TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 48659a1f9ce9f64440ac6f3cb84d23e4ee8ed9b5 / . / library / ssl_ciphersuites.c
blob: f4621876b506445a1a8a670f69e001317929f8cf [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200[diff] [blame]4 * \brief SSL ciphersuites for Mbed TLS
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]5 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]6 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]8 */
9
Harry Ramsey0f6bc412024-10-04 10:36:54 +0100[diff] [blame]10#include "ssl_misc.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]11
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]12#if defined(MBEDTLS_SSL_TLS_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]13
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]14#include "mbedtls/platform.h"
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]15
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]16#include "mbedtls/ssl_ciphersuites.h"
17#include "mbedtls/ssl.h"
Manuel Pégourié-Gonnardcac90a12021-06-04 11:42:30 +0200[diff] [blame]18#include "ssl_misc.h"
Manuel Pégourié-Gonnard02b10d82023-03-28 12:33:20 +0200[diff] [blame]19#if defined(MBEDTLS_USE_PSA_CRYPTO)
Valerio Setti384fbde2024-01-02 13:26:40 +0100[diff] [blame]20#include "mbedtls/psa_util.h"
Manuel Pégourié-Gonnard02b10d82023-03-28 12:33:20 +0200[diff] [blame]21#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]22
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]23#include <string.h>
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]24
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]25/*
26 * Ordered from most preferred to least preferred in terms of security.
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]27 *
TRodziewicz75628d52021-06-18 12:56:27 +0200[diff] [blame]28 * Current rule (except weak and null which come last):
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]29 * 1. By key exchange:
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]30 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]31 * 2. By key length and cipher:
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]32 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
Manuel Pégourié-Gonnard42b53742014-06-19 16:18:26 +0200[diff] [blame]33 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
Manuel Pégourié-Gonnard6768da92014-05-14 12:26:51 +0200[diff] [blame]34 * 4. By hash function used when relevant
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]35 * 5. By key exchange/auth again: EC > non-EC
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]36 */
37static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]38{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]39#if defined(MBEDTLS_SSL_CIPHERSUITES)
40 MBEDTLS_SSL_CIPHERSUITES,
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]41#else
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]42#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]43 /* TLS 1.3 ciphersuites */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]44 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
Ronald Cron4bb67732023-02-16 15:51:18 +0100[diff] [blame]45 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
46 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]47 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
48 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]49#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]50
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]51 /* Chacha-Poly ephemeral suites */
52 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
53 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
54 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
55
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]56 /* All AES-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]57 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
58 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
59 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
60 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
61 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
62 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
63 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
64 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
65 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
66 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
67 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
69 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]70
71 /* All CAMELLIA-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]72 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
73 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
74 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
75 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
76 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
77 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
78 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]79
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]80 /* All ARIA-256 ephemeral suites */
81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
82 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
83 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
84 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
85 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
86 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
87
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]88 /* All AES-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]89 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
90 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
91 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
93 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
94 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
95 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
96 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
97 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
98 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
99 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
100 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
101 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]102
103 /* All CAMELLIA-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]104 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
105 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
106 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
107 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
108 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
109 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
110 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]111
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]112 /* All ARIA-128 ephemeral suites */
113 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
114 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
115 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
116 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
117 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
118 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
119
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]120 /* The PSK ephemeral suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]121 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
122 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]123 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
124 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
125 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
126 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
127 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
128 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
129 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
130 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
131 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
132 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]133 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
134 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
135 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]136
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]137 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
138 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
139 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
140 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
141 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
142 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
143 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
144 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
145 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
146 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]147 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
148 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
149 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]150
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]151 /* The ECJPAKE suite */
152 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
153
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]154 /* All AES-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]155 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
156 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
157 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
158 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
159 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
160 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
161 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
162 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
163 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
164 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
165 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]166
167 /* All CAMELLIA-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]168 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
169 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
170 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
171 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
172 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
173 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
174 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]175
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]176 /* All ARIA-256 suites */
177 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
178 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
179 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
180 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
181 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
182 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
183
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]184 /* All AES-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]185 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
186 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
187 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
188 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
189 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
190 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
191 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
192 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
193 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
194 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
195 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]196
197 /* All CAMELLIA-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]198 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
199 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
200 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
201 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
202 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
203 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
204 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]205
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]206 /* All ARIA-128 suites */
207 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
208 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
209 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
210 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
211 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
212 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
213
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]214 /* The PSK suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]215 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]216 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
217 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
218 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
219 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
220 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
221 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
222 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]223 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
224 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]225
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]226 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
227 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
228 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
229 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
230 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
231 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
232 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]233 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
234 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]235
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]236 /* NULL suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]237 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
238 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
239 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
240 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
241 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
242 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
243 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
244 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]245
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]246 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
247 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
248 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
249 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
250 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]251 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
252 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
253 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]254
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]255#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]256 0
257};
258
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]259static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]260{
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]261#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]262#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]263#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]264#if defined(PSA_WANT_ALG_SHA_384)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]265 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]266 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
267 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
268 0,
269 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]270#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]271#if defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]272 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]273 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
274 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
275 0,
276 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]277#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]278#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]279#if defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]280 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]281 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
282 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
283 0,
284 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]285 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]286 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
287 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
288 MBEDTLS_CIPHERSUITE_SHORT_TAG,
289 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]290#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]291#endif /* PSA_WANT_KEY_TYPE_AES */
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]292#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]293 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
294 "TLS1-3-CHACHA20-POLY1305-SHA256",
295 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
296 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]297 0,
298 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]299#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && PSA_WANT_ALG_SHA_256 */
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]300#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]301
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]302#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]303 defined(PSA_WANT_ALG_SHA_256) && \
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]304 defined(MBEDTLS_SSL_PROTO_TLS1_2)
305#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
306 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
307 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
308 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
309 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]310 0,
311 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]312#endif
313#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
314 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
315 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
316 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
317 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]318 0,
319 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]320#endif
321#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
322 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
323 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
324 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
325 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]326 0,
327 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]328#endif
329#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
330 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
331 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
332 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
333 MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]334 0,
335 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]336#endif
337#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
338 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
339 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
340 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
341 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]342 0,
343 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]344#endif
345#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
346 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
347 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
348 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
349 MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]350 0,
351 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]352#endif
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]353#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 &&
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]354 PSA_WANT_ALG_SHA_256 &&
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]355 MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]356#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]357#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]358#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]359#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]360 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
361 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]362 0,
363 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]364 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
365 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]366 0,
367 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]368#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]369#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]370#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]371#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]372 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
373 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]374 0,
375 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]376#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]377#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]378 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
379 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]380 0,
381 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]382#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]383#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]384#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]385#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]386 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
387 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]388 0,
389 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]390#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]391#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]392 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
393 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]394 0,
395 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]396#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]397#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]398#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]399 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
400 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]401 0,
402 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]403 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
404 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]405 MBEDTLS_CIPHERSUITE_SHORT_TAG,
406 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]407 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
408 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]409 0,
410 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]411 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
412 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]413 MBEDTLS_CIPHERSUITE_SHORT_TAG,
414 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]415#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]416#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]417
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]418#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]419#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]420#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]421 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
422 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]423 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]424 0,
425 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]426#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]427#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]428 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
429 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]430 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]431 0,
432 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]433#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]434#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]435
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]436#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]437#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]438 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
439 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]440 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]441 0,
442 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]443#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]444#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]445 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
446 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]447 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]448 0,
449 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]450#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]451#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]452#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]453
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]454#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]455#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]456 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
457 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]458 MBEDTLS_CIPHERSUITE_WEAK,
459 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]460#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]461#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
462#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]463
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]464#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]465#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]466#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]467#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]468 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
469 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]470 0,
471 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]472 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
473 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]474 0,
475 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]476#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]477#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]478#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]479#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]480 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
481 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]482 0,
483 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]484#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]485#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]486 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
487 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]488 0,
489 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]490#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]491#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]492#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]493#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]494 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
495 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]496 0,
497 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]498#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]499#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]500 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
501 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]502 0,
503 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]504#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]505#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]506#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]507
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]508#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]509#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]510#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]511 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
512 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]513 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]514 0,
515 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]516#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]517#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]518 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
519 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]520 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]521 0,
522 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]523#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]524#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]525
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]526#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]527#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]528 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
529 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]530 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]531 0,
532 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]533#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]534#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]535 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
536 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]537 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]538 0,
539 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]540#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]541#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]542#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]543
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]544#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]545#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]546 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
547 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]548 MBEDTLS_CIPHERSUITE_WEAK,
549 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]550#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]551#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
552#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]553
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]554#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]555#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]556#if defined(PSA_WANT_ALG_SHA_384) && \
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]557 defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]558 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
559 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]560 0,
561 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]562#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]563
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]564#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]565#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]566 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
567 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]568 0,
569 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]570#endif /* PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]571
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]572#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]573 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
574 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]575 0,
576 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]577
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]578 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
579 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]580 0,
581 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]582#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]583#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]584
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]585#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]586#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]587 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
588 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]589 0,
590 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]591
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]592 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
593 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]594 0,
595 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]596#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]597#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]598#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]599 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
600 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]601 0,
602 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]603 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
604 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]605 MBEDTLS_CIPHERSUITE_SHORT_TAG,
606 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]607 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
608 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]609 0,
610 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]611 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
612 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]613 MBEDTLS_CIPHERSUITE_SHORT_TAG,
614 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]615#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]616#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]617
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]618#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]619#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]620#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]621 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
622 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]623 0,
624 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]625
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]626 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
627 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]628 0,
629 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]630#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]631
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]632#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]633 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
634 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]635 0,
636 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]637
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]638 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
639 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]640 0,
641 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]642#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]643#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]644#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]645#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]646 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
647 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]648 0,
649 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]650#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]651
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]652#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]653 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
654 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]655 0,
656 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]657#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]658#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]659#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]660
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]661#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]662
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]663#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]664#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]665#if defined(PSA_WANT_ALG_SHA_384) && \
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]666 defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]667 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
668 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]669 0,
670 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]671#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]672
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]673#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]674#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]675 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
676 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]677 0,
678 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]679#endif /* PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]680
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]681#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]682 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
683 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]684 0,
685 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]686
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]687 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
688 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]689 0,
690 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]691#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]692#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]693
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]694#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]695#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]696 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
697 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]698 0,
699 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]700
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]701 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
702 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]703 0,
704 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]705#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]706#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]707#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]708 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
709 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]710 0,
711 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]712 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
713 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]714 MBEDTLS_CIPHERSUITE_SHORT_TAG,
715 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]716 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
717 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]718 0,
719 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]720 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
721 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]722 MBEDTLS_CIPHERSUITE_SHORT_TAG,
723 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]724#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]725#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]726
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]727#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]728#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]729#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]730 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
731 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]732 0,
733 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]734
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]735 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
736 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]737 0,
738 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]739#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]740
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]741#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]742 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
743 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]744 0,
745 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]746
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]747 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
748 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]749 0,
750 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]751#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]752#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]753
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]754#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]755#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]756 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
757 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]758 0,
759 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]760#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]761
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]762#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]763 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
764 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]765 0,
766 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]767#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]768#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]769#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]770
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]771#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]772
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]773#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]774#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]775#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]776#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]777 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
778 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]779 0,
780 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]781 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
782 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]783 0,
784 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]785#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]786#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]787#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]788#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]789 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
790 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]791 0,
792 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]793#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]794#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]795 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
796 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]797 0,
798 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]799#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]800#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]801#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]802#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]803 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
804 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]805 0,
806 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]807#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]808#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]809 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
810 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]811 0,
812 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]813#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]814#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]815#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]816
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]817#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]818#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]819#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]820 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
821 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]822 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]823 0,
824 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]825#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]826#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]827 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
828 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]829 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]830 0,
831 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]832#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]833#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]834
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]835#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]836#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]837 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
838 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]839 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]840 0,
841 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]842#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]843#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]844 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
845 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]846 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]847 0,
848 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]849#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]850#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]851#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]852
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]853#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]854#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]855 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
856 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]857 MBEDTLS_CIPHERSUITE_WEAK,
858 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]859#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]860#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
861#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]862
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]863#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]864#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]865#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]866#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]867 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
868 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]869 0,
870 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]871 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
872 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]873 0,
874 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]875#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]876#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]877#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]878#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]879 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
880 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]881 0,
882 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]883#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]884#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]885 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
886 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]887 0,
888 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]889#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]890#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]891#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]892#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]893 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
894 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]895 0,
896 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]897#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]898#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]899 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
900 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]901 0,
902 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]903#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]904#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]905#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]906
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]907#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]908#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]909#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]910 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
911 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]912 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]913 0,
914 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]915#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]916#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]917 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
918 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]919 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]920 0,
921 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]922#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]923#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]924
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]925#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]926#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]927 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
928 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]929 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]930 0,
931 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]932#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]933#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]934 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
935 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]936 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]937 0,
938 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]939#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]940#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]941#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]942
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]943#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]944#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]945 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
946 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]947 MBEDTLS_CIPHERSUITE_WEAK,
948 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]949#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]950#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
951#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]952
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]953#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]954#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]955#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]956#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]957 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
958 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]959 0,
960 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]961#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]962
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]963#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]964 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
965 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]966 0,
967 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]968#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]969#endif /* PSA_WANT_ALG_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]970
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]971#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]972#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]973 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
974 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]975 0,
976 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]977#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]978
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]979#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]980 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
981 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]982 0,
983 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]984#endif /* PSA_WANT_ALG_SHA_384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]985
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]986#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]987 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
988 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]989 0,
990 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]991
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]992 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
993 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]994 0,
995 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]996#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]997#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]998#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]999 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1000 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1001 0,
1002 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1003 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1004 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1005 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1006 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1007 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1008 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1009 0,
1010 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1011 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1012 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1013 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1014 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]1015#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1016#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1017
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1018#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1019#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1020#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1021 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1022 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1023 0,
1024 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1025#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1026
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1027#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1028 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1029 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1030 0,
1031 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1032#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1033#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1034
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1035#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1036#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1037 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1038 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1039 0,
1040 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1041#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1042
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1043#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1044 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1045 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1046 0,
1047 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1048#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1049#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1050#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1051
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1052#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1053
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1054#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1055#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1056#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1057#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1058 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1059 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1060 0,
1061 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1062#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1063
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1064#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1065 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1066 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1067 0,
1068 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1069#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1070#endif /* PSA_WANT_ALG_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1071
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1072#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1073#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1074 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1075 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1076 0,
1077 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1078#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1079
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1080#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1081 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1082 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1083 0,
1084 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1085#endif /* PSA_WANT_ALG_SHA_384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1086
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1087#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1088 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1089 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1090 0,
1091 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1092
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1093 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1094 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1095 0,
1096 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1097#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1098#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]1099#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1100 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1101 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1102 0,
1103 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1104 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1105 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1106 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1107 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1108 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1109 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1110 0,
1111 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1112 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1113 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1114 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1115 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]1116#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1117#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1118
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1119#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1120#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1121#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1122 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1123 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1124 0,
1125 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1126#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1127
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1128#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1129 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1130 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1131 0,
1132 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1133#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1134#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1135
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1136#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1137#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1138 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1139 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1140 0,
1141 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1142#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1143
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1144#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1145 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1146 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1147 0,
1148 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1149#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1150#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1151#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1152
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1153#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1154
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1155#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1156#if defined(PSA_WANT_KEY_TYPE_AES)
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1157
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1158#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1159#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1160 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1161 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1162 0,
1163 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1164#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1165
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1166#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1167 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1168 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1169 0,
1170 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1171#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1172
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1173#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1174 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1175 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1176 0,
1177 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1178
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1179 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1180 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1181 0,
1182 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1183#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1184#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1185#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1186
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1187#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1188#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1189#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1190 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1191 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1192 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1193 0,
1194 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1195#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1196
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1197#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1198 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1199 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1200 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1201 0,
1202 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1203#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1204#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1205#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1206
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1207#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1208
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1209#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1210#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]1211#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1212 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1213 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1214 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1215 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]1216#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1217#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1218#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1219
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1220#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1221#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Elena Uziunaiteb66a9912024-05-10 14:25:58 +0100[diff] [blame]1222#if defined(PSA_WANT_ALG_MD5)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1223 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1224 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1225 MBEDTLS_CIPHERSUITE_WEAK,
1226 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1227#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1228
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1229#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1230 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1231 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1232 MBEDTLS_CIPHERSUITE_WEAK,
1233 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1234#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1235
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1236#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1237 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1238 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1239 MBEDTLS_CIPHERSUITE_WEAK,
1240 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1241#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1242#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1243
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1244#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1245#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1246 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1247 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1248 MBEDTLS_CIPHERSUITE_WEAK,
1249 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1250#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1251
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1252#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1253 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1254 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1255 MBEDTLS_CIPHERSUITE_WEAK,
1256 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1257#endif
1258
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1259#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1260 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1261 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1262 MBEDTLS_CIPHERSUITE_WEAK,
1263 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1264#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1265#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1266
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1267#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1268#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1269 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1270 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1271 MBEDTLS_CIPHERSUITE_WEAK,
1272 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1273#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1274
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1275#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1276 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1277 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1278 MBEDTLS_CIPHERSUITE_WEAK,
1279 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1280#endif
1281
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1282#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1283 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1284 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1285 MBEDTLS_CIPHERSUITE_WEAK,
1286 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1287#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1288#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1289
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1290#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1291#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1292 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1293 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1294 MBEDTLS_CIPHERSUITE_WEAK,
1295 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1296#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1297
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1298#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1299 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1300 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1301 MBEDTLS_CIPHERSUITE_WEAK,
1302 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1303#endif
1304
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1305#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1306 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1307 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1308 MBEDTLS_CIPHERSUITE_WEAK,
1309 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1310#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1311#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1312#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1313
Elena Uziunaite51c85a02024-07-05 11:20:17 +0100[diff] [blame]1314#if defined(PSA_WANT_KEY_TYPE_ARIA)
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1315
1316#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1317
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1318#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1319 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1320 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1321 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1322 0,
1323 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1324#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1325#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1326 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1327 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1328 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1329 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1330 0,
1331 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1332#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1333#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1334 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1335 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1336 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1337 0,
1338 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1339#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1340#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1341 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1342 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1343 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1344 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1345 0,
1346 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1347#endif
1348
1349#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1350
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1351#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1352
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1353#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1354 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1355 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1356 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1357 0,
1358 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1359#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1360#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1361 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1362 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1363 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1364 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1365 0,
1366 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1367#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1368#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1369 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1370 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1371 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1372 0,
1373 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1374#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1375#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1376 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1377 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1378 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1379 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1380 0,
1381 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1382#endif
1383
1384#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1385
1386#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1387
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1388#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1389 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1390 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1391 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1392 0,
1393 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1394#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1395#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1396 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1397 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1398 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1399 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1400 0,
1401 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1402#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1403#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1404 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1405 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1406 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1407 0,
1408 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1409#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1410#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1411 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1412 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1413 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1414 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1415 0,
1416 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1417#endif
1418
1419#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1420
1421#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1422
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1423#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1424 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1425 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1426 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1427 0,
1428 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1429#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1430#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1431 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1432 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1433 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1434 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1435 0,
1436 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1437#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1438#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1439 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1440 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1441 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1442 0,
1443 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1444#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1445#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1446 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1447 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1448 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1449 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1450 0,
1451 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1452#endif
1453
1454#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1455
1456#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1457
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1458#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1459 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1460 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1461 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1462 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1463 0,
1464 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1465#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1466#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1467 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1468 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1469 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1470 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1471 0,
1472 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1473#endif
1474
1475#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1476
1477#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1478
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1479#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1480 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1481 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1482 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1483 0,
1484 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1485#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1486#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1487 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1488 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1489 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1490 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1491 0,
1492 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1493#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1494#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1495 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1496 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1497 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1498 0,
1499 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1500#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1501#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1502 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1503 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1504 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1505 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1506 0,
1507 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1508#endif
1509
1510#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1511
1512#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1513
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1514#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1515 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1516 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1517 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1518 0,
1519 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1520#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1521#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1522 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1523 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1524 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1525 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1526 0,
1527 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1528#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1529#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1530 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1531 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1532 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1533 0,
1534 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1535#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1536#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1537 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1538 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1539 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1540 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1541 0,
1542 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1543#endif
1544
1545#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1546
1547#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1548
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1549#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1550 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1551 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1552 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1553 0,
1554 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1555#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1556#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1557 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1558 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1559 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1560 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1561 0,
1562 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1563#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1564#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1565 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1566 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1567 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1568 0,
1569 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1570#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1571#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1572 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1573 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1574 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1575 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1576 0,
1577 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1578#endif
1579
1580#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1581
1582#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1583
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1584#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1585 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1586 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1587 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1588 0,
1589 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1590#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1591#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1592 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1593 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1594 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1595 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1596 0,
1597 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1598#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1599#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1600 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1601 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1602 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1603 0,
1604 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1605#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1606#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1607 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1608 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1609 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1610 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1611 0,
1612 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1613#endif
1614
1615#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1616
Elena Uziunaite51c85a02024-07-05 11:20:17 +0100[diff] [blame]1617#endif /* PSA_WANT_KEY_TYPE_ARIA */
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1618
1619
Manuel Pégourié-Gonnarda2733712015-02-10 17:32:14 +0100[diff] [blame]1620 { 0, "",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1621 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1622 0, 0, 0 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1623};
1624
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1625#if defined(MBEDTLS_SSL_CIPHERSUITES)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1626const int *mbedtls_ssl_list_ciphersuites(void)
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1627{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1628 return ciphersuite_preference;
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1629}
1630#else
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1631#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
1632 sizeof(ciphersuite_definitions[0])
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1633static int supported_ciphersuites[MAX_CIPHERSUITES];
1634static int supported_init = 0;
1635
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]1636MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1637static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1638{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1639 (void) cs_info;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1640
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1641 return 0;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1642}
1643
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1644const int *mbedtls_ssl_list_ciphersuites(void)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1645{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1646 /*
1647 * On initial call filter out all ciphersuites not supported by current
1648 * build based on presence in the ciphersuite_definitions.
1649 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1650 if (supported_init == 0) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1651 const int *p;
1652 int *q;
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1653
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1654 for (p = ciphersuite_preference, q = supported_ciphersuites;
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1655 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1656 p++) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1657 const mbedtls_ssl_ciphersuite_t *cs_info;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1658 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1659 !ciphersuite_is_removed(cs_info)) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1660 *(q++) = *p;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1661 }
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1662 }
Manuel Pégourié-Gonnardbc4b7f02013-09-07 15:04:26 +0200[diff] [blame]1663 *q = 0;
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]1664
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1665 supported_init = 1;
1666 }
1667
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1668 return supported_ciphersuites;
Manuel Pégourié-Gonnardf78e4de2015-05-29 10:52:14 +0200[diff] [blame]1669}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1670#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1671
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1672const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1673 const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1674{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1675 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1676
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1677 if (NULL == ciphersuite_name) {
1678 return NULL;
1679 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1680
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1681 while (cur->id != 0) {
1682 if (0 == strcmp(cur->name, ciphersuite_name)) {
1683 return cur;
1684 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1685
1686 cur++;
1687 }
1688
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1689 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1690}
1691
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1692const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1693{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1694 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1695
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1696 while (cur->id != 0) {
1697 if (cur->id == ciphersuite) {
1698 return cur;
1699 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1700
1701 cur++;
1702 }
1703
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1704 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1705}
1706
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1707const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1708{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1709 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1710
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1711 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1712
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1713 if (cur == NULL) {
1714 return "unknown";
1715 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1716
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1717 return cur->name;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1718}
1719
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1720int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1721{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1722 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1723
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1724 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1725
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1726 if (cur == NULL) {
1727 return 0;
1728 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1729
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1730 return cur->id;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1731}
1732
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1733size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1734{
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1735#if defined(MBEDTLS_USE_PSA_CRYPTO)
1736 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1737 psa_key_type_t key_type;
1738 psa_algorithm_t alg;
1739 size_t key_bits;
1740
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1741 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1742 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1743 &alg, &key_type, &key_bits);
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1744
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1745 if (status != PSA_SUCCESS) {
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1746 return 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1747 }
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1748
1749 return key_bits;
Neil Armstrong689557c2022-05-12 08:30:59 +0200[diff] [blame]1750#else
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1751 const mbedtls_cipher_info_t * const cipher_info =
Agathiyan Bragadeesh8b52b882023-07-13 13:12:40 +0100[diff] [blame]1752 mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher);
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1753
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1754 return mbedtls_cipher_info_get_key_bitlen(cipher_info);
Neil Armstrong689557c2022-05-12 08:30:59 +0200[diff] [blame]1755#endif /* MBEDTLS_USE_PSA_CRYPTO */
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1756}
1757
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1758#if defined(MBEDTLS_PK_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1759mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1760{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1761 switch (info->key_exchange) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1762 case MBEDTLS_KEY_EXCHANGE_RSA:
1763 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1764 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1765 return MBEDTLS_PK_RSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1766
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1767 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1768 return MBEDTLS_PK_ECDSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1769
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1770 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1771 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1772 return MBEDTLS_PK_ECKEY;
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]1773
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1774 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1775 return MBEDTLS_PK_NONE;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1776 }
1777}
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1778
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1779#if defined(MBEDTLS_USE_PSA_CRYPTO)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1780psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1781{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1782 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1783 case MBEDTLS_KEY_EXCHANGE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1784 return PSA_ALG_RSA_PKCS1V15_CRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1785 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1786 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1787 return PSA_ALG_RSA_PKCS1V15_SIGN(
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1788 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1789
1790 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1791 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1792
1793 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1794 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1795 return PSA_ALG_ECDH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1796
1797 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1798 return PSA_ALG_NONE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1799 }
1800}
1801
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1802psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1803{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1804 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1805 case MBEDTLS_KEY_EXCHANGE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1806 return PSA_KEY_USAGE_DECRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1807 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1808 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1809 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1810 return PSA_KEY_USAGE_SIGN_HASH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1811
1812 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1813 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1814 return PSA_KEY_USAGE_DERIVE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1815
1816 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1817 return 0;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1818 }
1819}
1820#endif /* MBEDTLS_USE_PSA_CRYPTO */
1821
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1822mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1823{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1824 switch (info->key_exchange) {
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1825 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1826 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1827 return MBEDTLS_PK_RSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1828
1829 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1830 return MBEDTLS_PK_ECDSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1831
1832 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1833 return MBEDTLS_PK_NONE;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1834 }
1835}
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1836
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1837#endif /* MBEDTLS_PK_C */
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1838
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]1839#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]1840 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]1841 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1842int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1843{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1844 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1845 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1846 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1847 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1848 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1849 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]1850 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1851 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1852
1853 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1854 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1855 }
1856}
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]1857#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]1858 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
Valerio Setti45d56f32023-07-13 17:23:20 +0200[diff] [blame]1859 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1860
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1861#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1862int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1863{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1864 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1865 case MBEDTLS_KEY_EXCHANGE_PSK:
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1866 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
1867 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1868 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1869
1870 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1871 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1872 }
1873}
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1874#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1875
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1876#endif /* MBEDTLS_SSL_TLS_C */