TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2d6d993662558b5c0874c1c2ce8564defcb60bdb / . / library / ssl_ciphersuites.c
blob: 3d4466a978ecd4c7b12b57f6821f4b4c0b85eb66 [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +0000[diff] [blame]4 * \brief SSL ciphersuites for mbed TLS
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]5 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]6 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]20 */
21
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]22#include "common.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]23
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]24#if defined(MBEDTLS_SSL_TLS_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]25
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]26#include "mbedtls/platform.h"
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]27
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]28#include "mbedtls/ssl_ciphersuites.h"
29#include "mbedtls/ssl.h"
Manuel Pégourié-Gonnardcac90a12021-06-04 11:42:30 +0200[diff] [blame]30#include "ssl_misc.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]31
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]32#include <string.h>
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]33
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]34/*
35 * Ordered from most preferred to least preferred in terms of security.
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]36 *
TRodziewicz75628d52021-06-18 12:56:27 +0200[diff] [blame]37 * Current rule (except weak and null which come last):
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]38 * 1. By key exchange:
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]39 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]40 * 2. By key length and cipher:
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]41 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
Manuel Pégourié-Gonnard42b53742014-06-19 16:18:26 +0200[diff] [blame]42 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
Manuel Pégourié-Gonnard6768da92014-05-14 12:26:51 +0200[diff] [blame]43 * 4. By hash function used when relevant
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]44 * 5. By key exchange/auth again: EC > non-EC
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]45 */
46static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]47{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]48#if defined(MBEDTLS_SSL_CIPHERSUITES)
49 MBEDTLS_SSL_CIPHERSUITES,
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]50#else
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]51#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]52 /* TLS 1.3 ciphersuites */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]53 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
Ronald Cron4bb67732023-02-16 15:51:18 +0100[diff] [blame]54 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
55 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]56 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
57 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]58#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]59
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]60 /* Chacha-Poly ephemeral suites */
61 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
62 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
63 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
64
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]65 /* All AES-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]66 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
67 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
68 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
69 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
70 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
71 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
72 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
73 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
74 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
75 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
76 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
77 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
78 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]79
80 /* All CAMELLIA-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
82 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
83 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
84 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
85 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
86 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
87 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]88
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]89 /* All ARIA-256 ephemeral suites */
90 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
91 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
92 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
93 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
94 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
95 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
96
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]97 /* All AES-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]98 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
99 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
100 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
101 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
102 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
103 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
104 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
105 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
106 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
107 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
108 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
109 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
110 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]111
112 /* All CAMELLIA-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]113 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
114 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
115 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
116 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
117 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
118 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
119 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]120
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]121 /* All ARIA-128 ephemeral suites */
122 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
123 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
124 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
125 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
126 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
127 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
128
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]129 /* The PSK ephemeral suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]130 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
131 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]132 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
133 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
134 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
135 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
136 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
137 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
138 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
139 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
140 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
141 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]142 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
143 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
144 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]145
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]146 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
147 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
148 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
149 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
150 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
151 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
152 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
153 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
154 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
155 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]156 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
157 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
158 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]159
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]160 /* The ECJPAKE suite */
161 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
162
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]163 /* All AES-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]164 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
165 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
166 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
167 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
168 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
169 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
170 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
171 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
172 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
173 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
174 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]175
176 /* All CAMELLIA-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]177 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
178 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
179 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
180 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
181 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
182 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
183 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]184
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]185 /* All ARIA-256 suites */
186 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
187 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
188 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
189 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
190 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
191 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
192
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]193 /* All AES-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]194 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
195 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
196 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
197 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
198 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
199 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
200 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
201 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
202 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
203 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
204 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]205
206 /* All CAMELLIA-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]207 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
208 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
209 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
210 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
211 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
212 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
213 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]214
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]215 /* All ARIA-128 suites */
216 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
217 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
218 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
219 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
220 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
221 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
222
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]223 /* The RSA PSK suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]224 MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]225 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
226 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
227 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
228 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
229 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]230 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
231 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]232
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]233 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
234 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
235 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
236 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
237 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]238 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
239 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]240
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]241 /* The PSK suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]242 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]243 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
244 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
245 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
246 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
247 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
248 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
249 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]250 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
251 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]252
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]253 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
254 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
255 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
257 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
258 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
259 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]260 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
261 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]262
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]263 /* NULL suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]264 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
265 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
266 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
267 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
268 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
269 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
270 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
271 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]272
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]273 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
274 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
275 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
276 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
277 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
278 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
279 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
280 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
281 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
282 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
283 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]284
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]285#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]286 0
287};
288
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]289static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]290{
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]291#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]292#if defined(MBEDTLS_AES_C)
293#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]294#if defined(MBEDTLS_MD_CAN_SHA384)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]295 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]296 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
297 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
298 0,
299 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]300#endif /* MBEDTLS_MD_CAN_SHA384 */
301#if defined(MBEDTLS_MD_CAN_SHA256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]302 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]303 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
304 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
305 0,
306 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]307#endif /* MBEDTLS_MD_CAN_SHA256 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]308#endif /* MBEDTLS_GCM_C */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]309#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_MD_CAN_SHA256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]310 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]311 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
312 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
313 0,
314 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]315 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]316 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
317 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
318 MBEDTLS_CIPHERSUITE_SHORT_TAG,
319 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]320#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_CCM_C */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]321#endif /* MBEDTLS_AES_C */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]322#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_MD_CAN_SHA256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]323 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
324 "TLS1-3-CHACHA20-POLY1305-SHA256",
325 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
326 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]327 0,
328 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]329#endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_MD_CAN_SHA256 */
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]330#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]331
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]332#if defined(MBEDTLS_CHACHAPOLY_C) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]333 defined(MBEDTLS_MD_CAN_SHA256) && \
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]334 defined(MBEDTLS_SSL_PROTO_TLS1_2)
335#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
336 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
337 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
338 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
339 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]340 0,
341 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]342#endif
343#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
344 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
345 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
346 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
347 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]348 0,
349 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]350#endif
351#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
352 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
353 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
354 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
355 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]356 0,
357 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]358#endif
359#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
360 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
361 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
362 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
363 MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]364 0,
365 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]366#endif
367#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
368 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
369 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
370 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
371 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]372 0,
373 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]374#endif
375#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
376 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
377 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
378 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
379 MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]380 0,
381 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]382#endif
383#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
384 { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
385 "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
386 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
387 MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]388 0,
389 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]390#endif
391#endif /* MBEDTLS_CHACHAPOLY_C &&
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]392 MBEDTLS_MD_CAN_SHA256 &&
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]393 MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]394#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
395#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]396#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]397#if defined(MBEDTLS_CIPHER_MODE_CBC)
398 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
399 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]400 0,
401 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]402 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
403 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]404 0,
405 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]406#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]407#endif /* MBEDTLS_MD_CAN_SHA1 */
408#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]409#if defined(MBEDTLS_CIPHER_MODE_CBC)
410 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
411 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]412 0,
413 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]414#endif /* MBEDTLS_CIPHER_MODE_CBC */
415#if defined(MBEDTLS_GCM_C)
416 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
417 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]418 0,
419 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]420#endif /* MBEDTLS_GCM_C */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]421#endif /* MBEDTLS_MD_CAN_SHA256 */
422#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]423#if defined(MBEDTLS_CIPHER_MODE_CBC)
424 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
425 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]426 0,
427 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]428#endif /* MBEDTLS_CIPHER_MODE_CBC */
429#if defined(MBEDTLS_GCM_C)
430 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
431 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]432 0,
433 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]434#endif /* MBEDTLS_GCM_C */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]435#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]436#if defined(MBEDTLS_CCM_C)
437 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
438 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]439 0,
440 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]441 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
442 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]443 MBEDTLS_CIPHERSUITE_SHORT_TAG,
444 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]445 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
446 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]447 0,
448 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]449 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
450 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]451 MBEDTLS_CIPHERSUITE_SHORT_TAG,
452 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]453#endif /* MBEDTLS_CCM_C */
454#endif /* MBEDTLS_AES_C */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]455
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]456#if defined(MBEDTLS_CAMELLIA_C)
457#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]458#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]459 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
460 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]461 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]462 0,
463 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]464#endif /* MBEDTLS_MD_CAN_SHA256 */
465#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]466 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
467 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]468 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]469 0,
470 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]471#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]472#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]473
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]474#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]475#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]476 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
477 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]478 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]479 0,
480 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]481#endif /* MBEDTLS_MD_CAN_SHA256 */
482#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]483 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
484 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]485 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]486 0,
487 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]488#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]489#endif /* MBEDTLS_GCM_C */
490#endif /* MBEDTLS_CAMELLIA_C */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]491
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]492#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]493#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]494 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
495 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]496 MBEDTLS_CIPHERSUITE_WEAK,
497 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]498#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]499#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
500#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]501
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]502#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
503#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]504#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]505#if defined(MBEDTLS_CIPHER_MODE_CBC)
506 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
507 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]508 0,
509 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]510 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
511 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]512 0,
513 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]514#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]515#endif /* MBEDTLS_MD_CAN_SHA1 */
516#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]517#if defined(MBEDTLS_CIPHER_MODE_CBC)
518 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
519 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]520 0,
521 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]522#endif /* MBEDTLS_CIPHER_MODE_CBC */
523#if defined(MBEDTLS_GCM_C)
524 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
525 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]526 0,
527 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]528#endif /* MBEDTLS_GCM_C */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]529#endif /* MBEDTLS_MD_CAN_SHA256 */
530#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]531#if defined(MBEDTLS_CIPHER_MODE_CBC)
532 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
533 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]534 0,
535 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]536#endif /* MBEDTLS_CIPHER_MODE_CBC */
537#if defined(MBEDTLS_GCM_C)
538 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
539 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]540 0,
541 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]542#endif /* MBEDTLS_GCM_C */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]543#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]544#endif /* MBEDTLS_AES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]545
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]546#if defined(MBEDTLS_CAMELLIA_C)
547#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]548#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]549 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
550 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]551 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]552 0,
553 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]554#endif /* MBEDTLS_MD_CAN_SHA256 */
555#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]556 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
557 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]558 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]559 0,
560 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]561#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]562#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]563
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]564#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]565#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]566 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
567 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]568 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]569 0,
570 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]571#endif /* MBEDTLS_MD_CAN_SHA256 */
572#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]573 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
574 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]575 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]576 0,
577 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]578#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]579#endif /* MBEDTLS_GCM_C */
580#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]581
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]582#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]583#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]584 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
585 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]586 MBEDTLS_CIPHERSUITE_WEAK,
587 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]588#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]589#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
590#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]591
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]592#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
593#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]594#if defined(MBEDTLS_MD_CAN_SHA384) && \
Mateusz Starzyk3352a532021-04-06 14:28:22 +0200[diff] [blame]595 defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]596 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
597 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]598 0,
599 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]600#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]601
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]602#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]603#if defined(MBEDTLS_GCM_C)
604 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
605 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]606 0,
607 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]608#endif /* MBEDTLS_GCM_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]609
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]610#if defined(MBEDTLS_CIPHER_MODE_CBC)
611 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
612 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]613 0,
614 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]615
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]616 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
617 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]618 0,
619 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]620#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]621#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]622
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]623#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]624#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]625 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
626 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]627 0,
628 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]629
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]630 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
631 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]632 0,
633 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]634#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]635#endif /* MBEDTLS_CIPHER_MODE_CBC */
636#if defined(MBEDTLS_CCM_C)
637 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
638 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]639 0,
640 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]641 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
642 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]643 MBEDTLS_CIPHERSUITE_SHORT_TAG,
644 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]645 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
646 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]647 0,
648 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]649 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
650 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]651 MBEDTLS_CIPHERSUITE_SHORT_TAG,
652 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]653#endif /* MBEDTLS_CCM_C */
654#endif /* MBEDTLS_AES_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]655
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]656#if defined(MBEDTLS_CAMELLIA_C)
657#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]658#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]659 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
660 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]661 0,
662 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]663
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]664 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
665 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]666 0,
667 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]668#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]669
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]670#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]671 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
672 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]673 0,
674 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]675
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]676 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
677 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]678 0,
679 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]680#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]681#endif /* MBEDTLS_CIPHER_MODE_CBC */
682#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]683#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]684 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
685 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]686 0,
687 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]688#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]689
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]690#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]691 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
692 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]693 0,
694 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]695#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]696#endif /* MBEDTLS_GCM_C */
697#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]698
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]699#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]700
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]701#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
702#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]703#if defined(MBEDTLS_MD_CAN_SHA384) && \
Mateusz Starzyk3352a532021-04-06 14:28:22 +0200[diff] [blame]704 defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]705 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
706 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]707 0,
708 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]709#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]710
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]711#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]712#if defined(MBEDTLS_GCM_C)
713 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
714 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]715 0,
716 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]717#endif /* MBEDTLS_GCM_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]718
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]719#if defined(MBEDTLS_CIPHER_MODE_CBC)
720 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
721 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]722 0,
723 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]724
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]725 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
726 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]727 0,
728 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]729#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]730#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]731
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]732#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]733#if defined(MBEDTLS_CIPHER_MODE_CBC)
734 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
735 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]736 0,
737 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]738
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]739 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
740 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]741 0,
742 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]743#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]744#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]745#if defined(MBEDTLS_CCM_C)
746 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
747 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]748 0,
749 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]750 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
751 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]752 MBEDTLS_CIPHERSUITE_SHORT_TAG,
753 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]754 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
755 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]756 0,
757 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]758 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
759 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]760 MBEDTLS_CIPHERSUITE_SHORT_TAG,
761 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]762#endif /* MBEDTLS_CCM_C */
763#endif /* MBEDTLS_AES_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]764
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]765#if defined(MBEDTLS_CAMELLIA_C)
766#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]767#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]768 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
769 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]770 0,
771 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]772
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]773 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
774 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]775 0,
776 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]777#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]778
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]779#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]780 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
781 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]782 0,
783 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]784
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]785 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
786 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]787 0,
788 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]789#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]790#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]791
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]792#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]793#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]794 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
795 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]796 0,
797 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]798#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]799
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]800#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]801 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
802 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]803 0,
804 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]805#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]806#endif /* MBEDTLS_GCM_C */
807#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]808
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]809#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]810
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]811#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
812#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]813#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]814#if defined(MBEDTLS_CIPHER_MODE_CBC)
815 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
816 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]817 0,
818 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]819 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
820 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]821 0,
822 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]823#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]824#endif /* MBEDTLS_MD_CAN_SHA1 */
825#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]826#if defined(MBEDTLS_CIPHER_MODE_CBC)
827 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
828 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]829 0,
830 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]831#endif /* MBEDTLS_CIPHER_MODE_CBC */
832#if defined(MBEDTLS_GCM_C)
833 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
834 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]835 0,
836 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]837#endif /* MBEDTLS_GCM_C */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]838#endif /* MBEDTLS_MD_CAN_SHA256 */
839#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]840#if defined(MBEDTLS_CIPHER_MODE_CBC)
841 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
842 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]843 0,
844 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]845#endif /* MBEDTLS_CIPHER_MODE_CBC */
846#if defined(MBEDTLS_GCM_C)
847 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
848 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]849 0,
850 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]851#endif /* MBEDTLS_GCM_C */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]852#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]853#endif /* MBEDTLS_AES_C */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]854
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]855#if defined(MBEDTLS_CAMELLIA_C)
856#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]857#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]858 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
859 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]860 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]861 0,
862 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]863#endif /* MBEDTLS_MD_CAN_SHA256 */
864#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]865 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
866 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]867 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]868 0,
869 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]870#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]871#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]872
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]873#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]874#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]875 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
876 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]877 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]878 0,
879 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]880#endif /* MBEDTLS_MD_CAN_SHA256 */
881#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]882 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
883 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]884 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]885 0,
886 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]887#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]888#endif /* MBEDTLS_GCM_C */
889#endif /* MBEDTLS_CAMELLIA_C */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]890
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]891#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]892#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]893 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
894 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]895 MBEDTLS_CIPHERSUITE_WEAK,
896 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]897#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]898#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
899#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]900
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]901#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
902#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]903#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]904#if defined(MBEDTLS_CIPHER_MODE_CBC)
905 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
906 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]907 0,
908 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]909 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
910 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]911 0,
912 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]913#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]914#endif /* MBEDTLS_MD_CAN_SHA1 */
915#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]916#if defined(MBEDTLS_CIPHER_MODE_CBC)
917 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
918 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]919 0,
920 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]921#endif /* MBEDTLS_CIPHER_MODE_CBC */
922#if defined(MBEDTLS_GCM_C)
923 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
924 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]925 0,
926 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]927#endif /* MBEDTLS_GCM_C */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]928#endif /* MBEDTLS_MD_CAN_SHA256 */
929#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]930#if defined(MBEDTLS_CIPHER_MODE_CBC)
931 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
932 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]933 0,
934 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]935#endif /* MBEDTLS_CIPHER_MODE_CBC */
936#if defined(MBEDTLS_GCM_C)
937 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
938 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]939 0,
940 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]941#endif /* MBEDTLS_GCM_C */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]942#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]943#endif /* MBEDTLS_AES_C */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]944
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]945#if defined(MBEDTLS_CAMELLIA_C)
946#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]947#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]948 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
949 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]950 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]951 0,
952 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]953#endif /* MBEDTLS_MD_CAN_SHA256 */
954#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]955 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
956 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]957 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]958 0,
959 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]960#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]961#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]962
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]963#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]964#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]965 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
966 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]967 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]968 0,
969 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]970#endif /* MBEDTLS_MD_CAN_SHA256 */
971#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]972 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
973 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]974 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]975 0,
976 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]977#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]978#endif /* MBEDTLS_GCM_C */
979#endif /* MBEDTLS_CAMELLIA_C */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]980
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]981#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]982#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]983 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
984 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]985 MBEDTLS_CIPHERSUITE_WEAK,
986 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]987#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]988#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
989#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]990
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]991#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
992#if defined(MBEDTLS_AES_C)
993#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]994#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]995 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
996 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]997 0,
998 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]999#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1000
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1001#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1002 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
1003 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1004 0,
1005 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1006#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1007#endif /* MBEDTLS_GCM_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1008
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1009#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1010#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1011 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
1012 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1013 0,
1014 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1015#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1016
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1017#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1018 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1019 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1020 0,
1021 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1022#endif /* MBEDTLS_MD_CAN_SHA384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1023
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1024#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1025 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1026 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1027 0,
1028 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1029
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1030 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1031 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1032 0,
1033 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1034#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1035#endif /* MBEDTLS_CIPHER_MODE_CBC */
1036#if defined(MBEDTLS_CCM_C)
1037 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1038 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1039 0,
1040 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1041 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1042 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1043 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1044 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1045 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1046 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1047 0,
1048 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1049 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1050 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1051 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1052 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1053#endif /* MBEDTLS_CCM_C */
1054#endif /* MBEDTLS_AES_C */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1055
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1056#if defined(MBEDTLS_CAMELLIA_C)
1057#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1058#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1059 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1060 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1061 0,
1062 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1063#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1064
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1065#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1066 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1067 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1068 0,
1069 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1070#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1071#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1072
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1073#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1074#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1075 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1076 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1077 0,
1078 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1079#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1080
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1081#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1082 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1083 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1084 0,
1085 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1086#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1087#endif /* MBEDTLS_GCM_C */
1088#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1089
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1090#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1091
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1092#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1093#if defined(MBEDTLS_AES_C)
1094#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1095#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1096 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1097 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1098 0,
1099 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1100#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1101
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1102#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1103 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1104 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1105 0,
1106 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1107#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1108#endif /* MBEDTLS_GCM_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1109
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1110#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1111#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1112 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1113 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1114 0,
1115 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1116#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1117
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1118#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1119 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1120 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1121 0,
1122 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1123#endif /* MBEDTLS_MD_CAN_SHA384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1124
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1125#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1126 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1127 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1128 0,
1129 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1130
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1131 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1132 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1133 0,
1134 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1135#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1136#endif /* MBEDTLS_CIPHER_MODE_CBC */
1137#if defined(MBEDTLS_CCM_C)
1138 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1139 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1140 0,
1141 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1142 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1143 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1144 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1145 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1146 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1147 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1148 0,
1149 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1150 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1151 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1152 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1153 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1154#endif /* MBEDTLS_CCM_C */
1155#endif /* MBEDTLS_AES_C */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1156
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1157#if defined(MBEDTLS_CAMELLIA_C)
1158#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1159#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1160 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1161 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1162 0,
1163 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1164#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1165
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1166#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1167 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1168 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1169 0,
1170 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1171#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1172#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1173
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1174#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1175#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1176 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1177 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1178 0,
1179 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1180#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1181
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1182#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1183 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1184 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1185 0,
1186 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1187#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1188#endif /* MBEDTLS_GCM_C */
1189#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1190
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1191#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1192
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1193#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1194#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1195
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1196#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1197#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1198 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1199 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1200 0,
1201 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1202#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1203
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1204#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1205 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1206 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1207 0,
1208 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1209#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1210
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1211#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1212 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1213 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1214 0,
1215 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1216
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1217 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1218 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1219 0,
1220 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1221#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1222#endif /* MBEDTLS_CIPHER_MODE_CBC */
1223#endif /* MBEDTLS_AES_C */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1224
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1225#if defined(MBEDTLS_CAMELLIA_C)
1226#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1227#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1228 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1229 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1230 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1231 0,
1232 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1233#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1234
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1235#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1236 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1237 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1238 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1239 0,
1240 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1241#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1242#endif /* MBEDTLS_CIPHER_MODE_CBC */
1243#endif /* MBEDTLS_CAMELLIA_C */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1244
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1245#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1246
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1247#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1248#if defined(MBEDTLS_AES_C)
1249#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1250#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1251 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1252 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1253 0,
1254 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1255#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1256
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1257#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1258 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1259 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1260 0,
1261 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1262#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1263#endif /* MBEDTLS_GCM_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1264
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1265#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1266#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1267 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1268 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1269 0,
1270 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1271#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1272
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1273#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1274 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1275 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1276 0,
1277 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1278#endif /* MBEDTLS_MD_CAN_SHA384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1279
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1280#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1281 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1282 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1283 0,
1284 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1285
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1286 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1287 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1288 0,
1289 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1290#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1291#endif /* MBEDTLS_CIPHER_MODE_CBC */
1292#endif /* MBEDTLS_AES_C */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1293
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1294#if defined(MBEDTLS_CAMELLIA_C)
1295#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1296#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1297 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1298 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1299 0,
1300 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1301#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1302
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1303#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1304 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1305 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1306 0,
1307 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1308#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1309#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1310
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1311#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1312#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1313 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1314 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1315 0,
1316 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1317#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1318
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1319#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1320 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1321 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1322 0,
1323 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1324#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1325#endif /* MBEDTLS_GCM_C */
1326#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1327
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1328#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1329
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1330#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1331#if defined(MBEDTLS_AES_C)
1332#if defined(MBEDTLS_CCM_C)
1333 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1334 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1335 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1336 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1337#endif /* MBEDTLS_CCM_C */
1338#endif /* MBEDTLS_AES_C */
1339#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1340
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1341#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1342#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1343#if defined(MBEDTLS_MD_CAN_MD5)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1344 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1345 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1346 MBEDTLS_CIPHERSUITE_WEAK,
1347 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1348#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1349
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1350#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1351 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1352 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1353 MBEDTLS_CIPHERSUITE_WEAK,
1354 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1355#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1356
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1357#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1358 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1359 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1360 MBEDTLS_CIPHERSUITE_WEAK,
1361 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1362#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1363#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1364
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1365#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1366#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1367 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1368 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1369 MBEDTLS_CIPHERSUITE_WEAK,
1370 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1371#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1372
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1373#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1374 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1375 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1376 MBEDTLS_CIPHERSUITE_WEAK,
1377 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1378#endif
1379
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1380#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1381 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1382 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1383 MBEDTLS_CIPHERSUITE_WEAK,
1384 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1385#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1386#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1387
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1388#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1389#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1390 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1391 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1392 MBEDTLS_CIPHERSUITE_WEAK,
1393 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1394#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1395
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1396#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1397 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1398 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1399 MBEDTLS_CIPHERSUITE_WEAK,
1400 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1401#endif
1402
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1403#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1404 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1405 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1406 MBEDTLS_CIPHERSUITE_WEAK,
1407 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1408#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1409#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1410
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1411#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1412#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1413 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1414 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1415 MBEDTLS_CIPHERSUITE_WEAK,
1416 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1417#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1418
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1419#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1420 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1421 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1422 MBEDTLS_CIPHERSUITE_WEAK,
1423 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1424#endif
1425
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1426#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1427 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1428 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1429 MBEDTLS_CIPHERSUITE_WEAK,
1430 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1431#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1432#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1433
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1434#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1435#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1436 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1437 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1438 MBEDTLS_CIPHERSUITE_WEAK,
1439 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1440#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnardef0eb1e2013-10-14 19:29:19 +0200[diff] [blame]1441
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1442#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1443 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1444 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1445 MBEDTLS_CIPHERSUITE_WEAK,
1446 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1447#endif
Manuel Pégourié-Gonnardef0eb1e2013-10-14 19:29:19 +0200[diff] [blame]1448
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1449#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1450 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1451 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1452 MBEDTLS_CIPHERSUITE_WEAK,
1453 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1454#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1455#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1456#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1457
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1458#if defined(MBEDTLS_ARIA_C)
1459
1460#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1461
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1462#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1463 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1464 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1465 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1466 0,
1467 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1468#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1469#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1470 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1471 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1472 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1473 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1474 0,
1475 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1476#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1477#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1478 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1479 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1480 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1481 0,
1482 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1483#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1484#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1485 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1486 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1487 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1488 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1489 0,
1490 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1491#endif
1492
1493#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1494
1495#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1496
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1497#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1498 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1499 "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1500 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1501 0,
1502 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1503#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1504#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1505 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1506 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1507 "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1508 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1509 0,
1510 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1511#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1512#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1513 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1514 "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1515 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1516 0,
1517 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1518#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1519#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1520 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1521 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1522 "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1523 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1524 0,
1525 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1526#endif
1527
1528#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1529
1530#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1531
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1532#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1533 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1534 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1535 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1536 0,
1537 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1538#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1539#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1540 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1541 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1542 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1543 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1544 0,
1545 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1546#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1547#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1548 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1549 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1550 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1551 0,
1552 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1553#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1554#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1555 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1556 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1557 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1558 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1559 0,
1560 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1561#endif
1562
1563#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1564
1565#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1566
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1567#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1568 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1569 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1570 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1571 0,
1572 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1573#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1574#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1575 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1576 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1577 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1578 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1579 0,
1580 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1581#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1582#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1583 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1584 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1585 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1586 0,
1587 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1588#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1589#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1590 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1591 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1592 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1593 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1594 0,
1595 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1596#endif
1597
1598#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1599
1600#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1601
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1602#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1603 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1604 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1605 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1606 0,
1607 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1608#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1609#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1610 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1611 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1612 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1613 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1614 0,
1615 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1616#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1617#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1618 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1619 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1620 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1621 0,
1622 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1623#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1624#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1625 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1626 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1627 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1628 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1629 0,
1630 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1631#endif
1632
1633#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1634
1635#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1636
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1637#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1638 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1639 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1640 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1641 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1642 0,
1643 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1644#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1645#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1646 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1647 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1648 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1649 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1650 0,
1651 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1652#endif
1653
1654#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1655
1656#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1657
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1658#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1659 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1660 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1661 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1662 0,
1663 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1664#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1665#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1666 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1667 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1668 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1669 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1670 0,
1671 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1672#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1673#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1674 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1675 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1676 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1677 0,
1678 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1679#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1680#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1681 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1682 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1683 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1684 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1685 0,
1686 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1687#endif
1688
1689#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1690
1691#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1692
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1693#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1694 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1695 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1696 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1697 0,
1698 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1699#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1700#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1701 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1702 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1703 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1704 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1705 0,
1706 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1707#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1708#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1709 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1710 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1711 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1712 0,
1713 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1714#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1715#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1716 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1717 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1718 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1719 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1720 0,
1721 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1722#endif
1723
1724#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1725
1726#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1727
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1728#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1729 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1730 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1731 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1732 0,
1733 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1734#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1735#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1736 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1737 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1738 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1739 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1740 0,
1741 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1742#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1743#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1744 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1745 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1746 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1747 0,
1748 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1749#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1750#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1751 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1752 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1753 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1754 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1755 0,
1756 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1757#endif
1758
1759#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1760
1761#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1762
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1763#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1764 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1765 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1766 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1767 0,
1768 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1769#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1770#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1771 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1772 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1773 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1774 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1775 0,
1776 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1777#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1778#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1779 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1780 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1781 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1782 0,
1783 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1784#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1785#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1786 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1787 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1788 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1789 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1790 0,
1791 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1792#endif
1793
1794#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1795
1796#endif /* MBEDTLS_ARIA_C */
1797
1798
Manuel Pégourié-Gonnarda2733712015-02-10 17:32:14 +0100[diff] [blame]1799 { 0, "",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1800 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1801 0, 0, 0 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1802};
1803
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1804#if defined(MBEDTLS_SSL_CIPHERSUITES)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1805const int *mbedtls_ssl_list_ciphersuites(void)
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1806{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1807 return ciphersuite_preference;
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1808}
1809#else
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1810#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
1811 sizeof(ciphersuite_definitions[0])
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1812static int supported_ciphersuites[MAX_CIPHERSUITES];
1813static int supported_init = 0;
1814
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]1815MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1816static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1817{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1818 (void) cs_info;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1819
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1820 return 0;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1821}
1822
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1823const int *mbedtls_ssl_list_ciphersuites(void)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1824{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1825 /*
1826 * On initial call filter out all ciphersuites not supported by current
1827 * build based on presence in the ciphersuite_definitions.
1828 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1829 if (supported_init == 0) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1830 const int *p;
1831 int *q;
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1832
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1833 for (p = ciphersuite_preference, q = supported_ciphersuites;
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1834 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1835 p++) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1836 const mbedtls_ssl_ciphersuite_t *cs_info;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1837 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1838 !ciphersuite_is_removed(cs_info)) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1839 *(q++) = *p;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1840 }
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1841 }
Manuel Pégourié-Gonnardbc4b7f02013-09-07 15:04:26 +0200[diff] [blame]1842 *q = 0;
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]1843
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1844 supported_init = 1;
1845 }
1846
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1847 return supported_ciphersuites;
Manuel Pégourié-Gonnardf78e4de2015-05-29 10:52:14 +0200[diff] [blame]1848}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1849#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1850
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1851const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1852 const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1853{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1854 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1855
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1856 if (NULL == ciphersuite_name) {
1857 return NULL;
1858 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1859
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1860 while (cur->id != 0) {
1861 if (0 == strcmp(cur->name, ciphersuite_name)) {
1862 return cur;
1863 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1864
1865 cur++;
1866 }
1867
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1868 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1869}
1870
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1871const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1872{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1873 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1874
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1875 while (cur->id != 0) {
1876 if (cur->id == ciphersuite) {
1877 return cur;
1878 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1879
1880 cur++;
1881 }
1882
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1883 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1884}
1885
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1886const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1887{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1888 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1889
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1890 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1891
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1892 if (cur == NULL) {
1893 return "unknown";
1894 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1895
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1896 return cur->name;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1897}
1898
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1899int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1900{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1901 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1902
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1903 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1904
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1905 if (cur == NULL) {
1906 return 0;
1907 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1908
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1909 return cur->id;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1910}
1911
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1912size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1913{
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1914#if defined(MBEDTLS_USE_PSA_CRYPTO)
1915 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1916 psa_key_type_t key_type;
1917 psa_algorithm_t alg;
1918 size_t key_bits;
1919
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1920 status = mbedtls_ssl_cipher_to_psa(info->cipher,
1921 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1922 &alg, &key_type, &key_bits);
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1923
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1924 if (status != PSA_SUCCESS) {
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1925 return 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1926 }
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1927
1928 return key_bits;
Neil Armstrong689557c2022-05-12 08:30:59 +0200[diff] [blame]1929#else
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1930 const mbedtls_cipher_info_t * const cipher_info =
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1931 mbedtls_cipher_info_from_type(info->cipher);
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1932
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1933 return mbedtls_cipher_info_get_key_bitlen(cipher_info);
Neil Armstrong689557c2022-05-12 08:30:59 +0200[diff] [blame]1934#endif /* MBEDTLS_USE_PSA_CRYPTO */
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1935}
1936
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1937#if defined(MBEDTLS_PK_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1938mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1939{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1940 switch (info->key_exchange) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1941 case MBEDTLS_KEY_EXCHANGE_RSA:
1942 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1943 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1944 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1945 return MBEDTLS_PK_RSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1946
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1947 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1948 return MBEDTLS_PK_ECDSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1949
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1950 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1951 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1952 return MBEDTLS_PK_ECKEY;
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]1953
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1954 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1955 return MBEDTLS_PK_NONE;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1956 }
1957}
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1958
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1959#if defined(MBEDTLS_USE_PSA_CRYPTO)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1960psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1961{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1962 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1963 case MBEDTLS_KEY_EXCHANGE_RSA:
1964 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1965 return PSA_ALG_RSA_PKCS1V15_CRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1966 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1967 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1968 return PSA_ALG_RSA_PKCS1V15_SIGN(
Manuel Pégourié-Gonnard2d6d9932023-03-28 11:38:08 +0200[diff] [blame^]1969 mbedtls_md_psa_alg_from_type(info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1970
1971 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Manuel Pégourié-Gonnard2d6d9932023-03-28 11:38:08 +0200[diff] [blame^]1972 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1973
1974 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1975 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1976 return PSA_ALG_ECDH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1977
1978 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1979 return PSA_ALG_NONE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1980 }
1981}
1982
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1983psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1984{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1985 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1986 case MBEDTLS_KEY_EXCHANGE_RSA:
1987 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1988 return PSA_KEY_USAGE_DECRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1989 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1990 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1991 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1992 return PSA_KEY_USAGE_SIGN_HASH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1993
1994 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1995 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1996 return PSA_KEY_USAGE_DERIVE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1997
1998 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1999 return 0;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]2000 }
2001}
2002#endif /* MBEDTLS_USE_PSA_CRYPTO */
2003
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2004mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2005{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2006 switch (info->key_exchange) {
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2007 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
2008 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2009 return MBEDTLS_PK_RSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2010
2011 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2012 return MBEDTLS_PK_ECDSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2013
2014 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2015 return MBEDTLS_PK_NONE;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2016 }
2017}
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2018
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2019#endif /* MBEDTLS_PK_C */
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]2020
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]2021#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
2022 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2023int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2024{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2025 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2026 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2027 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2028 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2029 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
2030 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]2031 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2032 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2033
2034 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2035 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2036 }
2037}
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]2038#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2039
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]2040#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2041int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2042{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2043 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2044 case MBEDTLS_KEY_EXCHANGE_PSK:
2045 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
2046 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
2047 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2048 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2049
2050 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2051 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2052 }
2053}
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]2054#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2055
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2056#endif /* MBEDTLS_SSL_TLS_C */