TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / 0fc9291f405157f935e0001622f91b759ce44be6 / . / lib / libmbedtls / mbedtls / library / ssl_ciphersuites.c
blob: 23619a26c88f6d9cf25144a7e1e5c63b63b86f42 [file] [log] [blame]
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]4 * \brief SSL ciphersuites for Mbed TLS
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]5 *
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]6 * Copyright The Mbed TLS Contributors
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]8 */
9
Jerome Forissier79013242021-07-28 10:24:04 +0200[diff] [blame]10#include "common.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]11
12#if defined(MBEDTLS_SSL_TLS_C)
13
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]14#include "mbedtls/platform.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]15
16#include "mbedtls/ssl_ciphersuites.h"
17#include "mbedtls/ssl.h"
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]18#include "ssl_misc.h"
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]19#if defined(MBEDTLS_USE_PSA_CRYPTO)
20#include "mbedtls/psa_util.h"
21#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]22
23#include <string.h>
24
25/*
26 * Ordered from most preferred to least preferred in terms of security.
27 *
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]28 * Current rule (except weak and null which come last):
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]29 * 1. By key exchange:
30 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
31 * 2. By key length and cipher:
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]32 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]33 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
34 * 4. By hash function used when relevant
35 * 5. By key exchange/auth again: EC > non-EC
36 */
37static const int ciphersuite_preference[] =
38{
39#if defined(MBEDTLS_SSL_CIPHERSUITES)
40 MBEDTLS_SSL_CIPHERSUITES,
41#else
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]42#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
43 /* TLS 1.3 ciphersuites */
44 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
45 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
46 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
47 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
48 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
49#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
50
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]51 /* Chacha-Poly ephemeral suites */
52 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
53 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
54 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
55
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]56 /* All AES-256 ephemeral suites */
57 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
58 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
59 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
60 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
61 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
62 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
63 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
64 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
65 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
66 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
67 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
69 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
70
71 /* All CAMELLIA-256 ephemeral suites */
72 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
73 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
74 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
75 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
76 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
77 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
78 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
79
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]80 /* All ARIA-256 ephemeral suites */
81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
82 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
83 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
84 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
85 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
86 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
87
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]88 /* All AES-128 ephemeral suites */
89 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
90 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
91 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
93 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
94 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
95 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
96 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
97 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
98 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
99 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
100 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
101 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
102
103 /* All CAMELLIA-128 ephemeral suites */
104 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
105 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
106 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
107 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
108 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
109 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
110 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
111
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]112 /* All ARIA-128 ephemeral suites */
113 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
114 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
115 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
116 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
117 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
118 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
119
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]120 /* The PSK ephemeral suites */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]121 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
122 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]123 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
124 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
125 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
126 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
127 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
128 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
129 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
130 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
131 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
132 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]133 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
134 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
135 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]136
137 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
138 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
139 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
140 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
141 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
142 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
143 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
144 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
145 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
146 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]147 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
148 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
149 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]150
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]151 /* The ECJPAKE suite */
152 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
153
154 /* All AES-256 suites */
155 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
156 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
157 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
158 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
159 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
160 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
161 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
162 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
163 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
164 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
165 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
166
167 /* All CAMELLIA-256 suites */
168 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
169 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
170 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
171 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
172 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
173 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
174 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
175
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]176 /* All ARIA-256 suites */
177 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
178 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
179 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
180 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
181 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
182 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
183
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]184 /* All AES-128 suites */
185 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
186 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
187 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
188 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
189 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
190 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
191 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
192 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
193 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
194 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
195 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
196
197 /* All CAMELLIA-128 suites */
198 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
199 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
200 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
201 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
202 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
203 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
204 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
205
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]206 /* All ARIA-128 suites */
207 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
208 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
209 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
210 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
211 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
212 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
213
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]214 /* The RSA PSK suites */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]215 MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]216 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
217 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
218 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
219 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
220 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]221 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
222 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]223
224 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
225 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
226 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
227 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
228 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]229 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
230 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]231
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]232 /* The PSK suites */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]233 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]234 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
235 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
236 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
237 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
238 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
239 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
240 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]241 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
242 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]243
244 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
245 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
246 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
247 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
248 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
249 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
250 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]251 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
252 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]253
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]254 /* NULL suites */
255 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
256 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
257 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
258 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
259 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
260 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
261 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
262 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
263
264 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
265 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
266 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
267 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
268 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
269 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
270 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
271 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
272 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
273 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
274 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
275
276#endif /* MBEDTLS_SSL_CIPHERSUITES */
277 0
278};
279
280static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
281{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]282#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]283#if defined(MBEDTLS_SSL_HAVE_AES)
284#if defined(MBEDTLS_SSL_HAVE_GCM)
285#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]286 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
287 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
288 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
289 0,
290 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]291#endif /* MBEDTLS_MD_CAN_SHA384 */
292#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]293 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
294 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
295 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
296 0,
297 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]298#endif /* MBEDTLS_MD_CAN_SHA256 */
299#endif /* MBEDTLS_SSL_HAVE_GCM */
300#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]301 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
302 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
303 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
304 0,
305 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
306 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
307 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
308 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
309 MBEDTLS_CIPHERSUITE_SHORT_TAG,
310 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]311#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */
312#endif /* MBEDTLS_SSL_HAVE_AES */
313#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]314 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
315 "TLS1-3-CHACHA20-POLY1305-SHA256",
316 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
317 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
318 0,
319 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]320#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]321#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
322
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]323#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \
324 defined(MBEDTLS_MD_CAN_SHA256) && \
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]325 defined(MBEDTLS_SSL_PROTO_TLS1_2)
326#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
327 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
328 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
329 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
330 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]331 0,
332 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]333#endif
334#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
335 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
336 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
337 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
338 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]339 0,
340 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]341#endif
342#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
343 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
344 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
345 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
346 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]347 0,
348 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]349#endif
350#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
351 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
352 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
353 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
354 MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]355 0,
356 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]357#endif
358#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
359 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
360 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
361 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
362 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]363 0,
364 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]365#endif
366#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
367 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
368 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
369 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
370 MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]371 0,
372 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]373#endif
374#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
375 { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
376 "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
377 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
378 MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]379 0,
380 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]381#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]382#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY &&
383 MBEDTLS_MD_CAN_SHA256 &&
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]384 MBEDTLS_SSL_PROTO_TLS1_2 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]385#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]386#if defined(MBEDTLS_SSL_HAVE_AES)
387#if defined(MBEDTLS_MD_CAN_SHA1)
388#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]389 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
390 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]391 0,
392 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]393 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
394 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]395 0,
396 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]397#endif /* MBEDTLS_SSL_HAVE_CBC */
398#endif /* MBEDTLS_MD_CAN_SHA1 */
399#if defined(MBEDTLS_MD_CAN_SHA256)
400#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]401 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
402 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]403 0,
404 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]405#endif /* MBEDTLS_SSL_HAVE_CBC */
406#if defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]407 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
408 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]409 0,
410 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]411#endif /* MBEDTLS_SSL_HAVE_GCM */
412#endif /* MBEDTLS_MD_CAN_SHA256 */
413#if defined(MBEDTLS_MD_CAN_SHA384)
414#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]415 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
416 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]417 0,
418 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]419#endif /* MBEDTLS_SSL_HAVE_CBC */
420#if defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]421 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
422 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]423 0,
424 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]425#endif /* MBEDTLS_SSL_HAVE_GCM */
426#endif /* MBEDTLS_MD_CAN_SHA384 */
427#if defined(MBEDTLS_SSL_HAVE_CCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]428 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
429 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]430 0,
431 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]432 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
433 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]434 MBEDTLS_CIPHERSUITE_SHORT_TAG,
435 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]436 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
437 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]438 0,
439 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]440 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
441 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]442 MBEDTLS_CIPHERSUITE_SHORT_TAG,
443 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]444#endif /* MBEDTLS_SSL_HAVE_CCM */
445#endif /* MBEDTLS_SSL_HAVE_AES */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]446
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]447#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
448#if defined(MBEDTLS_SSL_HAVE_CBC)
449#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]450 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
451 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]452 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]453 0,
454 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]455#endif /* MBEDTLS_MD_CAN_SHA256 */
456#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]457 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
458 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]459 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]460 0,
461 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]462#endif /* MBEDTLS_MD_CAN_SHA384 */
463#endif /* MBEDTLS_SSL_HAVE_CBC */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]464
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]465#if defined(MBEDTLS_SSL_HAVE_GCM)
466#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]467 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
468 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]469 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]470 0,
471 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]472#endif /* MBEDTLS_MD_CAN_SHA256 */
473#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]474 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
475 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]476 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]477 0,
478 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]479#endif /* MBEDTLS_MD_CAN_SHA384 */
480#endif /* MBEDTLS_SSL_HAVE_GCM */
481#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]482
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]483#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]484#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]485 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
486 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]487 MBEDTLS_CIPHERSUITE_WEAK,
488 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]489#endif /* MBEDTLS_MD_CAN_SHA1 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]490#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
491#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
492
493#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]494#if defined(MBEDTLS_SSL_HAVE_AES)
495#if defined(MBEDTLS_MD_CAN_SHA1)
496#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]497 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
498 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]499 0,
500 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]501 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
502 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]503 0,
504 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]505#endif /* MBEDTLS_SSL_HAVE_CBC */
506#endif /* MBEDTLS_MD_CAN_SHA1 */
507#if defined(MBEDTLS_MD_CAN_SHA256)
508#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]509 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
510 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]511 0,
512 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]513#endif /* MBEDTLS_SSL_HAVE_CBC */
514#if defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]515 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
516 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]517 0,
518 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]519#endif /* MBEDTLS_SSL_HAVE_GCM */
520#endif /* MBEDTLS_MD_CAN_SHA256 */
521#if defined(MBEDTLS_MD_CAN_SHA384)
522#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]523 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
524 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]525 0,
526 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]527#endif /* MBEDTLS_SSL_HAVE_CBC */
528#if defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]529 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
530 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]531 0,
532 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]533#endif /* MBEDTLS_SSL_HAVE_GCM */
534#endif /* MBEDTLS_MD_CAN_SHA384 */
535#endif /* MBEDTLS_SSL_HAVE_AES */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]536
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]537#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
538#if defined(MBEDTLS_SSL_HAVE_CBC)
539#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]540 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
541 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]542 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]543 0,
544 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]545#endif /* MBEDTLS_MD_CAN_SHA256 */
546#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]547 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
548 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]549 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]550 0,
551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]552#endif /* MBEDTLS_MD_CAN_SHA384 */
553#endif /* MBEDTLS_SSL_HAVE_CBC */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]554
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]555#if defined(MBEDTLS_SSL_HAVE_GCM)
556#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]557 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
558 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]559 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]560 0,
561 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]562#endif /* MBEDTLS_MD_CAN_SHA256 */
563#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]564 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
565 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]566 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]567 0,
568 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]569#endif /* MBEDTLS_MD_CAN_SHA384 */
570#endif /* MBEDTLS_SSL_HAVE_GCM */
571#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]572
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]573#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]574#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]575 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
576 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]577 MBEDTLS_CIPHERSUITE_WEAK,
578 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]579#endif /* MBEDTLS_MD_CAN_SHA1 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]580#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
581#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
582
583#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]584#if defined(MBEDTLS_SSL_HAVE_AES)
585#if defined(MBEDTLS_MD_CAN_SHA384) && \
586 defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]587 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
588 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]589 0,
590 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]591#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]592
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]593#if defined(MBEDTLS_MD_CAN_SHA256)
594#if defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]595 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
596 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]597 0,
598 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]599#endif /* MBEDTLS_SSL_HAVE_GCM */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]600
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]601#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]602 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
603 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]604 0,
605 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]606
607 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
608 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]609 0,
610 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]611#endif /* MBEDTLS_SSL_HAVE_CBC */
612#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]613
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]614#if defined(MBEDTLS_SSL_HAVE_CBC)
615#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]616 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
617 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]618 0,
619 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]620
621 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
622 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]623 0,
624 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]625#endif /* MBEDTLS_MD_CAN_SHA1 */
626#endif /* MBEDTLS_SSL_HAVE_CBC */
627#if defined(MBEDTLS_SSL_HAVE_CCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]628 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
629 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]630 0,
631 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]632 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
633 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]634 MBEDTLS_CIPHERSUITE_SHORT_TAG,
635 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]636 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
637 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]638 0,
639 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]640 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
641 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]642 MBEDTLS_CIPHERSUITE_SHORT_TAG,
643 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]644#endif /* MBEDTLS_SSL_HAVE_CCM */
645#endif /* MBEDTLS_SSL_HAVE_AES */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]646
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]647#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
648#if defined(MBEDTLS_SSL_HAVE_CBC)
649#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]650 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
651 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]652 0,
653 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]654
655 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
656 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]657 0,
658 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]659#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]660
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]661#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]662 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
663 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]664 0,
665 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]666
667 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
668 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]669 0,
670 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]671#endif /* MBEDTLS_MD_CAN_SHA1 */
672#endif /* MBEDTLS_SSL_HAVE_CBC */
673#if defined(MBEDTLS_SSL_HAVE_GCM)
674#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]675 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
676 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]677 0,
678 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]679#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]680
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]681#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]682 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
683 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]684 0,
685 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]686#endif /* MBEDTLS_MD_CAN_SHA384 */
687#endif /* MBEDTLS_SSL_HAVE_GCM */
688#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]689
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]690#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
691
692#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]693#if defined(MBEDTLS_SSL_HAVE_AES)
694#if defined(MBEDTLS_MD_CAN_SHA384) && \
695 defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]696 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
697 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]698 0,
699 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]700#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]701
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]702#if defined(MBEDTLS_MD_CAN_SHA256)
703#if defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]704 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
705 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]706 0,
707 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]708#endif /* MBEDTLS_SSL_HAVE_GCM */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]709
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]710#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]711 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
712 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]713 0,
714 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]715
716 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
717 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]718 0,
719 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]720#endif /* MBEDTLS_SSL_HAVE_CBC */
721#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]722
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]723#if defined(MBEDTLS_MD_CAN_SHA1)
724#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]725 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
726 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]727 0,
728 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]729
730 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
731 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]732 0,
733 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]734#endif /* MBEDTLS_SSL_HAVE_CBC */
735#endif /* MBEDTLS_MD_CAN_SHA1 */
736#if defined(MBEDTLS_SSL_HAVE_CCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]737 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
738 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]739 0,
740 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]741 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
742 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]743 MBEDTLS_CIPHERSUITE_SHORT_TAG,
744 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]745 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
746 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]747 0,
748 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]749 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
750 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]751 MBEDTLS_CIPHERSUITE_SHORT_TAG,
752 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]753#endif /* MBEDTLS_SSL_HAVE_CCM */
754#endif /* MBEDTLS_SSL_HAVE_AES */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]755
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]756#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
757#if defined(MBEDTLS_SSL_HAVE_CBC)
758#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]759 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
760 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]761 0,
762 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]763
764 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
765 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]766 0,
767 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]768#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]769
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]770#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]771 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
772 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]773 0,
774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]775
776 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
777 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]778 0,
779 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]780#endif /* MBEDTLS_MD_CAN_SHA1 */
781#endif /* MBEDTLS_SSL_HAVE_CBC */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]782
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]783#if defined(MBEDTLS_SSL_HAVE_GCM)
784#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]785 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
786 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]787 0,
788 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]789#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]790
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]791#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]792 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
793 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]794 0,
795 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]796#endif /* MBEDTLS_MD_CAN_SHA384 */
797#endif /* MBEDTLS_SSL_HAVE_GCM */
798#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]799
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]800#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
801
802#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]803#if defined(MBEDTLS_SSL_HAVE_AES)
804#if defined(MBEDTLS_MD_CAN_SHA1)
805#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]806 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
807 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]808 0,
809 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]810 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
811 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]812 0,
813 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]814#endif /* MBEDTLS_SSL_HAVE_CBC */
815#endif /* MBEDTLS_MD_CAN_SHA1 */
816#if defined(MBEDTLS_MD_CAN_SHA256)
817#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]818 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
819 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]820 0,
821 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]822#endif /* MBEDTLS_SSL_HAVE_CBC */
823#if defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]824 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
825 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]826 0,
827 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]828#endif /* MBEDTLS_SSL_HAVE_GCM */
829#endif /* MBEDTLS_MD_CAN_SHA256 */
830#if defined(MBEDTLS_MD_CAN_SHA384)
831#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]832 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
833 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]834 0,
835 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]836#endif /* MBEDTLS_SSL_HAVE_CBC */
837#if defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]838 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
839 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]840 0,
841 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]842#endif /* MBEDTLS_SSL_HAVE_GCM */
843#endif /* MBEDTLS_MD_CAN_SHA384 */
844#endif /* MBEDTLS_SSL_HAVE_AES */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]845
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]846#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
847#if defined(MBEDTLS_SSL_HAVE_CBC)
848#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]849 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
850 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]851 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]852 0,
853 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]854#endif /* MBEDTLS_MD_CAN_SHA256 */
855#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]856 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
857 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]858 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]859 0,
860 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]861#endif /* MBEDTLS_MD_CAN_SHA384 */
862#endif /* MBEDTLS_SSL_HAVE_CBC */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]863
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]864#if defined(MBEDTLS_SSL_HAVE_GCM)
865#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]866 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
867 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]868 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]869 0,
870 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]871#endif /* MBEDTLS_MD_CAN_SHA256 */
872#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]873 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
874 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]875 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]876 0,
877 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]878#endif /* MBEDTLS_MD_CAN_SHA384 */
879#endif /* MBEDTLS_SSL_HAVE_GCM */
880#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]881
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]882#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]883#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]884 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
885 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]886 MBEDTLS_CIPHERSUITE_WEAK,
887 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]888#endif /* MBEDTLS_MD_CAN_SHA1 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]889#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
890#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
891
892#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]893#if defined(MBEDTLS_SSL_HAVE_AES)
894#if defined(MBEDTLS_MD_CAN_SHA1)
895#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]896 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
897 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]898 0,
899 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]900 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
901 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]902 0,
903 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]904#endif /* MBEDTLS_SSL_HAVE_CBC */
905#endif /* MBEDTLS_MD_CAN_SHA1 */
906#if defined(MBEDTLS_MD_CAN_SHA256)
907#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]908 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
909 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]910 0,
911 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]912#endif /* MBEDTLS_SSL_HAVE_CBC */
913#if defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]914 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
915 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]916 0,
917 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]918#endif /* MBEDTLS_SSL_HAVE_GCM */
919#endif /* MBEDTLS_MD_CAN_SHA256 */
920#if defined(MBEDTLS_MD_CAN_SHA384)
921#if defined(MBEDTLS_SSL_HAVE_CBC)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]922 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
923 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]924 0,
925 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]926#endif /* MBEDTLS_SSL_HAVE_CBC */
927#if defined(MBEDTLS_SSL_HAVE_GCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]928 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
929 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]930 0,
931 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]932#endif /* MBEDTLS_SSL_HAVE_GCM */
933#endif /* MBEDTLS_MD_CAN_SHA384 */
934#endif /* MBEDTLS_SSL_HAVE_AES */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]935
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]936#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
937#if defined(MBEDTLS_SSL_HAVE_CBC)
938#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]939 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
940 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]941 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]942 0,
943 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]944#endif /* MBEDTLS_MD_CAN_SHA256 */
945#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]946 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
947 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]948 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]949 0,
950 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]951#endif /* MBEDTLS_MD_CAN_SHA384 */
952#endif /* MBEDTLS_SSL_HAVE_CBC */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]953
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]954#if defined(MBEDTLS_SSL_HAVE_GCM)
955#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]956 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
957 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]958 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]959 0,
960 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]961#endif /* MBEDTLS_MD_CAN_SHA256 */
962#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]963 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
964 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]965 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]966 0,
967 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]968#endif /* MBEDTLS_MD_CAN_SHA384 */
969#endif /* MBEDTLS_SSL_HAVE_GCM */
970#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]971
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]972#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]973#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]974 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
975 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]976 MBEDTLS_CIPHERSUITE_WEAK,
977 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]978#endif /* MBEDTLS_MD_CAN_SHA1 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]979#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
980#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
981
982#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]983#if defined(MBEDTLS_SSL_HAVE_AES)
984#if defined(MBEDTLS_SSL_HAVE_GCM)
985#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]986 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
987 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]988 0,
989 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]990#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]991
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]992#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]993 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
994 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]995 0,
996 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]997#endif /* MBEDTLS_MD_CAN_SHA384 */
998#endif /* MBEDTLS_SSL_HAVE_GCM */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]999
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1000#if defined(MBEDTLS_SSL_HAVE_CBC)
1001#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1002 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
1003 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1004 0,
1005 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1006#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1007
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1008#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1009 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1010 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1011 0,
1012 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1013#endif /* MBEDTLS_MD_CAN_SHA384 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1014
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1015#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1016 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1017 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1018 0,
1019 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1020
1021 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1022 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1023 0,
1024 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1025#endif /* MBEDTLS_MD_CAN_SHA1 */
1026#endif /* MBEDTLS_SSL_HAVE_CBC */
1027#if defined(MBEDTLS_SSL_HAVE_CCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1028 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1029 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1030 0,
1031 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1032 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1033 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1034 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1035 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1036 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1037 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1038 0,
1039 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1040 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1041 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1042 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1043 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1044#endif /* MBEDTLS_SSL_HAVE_CCM */
1045#endif /* MBEDTLS_SSL_HAVE_AES */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1046
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1047#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1048#if defined(MBEDTLS_SSL_HAVE_CBC)
1049#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1050 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1051 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1052 0,
1053 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1054#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1055
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1056#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1057 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1058 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1059 0,
1060 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1061#endif /* MBEDTLS_MD_CAN_SHA384 */
1062#endif /* MBEDTLS_SSL_HAVE_CBC */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1063
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1064#if defined(MBEDTLS_SSL_HAVE_GCM)
1065#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1066 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1067 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1068 0,
1069 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1070#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1071
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1072#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1073 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1074 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1075 0,
1076 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1077#endif /* MBEDTLS_MD_CAN_SHA384 */
1078#endif /* MBEDTLS_SSL_HAVE_GCM */
1079#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1080
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1081#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1082
1083#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1084#if defined(MBEDTLS_SSL_HAVE_AES)
1085#if defined(MBEDTLS_SSL_HAVE_GCM)
1086#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1087 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1088 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1089 0,
1090 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1091#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1092
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1093#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1094 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1095 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1096 0,
1097 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1098#endif /* MBEDTLS_MD_CAN_SHA384 */
1099#endif /* MBEDTLS_SSL_HAVE_GCM */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1100
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1101#if defined(MBEDTLS_SSL_HAVE_CBC)
1102#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1103 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1104 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1105 0,
1106 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1107#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1108
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1109#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1110 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1111 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1112 0,
1113 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1114#endif /* MBEDTLS_MD_CAN_SHA384 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1115
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1116#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1117 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1118 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1119 0,
1120 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1121
1122 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1123 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1124 0,
1125 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1126#endif /* MBEDTLS_MD_CAN_SHA1 */
1127#endif /* MBEDTLS_SSL_HAVE_CBC */
1128#if defined(MBEDTLS_SSL_HAVE_CCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1129 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1130 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1131 0,
1132 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1133 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1134 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1135 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1136 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1137 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1138 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1139 0,
1140 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1141 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1142 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1143 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1144 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1145#endif /* MBEDTLS_SSL_HAVE_CCM */
1146#endif /* MBEDTLS_SSL_HAVE_AES */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1147
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1148#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1149#if defined(MBEDTLS_SSL_HAVE_CBC)
1150#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1151 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1152 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1153 0,
1154 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1155#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1156
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1157#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1158 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1159 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1160 0,
1161 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1162#endif /* MBEDTLS_MD_CAN_SHA384 */
1163#endif /* MBEDTLS_SSL_HAVE_CBC */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1164
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1165#if defined(MBEDTLS_SSL_HAVE_GCM)
1166#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1167 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1168 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1169 0,
1170 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1171#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1172
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1173#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1174 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1175 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1176 0,
1177 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1178#endif /* MBEDTLS_MD_CAN_SHA384 */
1179#endif /* MBEDTLS_SSL_HAVE_GCM */
1180#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1181
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1182#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1183
1184#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1185#if defined(MBEDTLS_SSL_HAVE_AES)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1186
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1187#if defined(MBEDTLS_SSL_HAVE_CBC)
1188#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1189 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1190 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1191 0,
1192 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1193#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1194
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1195#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1196 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1197 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1198 0,
1199 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1200#endif /* MBEDTLS_MD_CAN_SHA384 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1201
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1202#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1203 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1204 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1205 0,
1206 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1207
1208 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1209 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1210 0,
1211 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1212#endif /* MBEDTLS_MD_CAN_SHA1 */
1213#endif /* MBEDTLS_SSL_HAVE_CBC */
1214#endif /* MBEDTLS_SSL_HAVE_AES */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1215
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1216#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1217#if defined(MBEDTLS_SSL_HAVE_CBC)
1218#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1219 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1220 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1221 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1222 0,
1223 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1224#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1225
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1226#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1227 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1228 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1229 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1230 0,
1231 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1232#endif /* MBEDTLS_MD_CAN_SHA384 */
1233#endif /* MBEDTLS_SSL_HAVE_CBC */
1234#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1235
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1236#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1237
1238#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1239#if defined(MBEDTLS_SSL_HAVE_AES)
1240#if defined(MBEDTLS_SSL_HAVE_GCM)
1241#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1242 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1243 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1244 0,
1245 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1246#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1247
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1248#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1249 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1250 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1251 0,
1252 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1253#endif /* MBEDTLS_MD_CAN_SHA384 */
1254#endif /* MBEDTLS_SSL_HAVE_GCM */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1255
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1256#if defined(MBEDTLS_SSL_HAVE_CBC)
1257#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1258 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1259 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1260 0,
1261 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1262#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1263
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1264#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1265 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1266 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1267 0,
1268 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1269#endif /* MBEDTLS_MD_CAN_SHA384 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1270
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1271#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1272 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1273 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1274 0,
1275 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1276
1277 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1278 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1279 0,
1280 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1281#endif /* MBEDTLS_MD_CAN_SHA1 */
1282#endif /* MBEDTLS_SSL_HAVE_CBC */
1283#endif /* MBEDTLS_SSL_HAVE_AES */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1284
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1285#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1286#if defined(MBEDTLS_SSL_HAVE_CBC)
1287#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1288 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1289 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1290 0,
1291 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1292#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1293
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1294#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1295 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1296 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1297 0,
1298 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1299#endif /* MBEDTLS_MD_CAN_SHA384 */
1300#endif /* MBEDTLS_SSL_HAVE_CBC */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1301
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1302#if defined(MBEDTLS_SSL_HAVE_GCM)
1303#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1304 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1305 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1306 0,
1307 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1308#endif /* MBEDTLS_MD_CAN_SHA256 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1309
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1310#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1311 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1312 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1313 0,
1314 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1315#endif /* MBEDTLS_MD_CAN_SHA384 */
1316#endif /* MBEDTLS_SSL_HAVE_GCM */
1317#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1318
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1319#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1320
1321#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1322#if defined(MBEDTLS_SSL_HAVE_AES)
1323#if defined(MBEDTLS_SSL_HAVE_CCM)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1324 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1325 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1326 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1327 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1328#endif /* MBEDTLS_SSL_HAVE_CCM */
1329#endif /* MBEDTLS_SSL_HAVE_AES */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1330#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1331
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1332#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1333#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1334#if defined(MBEDTLS_MD_CAN_MD5)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1335 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1336 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1337 MBEDTLS_CIPHERSUITE_WEAK,
1338 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1339#endif
1340
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1341#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1342 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1343 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1344 MBEDTLS_CIPHERSUITE_WEAK,
1345 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1346#endif
1347
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1348#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1349 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1350 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1351 MBEDTLS_CIPHERSUITE_WEAK,
1352 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1353#endif
1354#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1355
1356#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1357#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1358 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1359 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1360 MBEDTLS_CIPHERSUITE_WEAK,
1361 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1362#endif /* MBEDTLS_MD_CAN_SHA1 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1363
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1364#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1365 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1366 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1367 MBEDTLS_CIPHERSUITE_WEAK,
1368 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1369#endif
1370
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1371#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1372 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1373 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1374 MBEDTLS_CIPHERSUITE_WEAK,
1375 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1376#endif /* MBEDTLS_MD_CAN_SHA384 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1377#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1378
1379#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1380#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1381 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1382 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1383 MBEDTLS_CIPHERSUITE_WEAK,
1384 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1385#endif /* MBEDTLS_MD_CAN_SHA1 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1386
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1387#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1388 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1389 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1390 MBEDTLS_CIPHERSUITE_WEAK,
1391 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1392#endif
1393
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1394#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1395 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1396 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1397 MBEDTLS_CIPHERSUITE_WEAK,
1398 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1399#endif /* MBEDTLS_MD_CAN_SHA384 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1400#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1401
1402#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1403#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1404 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1405 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1406 MBEDTLS_CIPHERSUITE_WEAK,
1407 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1408#endif /* MBEDTLS_MD_CAN_SHA1 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1409
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1410#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1411 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1412 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1413 MBEDTLS_CIPHERSUITE_WEAK,
1414 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1415#endif
1416
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1417#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1418 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1419 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1420 MBEDTLS_CIPHERSUITE_WEAK,
1421 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1422#endif /* MBEDTLS_MD_CAN_SHA384 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1423#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1424
1425#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1426#if defined(MBEDTLS_MD_CAN_SHA1)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1427 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1428 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1429 MBEDTLS_CIPHERSUITE_WEAK,
1430 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1431#endif /* MBEDTLS_MD_CAN_SHA1 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1432
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1433#if defined(MBEDTLS_MD_CAN_SHA256)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1434 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1435 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1436 MBEDTLS_CIPHERSUITE_WEAK,
1437 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1438#endif
1439
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1440#if defined(MBEDTLS_MD_CAN_SHA384)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1441 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1442 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1443 MBEDTLS_CIPHERSUITE_WEAK,
1444 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1445#endif /* MBEDTLS_MD_CAN_SHA384 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1446#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1447#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
1448
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1449#if defined(MBEDTLS_SSL_HAVE_ARIA)
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1450
1451#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1452
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1453#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1454 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1455 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1456 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1457 0,
1458 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1459#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1460#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1461 defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1462 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1463 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1464 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1465 0,
1466 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1467#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1468#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1469 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1470 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1471 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1472 0,
1473 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1474#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1475#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1476 defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1477 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1478 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1479 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1480 0,
1481 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1482#endif
1483
1484#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1485
1486#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1487
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1488#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1489 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1490 "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1491 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1492 0,
1493 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1494#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1495#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1496 defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1497 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1498 "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1499 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1500 0,
1501 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1502#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1503#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1504 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1505 "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1506 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1507 0,
1508 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1509#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1510#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1511 defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1512 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1513 "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1514 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1515 0,
1516 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1517#endif
1518
1519#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1520
1521#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1522
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1523#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1524 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1525 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1526 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1527 0,
1528 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1529#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1530#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1531 defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1532 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1533 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1534 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1535 0,
1536 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1537#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1538#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1539 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1540 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1541 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1542 0,
1543 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1544#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1545#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1546 defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1547 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1548 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1549 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1550 0,
1551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1552#endif
1553
1554#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1555
1556#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1557
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1558#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1559 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1560 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1561 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1562 0,
1563 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1564#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1565#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1566 defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1567 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1568 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1569 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1570 0,
1571 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1572#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1573#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1574 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1575 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1576 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1577 0,
1578 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1579#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1580#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1581 defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1582 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1583 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1584 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1585 0,
1586 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1587#endif
1588
1589#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1590
1591#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1592
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1593#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1594 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1595 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1596 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1597 0,
1598 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1599#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1600#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1601 defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1602 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1603 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1604 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1605 0,
1606 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1607#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1608#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1609 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1610 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1611 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1612 0,
1613 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1614#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1615#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1616 defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1617 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1618 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1619 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1620 0,
1621 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1622#endif
1623
1624#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1625
1626#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1627
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1628#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1629 defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1630 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1631 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1632 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1633 0,
1634 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1635#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1636#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1637 defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1638 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1639 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1640 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1641 0,
1642 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1643#endif
1644
1645#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1646
1647#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1648
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1649#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1650 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1651 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1652 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1653 0,
1654 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1655#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1656#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1657 defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1658 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1659 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1660 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1661 0,
1662 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1663#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1664#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1665 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1666 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1667 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1668 0,
1669 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1670#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1671#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1672 defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1673 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1674 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1675 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1676 0,
1677 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1678#endif
1679
1680#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1681
1682#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1683
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1684#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1685 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1686 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1687 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1688 0,
1689 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1690#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1691#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1692 defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1693 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1694 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1695 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1696 0,
1697 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1698#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1699#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1700 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1701 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1702 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1703 0,
1704 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1705#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1706#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1707 defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1708 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1709 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1710 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1711 0,
1712 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1713#endif
1714
1715#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1716
1717#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1718
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1719#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1720 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1721 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1722 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1723 0,
1724 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1725#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1726#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1727 defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1728 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1729 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1730 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1731 0,
1732 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1733#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1734#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1735 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1736 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1737 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1738 0,
1739 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1740#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1741#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1742 defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1743 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1744 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1745 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1746 0,
1747 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1748#endif
1749
1750#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1751
1752#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1753
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1754#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1755 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1756 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1757 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1758 0,
1759 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1760#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1761#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1762 defined(MBEDTLS_MD_CAN_SHA384))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1763 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1764 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1765 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1766 0,
1767 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1768#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1769#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1770 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1771 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1772 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1773 0,
1774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1775#endif
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1776#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1777 defined(MBEDTLS_MD_CAN_SHA256))
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1778 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1779 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1780 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1781 0,
1782 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1783#endif
1784
1785#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1786
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1787#endif /* MBEDTLS_SSL_HAVE_ARIA */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]1788
1789
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1790 { 0, "",
1791 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1792 0, 0, 0 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1793};
1794
1795#if defined(MBEDTLS_SSL_CIPHERSUITES)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1796const int *mbedtls_ssl_list_ciphersuites(void)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1797{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1798 return ciphersuite_preference;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1799}
1800#else
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1801#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
1802 sizeof(ciphersuite_definitions[0])
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1803static int supported_ciphersuites[MAX_CIPHERSUITES];
1804static int supported_init = 0;
1805
Jerome Forissier039e02d2022-08-09 17:10:15 +0200[diff] [blame]1806MBEDTLS_CHECK_RETURN_CRITICAL
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1807static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]1808{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1809 (void) cs_info;
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]1810
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1811 return 0;
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]1812}
1813
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1814const int *mbedtls_ssl_list_ciphersuites(void)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1815{
1816 /*
1817 * On initial call filter out all ciphersuites not supported by current
1818 * build based on presence in the ciphersuite_definitions.
1819 */
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1820 if (supported_init == 0) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1821 const int *p;
1822 int *q;
1823
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1824 for (p = ciphersuite_preference, q = supported_ciphersuites;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1825 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1826 p++) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1827 const mbedtls_ssl_ciphersuite_t *cs_info;
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1828 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1829 !ciphersuite_is_removed(cs_info)) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1830 *(q++) = *p;
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]1831 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1832 }
1833 *q = 0;
1834
1835 supported_init = 1;
1836 }
1837
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1838 return supported_ciphersuites;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1839}
1840#endif /* MBEDTLS_SSL_CIPHERSUITES */
1841
1842const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1843 const char *ciphersuite_name)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1844{
1845 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1846
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1847 if (NULL == ciphersuite_name) {
1848 return NULL;
1849 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1850
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1851 while (cur->id != 0) {
1852 if (0 == strcmp(cur->name, ciphersuite_name)) {
1853 return cur;
1854 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1855
1856 cur++;
1857 }
1858
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1859 return NULL;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1860}
1861
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1862const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1863{
1864 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1865
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1866 while (cur->id != 0) {
1867 if (cur->id == ciphersuite) {
1868 return cur;
1869 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1870
1871 cur++;
1872 }
1873
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1874 return NULL;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1875}
1876
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1877const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1878{
1879 const mbedtls_ssl_ciphersuite_t *cur;
1880
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1881 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1882
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1883 if (cur == NULL) {
1884 return "unknown";
1885 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1886
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1887 return cur->name;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1888}
1889
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1890int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1891{
1892 const mbedtls_ssl_ciphersuite_t *cur;
1893
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1894 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1895
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1896 if (cur == NULL) {
1897 return 0;
1898 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1899
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1900 return cur->id;
1901}
1902
1903size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
1904{
1905#if defined(MBEDTLS_USE_PSA_CRYPTO)
1906 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1907 psa_key_type_t key_type;
1908 psa_algorithm_t alg;
1909 size_t key_bits;
1910
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1911 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1912 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1913 &alg, &key_type, &key_bits);
1914
1915 if (status != PSA_SUCCESS) {
1916 return 0;
1917 }
1918
1919 return key_bits;
1920#else
1921 const mbedtls_cipher_info_t * const cipher_info =
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1922 mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher);
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1923
1924 return mbedtls_cipher_info_get_key_bitlen(cipher_info);
1925#endif /* MBEDTLS_USE_PSA_CRYPTO */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1926}
1927
1928#if defined(MBEDTLS_PK_C)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1929mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1930{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1931 switch (info->key_exchange) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1932 case MBEDTLS_KEY_EXCHANGE_RSA:
1933 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1934 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1935 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1936 return MBEDTLS_PK_RSA;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1937
1938 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1939 return MBEDTLS_PK_ECDSA;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1940
1941 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1942 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1943 return MBEDTLS_PK_ECKEY;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1944
1945 default:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1946 return MBEDTLS_PK_NONE;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1947 }
1948}
1949
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1950#if defined(MBEDTLS_USE_PSA_CRYPTO)
1951psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1952{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1953 switch (info->key_exchange) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1954 case MBEDTLS_KEY_EXCHANGE_RSA:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1955 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1956 return PSA_ALG_RSA_PKCS1V15_CRYPT;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1957 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1958 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1959 return PSA_ALG_RSA_PKCS1V15_SIGN(
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1960 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1961
1962 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]1963 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1964
1965 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1966 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1967 return PSA_ALG_ECDH;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1968
1969 default:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]1970 return PSA_ALG_NONE;
1971 }
1972}
1973
1974psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
1975{
1976 switch (info->key_exchange) {
1977 case MBEDTLS_KEY_EXCHANGE_RSA:
1978 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1979 return PSA_KEY_USAGE_DECRYPT;
1980 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1981 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1982 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1983 return PSA_KEY_USAGE_SIGN_HASH;
1984
1985 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1986 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1987 return PSA_KEY_USAGE_DERIVE;
1988
1989 default:
1990 return 0;
1991 }
1992}
1993#endif /* MBEDTLS_USE_PSA_CRYPTO */
1994
1995mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
1996{
1997 switch (info->key_exchange) {
1998 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1999 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2000 return MBEDTLS_PK_RSA;
2001
2002 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2003 return MBEDTLS_PK_ECDSA;
2004
2005 default:
2006 return MBEDTLS_PK_NONE;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2007 }
2008}
2009
2010#endif /* MBEDTLS_PK_C */
2011
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]2012#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
2013 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]2014 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]2015int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2016{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]2017 switch (info->key_exchange) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2018 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2019 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2020 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2021 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
2022 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]2023 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]2024 return 1;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2025
2026 default:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]2027 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2028 }
2029}
Tom Van Eyckc1633172024-04-09 18:44:13 +0200[diff] [blame]2030#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
2031 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
2032 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2033
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame]2034#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]2035int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2036{
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]2037 switch (info->key_exchange) {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2038 case MBEDTLS_KEY_EXCHANGE_PSK:
2039 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
2040 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
2041 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]2042 return 1;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2043
2044 default:
Jens Wiklander32b31802023-10-06 16:59:46 +0200[diff] [blame]2045 return 0;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2046 }
2047}
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame]2048#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2049
2050#endif /* MBEDTLS_SSL_TLS_C */