TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / c7403edad804205a0022c46e505be2dac5933de5 / . / library / ssl_ciphersuites.c
blob: be32fb6e27beae5850dd6289650ec3c5af000270 [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200[diff] [blame]4 * \brief SSL ciphersuites for Mbed TLS
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]5 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]6 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]8 */
9
Harry Ramsey0f6bc412024-10-04 10:36:54 +0100[diff] [blame]10#include "ssl_misc.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]11
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]12#if defined(MBEDTLS_SSL_TLS_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]13
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]14#include "mbedtls/platform.h"
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]15
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]16#include "mbedtls/ssl_ciphersuites.h"
17#include "mbedtls/ssl.h"
Manuel Pégourié-Gonnardcac90a12021-06-04 11:42:30 +0200[diff] [blame]18#include "ssl_misc.h"
Valerio Setti384fbde2024-01-02 13:26:40 +0100[diff] [blame]19#include "mbedtls/psa_util.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]20
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]21#include <string.h>
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]22
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]23/*
24 * Ordered from most preferred to least preferred in terms of security.
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]25 *
TRodziewicz75628d52021-06-18 12:56:27 +0200[diff] [blame]26 * Current rule (except weak and null which come last):
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]27 * 1. By key exchange:
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]28 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]29 * 2. By key length and cipher:
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]30 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
Manuel Pégourié-Gonnard42b53742014-06-19 16:18:26 +0200[diff] [blame]31 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
Manuel Pégourié-Gonnard6768da92014-05-14 12:26:51 +0200[diff] [blame]32 * 4. By hash function used when relevant
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]33 * 5. By key exchange/auth again: EC > non-EC
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]34 */
35static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]36{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37#if defined(MBEDTLS_SSL_CIPHERSUITES)
38 MBEDTLS_SSL_CIPHERSUITES,
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]39#else
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]40#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]41 /* TLS 1.3 ciphersuites */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]42 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
Ronald Cron4bb67732023-02-16 15:51:18 +0100[diff] [blame]43 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
44 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]45 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
46 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]47#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]48
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]49 /* Chacha-Poly ephemeral suites */
50 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
51 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
52 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
53
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]54 /* All AES-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]55 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
56 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
57 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
58 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
59 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
60 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
61 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
62 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
63 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
64 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
65 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
66 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
67 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]68
69 /* All CAMELLIA-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]70 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
71 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
72 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
73 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
74 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
75 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
76 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]77
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]78 /* All ARIA-256 ephemeral suites */
79 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
80 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
81 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
82 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
83 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
84 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
85
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]86 /* All AES-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]87 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
88 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
89 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
90 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
91 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
93 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
94 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
95 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
96 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
97 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
98 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
99 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]100
101 /* All CAMELLIA-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]102 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
103 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
104 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
105 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
106 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
107 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
108 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]109
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]110 /* All ARIA-128 ephemeral suites */
111 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
112 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
113 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
114 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
115 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
116 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
117
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]118 /* The PSK ephemeral suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]119 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]120 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]121 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]122 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]123 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]124
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]125 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]126 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]127 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]128 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]129
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]130 /* The ECJPAKE suite */
131 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
132
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]133 /* All AES-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]134 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
135 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
136 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
137 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
138 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
139 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
140 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
141 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
142 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
143 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
144 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]145
146 /* All CAMELLIA-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]147 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
148 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
149 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
150 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
151 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
152 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
153 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]154
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]155 /* All ARIA-256 suites */
156 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
157 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
158 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
159 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
160 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
161 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
162
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]163 /* All AES-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]164 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
165 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
166 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
167 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
168 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
169 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
170 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
171 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
172 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
173 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
174 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]175
176 /* All CAMELLIA-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]177 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
178 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
179 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
180 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
181 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
182 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
183 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]184
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]185 /* All ARIA-128 suites */
186 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
187 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
188 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
189 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
190 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
191 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
192
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]193 /* The PSK suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]194 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]195 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
196 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
197 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
198 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
199 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
200 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
201 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]202 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
203 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]204
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]205 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
206 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
207 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
208 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
209 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
210 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
211 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]212 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
213 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]214
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]215 /* NULL suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]216 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
217 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
218 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
219 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
220 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]221
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]222 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
223 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
224 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
225 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
226 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]227 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
228 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
229 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]230
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]231#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]232 0
233};
234
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]235static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]236{
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]237#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]238#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]239#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]240#if defined(PSA_WANT_ALG_SHA_384)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]241 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]242 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
243 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
244 0,
245 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]246#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]247#if defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]248 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]249 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
250 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
251 0,
252 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]253#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]254#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]255#if defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]256 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]257 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
258 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
259 0,
260 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]261 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]262 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
263 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
264 MBEDTLS_CIPHERSUITE_SHORT_TAG,
265 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]266#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]267#endif /* PSA_WANT_KEY_TYPE_AES */
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]268#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]269 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
270 "TLS1-3-CHACHA20-POLY1305-SHA256",
271 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
272 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]273 0,
274 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]275#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && PSA_WANT_ALG_SHA_256 */
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]276#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]277
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]278#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]279 defined(PSA_WANT_ALG_SHA_256) && \
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]280 defined(MBEDTLS_SSL_PROTO_TLS1_2)
281#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
282 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
283 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
284 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
285 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]286 0,
287 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]288#endif
289#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
290 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
291 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
292 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
293 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]294 0,
295 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]296#endif
297#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
298 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
299 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
300 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
301 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]302 0,
303 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]304#endif
305#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
306 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
307 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
308 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
309 MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]310 0,
311 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]312#endif
313#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
314 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
315 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
316 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
317 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]318 0,
319 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]320#endif
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]321#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 &&
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]322 PSA_WANT_ALG_SHA_256 &&
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]323 MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]324#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]325#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]326#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]327#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]328 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
329 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]330 0,
331 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]332 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
333 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]334 0,
335 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]336#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]337#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]338#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]339#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]340 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
341 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]342 0,
343 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]344#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]345#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]346 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
347 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]348 0,
349 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]350#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]351#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]352#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]353#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]354 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
355 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]356 0,
357 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]358#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]359#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]360 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
361 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]362 0,
363 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]364#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]365#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]366#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]367 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
368 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]369 0,
370 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]371 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
372 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]373 MBEDTLS_CIPHERSUITE_SHORT_TAG,
374 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]375 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
376 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]377 0,
378 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]379 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
380 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]381 MBEDTLS_CIPHERSUITE_SHORT_TAG,
382 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]383#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]384#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]385
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]386#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]387#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]388#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]389 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
390 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]391 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]392 0,
393 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]394#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]395#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]396 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
397 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]398 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]399 0,
400 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]401#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]402#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]403
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]404#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]405#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]406 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
407 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]408 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]409 0,
410 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]411#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]412#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]413 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
414 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]415 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]416 0,
417 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]418#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]419#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]420#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]421
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]422#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]423#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]424 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
425 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]426 MBEDTLS_CIPHERSUITE_WEAK,
427 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]428#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]429#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
430#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]431
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]432#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]433#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]434#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]435#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]436 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
437 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]438 0,
439 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]440 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
441 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]442 0,
443 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]444#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]445#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]446#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]447#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]448 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
449 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]450 0,
451 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]452#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]453#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]454 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
455 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]456 0,
457 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]458#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]459#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]460#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]461#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]462 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
463 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]464 0,
465 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]466#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]467#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]468 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
469 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]470 0,
471 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]472#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]473#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]474#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]475
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]476#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]477#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]478#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]479 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
480 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]481 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]482 0,
483 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]484#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]485#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]486 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
487 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]488 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]489 0,
490 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]491#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]492#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]493
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]494#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]495#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]496 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
497 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]498 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]499 0,
500 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]501#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]502#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]503 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
504 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]505 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]506 0,
507 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]508#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]509#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]510#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]511
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]512#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]513#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]514 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
515 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]516 MBEDTLS_CIPHERSUITE_WEAK,
517 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]518#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]519#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
520#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]521
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]522#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]523#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]524#if defined(PSA_WANT_ALG_SHA_384) && \
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]525 defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]526 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
527 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]528 0,
529 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]530#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]531
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]532#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]533#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]534 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
535 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]536 0,
537 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]538#endif /* PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]539
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]540#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]541 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
542 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]543 0,
544 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]545
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]546 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
547 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]548 0,
549 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]550#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]551#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]552
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]553#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]554#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]555 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
556 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]557 0,
558 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]559
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]560 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
561 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]562 0,
563 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]564#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]565#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]566#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]567 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
568 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]569 0,
570 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]571 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
572 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]573 MBEDTLS_CIPHERSUITE_SHORT_TAG,
574 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]575 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
576 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]577 0,
578 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]579 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
580 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]581 MBEDTLS_CIPHERSUITE_SHORT_TAG,
582 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]583#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]584#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]585
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]586#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]587#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]588#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]589 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
590 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]591 0,
592 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]593
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]594 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
595 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]596 0,
597 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]598#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]599
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]600#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]601 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
602 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]603 0,
604 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]605
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]606 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
607 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]608 0,
609 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]610#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]611#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]612#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]613#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]614 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
615 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]616 0,
617 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]618#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]619
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]620#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]621 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
622 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]623 0,
624 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]625#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]626#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]627#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]628
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]629#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]630
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]631#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]632#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]633#if defined(PSA_WANT_ALG_SHA_384) && \
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]634 defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]635 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
636 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]637 0,
638 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]639#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]640
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]641#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]642#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]643 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
644 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]645 0,
646 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]647#endif /* PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]648
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]649#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]650 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
651 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]652 0,
653 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]654
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]655 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
656 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]657 0,
658 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]659#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]660#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]661
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]662#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]663#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]664 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
665 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]666 0,
667 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]668
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]669 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
670 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]671 0,
672 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]673#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]674#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]675#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]676 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
677 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]678 0,
679 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]680 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
681 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]682 MBEDTLS_CIPHERSUITE_SHORT_TAG,
683 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]684 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
685 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]686 0,
687 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]688 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
689 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]690 MBEDTLS_CIPHERSUITE_SHORT_TAG,
691 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]692#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]693#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]694
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]695#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]696#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]697#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]698 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
699 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]700 0,
701 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]702
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]703 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
704 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]705 0,
706 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]707#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]708
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]709#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]710 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
711 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]712 0,
713 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]714
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]715 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
716 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]717 0,
718 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]719#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]720#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]721
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]722#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]723#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]724 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
725 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]726 0,
727 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]728#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]729
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]730#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]731 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
732 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]733 0,
734 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]735#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]736#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]737#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]738
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]739#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]740
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]741#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]742#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]743#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]744#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]745 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
746 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]747 0,
748 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]749 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
750 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]751 0,
752 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]753#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]754#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]755#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]756#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]757 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
758 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]759 0,
760 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]761#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]762#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]763 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
764 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]765 0,
766 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]767#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]768#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]769#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]770#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]771 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
772 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]773 0,
774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]775#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]776#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]777 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
778 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]779 0,
780 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]781#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]782#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]783#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]784
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]785#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]786#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]787#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]788 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
789 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]790 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]791 0,
792 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]793#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]794#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]795 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
796 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]797 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]798 0,
799 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]800#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]801#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]802
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]803#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]804#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]805 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
806 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]807 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]808 0,
809 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]810#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]811#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]812 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
813 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]814 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]815 0,
816 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]817#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]818#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]819#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]820
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]821#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]822#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]823 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
824 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]825 MBEDTLS_CIPHERSUITE_WEAK,
826 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]827#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]828#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
829#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]830
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]831#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]832#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]833#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]834#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]835 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
836 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]837 0,
838 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]839 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
840 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]841 0,
842 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]843#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]844#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]845#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]846#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]847 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
848 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]849 0,
850 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]851#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]852#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]853 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
854 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]855 0,
856 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]857#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]858#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]859#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]860#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]861 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
862 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]863 0,
864 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]865#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]866#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]867 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
868 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]869 0,
870 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]871#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]872#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]873#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]874
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]875#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]876#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]877#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]878 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
879 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]880 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]881 0,
882 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]883#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]884#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]885 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
886 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]887 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]888 0,
889 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]890#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]891#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]892
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]893#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]894#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]895 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
896 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]897 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]898 0,
899 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]900#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]901#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]902 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
903 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]904 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]905 0,
906 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]907#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]908#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]909#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]910
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]911#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]912#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]913 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
914 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]915 MBEDTLS_CIPHERSUITE_WEAK,
916 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]917#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]918#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
919#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]920
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]921#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]922#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]923#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]924#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]925 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
926 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]927 0,
928 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]929#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]930
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]931#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]932 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
933 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]934 0,
935 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]936#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]937#endif /* PSA_WANT_ALG_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]938
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]939#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]940#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]941 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
942 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]943 0,
944 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]945#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]946
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]947#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]948 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
949 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]950 0,
951 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]952#endif /* PSA_WANT_ALG_SHA_384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]953
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]954#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]955 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
956 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]957 0,
958 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]959
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]960 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
961 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]962 0,
963 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]964#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]965#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]966#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]967 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
968 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]969 0,
970 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]971 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
972 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]973 MBEDTLS_CIPHERSUITE_SHORT_TAG,
974 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]975 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
976 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]977 0,
978 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]979 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
980 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]981 MBEDTLS_CIPHERSUITE_SHORT_TAG,
982 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]983#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]984#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]985
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]986#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]987#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]988#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]989 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
990 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]991 0,
992 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]993#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]994
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]995#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]996 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
997 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]998 0,
999 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1000#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1001#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1002
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1003#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1004#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1005 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1006 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1007 0,
1008 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1009#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1010
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1011#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1012 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1013 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1014 0,
1015 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1016#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1017#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1018#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1019
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1020#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1021
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1022#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1023#if defined(PSA_WANT_KEY_TYPE_AES)
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1024
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1025#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1026#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1027 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1028 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1029 0,
1030 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1031#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1032
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1033#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1034 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1035 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1036 0,
1037 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1038#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1039
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1040#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1041 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1042 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1043 0,
1044 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1045
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1046 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1047 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1048 0,
1049 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1050#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1051#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1052#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1053
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1054#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1055#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1056#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1057 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1058 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1059 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1060 0,
1061 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1062#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1063
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1064#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1065 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1066 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1067 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1068 0,
1069 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1070#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1071#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1072#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1073
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1074#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1075
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1076#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1077#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]1078#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1079 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1080 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1081 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1082 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]1083#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1084#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1085#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1086
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1087#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1088#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Elena Uziunaiteb66a9912024-05-10 14:25:58 +0100[diff] [blame]1089#if defined(PSA_WANT_ALG_MD5)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1090 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1091 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1092 MBEDTLS_CIPHERSUITE_WEAK,
1093 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1094#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1095
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1096#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1097 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1098 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1099 MBEDTLS_CIPHERSUITE_WEAK,
1100 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1101#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1102
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1103#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1104 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1105 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1106 MBEDTLS_CIPHERSUITE_WEAK,
1107 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1108#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1109#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1110
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1111#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1112#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1113 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1114 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1115 MBEDTLS_CIPHERSUITE_WEAK,
1116 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1117#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1118
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1119#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1120 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1121 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1122 MBEDTLS_CIPHERSUITE_WEAK,
1123 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1124#endif
1125
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1126#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1127 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1128 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1129 MBEDTLS_CIPHERSUITE_WEAK,
1130 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1131#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1132#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1133
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1134#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1135#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1136 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1137 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1138 MBEDTLS_CIPHERSUITE_WEAK,
1139 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1140#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1141
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1142#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1143 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1144 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1145 MBEDTLS_CIPHERSUITE_WEAK,
1146 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1147#endif
1148
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1149#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1150 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1151 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1152 MBEDTLS_CIPHERSUITE_WEAK,
1153 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1154#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1155#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1156#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1157
Elena Uziunaite51c85a02024-07-05 11:20:17 +0100[diff] [blame]1158#if defined(PSA_WANT_KEY_TYPE_ARIA)
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1159
1160#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1161
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1162#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1163 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1164 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1165 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1166 0,
1167 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1168#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1169#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1170 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1171 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1172 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1173 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1174 0,
1175 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1176#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1177#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1178 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1179 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1180 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1181 0,
1182 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1183#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1184#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1185 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1186 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1187 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1188 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1189 0,
1190 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1191#endif
1192
1193#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1194
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1195#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1196
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1197#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1198 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1199 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1200 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1201 0,
1202 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1203#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1204#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1205 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1206 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1207 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1208 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1209 0,
1210 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1211#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1212#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1213 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1214 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1215 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1216 0,
1217 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1218#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1219#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1220 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1221 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1222 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1223 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1224 0,
1225 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1226#endif
1227
1228#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1229
1230#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1231
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1232#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1233 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1234 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1235 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1236 0,
1237 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1238#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1239#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1240 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1241 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1242 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1243 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1244 0,
1245 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1246#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1247#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1248 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1249 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1250 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1251 0,
1252 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1253#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1254#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1255 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1256 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1257 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1258 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1259 0,
1260 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1261#endif
1262
1263#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1264
1265#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1266
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1267#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1268 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1269 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1270 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1271 0,
1272 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1273#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1274#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1275 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1276 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1277 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1278 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1279 0,
1280 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1281#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1282#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1283 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1284 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1285 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1286 0,
1287 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1288#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1289#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1290 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1291 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1292 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1293 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1294 0,
1295 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1296#endif
1297
1298#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1299
1300#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1301
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1302#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1303 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1304 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1305 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1306 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1307 0,
1308 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1309#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1310#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1311 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1312 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1313 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1314 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1315 0,
1316 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1317#endif
1318
1319#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1320
1321#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1322
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1323#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1324 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1325 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1326 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1327 0,
1328 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1329#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1330#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1331 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1332 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1333 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1334 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1335 0,
1336 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1337#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1338#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1339 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1340 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1341 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1342 0,
1343 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1344#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1345#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1346 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1347 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1348 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1349 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1350 0,
1351 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1352#endif
1353
1354#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1355
1356#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1357
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1358#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1359 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1360 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1361 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1362 0,
1363 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1364#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1365#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1366 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1367 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1368 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1369 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1370 0,
1371 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1372#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1373#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1374 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1375 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1376 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1377 0,
1378 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1379#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1380#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1381 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1382 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1383 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1384 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1385 0,
1386 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1387#endif
1388
1389#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1390
1391#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1392
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1393#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1394 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1395 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1396 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1397 0,
1398 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1399#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1400#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1401 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1402 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1403 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1404 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1405 0,
1406 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1407#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1408#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1409 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1410 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1411 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1412 0,
1413 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1414#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1415#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1416 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1417 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1418 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1419 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1420 0,
1421 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1422#endif
1423
1424#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1425
Elena Uziunaite51c85a02024-07-05 11:20:17 +0100[diff] [blame]1426#endif /* PSA_WANT_KEY_TYPE_ARIA */
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1427
1428
Manuel Pégourié-Gonnarda2733712015-02-10 17:32:14 +0100[diff] [blame]1429 { 0, "",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1430 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1431 0, 0, 0 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1432};
1433
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1434#if defined(MBEDTLS_SSL_CIPHERSUITES)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1435const int *mbedtls_ssl_list_ciphersuites(void)
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1436{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1437 return ciphersuite_preference;
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1438}
1439#else
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1440#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
1441 sizeof(ciphersuite_definitions[0])
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1442static int supported_ciphersuites[MAX_CIPHERSUITES];
1443static int supported_init = 0;
1444
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]1445MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1446static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1447{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1448 (void) cs_info;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1449
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1450 return 0;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1451}
1452
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1453const int *mbedtls_ssl_list_ciphersuites(void)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1454{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1455 /*
1456 * On initial call filter out all ciphersuites not supported by current
1457 * build based on presence in the ciphersuite_definitions.
1458 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1459 if (supported_init == 0) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1460 const int *p;
1461 int *q;
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1462
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1463 for (p = ciphersuite_preference, q = supported_ciphersuites;
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1464 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1465 p++) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1466 const mbedtls_ssl_ciphersuite_t *cs_info;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1467 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1468 !ciphersuite_is_removed(cs_info)) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1469 *(q++) = *p;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1470 }
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1471 }
Manuel Pégourié-Gonnardbc4b7f02013-09-07 15:04:26 +0200[diff] [blame]1472 *q = 0;
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]1473
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1474 supported_init = 1;
1475 }
1476
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1477 return supported_ciphersuites;
Manuel Pégourié-Gonnardf78e4de2015-05-29 10:52:14 +0200[diff] [blame]1478}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1479#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1480
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1481const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1482 const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1483{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1484 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1485
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1486 if (NULL == ciphersuite_name) {
1487 return NULL;
1488 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1489
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1490 while (cur->id != 0) {
1491 if (0 == strcmp(cur->name, ciphersuite_name)) {
1492 return cur;
1493 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1494
1495 cur++;
1496 }
1497
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1498 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1499}
1500
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1501const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1502{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1503 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1504
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1505 while (cur->id != 0) {
1506 if (cur->id == ciphersuite) {
1507 return cur;
1508 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1509
1510 cur++;
1511 }
1512
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1513 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1514}
1515
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1516const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1517{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1518 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1519
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1520 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1521
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1522 if (cur == NULL) {
1523 return "unknown";
1524 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1525
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1526 return cur->name;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1527}
1528
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1529int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1530{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1531 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1532
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1533 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1534
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1535 if (cur == NULL) {
1536 return 0;
1537 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1538
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1539 return cur->id;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1540}
1541
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1542size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1543{
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1544 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1545 psa_key_type_t key_type;
1546 psa_algorithm_t alg;
1547 size_t key_bits;
1548
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1549 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1550 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1551 &alg, &key_type, &key_bits);
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1552
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1553 if (status != PSA_SUCCESS) {
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1554 return 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1555 }
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1556
1557 return key_bits;
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1558}
1559
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1560#if defined(MBEDTLS_PK_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1561mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1562{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1563 switch (info->key_exchange) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1564 case MBEDTLS_KEY_EXCHANGE_RSA:
1565 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1566 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1567 return MBEDTLS_PK_RSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1568
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1569 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1570 return MBEDTLS_PK_ECDSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1571
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1572 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1573 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1574 return MBEDTLS_PK_ECKEY;
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]1575
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1576 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1577 return MBEDTLS_PK_NONE;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1578 }
1579}
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1580
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1581psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1582{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1583 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1584 case MBEDTLS_KEY_EXCHANGE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1585 return PSA_ALG_RSA_PKCS1V15_CRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1586 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1587 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1588 return PSA_ALG_RSA_PKCS1V15_SIGN(
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1589 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1590
1591 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1592 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1593
1594 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1595 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1596 return PSA_ALG_ECDH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1597
1598 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1599 return PSA_ALG_NONE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1600 }
1601}
1602
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1603psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1604{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1605 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1606 case MBEDTLS_KEY_EXCHANGE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1607 return PSA_KEY_USAGE_DECRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1608 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1609 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1610 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1611 return PSA_KEY_USAGE_SIGN_HASH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1612
1613 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1614 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1615 return PSA_KEY_USAGE_DERIVE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1616
1617 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1618 return 0;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1619 }
1620}
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1621
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1622mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1623{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1624 switch (info->key_exchange) {
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1625 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1626 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1627 return MBEDTLS_PK_RSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1628
1629 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1630 return MBEDTLS_PK_ECDSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1631
1632 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1633 return MBEDTLS_PK_NONE;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1634 }
1635}
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1636
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1637#endif /* MBEDTLS_PK_C */
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1638
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]1639#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]1640 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]1641 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1642int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1643{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1644 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1645 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1646 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1647 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1648 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1649 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]1650 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1651 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1652
1653 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1654 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1655 }
1656}
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]1657#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]1658 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
Valerio Setti45d56f32023-07-13 17:23:20 +0200[diff] [blame]1659 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1660
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1661#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1662int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1663{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1664 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1665 case MBEDTLS_KEY_EXCHANGE_PSK:
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1666 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1667 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1668
1669 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1670 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1671 }
1672}
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1673#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1674
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1675#endif /* MBEDTLS_SSL_TLS_C */