EXCH_ECDHE_PSK,
1088 .authAlg = HITLS_AUTH_PSK,
1089 .macAlg = HITLS_MAC_AEAD,
1090 .hashAlg = HITLS_HASH_SHA_256,
1091 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1092 KEY_BLOCK_PARTITON_LENGTH(12u, 32u, 0u, 0u, 0u, 16u),
1093 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1094 .cipherType = HITLS_AEAD_CIPHER,
1095 .strengthBits = 256},
1096 #endif
1097 #ifdef HITLS_TLS_SUITE_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
1098 {.enable = true,
1099 .name = CIPHER_NAME("HITLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"),
1100 .stdName = CIPHER_NAME("TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"),
1101 .cipherSuite = HITLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
1102 .cipherAlg = HITLS_CIPHER_CHACHA20_POLY1305,
1103 .kxAlg = HITLS_KEY_EXCH_DHE_PSK,
1104 .authAlg = HITLS_AUTH_PSK,
1105 .macAlg = HITLS_MAC_AEAD,
1106 .hashAlg = HITLS_HASH_SHA_256,
1107 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1108 KEY_BLOCK_PARTITON_LENGTH(12u, 32u, 0u, 0u, 0u, 16u),
1109 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1110 .cipherType = HITLS_AEAD_CIPHER,
1111 .strengthBits = 256},
1112 #endif
1113 #ifdef HITLS_TLS_SUITE_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
1114 {.enable = true,
1115 .name = CIPHER_NAME("HITLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"),
1116 .stdName = CIPHER_NAME("TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"),
1117 .cipherSuite = HITLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
1118 .cipherAlg = HITLS_CIPHER_CHACHA20_POLY1305,
1119 .kxAlg = HITLS_KEY_EXCH_RSA_PSK,
1120 .authAlg = HITLS_AUTH_RSA,
1121 .macAlg = HITLS_MAC_AEAD,
1122 .hashAlg = HITLS_HASH_SHA_256,
1123 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
1124 KEY_BLOCK_PARTITON_LENGTH(12u, 32u, 0u, 0u, 0u, 16u),
1125 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1126 .cipherType = HITLS_AEAD_CIPHER,
1127 .strengthBits = 256},
1128 #endif
1129 #ifdef HITLS_TLS_SUITE_ECDHE_PSK_WITH_AES_128_CCM_SHA256
1130 {.enable = true,
1131 .name = CIPHER_NAME("HITLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256"),
1132 .stdName = CIPHER_NAME("TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256"),
1133 .cipherSuite = HITLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256,
1134 .cipherAlg = HITLS_CIPHER_AES_128_CCM,
1135 .kxAlg = HITLS_KEY_EXCH_ECDHE_PSK,
1136 .authAlg = HITLS_AUTH_PSK,
1137 .macAlg = HITLS_MAC_AEAD,
1138 .hashAlg = HITLS_HASH_SHA_256,
1139 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1140 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
1141 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1142 .cipherType = HITLS_AEAD_CIPHER,
1143 .strengthBits = 128},
1144 #endif
1145 #ifdef HITLS_TLS_SUITE_ECDHE_PSK_WITH_AES_128_GCM_SHA256
1146 {.enable = true,
1147 .name = CIPHER_NAME("HITLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256"),
1148 .stdName = CIPHER_NAME("TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256"),
1149 .cipherSuite = HITLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
1150 .cipherAlg = HITLS_CIPHER_AES_128_GCM,
1151 .kxAlg = HITLS_KEY_EXCH_ECDHE_PSK,
1152 .authAlg = HITLS_AUTH_PSK,
1153 .macAlg = HITLS_MAC_AEAD,
1154 .hashAlg = HITLS_HASH_SHA_256,
1155 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1156 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
1157 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1158 .cipherType = HITLS_AEAD_CIPHER,
1159 .strengthBits = 128},
1160 #endif
1161 #ifdef HITLS_TLS_SUITE_ECDHE_PSK_WITH_AES_256_GCM_SHA384
1162 {.enable = true,
1163 .name = CIPHER_NAME("HITLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384"),
1164 .stdName = CIPHER_NAME("TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384"),
1165 .cipherSuite = HITLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384,
1166 .cipherAlg = HITLS_CIPHER_AES_256_GCM,
1167 .kxAlg = HITLS_KEY_EXCH_ECDHE_PSK,
1168 .authAlg = HITLS_AUTH_PSK,
1169 .macAlg = HITLS_MAC_AEAD,
1170 .hashAlg = HITLS_HASH_SHA_384,
1171 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1172 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
1173 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1174 .cipherType = HITLS_AEAD_CIPHER,
1175 .strengthBits = 256},
1176 #endif
1177 /* Anonymous cipher suites support */
1178 #ifdef HITLS_TLS_SUITE_DH_ANON_WITH_AES_128_CBC_SHA
1179 {.enable = true,
1180 .name = CIPHER_NAME("HITLS_DH_ANON_WITH_AES_128_CBC_SHA"),
1181 .stdName = CIPHER_NAME("TLS_DH_anon_WITH_AES_128_CBC_SHA"),
1182 .cipherSuite = HITLS_DH_ANON_WITH_AES_128_CBC_SHA,
1183 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
1184 .kxAlg = HITLS_KEY_EXCH_DHE,
1185 .authAlg = HITLS_AUTH_NULL,
1186 .macAlg = HITLS_MAC_1,
1187 .hashAlg = HITLS_HASH_SHA1,
1188 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1189 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 20u, 16u, 16u, 20u),
1190 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1191 .cipherType = HITLS_CBC_CIPHER,
1192 .strengthBits = 128},
1193 #endif
1194 #ifdef HITLS_TLS_SUITE_DH_ANON_WITH_AES_256_CBC_SHA
1195 {.enable = true,
1196 .name = CIPHER_NAME("HITLS_DH_ANON_WITH_AES_256_CBC_SHA"),
1197 .stdName = CIPHER_NAME("TLS_DH_anon_WITH_AES_256_CBC_SHA"),
1198 .cipherSuite = HITLS_DH_ANON_WITH_AES_256_CBC_SHA,
1199 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
1200 .kxAlg = HITLS_KEY_EXCH_DHE,
1201 .authAlg = HITLS_AUTH_NULL,
1202 .macAlg = HITLS_MAC_1,
1203 .hashAlg = HITLS_HASH_SHA1,
1204 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1205 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 20u, 16u, 16u, 20u),
1206 VERSION_SCOPE(HITLS_VERSION_SSL30, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1207 .cipherType = HITLS_CBC_CIPHER,
1208 .strengthBits = 256},
1209 #endif
1210 #ifdef HITLS_TLS_SUITE_DH_ANON_WITH_AES_128_CBC_SHA256
1211 {.enable = true,
1212 .name = CIPHER_NAME("HITLS_DH_ANON_WITH_AES_128_CBC_SHA256"),
1213 .stdName = CIPHER_NAME("TLS_DH_anon_WITH_AES_128_CBC_SHA256"),
1214 .cipherSuite = HITLS_DH_ANON_WITH_AES_128_CBC_SHA256,
1215 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
1216 .kxAlg = HITLS_KEY_EXCH_DHE,
1217 .authAlg = HITLS_AUTH_NULL,
1218 .macAlg = HITLS_MAC_256,
1219 .hashAlg = HITLS_HASH_SHA_256,
1220 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1221 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
1222 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1223 .cipherType = HITLS_CBC_CIPHER,
1224 .strengthBits = 128},
1225 #endif
1226 #ifdef HITLS_TLS_SUITE_DH_ANON_WITH_AES_256_CBC_SHA256
1227 {.enable = true,
1228 .name = CIPHER_NAME("HITLS_DH_ANON_WITH_AES_256_CBC_SHA256"),
1229 .stdName = CIPHER_NAME("TLS_DH_anon_WITH_AES_256_CBC_SHA256"),
1230 .cipherSuite = HITLS_DH_ANON_WITH_AES_256_CBC_SHA256,
1231 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
1232 .kxAlg = HITLS_KEY_EXCH_DHE,
1233 .authAlg = HITLS_AUTH_NULL,
1234 .macAlg = HITLS_MAC_256,
1235 .hashAlg = HITLS_HASH_SHA_256,
1236 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1237 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 32u, 16u, 16u, 32u),
1238 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1239 .cipherType = HITLS_CBC_CIPHER,
1240 .strengthBits = 256},
1241 #endif
1242 #ifdef HITLS_TLS_SUITE_DH_ANON_WITH_AES_128_GCM_SHA256
1243 {.enable = true,
1244 .name = CIPHER_NAME("HITLS_DH_ANON_WITH_AES_128_GCM_SHA256"),
1245 .stdName = CIPHER_NAME("TLS_DH_anon_WITH_AES_128_GCM_SHA256"),
1246 .cipherSuite = HITLS_DH_ANON_WITH_AES_128_GCM_SHA256,
1247 .cipherAlg = HITLS_CIPHER_AES_128_GCM,
1248 .kxAlg = HITLS_KEY_EXCH_DHE,
1249 .authAlg = HITLS_AUTH_NULL,
1250 .macAlg = HITLS_MAC_AEAD,
1251 .hashAlg = HITLS_HASH_SHA_256,
1252 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1253 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
1254 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1255 .cipherType = HITLS_AEAD_CIPHER,
1256 .strengthBits = 128},
1257 #endif
1258 #ifdef HITLS_TLS_SUITE_DH_ANON_WITH_AES_256_GCM_SHA384
1259 {.enable = true,
1260 .name = CIPHER_NAME("HITLS_DH_ANON_WITH_AES_256_GCM_SHA384"),
1261 .stdName = CIPHER_NAME("TLS_DH_anon_WITH_AES_256_GCM_SHA384"),
1262 .cipherSuite = HITLS_DH_ANON_WITH_AES_256_GCM_SHA384,
1263 .cipherAlg = HITLS_CIPHER_AES_256_GCM,
1264 .kxAlg = HITLS_KEY_EXCH_DHE,
1265 .authAlg = HITLS_AUTH_NULL,
1266 .macAlg = HITLS_MAC_AEAD,
1267 .hashAlg = HITLS_HASH_SHA_384,
1268 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1269 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
1270 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1271 .cipherType = HITLS_AEAD_CIPHER,
1272 .strengthBits = 256},
1273 #endif
1274 #ifdef HITLS_TLS_SUITE_ECDH_ANON_WITH_AES_128_CBC_SHA
1275 {.enable = true,
1276 .name = CIPHER_NAME("HITLS_ECDH_ANON_WITH_AES_128_CBC_SHA"),
1277 .stdName = CIPHER_NAME("TLS_ECDH_anon_WITH_AES_128_CBC_SHA"),
1278 .cipherSuite = HITLS_ECDH_ANON_WITH_AES_128_CBC_SHA,
1279 .cipherAlg = HITLS_CIPHER_AES_128_CBC,
1280 .kxAlg = HITLS_KEY_EXCH_ECDHE,
1281 .authAlg = HITLS_AUTH_NULL,
1282 .macAlg = HITLS_MAC_1,
1283 .hashAlg = HITLS_HASH_SHA1,
1284 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1285 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 20u, 16u, 16u, 20u),
1286 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1287 .cipherType = HITLS_CBC_CIPHER,
1288 .strengthBits = 128},
1289 #endif
1290 #ifdef HITLS_TLS_SUITE_ECDH_ANON_WITH_AES_256_CBC_SHA
1291 {.enable = true,
1292 .name = CIPHER_NAME("HITLS_ECDH_ANON_WITH_AES_256_CBC_SHA"),
1293 .stdName = CIPHER_NAME("TLS_ECDH_anon_WITH_AES_256_CBC_SHA"),
1294 .cipherSuite = HITLS_ECDH_ANON_WITH_AES_256_CBC_SHA,
1295 .cipherAlg = HITLS_CIPHER_AES_256_CBC,
1296 .kxAlg = HITLS_KEY_EXCH_ECDHE,
1297 .authAlg = HITLS_AUTH_NULL,
1298 .macAlg = HITLS_MAC_1,
1299 .hashAlg = HITLS_HASH_SHA1,
1300 .signScheme = CERT_SIG_SCHEME_UNKNOWN,
1301 KEY_BLOCK_PARTITON_LENGTH(16u, 32u, 20u, 16u, 16u, 20u),
1302 VERSION_SCOPE(HITLS_VERSION_TLS10, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1303 .cipherType = HITLS_CBC_CIPHER,
1304 .strengthBits = 256},
1305 #endif
1306 #ifdef HITLS_TLS_SUITE_ECDHE_ECDSA_WITH_AES_128_CCM
1307 {.enable = true,
1308 .name = CIPHER_NAME("HITLS_ECDHE_ECDSA_WITH_AES_128_CCM"),
1309 .stdName = CIPHER_NAME("TLS_ECDHE_ECDSA_WITH_AES_128_CCM"),
1310 .cipherSuite = HITLS_ECDHE_ECDSA_WITH_AES_128_CCM,
1311 .cipherAlg = HITLS_CIPHER_AES_128_CCM,
1312 .kxAlg = HITLS_KEY_EXCH_ECDHE,
1313 .authAlg = HITLS_AUTH_ECDSA,
1314 .macAlg = HITLS_MAC_AEAD,
1315 .hashAlg = HITLS_HASH_SHA_256,
1316 .signScheme = CERT_SIG_SCHEME_ECDSA_SHA1,
1317 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
1318 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1319 .cipherType = HITLS_AEAD_CIPHER,
1320 .strengthBits = 128},
1321 #endif
1322 #ifdef HITLS_TLS_SUITE_ECDHE_ECDSA_WITH_AES_256_CCM
1323 {.enable = true,
1324 .name = CIPHER_NAME("HITLS_ECDHE_ECDSA_WITH_AES_256_CCM"),
1325 .stdName = CIPHER_NAME("TLS_ECDHE_ECDSA_WITH_AES_256_CCM"),
1326 .cipherSuite = HITLS_ECDHE_ECDSA_WITH_AES_256_CCM,
1327 .cipherAlg = HITLS_CIPHER_AES_256_CCM,
1328 .kxAlg = HITLS_KEY_EXCH_ECDHE,
1329 .authAlg = HITLS_AUTH_ECDSA,
1330 .macAlg = HITLS_MAC_AEAD,
1331 .hashAlg = HITLS_HASH_SHA_256,
1332 .signScheme = CERT_SIG_SCHEME_ECDSA_SHA1,
1333 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
1334 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1335 .cipherType = HITLS_AEAD_CIPHER,
1336 .strengthBits = 256},
1337 #endif
1338 #ifdef HITLS_TLS_SUITE_DHE_RSA_WITH_AES_128_CCM
1339 {.enable = true,
1340 .name = CIPHER_NAME("HITLS_DHE_RSA_WITH_AES_128_CCM"),
1341 .stdName = CIPHER_NAME("TLS_DHE_RSA_WITH_AES_128_CCM"),
1342 .cipherSuite = HITLS_DHE_RSA_WITH_AES_128_CCM,
1343 .cipherAlg = HITLS_CIPHER_AES_128_CCM,
1344 .kxAlg = HITLS_KEY_EXCH_DHE,
1345 .authAlg = HITLS_AUTH_RSA,
1346 .macAlg = HITLS_MAC_AEAD,
1347 .hashAlg = HITLS_HASH_SHA_256,
1348 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
1349 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
1350 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1351 .cipherType = HITLS_AEAD_CIPHER,
1352 .strengthBits = 128},
1353 #endif
1354 #ifdef HITLS_TLS_SUITE_DHE_RSA_WITH_AES_256_CCM
1355 {.enable = true,
1356 .name = CIPHER_NAME("HITLS_DHE_RSA_WITH_AES_256_CCM"),
1357 .stdName = CIPHER_NAME("TLS_DHE_RSA_WITH_AES_256_CCM"),
1358 .cipherSuite = HITLS_DHE_RSA_WITH_AES_256_CCM,
1359 .cipherAlg = HITLS_CIPHER_AES_256_CCM,
1360 .kxAlg = HITLS_KEY_EXCH_DHE,
1361 .authAlg = HITLS_AUTH_RSA,
1362 .macAlg = HITLS_MAC_AEAD,
1363 .hashAlg = HITLS_HASH_SHA_256,
1364 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
1365 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
1366 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1367 .cipherType = HITLS_AEAD_CIPHER,
1368 .strengthBits = 256},
1369 #endif
1370 #ifdef HITLS_TLS_SUITE_RSA_WITH_AES_128_CCM
1371 {.enable = true,
1372 .name = CIPHER_NAME("HITLS_RSA_WITH_AES_128_CCM"),
1373 .stdName = CIPHER_NAME("TLS_RSA_WITH_AES_128_CCM"),
1374 .cipherSuite = HITLS_RSA_WITH_AES_128_CCM,
1375 .cipherAlg = HITLS_CIPHER_AES_128_CCM,
1376 .kxAlg = HITLS_KEY_EXCH_RSA,
1377 .authAlg = HITLS_AUTH_RSA,
1378 .macAlg = HITLS_MAC_AEAD,
1379 .hashAlg = HITLS_HASH_SHA_256,
1380 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
1381 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
1382 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1383 .cipherType = HITLS_AEAD_CIPHER,
1384 .strengthBits = 128},
1385 #endif
1386 #ifdef HITLS_TLS_SUITE_RSA_WITH_AES_128_CCM_8
1387 {.enable = true,
1388 .name = CIPHER_NAME("HITLS_RSA_WITH_AES_128_CCM_8"),
1389 .stdName = CIPHER_NAME("TLS_RSA_WITH_AES_128_CCM_8"),
1390 .cipherSuite = HITLS_RSA_WITH_AES_128_CCM_8,
1391 .cipherAlg = HITLS_CIPHER_AES_128_CCM8,
1392 .kxAlg = HITLS_KEY_EXCH_RSA,
1393 .authAlg = HITLS_AUTH_RSA,
1394 .macAlg = HITLS_MAC_AEAD,
1395 .hashAlg = HITLS_HASH_SHA_256,
1396 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
1397 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 8u),
1398 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1399 .cipherType = HITLS_AEAD_CIPHER,
1400 .strengthBits = 128},
1401 #endif
1402 #ifdef HITLS_TLS_SUITE_RSA_WITH_AES_256_CCM
1403 {.enable = true,
1404 .name = CIPHER_NAME("HITLS_RSA_WITH_AES_256_CCM"),
1405 .stdName = CIPHER_NAME("TLS_RSA_WITH_AES_256_CCM"),
1406 .cipherSuite = HITLS_RSA_WITH_AES_256_CCM,
1407 .cipherAlg = HITLS_CIPHER_AES_256_CCM,
1408 .kxAlg = HITLS_KEY_EXCH_RSA,
1409 .authAlg = HITLS_AUTH_RSA,
1410 .macAlg = HITLS_MAC_AEAD,
1411 .hashAlg = HITLS_HASH_SHA_256,
1412 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
1413 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 16u),
1414 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1415 .cipherType = HITLS_AEAD_CIPHER,
1416 .strengthBits = 256},
1417 #endif
1418 #ifdef HITLS_TLS_SUITE_RSA_WITH_AES_256_CCM_8
1419 {.enable = true,
1420 .name = CIPHER_NAME("HITLS_RSA_WITH_AES_256_CCM_8"),
1421 .stdName = CIPHER_NAME("TLS_RSA_WITH_AES_256_CCM_8"),
1422 .cipherSuite = HITLS_RSA_WITH_AES_256_CCM_8,
1423 .cipherAlg = HITLS_CIPHER_AES_256_CCM8,
1424 .kxAlg = HITLS_KEY_EXCH_RSA,
1425 .authAlg = HITLS_AUTH_RSA,
1426 .macAlg = HITLS_MAC_AEAD,
1427 .hashAlg = HITLS_HASH_SHA_256,
1428 .signScheme = CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
1429 KEY_BLOCK_PARTITON_LENGTH(4u, 32u, 0u, 0u, 8u, 8u),
1430 VERSION_SCOPE(HITLS_VERSION_TLS12, HITLS_VERSION_TLS12, HITLS_VERSION_DTLS12, HITLS_VERSION_DTLS12),
1431 .cipherType = HITLS_AEAD_CIPHER,
1432 .strengthBits = 256},
1433 #endif
1434 #ifdef HITLS_TLS_PROTO_TLCP11
1435 #ifdef HITLS_TLS_SUITE_ECDHE_SM4_CBC_SM3
1436 {.enable = true,
1437 .name = CIPHER_NAME("HITLS_ECDHE_SM4_CBC_SM3"),
1438 .stdName = CIPHER_NAME("TLS_ECDHE_SM4_CBC_SM3"),
1439 .cipherSuite = HITLS_ECDHE_SM4_CBC_SM3,
1440 .cipherAlg = HITLS_CIPHER_SM4_CBC,
1441 .kxAlg = HITLS_KEY_EXCH_ECDHE,
1442 .authAlg = HITLS_AUTH_SM2,
1443 .macAlg = HITLS_MAC_SM3,
1444 .hashAlg = HITLS_HASH_SM3,
1445 .signScheme = CERT_SIG_SCHEME_SM2_SM3,
1446 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
1447 VERSION_SCOPE(HITLS_VERSION_TLCP_DTLCP11, HITLS_VERSION_TLCP_DTLCP11, 0, 0),
1448 .cipherType = HITLS_CBC_CIPHER,
1449 .strengthBits = 128},
1450 #endif
1451 #ifdef HITLS_TLS_SUITE_ECC_SM4_CBC_SM3
1452 {.enable = true,
1453 .name = CIPHER_NAME("HITLS_ECC_SM4_CBC_SM3"),
1454 .stdName = CIPHER_NAME("TLS_ECC_SM4_CBC_SM3"),
1455 .cipherSuite = HITLS_ECC_SM4_CBC_SM3,
1456 .cipherAlg = HITLS_CIPHER_SM4_CBC,
1457 .kxAlg = HITLS_KEY_EXCH_ECC,
1458 .authAlg = HITLS_AUTH_SM2,
1459 .macAlg = HITLS_MAC_SM3,
1460 .hashAlg = HITLS_HASH_SM3,
1461 .signScheme = CERT_SIG_SCHEME_SM2_SM3,
1462 KEY_BLOCK_PARTITON_LENGTH(16u, 16u, 32u, 16u, 16u, 32u),
1463 VERSION_SCOPE(HITLS_VERSION_TLCP_DTLCP11, HITLS_VERSION_TLCP_DTLCP11, 0, 0),
1464 .cipherType = HITLS_CBC_CIPHER,
1465 .strengthBits = 128},
1466 #endif
1467 #ifdef HITLS_TLS_SUITE_ECDHE_SM4_GCM_SM3
1468 {.enable = true,
1469 .name = CIPHER_NAME("HITLS_ECDHE_SM4_GCM_SM3"),
1470 .stdName = CIPHER_NAME("TLS_ECDHE_SM4_GCM_SM3"),
1471 .cipherSuite = HITLS_ECDHE_SM4_GCM_SM3,
1472 .cipherAlg = HITLS_CIPHER_SM4_GCM,
1473 .kxAlg = HITLS_KEY_EXCH_ECDHE,
1474 .authAlg = HITLS_AUTH_SM2,
1475 .macAlg = HITLS_MAC_AEAD,
1476 .hashAlg = HITLS_HASH_SM3,
1477 .signScheme = CERT_SIG_SCHEME_SM2_SM3,
1478 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
1479 VERSION_SCOPE(HITLS_VERSION_TLCP_DTLCP11, HITLS_VERSION_TLCP_DTLCP11, 0, 0),
1480 .cipherType = HITLS_AEAD_CIPHER,
1481 .strengthBits = 128},
1482 #endif
1483 #ifdef HITLS_TLS_SUITE_ECC_SM4_GCM_SM3
1484 {.enable = true,
1485 .name = CIPHER_NAME("HITLS_ECC_SM4_GCM_SM3"),
1486 .stdName = CIPHER_NAME("TLS_ECC_SM4_GCM_SM3"),
1487 .cipherSuite = HITLS_ECC_SM4_GCM_SM3,
1488 .cipherAlg = HITLS_CIPHER_SM4_GCM,
1489 .kxAlg = HITLS_KEY_EXCH_ECC,
1490 .authAlg = HITLS_AUTH_SM2,
1491 .macAlg = HITLS_MAC_AEAD,
1492 .hashAlg = HITLS_HASH_SM3,
1493 .signScheme = CERT_SIG_SCHEME_SM2_SM3,
1494 KEY_BLOCK_PARTITON_LENGTH(4u, 16u, 0u, 0u, 8u, 16u),
1495 VERSION_SCOPE(HITLS_VERSION_TLCP_DTLCP11, HITLS_VERSION_TLCP_DTLCP11, 0, 0),
1496 .cipherType = HITLS_AEAD_CIPHER,
1497 .strengthBits = 128},
1498 #endif
1499 #endif
1500 };
1501
1502 const CipherSuiteCertType g_cipherSuiteAndCertTypes[] = {
1503 { HITLS_RSA_WITH_AES_128_CBC_SHA, CERT_TYPE_RSA_SIGN },
1504 { HITLS_RSA_WITH_AES_256_CBC_SHA, CERT_TYPE_RSA_SIGN },
1505 { HITLS_RSA_WITH_AES_128_CBC_SHA256, CERT_TYPE_RSA_SIGN },
1506 { HITLS_RSA_WITH_AES_256_CBC_SHA256, CERT_TYPE_RSA_SIGN },
1507 { HITLS_RSA_WITH_AES_128_GCM_SHA256, CERT_TYPE_RSA_SIGN },
1508 { HITLS_RSA_WITH_AES_256_GCM_SHA384, CERT_TYPE_RSA_SIGN },
1509 { HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, CERT_TYPE_RSA_SIGN },
1510 { HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, CERT_TYPE_RSA_SIGN },
1511 { HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, CERT_TYPE_RSA_SIGN },
1512 { HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, CERT_TYPE_RSA_SIGN },
1513 { HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, CERT_TYPE_RSA_SIGN },
1514 { HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CERT_TYPE_RSA_SIGN },
1515 { HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, CERT_TYPE_RSA_SIGN },
1516 { HITLS_DHE_RSA_WITH_AES_128_CBC_SHA, CERT_TYPE_RSA_SIGN },
1517 { HITLS_DHE_RSA_WITH_AES_256_CBC_SHA, CERT_TYPE_RSA_SIGN },
1518 { HITLS_DHE_RSA_WITH_AES_128_CBC_SHA256, CERT_TYPE_RSA_SIGN },
1519 { HITLS_DHE_RSA_WITH_AES_256_CBC_SHA256, CERT_TYPE_RSA_SIGN },
1520 { HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256, CERT_TYPE_RSA_SIGN },
1521 { HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384, CERT_TYPE_RSA_SIGN },
1522 { HITLS_DHE_RSA_WITH_AES_128_CCM, CERT_TYPE_RSA_SIGN },
1523 { HITLS_DHE_RSA_WITH_AES_256_CCM, CERT_TYPE_RSA_SIGN },
1524 { HITLS_RSA_WITH_AES_128_CCM, CERT_TYPE_RSA_SIGN },
1525 { HITLS_RSA_WITH_AES_128_CCM_8, CERT_TYPE_RSA_SIGN },
1526 { HITLS_RSA_WITH_AES_256_CCM, CERT_TYPE_RSA_SIGN },
1527 { HITLS_RSA_WITH_AES_256_CCM_8, CERT_TYPE_RSA_SIGN },
1528 { HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, CERT_TYPE_RSA_SIGN },
1529 { HITLS_RSA_PSK_WITH_AES_128_CBC_SHA, CERT_TYPE_RSA_SIGN },
1530 { HITLS_RSA_PSK_WITH_AES_256_CBC_SHA, CERT_TYPE_RSA_SIGN },
1531 { HITLS_RSA_PSK_WITH_AES_128_GCM_SHA256, CERT_TYPE_RSA_SIGN },
1532 { HITLS_RSA_PSK_WITH_AES_256_GCM_SHA384, CERT_TYPE_RSA_SIGN },
1533 { HITLS_RSA_PSK_WITH_AES_128_CBC_SHA256, CERT_TYPE_RSA_SIGN },
1534 { HITLS_RSA_PSK_WITH_AES_256_CBC_SHA384, CERT_TYPE_RSA_SIGN },
1535 { HITLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, CERT_TYPE_RSA_SIGN },
1536 { HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, CERT_TYPE_ECDSA_SIGN },
1537 { HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, CERT_TYPE_ECDSA_SIGN },
1538 { HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, CERT_TYPE_ECDSA_SIGN },
1539 { HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, CERT_TYPE_ECDSA_SIGN },
1540 { HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CERT_TYPE_ECDSA_SIGN },
1541 { HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CERT_TYPE_ECDSA_SIGN },
1542 { HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, CERT_TYPE_ECDSA_SIGN },
1543 { HITLS_ECDHE_ECDSA_WITH_AES_128_CCM, CERT_TYPE_ECDSA_SIGN },
1544 { HITLS_ECDHE_ECDSA_WITH_AES_256_CCM, CERT_TYPE_ECDSA_SIGN },
1545 { HITLS_DHE_DSS_WITH_AES_128_CBC_SHA, CERT_TYPE_DSS_SIGN },
1546 { HITLS_DHE_DSS_WITH_AES_256_CBC_SHA, CERT_TYPE_DSS_SIGN },
1547 { HITLS_DHE_DSS_WITH_AES_128_CBC_SHA256, CERT_TYPE_DSS_SIGN },
1548 { HITLS_DHE_DSS_WITH_AES_256_CBC_SHA256, CERT_TYPE_DSS_SIGN },
1549 { HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256, CERT_TYPE_DSS_SIGN },
1550 { HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384, CERT_TYPE_DSS_SIGN },
1551 { HITLS_ECDHE_SM4_CBC_SM3, CERT_TYPE_ECDSA_SIGN },
1552 { HITLS_ECC_SM4_CBC_SM3, CERT_TYPE_ECDSA_SIGN },
1553 { HITLS_ECDHE_SM4_GCM_SM3, CERT_TYPE_ECDSA_SIGN },
1554 { HITLS_ECC_SM4_GCM_SM3, CERT_TYPE_ECDSA_SIGN },
1555 };
1556
1557 /**
1558 * @brief Obtain the cipher suite information
1559 *
1560 * @param cipherSuite [IN] Cipher suite of the information to be obtained
1561 * @param cipherInfo [OUT] Cipher suite information
1562 *
1563 * @retval HITLS_SUCCESS obtained successfully
1564 * @retval HITLS_INTERNAL_EXCEPTION Unexpected internal error
1565 * @retval HITLS_MEMCPY_FAIL memcpy_s failed to be executed.
1566 * @retval HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE No information about the cipher suite is found.
1567 */
CFG_GetCipherSuiteInfo(uint16_t cipherSuite,CipherSuiteInfo * cipherInfo)1568 int32_t CFG_GetCipherSuiteInfo(uint16_t cipherSuite, CipherSuiteInfo *cipherInfo)
1569 {
1570 if (cipherInfo == NULL) {
1571 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15858, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
1572 "CFG:cipherInfo is NULL.", 0, 0, 0, 0);
1573 BSL_ERR_PUSH_ERROR(HITLS_INTERNAL_EXCEPTION);
1574 return HITLS_INTERNAL_EXCEPTION;
1575 }
1576 /* Obtain the cipher suite information. If the cipher suite information is successfully obtained, a response is
1577 * returned. */
1578 for (uint32_t i = 0; i < (sizeof(g_cipherSuiteList) / sizeof(g_cipherSuiteList[0])); i++) {
1579 if (g_cipherSuiteList[i].cipherSuite == cipherSuite) {
1580 if (g_cipherSuiteList[i].enable == false) {
1581 break;
1582 }
1583 int32_t ret = memcpy_s(cipherInfo, sizeof(CipherSuiteInfo), &g_cipherSuiteList[i], sizeof(CipherSuiteInfo));
1584 if (ret != EOK) {
1585 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15859, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
1586 "CFG:memcpy failed.", 0, 0, 0, 0);
1587 BSL_ERR_PUSH_ERROR(HITLS_MEMCPY_FAIL);
1588 return HITLS_MEMCPY_FAIL;
1589 }
1590 return HITLS_SUCCESS;
1591 }
1592 }
1593 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15860, BSL_LOG_LEVEL_DEBUG, BSL_LOG_BINLOG_TYPE_RUN,
1594 "CFG: [0x%x]cipher suite is not supported.", cipherSuite, 0, 0, 0);
1595 BSL_ERR_PUSH_ERROR(HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE);
1596 return HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE;
1597 }
1598
1599 /**
1600 * @brief Check whether the input cipher suite is supported.
1601 *
1602 * @param cipherSuite [IN] Cipher suite to be checked
1603 *
1604 * @retval true support
1605 * @retval false Not supported
1606 */
CFG_CheckCipherSuiteSupported(uint16_t cipherSuite)1607 bool CFG_CheckCipherSuiteSupported(uint16_t cipherSuite)
1608 { /** @alias Check the suite and return true if supported. */
1609 for (uint32_t i = 0; i < (sizeof(g_cipherSuiteList) / sizeof(g_cipherSuiteList[0])); i++) {
1610 if (cipherSuite == g_cipherSuiteList[i].cipherSuite) {
1611 return g_cipherSuiteList[i].enable;
1612 }
1613 }
1614
1615 return false;
1616 }
1617
1618 /** Check whether the version is within the allowed range */
CheckTlsVersionInRange(uint16_t cipherMinVersion,uint16_t cipherMaxVersion,uint16_t cfgMinVersion,uint16_t cfgMaxVersion)1619 static bool CheckTlsVersionInRange(uint16_t cipherMinVersion, uint16_t cipherMaxVersion,
1620 uint16_t cfgMinVersion, uint16_t cfgMaxVersion)
1621 {
1622 if ((cipherMaxVersion < cfgMinVersion) || (cipherMinVersion > cfgMaxVersion)) {
1623 return false;
1624 }
1625 return true;
1626 }
1627
1628 /** Check whether the version of the TLCP is within the allowed range */
CheckTLCPVersionInRange(uint16_t version,uint16_t minVersion,uint16_t maxVersion)1629 static bool CheckTLCPVersionInRange(uint16_t version, uint16_t minVersion, uint16_t maxVersion)
1630 {
1631 return (version >= minVersion) && (version <= maxVersion);
1632 }
1633
1634 /** Check whether the version is within the allowed range. (DTLS version numbers are sorted in reverse order. For
1635 * example, DTLS 1.2 is greater than DTLS 1.3 */
CheckDtlsVersionInRange(uint16_t cipherMinVersion,uint16_t cipherMaxVersion,uint16_t cfgMinVersion,uint16_t cfgMaxVersion)1636 static bool CheckDtlsVersionInRange(uint16_t cipherMinVersion, uint16_t cipherMaxVersion,
1637 uint16_t cfgMinVersion, uint16_t cfgMaxVersion)
1638 {
1639 if ((cipherMaxVersion > cfgMinVersion) || (cipherMinVersion < cfgMaxVersion)) {
1640 return false;
1641 }
1642 return true;
1643 }
1644
1645 /**
1646 * @brief Check whether the input cipher suite complies with the version
1647 *
1648 * @param cipherSuite [IN] Cipher suite to be checked
1649 * minVersion [IN] Indicates the earliest version of the cipher suite
1650 * maxVersion [IN] Indicates the latest version of the cipher suite
1651 *
1652 * @retval true support
1653 * @retval false Not supported
1654 */
CFG_CheckCipherSuiteVersion(uint16_t cipherSuite,uint16_t minVersion,uint16_t maxVersion)1655 bool CFG_CheckCipherSuiteVersion(uint16_t cipherSuite, uint16_t minVersion, uint16_t maxVersion)
1656 {
1657 const CipherSuiteInfo *suiteInfo = NULL;
1658
1659 /** @alias Check the suite and return true if supported. */
1660 for (uint32_t i = 0; i < (sizeof(g_cipherSuiteList) / sizeof(g_cipherSuiteList[0])); i++) {
1661 suiteInfo = &g_cipherSuiteList[i];
1662 if (cipherSuite == suiteInfo->cipherSuite) { /** tlcp max version equal min version */
1663 return CheckTlsVersionInRange(suiteInfo->minVersion, suiteInfo->maxVersion, minVersion, maxVersion) ||
1664 CheckDtlsVersionInRange(suiteInfo->minDtlsVersion, suiteInfo->maxDtlsVersion, minVersion, maxVersion) ||
1665 CheckTLCPVersionInRange(minVersion, suiteInfo->minVersion, suiteInfo->maxVersion) ||
1666 CheckTLCPVersionInRange(maxVersion, suiteInfo->minVersion, suiteInfo->maxVersion);
1667 }
1668 }
1669
1670 return false;
1671 }
1672
1673 /**
1674 * @brief Obtain the signature algorithm and hash algorithm by combining the parameters of the signature hash
1675 * algorithm.
1676 *
1677 * @param ctx [IN] HITLS context
1678 * @param scheme [IN] Signature and hash algorithm combination
1679 * @param signAlg [OUT] Signature algorithm
1680 * @param hashAlg [OUT] Hash algorithm
1681 *
1682 * @retval true Obtained successfully.
1683 * @retval false Obtaining failed.
1684 */
CFG_GetSignParamBySchemes(const HITLS_Ctx * ctx,HITLS_SignHashAlgo scheme,HITLS_SignAlgo * signAlg,HITLS_HashAlgo * hashAlg)1685 bool CFG_GetSignParamBySchemes(const HITLS_Ctx *ctx, HITLS_SignHashAlgo scheme, HITLS_SignAlgo *signAlg,
1686 HITLS_HashAlgo *hashAlg)
1687 {
1688 if (ctx == NULL || signAlg == NULL || hashAlg == NULL) {
1689 return false;
1690 }
1691
1692 const TLS_SigSchemeInfo *info = ConfigGetSignatureSchemeInfo(&ctx->config.tlsConfig, scheme);
1693 if (info == NULL) {
1694 return false;
1695 }
1696 *signAlg = info->signAlgId;
1697 *hashAlg = info->hashAlgId;
1698 return true;
1699 }
1700
1701 /**
1702 * @brief get the group name of the signature algorithm
1703 * @param ctx [IN] HITLS context
1704 * @param scheme [IN] signature algorithm
1705 *
1706 * @retval group name
1707 */
CFG_GetEcdsaCurveNameBySchemes(const HITLS_Ctx * ctx,HITLS_SignHashAlgo scheme)1708 HITLS_NamedGroup CFG_GetEcdsaCurveNameBySchemes(const HITLS_Ctx *ctx, HITLS_SignHashAlgo scheme)
1709 {
1710 const TLS_SigSchemeInfo *info = ConfigGetSignatureSchemeInfo(&ctx->config.tlsConfig, scheme);
1711 if (info == NULL) {
1712 return HITLS_NAMED_GROUP_BUTT;
1713 }
1714 uint32_t groupInfoNum = 0;
1715 const TLS_GroupInfo *groupInfo = ConfigGetGroupInfoList(&ctx->config.tlsConfig, &groupInfoNum);
1716 if (groupInfo == NULL || groupInfoNum == 0) {
1717 return HITLS_NAMED_GROUP_BUTT;
1718 }
1719 for (uint32_t i = 0; i < groupInfoNum; i++) {
1720 if (groupInfo[i].paraId == info->paraId) {
1721 return groupInfo[i].groupId;
1722 }
1723 }
1724 return HITLS_NAMED_GROUP_BUTT;
1725 }
1726
1727 /**
1728 * @brief Obtain the certificate type based on the cipher suite
1729 *
1730 * @param cipherSuite [IN] Cipher suite
1731 *
1732 * @return Certificate type corresponding to the cipher suite
1733 */
CFG_GetCertTypeByCipherSuite(uint16_t cipherSuite)1734 uint8_t CFG_GetCertTypeByCipherSuite(uint16_t cipherSuite)
1735 {
1736 for (uint32_t i = 0; i < (sizeof(g_cipherSuiteAndCertTypes) / sizeof(g_cipherSuiteAndCertTypes[0])); i++) {
1737 if (cipherSuite == g_cipherSuiteAndCertTypes[i].cipherSuite) {
1738 return g_cipherSuiteAndCertTypes[i].certType;
1739 }
1740 }
1741
1742 return CERT_TYPE_UNKNOWN;
1743 }
1744 #ifdef HITLS_TLS_CONFIG_CIPHER_SUITE
1745 /* Convert the supported version number to the corresponding character string */
ProtocolToString(uint16_t version)1746 static const uint8_t* ProtocolToString(uint16_t version)
1747 {
1748 const char *ret = NULL;
1749 switch (version) {
1750 case HITLS_VERSION_TLS12:
1751 ret = "TLSv1.2";
1752 break;
1753 case HITLS_VERSION_TLS13:
1754 ret = "TLSv1.3";
1755 break;
1756 case HITLS_VERSION_DTLS10:
1757 ret = "DTLSv1";
1758 break;
1759 case HITLS_VERSION_DTLS12:
1760 ret = "DTLSv1.2";
1761 break;
1762 case HITLS_VERSION_TLCP_DTLCP11:
1763 ret = "(D)TLCP1.1";
1764 break;
1765 default:
1766 ret = "unknown";
1767 break;
1768 }
1769 return (const uint8_t *)ret;
1770 }
1771
1772 /* Convert the server authorization algorithm type to the corresponding character string */
AuthAlgToString(HITLS_AuthAlgo authAlg)1773 static const uint8_t* AuthAlgToString(HITLS_AuthAlgo authAlg)
1774 {
1775 const char *ret = NULL;
1776 switch (authAlg) {
1777 case HITLS_AUTH_RSA:
1778 ret = "RSA";
1779 break;
1780 case HITLS_AUTH_ECDSA:
1781 ret = "ECDSA";
1782 break;
1783 case HITLS_AUTH_DSS:
1784 ret = "DSS";
1785 break;
1786 case HITLS_AUTH_SM2:
1787 ret = "SM2";
1788 break;
1789 default:
1790 ret = "unknown";
1791 break;
1792 }
1793 return (const uint8_t *)ret;
1794 }
1795
1796 /* Convert the key exchange algorithm type to the corresponding character string */
KeyExchAlgToString(HITLS_KeyExchAlgo kxAlg)1797 static const uint8_t* KeyExchAlgToString(HITLS_KeyExchAlgo kxAlg)
1798 {
1799 const char *ret = NULL;
1800 switch (kxAlg) {
1801 case HITLS_KEY_EXCH_ECDHE:
1802 ret = "ECDHE";
1803 break;
1804 case HITLS_KEY_EXCH_DHE:
1805 ret = "DHE";
1806 break;
1807 case HITLS_KEY_EXCH_ECDH:
1808 ret = "ECDH";
1809 break;
1810 case HITLS_KEY_EXCH_DH:
1811 ret = "DH";
1812 break;
1813 case HITLS_KEY_EXCH_RSA:
1814 ret = "RSA";
1815 break;
1816 case HITLS_KEY_EXCH_PSK:
1817 ret = "PSK";
1818 break;
1819 case HITLS_KEY_EXCH_ECC:
1820 ret = "ECC";
1821 break;
1822 default:
1823 ret = "unknown";
1824 break;
1825 }
1826 return (const uint8_t *)ret;
1827 }
1828
1829 /* Convert the MAC algorithm type to the corresponding character string */
MacAlgToString(HITLS_MacAlgo macAlg)1830 static const uint8_t* MacAlgToString(HITLS_MacAlgo macAlg)
1831 {
1832 const char *ret = NULL;
1833 switch (macAlg) {
1834 case HITLS_MAC_1:
1835 ret = "SHA1";
1836 break;
1837 case HITLS_MAC_256:
1838 ret = "SHA256";
1839 break;
1840 case HITLS_MAC_384:
1841 ret = "SHA384";
1842 break;
1843 case HITLS_MAC_512:
1844 ret = "SHA512";
1845 break;
1846 case HITLS_MAC_AEAD:
1847 ret = "AEAD";
1848 break;
1849 case HITLS_MAC_SM3:
1850 ret = "SM3";
1851 break;
1852 default:
1853 ret = "unknown";
1854 break;
1855 }
1856 return (const uint8_t *)ret;
1857 }
1858
1859 /* Convert the hash algorithm type to the corresponding character string */
HashAlgToString(HITLS_HashAlgo hashAlg)1860 static const uint8_t* HashAlgToString(HITLS_HashAlgo hashAlg)
1861 {
1862 const char *ret = NULL;
1863 switch (hashAlg) {
1864 case HITLS_HASH_MD5:
1865 ret = "MD5";
1866 break;
1867 case HITLS_HASH_SHA1:
1868 ret = "SHA1";
1869 break;
1870 case HITLS_HASH_SHA_256:
1871 ret = "SHA256";
1872 break;
1873 case HITLS_HASH_SHA_384:
1874 ret = "SHA384";
1875 break;
1876 case HITLS_HASH_SHA_512:
1877 ret = "SHA512";
1878 break;
1879 case HITLS_HASH_SM3:
1880 ret = "SM3";
1881 break;
1882 default:
1883 ret = "unknown";
1884 break;
1885 }
1886 return (const uint8_t *)ret;
1887 }
1888
1889 /* Search the corresponding index in the table based on the cipher suite. If the cipher suite is invalid,
1890 * CIPHER_SUITE_NOT_EXIST is returned */
FindCipherSuiteIndexByCipherSuite(const uint16_t cipherSuite)1891 static int32_t FindCipherSuiteIndexByCipherSuite(const uint16_t cipherSuite)
1892 {
1893 uint32_t i;
1894 for (i = 0; i < sizeof(g_cipherSuiteList) / sizeof(CipherSuiteInfo); i++) {
1895 if (g_cipherSuiteList[i].cipherSuite == cipherSuite) {
1896 return (int32_t)i;
1897 }
1898 }
1899 BSL_ERR_PUSH_ERROR(HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE);
1900 return HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE;
1901 }
1902
1903
GetCipherSuiteDescription(const CipherSuiteInfo * cipherSuiteInfo,uint8_t * buf,int len)1904 static int32_t GetCipherSuiteDescription(const CipherSuiteInfo *cipherSuiteInfo, uint8_t *buf, int len)
1905 {
1906 if (cipherSuiteInfo == NULL || buf == NULL || len < CIPHERSUITE_DESCRIPTION_MAXLEN) {
1907 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
1908 return HITLS_NULL_INPUT;
1909 }
1910
1911 const uint8_t *ver, *kx, *au, *hash, *mac;
1912 static const char *format = "%-30s %-7s Kx=%-8s Au=%-5s Hash=%-22s Mac=%-4s\n";
1913
1914 ver = ProtocolToString(cipherSuiteInfo->minVersion);
1915 kx = KeyExchAlgToString(cipherSuiteInfo->kxAlg);
1916 au = AuthAlgToString(cipherSuiteInfo->authAlg);
1917 mac = MacAlgToString(cipherSuiteInfo->macAlg);
1918 hash = HashAlgToString(cipherSuiteInfo->hashAlg);
1919
1920 int32_t ret = snprintf_s((char *)buf, CIPHERSUITE_DESCRIPTION_MAXLEN, CIPHERSUITE_DESCRIPTION_MAXLEN,
1921 format, cipherSuiteInfo->name, ver, kx, au, hash, mac);
1922 if (ret < 0 || ret > CIPHERSUITE_DESCRIPTION_MAXLEN - 1) {
1923 BSL_ERR_PUSH_ERROR(HITLS_CONFIG_INVALID_LENGTH);
1924 return HITLS_CONFIG_INVALID_LENGTH;
1925 }
1926
1927 return HITLS_SUCCESS;
1928 }
1929
1930 /**
1931 * @brief Obtain the Symmetric-key algorithm type based on the cipher suite
1932 *
1933 * @param cipher[IN] Cipher suite
1934 * @param cipherAlg [OUT] Obtained Symmetric-key algorithm type.
1935 * @retval HITLS_SUCCESS succeeded
1936 * @retval For other error codes, see hitls_error.h.
1937 */
HITLS_CFG_GetCipherId(const HITLS_Cipher * cipher,HITLS_CipherAlgo * cipherAlg)1938 int32_t HITLS_CFG_GetCipherId(const HITLS_Cipher *cipher, HITLS_CipherAlgo *cipherAlg)
1939 {
1940 if (cipher == NULL || cipherAlg == NULL) {
1941 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
1942 return HITLS_NULL_INPUT;
1943 }
1944
1945 *cipherAlg = cipher->cipherAlg;
1946 return HITLS_SUCCESS;
1947 }
1948
1949 /**
1950 * @brief Obtain the hash algorithm type based on the cipher suite.
1951 *
1952 * @param cipher [IN] Cipher suite
1953 * @param hashAlg [OUT] Obtained hash algorithm type
1954 * @retval HITLS_SUCCESS succeeded
1955 * @retval For other error codes, see hitls_error.h
1956 */
HITLS_CFG_GetHashId(const HITLS_Cipher * cipher,HITLS_HashAlgo * hashAlg)1957 int32_t HITLS_CFG_GetHashId(const HITLS_Cipher *cipher, HITLS_HashAlgo *hashAlg)
1958 {
1959 if (cipher == NULL || hashAlg == NULL) {
1960 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
1961 return HITLS_NULL_INPUT;
1962 }
1963
1964 *hashAlg = cipher->hashAlg;
1965 return HITLS_SUCCESS;
1966 }
1967
1968 /**
1969 * @brief Obtain the MAC algorithm type based on the cipher suite.
1970 *
1971 * @param cipher [IN] Cipher suite
1972 * @param macAlg [OUT] Obtained MAC algorithm type.
1973 * @retval HITLS_SUCCESS succeeded
1974 * @retval For other error codes, see hitls_error.h
1975 */
HITLS_CFG_GetMacId(const HITLS_Cipher * cipher,HITLS_MacAlgo * macAlg)1976 int32_t HITLS_CFG_GetMacId(const HITLS_Cipher *cipher, HITLS_MacAlgo *macAlg)
1977 {
1978 if (cipher == NULL || macAlg == NULL) {
1979 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
1980 return HITLS_NULL_INPUT;
1981 }
1982
1983 *macAlg = cipher->macAlg;
1984 return HITLS_SUCCESS;
1985 }
1986
1987 /**
1988 * @brief Obtain the server authorization algorithm type based on the cipher suite
1989 *
1990 * @param cipher [IN] Cipher suite
1991 * @param authAlg [OUT] Obtained server authorization type.
1992 * @retval HITLS_SUCCESS succeeded
1993 * @retval For other error codes, see hitls_error.h.
1994 */
HITLS_CFG_GetAuthId(const HITLS_Cipher * cipher,HITLS_AuthAlgo * authAlg)1995 int32_t HITLS_CFG_GetAuthId(const HITLS_Cipher *cipher, HITLS_AuthAlgo *authAlg)
1996 {
1997 if (cipher == NULL || authAlg == NULL) {
1998 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
1999 return HITLS_NULL_INPUT;
2000 }
2001 *authAlg = cipher->authAlg;
2002 return HITLS_SUCCESS;
2003 }
2004
2005 /**
2006 * @brief Obtain the key exchange algorithm type based on the cipher suite.
2007 *
2008 * @param cipher [IN] Cipher suite
2009 * @param kxAlg [OUT] Obtained key exchange algorithm type.
2010 * @retval HITLS_SUCCESS succeeded
2011 * @retval For other error codes, see hitls_error.h.
2012 */
HITLS_CFG_GetKeyExchId(const HITLS_Cipher * cipher,HITLS_KeyExchAlgo * kxAlg)2013 int32_t HITLS_CFG_GetKeyExchId(const HITLS_Cipher *cipher, HITLS_KeyExchAlgo *kxAlg)
2014 {
2015 if (cipher == NULL || kxAlg == NULL) {
2016 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
2017 return HITLS_NULL_INPUT;
2018 }
2019 *kxAlg = cipher->kxAlg;
2020 return HITLS_SUCCESS;
2021 }
2022
2023 /**
2024 * @brief Obtain the cipher suite name based on the cipher suite.
2025 *
2026 * @param cipher [IN] Cipher suite
2027 * @retval "(NONE)" Invalid cipher suite.
2028 * @retval Name of the given cipher suite
2029 */
HITLS_CFG_GetCipherSuiteName(const HITLS_Cipher * cipher)2030 const uint8_t* HITLS_CFG_GetCipherSuiteName(const HITLS_Cipher *cipher)
2031 {
2032 if (cipher == NULL) {
2033 return (const uint8_t *)"(NONE)";
2034 }
2035 return (const uint8_t *)cipher->name;
2036 }
2037
2038 /**
2039 * @brief Obtain the RFC standard name of the cipher suite based on the cipher suite.
2040 *
2041 * @param cipher [IN] Cipher suite
2042 *
2043 * @retval "(NONE)" Invalid cipher suite.
2044 * @retval RFC standard name for the given cipher suite
2045 */
HITLS_CFG_GetCipherSuiteStdName(const HITLS_Cipher * cipher)2046 const uint8_t* HITLS_CFG_GetCipherSuiteStdName(const HITLS_Cipher *cipher)
2047 {
2048 if (cipher == NULL) {
2049 return (const uint8_t *)"(NONE)";
2050 }
2051 return (const uint8_t *)cipher->stdName;
2052 }
2053
FindCipherSuiteIndexByStdName(const uint8_t * stdName)2054 static int32_t FindCipherSuiteIndexByStdName(const uint8_t* stdName)
2055 {
2056 for (uint32_t i = 0; i < sizeof(g_cipherSuiteList) / sizeof(CipherSuiteInfo); i++) {
2057 if (strncmp(g_cipherSuiteList[i].stdName, (const char *)stdName, strlen(g_cipherSuiteList[i].stdName) + 1) ==
2058 0) {
2059 return (int32_t)i;
2060 }
2061 }
2062 BSL_ERR_PUSH_ERROR(HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE);
2063 return HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE;
2064 }
2065
HITLS_CFG_GetCipherSuiteByStdName(const uint8_t * stdName)2066 const HITLS_Cipher* HITLS_CFG_GetCipherSuiteByStdName(const uint8_t* stdName)
2067 {
2068 if (stdName == NULL) {
2069 return NULL;
2070 }
2071 int32_t index = FindCipherSuiteIndexByStdName(stdName);
2072 if (index == HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE) {
2073 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16549, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
2074 "No proper cipher suite", 0, 0, 0, 0);
2075 return NULL;
2076 }
2077 return &g_cipherSuiteList[index];
2078 }
2079
2080 /**
2081 * @brief Obtain the earliest TLS version supported by the cipher suite based on the cipher suite.
2082 *
2083 * @param cipher [IN] Cipher suite
2084 * @param version [OUT] Obtain the earliest TLS version supported by the cipher suite.
2085 * @retval HITLS_SUCCESS succeeded
2086 * @retval For other error codes, see hitls_error.h.
2087 */
HITLS_CFG_GetCipherVersion(const HITLS_Cipher * cipher,int32_t * version)2088 int32_t HITLS_CFG_GetCipherVersion(const HITLS_Cipher *cipher, int32_t *version)
2089 {
2090 if (cipher == NULL || version == NULL) {
2091 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
2092 return HITLS_NULL_INPUT;
2093 }
2094
2095 *version = cipher->minVersion;
2096 return HITLS_SUCCESS;
2097 }
2098
2099 /**
2100 * @brief Output the description of the cipher suite as a character string.
2101 *
2102 * @param cipherSuite [IN] Cipher suite
2103 * @param buf [OUT] Output the description.
2104 * @param len [IN] Description length
2105 * @retval NULL Failed to obtain the description.
2106 * @retval Description of the cipher suite
2107 */
HITLS_CFG_GetDescription(const HITLS_Cipher * cipher,uint8_t * buf,int32_t len)2108 int32_t HITLS_CFG_GetDescription(const HITLS_Cipher *cipher, uint8_t *buf, int32_t len)
2109 {
2110 return GetCipherSuiteDescription(cipher, buf, len);
2111 }
2112
2113 /**
2114 * @brief Determine whether to use the AEAD algorithm based on the cipher suite information.
2115 *
2116 * @param cipher [IN] Cipher suite information
2117 * @param isAead [OUT] Indicates whether to use the AEAD algorithm.
2118 * @return HITLS_SUCCESS Obtained successfully.
2119 * HITLS_NULL_INPUT The input parameter pointer is NULL.
2120 */
HITLS_CIPHER_IsAead(const HITLS_Cipher * cipher,uint8_t * isAead)2121 int32_t HITLS_CIPHER_IsAead(const HITLS_Cipher *cipher, uint8_t *isAead)
2122 {
2123 if (cipher == NULL || isAead == NULL) {
2124 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
2125 return HITLS_NULL_INPUT;
2126 }
2127
2128 *isAead = (cipher->cipherType == HITLS_AEAD_CIPHER);
2129 return HITLS_SUCCESS;
2130 }
2131
HITLS_CFG_GetCipherByID(uint16_t cipherSuite)2132 const HITLS_Cipher *HITLS_CFG_GetCipherByID(uint16_t cipherSuite)
2133 {
2134 int32_t index = FindCipherSuiteIndexByCipherSuite(cipherSuite);
2135 if (index == HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE) {
2136 return NULL;
2137 }
2138
2139 return &g_cipherSuiteList[index];
2140 }
2141
HITLS_CFG_GetCipherSuite(const HITLS_Cipher * cipher,uint16_t * cipherSuite)2142 int32_t HITLS_CFG_GetCipherSuite(const HITLS_Cipher *cipher, uint16_t *cipherSuite)
2143 {
2144 if (cipher == NULL || cipherSuite == NULL) {
2145 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
2146 return HITLS_NULL_INPUT;
2147 }
2148
2149 *cipherSuite = cipher->cipherSuite;
2150
2151 return HITLS_SUCCESS;
2152 }
2153 #endif /* HITLS_TLS_CONFIG_CIPHER_SUITE */