TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 1a81ab6390f169812ace0290e3bae471a630c8b4 / . / library / ssl_ciphersuites.c
blob: 39826eee66029a2d92aa5ba560ac48df071fe313 [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200[diff] [blame]4 * \brief SSL ciphersuites for Mbed TLS
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]5 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]6 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]8 */
9
Harry Ramsey0f6bc412024-10-04 10:36:54 +0100[diff] [blame]10#include "ssl_misc.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]11
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]12#if defined(MBEDTLS_SSL_TLS_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]13
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]14#include "mbedtls/platform.h"
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]15
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]16#include "mbedtls/ssl_ciphersuites.h"
17#include "mbedtls/ssl.h"
Manuel Pégourié-Gonnardcac90a12021-06-04 11:42:30 +0200[diff] [blame]18#include "ssl_misc.h"
Valerio Setti384fbde2024-01-02 13:26:40 +0100[diff] [blame]19#include "mbedtls/psa_util.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]20
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]21#include <string.h>
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]22
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]23/*
24 * Ordered from most preferred to least preferred in terms of security.
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]25 *
TRodziewicz75628d52021-06-18 12:56:27 +0200[diff] [blame]26 * Current rule (except weak and null which come last):
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]27 * 1. By key exchange:
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]28 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]29 * 2. By key length and cipher:
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]30 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
Manuel Pégourié-Gonnard42b53742014-06-19 16:18:26 +0200[diff] [blame]31 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
Manuel Pégourié-Gonnard6768da92014-05-14 12:26:51 +0200[diff] [blame]32 * 4. By hash function used when relevant
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]33 * 5. By key exchange/auth again: EC > non-EC
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]34 */
35static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]36{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37#if defined(MBEDTLS_SSL_CIPHERSUITES)
38 MBEDTLS_SSL_CIPHERSUITES,
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]39#else
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]40#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]41 /* TLS 1.3 ciphersuites */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]42 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
Ronald Cron4bb67732023-02-16 15:51:18 +0100[diff] [blame]43 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
44 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]45 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
46 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]47#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]48
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]49 /* Chacha-Poly ephemeral suites */
50 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
51 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]52
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]53 /* All AES-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]54 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
55 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]56 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]57 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
58 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]59 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
60 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]61 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]62
63 /* All CAMELLIA-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]64 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
65 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]66 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
67 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]68
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]69 /* All ARIA-256 ephemeral suites */
70 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
71 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]72 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
73 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]74
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]75 /* All AES-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]76 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
77 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]78 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
80 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
82 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]83 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]84
85 /* All CAMELLIA-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]86 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
87 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]88 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
89 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]90
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]91 /* All ARIA-128 ephemeral suites */
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
93 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]94 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
95 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]96
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]97 /* The PSK ephemeral suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]98 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]100 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]101 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]102 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]103
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]104 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]105 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]106 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]107 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]108
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]109 /* The ECJPAKE suite */
110 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
111
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]112 /* The PSK suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]113 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]114 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
115 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
116 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
117 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
118 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
119 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
120 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]121 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
122 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]123
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]124 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
125 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
126 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
127 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
128 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
129 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
130 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]131 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
132 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]133
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]134 /* NULL suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]135 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
136 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
137 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
138 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
139 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]140
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]141 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
142 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
143 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]144
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]145#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]146 0
147};
148
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]149static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]150{
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]151#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]152#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]153#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]154#if defined(PSA_WANT_ALG_SHA_384)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]155 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]156 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
157 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
158 0,
159 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]160#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]161#if defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]162 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]163 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
164 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
165 0,
166 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]167#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]168#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]169#if defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]170 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]171 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
172 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
173 0,
174 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]175 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]176 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
177 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
178 MBEDTLS_CIPHERSUITE_SHORT_TAG,
179 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]180#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]181#endif /* PSA_WANT_KEY_TYPE_AES */
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]182#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]183 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
184 "TLS1-3-CHACHA20-POLY1305-SHA256",
185 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
186 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]187 0,
188 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]189#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && PSA_WANT_ALG_SHA_256 */
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]190#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]191
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]192#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]193 defined(PSA_WANT_ALG_SHA_256) && \
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]194 defined(MBEDTLS_SSL_PROTO_TLS1_2)
195#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
196 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
197 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
198 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
199 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]200 0,
201 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]202#endif
203#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
204 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
205 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
206 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
207 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]208 0,
209 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]210#endif
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]211#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
212 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
213 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
214 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
215 MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]216 0,
217 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]218#endif
219#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
220 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
221 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
222 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
223 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]224 0,
225 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]226#endif
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]227#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 &&
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]228 PSA_WANT_ALG_SHA_256 &&
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]229 MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]230#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]231#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]232#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]233#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]234 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
235 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]236 0,
237 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]238 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
239 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]240 0,
241 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]242#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]243#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]244#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]245#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]246 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
247 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]248 0,
249 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]250#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]251#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]252 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
253 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]254 0,
255 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]256#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]257#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]258#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]259#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]260 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
261 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]262 0,
263 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]264#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]265#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]266 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
267 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]268 0,
269 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]270#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]271#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]272#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]273 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
274 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]275 0,
276 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]277 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
278 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]279 MBEDTLS_CIPHERSUITE_SHORT_TAG,
280 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]281 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
282 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]283 0,
284 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]285 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
286 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]287 MBEDTLS_CIPHERSUITE_SHORT_TAG,
288 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]289#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]290#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]291
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]292#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]293#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]294#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]295 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
296 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]297 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]298 0,
299 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]300#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]301#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]302 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
303 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]304 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]305 0,
306 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]307#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]308#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]309
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]310#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]311#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]312 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
313 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]314 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]315 0,
316 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]317#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]318#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]319 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
320 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]321 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]322 0,
323 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]324#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]325#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]326#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]327
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]328#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]329#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]330 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
331 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]332 MBEDTLS_CIPHERSUITE_WEAK,
333 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]334#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]335#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
336#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]337
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]338#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]339#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]340#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]341#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]342 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
343 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]344 0,
345 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]346 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
347 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]348 0,
349 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]350#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]351#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]352#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]353#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]354 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
355 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]356 0,
357 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]358#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]359#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]360 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
361 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]362 0,
363 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]364#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]365#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]366#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]367#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]368 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
369 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]370 0,
371 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]372#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]373#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]374 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
375 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]376 0,
377 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]378#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]379#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]380#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]381
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]382#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]383#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]384#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]385 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
386 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]387 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]388 0,
389 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]390#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]391#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]392 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
393 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]394 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]395 0,
396 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]397#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]398#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]399
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]400#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]401#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]402 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
403 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]404 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]405 0,
406 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]407#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]408#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]409 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
410 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]411 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]412 0,
413 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]414#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]415#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]416#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]417
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]418#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]419#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]420 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
421 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]422 MBEDTLS_CIPHERSUITE_WEAK,
423 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]424#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]425#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
426#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]427
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]428#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]429#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]430#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]431#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]432 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
433 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]434 0,
435 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]436#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]437
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]438#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]439 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
440 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]441 0,
442 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]443#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]444#endif /* PSA_WANT_ALG_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]445
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]446#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]447#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]448 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
449 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]450 0,
451 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]452#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]453
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]454#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]455 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
456 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]457 0,
458 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]459#endif /* PSA_WANT_ALG_SHA_384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]460
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]461#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]462 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
463 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]464 0,
465 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]466
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]467 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
468 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]469 0,
470 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]471#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]472#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]473#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]474 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
475 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]476 0,
477 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]478 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
479 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]480 MBEDTLS_CIPHERSUITE_SHORT_TAG,
481 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]482 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
483 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]484 0,
485 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]486 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
487 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]488 MBEDTLS_CIPHERSUITE_SHORT_TAG,
489 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]490#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]491#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]492
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]493#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]494#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]495#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]496 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
497 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]498 0,
499 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]500#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]501
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]502#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]503 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
504 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]505 0,
506 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]507#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]508#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]509
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]510#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]511#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]512 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
513 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]514 0,
515 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]516#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]517
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]518#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]519 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
520 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]521 0,
522 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]523#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]524#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]525#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]526
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]527#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]528
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]529#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]530#if defined(PSA_WANT_KEY_TYPE_AES)
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]531
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]532#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]533#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]534 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
535 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]536 0,
537 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]538#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]539
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]540#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]541 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
542 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]543 0,
544 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]545#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]546
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]547#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]548 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
549 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]550 0,
551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]552
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]553 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
554 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]555 0,
556 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]557#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]558#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]559#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]560
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]561#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]562#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]563#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]564 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
565 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]566 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]567 0,
568 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]569#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]570
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]571#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]572 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
573 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]574 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]575 0,
576 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]577#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]578#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]579#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]580
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]581#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]582
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]583#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]584#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]585#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]586 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
587 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]588 MBEDTLS_CIPHERSUITE_SHORT_TAG,
589 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]590#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]591#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]592#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
593
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]594#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]595#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]596#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]597 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
598 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]599 MBEDTLS_CIPHERSUITE_WEAK,
600 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]601#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]602
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]603#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]604 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
605 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]606 MBEDTLS_CIPHERSUITE_WEAK,
607 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]608#endif
609
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]610#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]611 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
612 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]613 MBEDTLS_CIPHERSUITE_WEAK,
614 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]615#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]616#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]617
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]618#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]619#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]620 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
621 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]622 MBEDTLS_CIPHERSUITE_WEAK,
623 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]624#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]625
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]626#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]627 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
628 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]629 MBEDTLS_CIPHERSUITE_WEAK,
630 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]631#endif
632
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]633#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]634 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
635 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]636 MBEDTLS_CIPHERSUITE_WEAK,
637 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]638#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]639#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]640#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]641
Elena Uziunaite51c85a02024-07-05 11:20:17 +0100[diff] [blame]642#if defined(PSA_WANT_KEY_TYPE_ARIA)
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]643
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]644#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
645
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]646#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]647 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]648 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
649 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]650 0,
651 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]652#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]653#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]654 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]655 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]656 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]657 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]658 0,
659 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]660#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]661#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]662 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]663 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]664 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]665 0,
666 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]667#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]668#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]669 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]670 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]671 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]672 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]673 0,
674 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]675#endif
676
677#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
678
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]679#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
680
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]681#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]682 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]683 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]684 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]685 0,
686 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]687#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]688#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]689 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]690 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]691 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]692 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]693 0,
694 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]695#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]696#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]697 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]698 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]699 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]700 0,
701 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]702#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]703#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]704 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]705 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]706 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]707 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]708 0,
709 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]710#endif
711
712#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
713
714#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
715
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]716#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]717 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]718 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]719 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]720 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]721 0,
722 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]723#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]724#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]725 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]726 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]727 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]728 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]729 0,
730 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]731#endif
732
733#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
734
735#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
736
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]737#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]738 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]739 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]740 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]741 0,
742 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]743#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]744#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]745 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]746 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]747 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]748 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]749 0,
750 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]751#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]752#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]753 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]754 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]755 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]756 0,
757 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]758#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]759#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]760 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]761 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]762 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]763 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]764 0,
765 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]766#endif
767
768#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
769
Elena Uziunaite51c85a02024-07-05 11:20:17 +0100[diff] [blame]770#endif /* PSA_WANT_KEY_TYPE_ARIA */
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]771
772
Manuel Pégourié-Gonnarda2733712015-02-10 17:32:14 +0100[diff] [blame]773 { 0, "",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]774 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]775 0, 0, 0 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]776};
777
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]778#if defined(MBEDTLS_SSL_CIPHERSUITES)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]779const int *mbedtls_ssl_list_ciphersuites(void)
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]780{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]781 return ciphersuite_preference;
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]782}
783#else
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]784#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
785 sizeof(ciphersuite_definitions[0])
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]786static int supported_ciphersuites[MAX_CIPHERSUITES];
787static int supported_init = 0;
788
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]789MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]790static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]791{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]792 (void) cs_info;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]793
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]794 return 0;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]795}
796
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]797const int *mbedtls_ssl_list_ciphersuites(void)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]798{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]799 /*
800 * On initial call filter out all ciphersuites not supported by current
801 * build based on presence in the ciphersuite_definitions.
802 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]803 if (supported_init == 0) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]804 const int *p;
805 int *q;
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]806
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]807 for (p = ciphersuite_preference, q = supported_ciphersuites;
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]808 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]809 p++) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]810 const mbedtls_ssl_ciphersuite_t *cs_info;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]811 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
812 !ciphersuite_is_removed(cs_info)) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]813 *(q++) = *p;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]814 }
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]815 }
Manuel Pégourié-Gonnardbc4b7f02013-09-07 15:04:26 +0200[diff] [blame]816 *q = 0;
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]817
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]818 supported_init = 1;
819 }
820
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]821 return supported_ciphersuites;
Manuel Pégourié-Gonnardf78e4de2015-05-29 10:52:14 +0200[diff] [blame]822}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]823#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]824
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]825const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]826 const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]827{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]828 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]829
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]830 if (NULL == ciphersuite_name) {
831 return NULL;
832 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]833
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]834 while (cur->id != 0) {
835 if (0 == strcmp(cur->name, ciphersuite_name)) {
836 return cur;
837 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]838
839 cur++;
840 }
841
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]842 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]843}
844
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]845const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]846{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]847 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]848
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]849 while (cur->id != 0) {
850 if (cur->id == ciphersuite) {
851 return cur;
852 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]853
854 cur++;
855 }
856
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]857 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]858}
859
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]860const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]861{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]862 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]863
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]864 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]865
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]866 if (cur == NULL) {
867 return "unknown";
868 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]869
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]870 return cur->name;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]871}
872
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]873int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]874{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]875 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]876
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]877 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]878
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]879 if (cur == NULL) {
880 return 0;
881 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]882
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]883 return cur->id;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]884}
885
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]886size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]887{
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]888 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
889 psa_key_type_t key_type;
890 psa_algorithm_t alg;
891 size_t key_bits;
892
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]893 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]894 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
895 &alg, &key_type, &key_bits);
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]896
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]897 if (status != PSA_SUCCESS) {
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]898 return 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]899 }
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]900
901 return key_bits;
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]902}
903
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]904#if defined(MBEDTLS_PK_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]905mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]906{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]907 switch (info->key_exchange) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]908 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]909 return MBEDTLS_PK_RSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]910
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]911 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]912 return MBEDTLS_PK_ECDSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]913
914 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]915 return MBEDTLS_PK_NONE;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]916 }
917}
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]918
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]919psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]920{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]921 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]922 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]923 return PSA_ALG_RSA_PKCS1V15_SIGN(
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]924 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]925
926 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]927 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]928
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]929 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]930 return PSA_ALG_NONE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]931 }
932}
933
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]934psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]935{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]936 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]937 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
938 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]939 return PSA_KEY_USAGE_SIGN_HASH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]940
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]941 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]942 return 0;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]943 }
944}
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]945
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]946mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]947{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]948 switch (info->key_exchange) {
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]949 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]950 return MBEDTLS_PK_RSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]951
952 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]953 return MBEDTLS_PK_ECDSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]954
955 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]956 return MBEDTLS_PK_NONE;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]957 }
958}
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]959
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]960#endif /* MBEDTLS_PK_C */
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]961
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]962#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]963 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]964 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]965int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]966{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]967 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]968 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
969 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
970 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]971 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]972 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]973
974 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]975 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]976 }
977}
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]978#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]979 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
Valerio Setti45d56f32023-07-13 17:23:20 +0200[diff] [blame]980 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]981
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]982#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]983int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]984{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]985 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]986 case MBEDTLS_KEY_EXCHANGE_PSK:
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]987 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]988 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]989
990 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]991 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]992 }
993}
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]994#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]995
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]996#endif /* MBEDTLS_SSL_TLS_C */