TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 6348b46c0b9c00bff72f0175fa64ffa26e85aebc / . / library / ssl_ciphersuites.c
blob: 8f41f2d4b0f13abf2411268aaee1cd490fc5f15e [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200[diff] [blame]4 * \brief SSL ciphersuites for Mbed TLS
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]5 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]6 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]8 */
9
Harry Ramsey0f6bc412024-10-04 10:36:54 +0100[diff] [blame]10#include "ssl_misc.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]11
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]12#if defined(MBEDTLS_SSL_TLS_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]13
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]14#include "mbedtls/platform.h"
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]15
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]16#include "mbedtls/ssl_ciphersuites.h"
17#include "mbedtls/ssl.h"
Manuel Pégourié-Gonnardcac90a12021-06-04 11:42:30 +0200[diff] [blame]18#include "ssl_misc.h"
Manuel Pégourié-Gonnard02b10d82023-03-28 12:33:20 +0200[diff] [blame]19#if defined(MBEDTLS_USE_PSA_CRYPTO)
Valerio Setti384fbde2024-01-02 13:26:40 +0100[diff] [blame]20#include "mbedtls/psa_util.h"
Manuel Pégourié-Gonnard02b10d82023-03-28 12:33:20 +0200[diff] [blame]21#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]22
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]23#include <string.h>
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]24
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]25/*
26 * Ordered from most preferred to least preferred in terms of security.
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]27 *
TRodziewicz75628d52021-06-18 12:56:27 +0200[diff] [blame]28 * Current rule (except weak and null which come last):
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]29 * 1. By key exchange:
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]30 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]31 * 2. By key length and cipher:
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]32 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
Manuel Pégourié-Gonnard42b53742014-06-19 16:18:26 +0200[diff] [blame]33 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
Manuel Pégourié-Gonnard6768da92014-05-14 12:26:51 +0200[diff] [blame]34 * 4. By hash function used when relevant
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]35 * 5. By key exchange/auth again: EC > non-EC
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]36 */
37static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]38{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]39#if defined(MBEDTLS_SSL_CIPHERSUITES)
40 MBEDTLS_SSL_CIPHERSUITES,
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]41#else
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]42#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]43 /* TLS 1.3 ciphersuites */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]44 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
Ronald Cron4bb67732023-02-16 15:51:18 +0100[diff] [blame]45 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
46 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]47 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
48 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]49#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]50
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]51 /* Chacha-Poly ephemeral suites */
52 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
53 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
54 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
55
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]56 /* All AES-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]57 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
58 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
59 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
60 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
61 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
62 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
63 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
64 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
65 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
66 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
67 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
69 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]70
71 /* All CAMELLIA-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]72 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
73 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
74 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
75 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
76 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
77 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
78 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]79
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]80 /* All ARIA-256 ephemeral suites */
81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
82 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
83 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
84 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
85 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
86 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
87
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]88 /* All AES-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]89 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
90 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
91 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
93 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
94 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
95 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
96 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
97 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
98 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
99 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
100 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
101 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]102
103 /* All CAMELLIA-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]104 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
105 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
106 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
107 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
108 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
109 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
110 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]111
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]112 /* All ARIA-128 ephemeral suites */
113 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
114 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
115 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
116 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
117 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
118 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
119
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]120 /* The PSK ephemeral suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]121 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]122 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]123 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]124 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]125 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]126
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]127 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]128 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]129 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]130 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]131
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]132 /* The ECJPAKE suite */
133 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
134
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]135 /* All AES-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]136 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
137 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
138 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
139 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
140 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
141 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
142 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
143 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
144 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
145 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
146 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]147
148 /* All CAMELLIA-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]149 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
150 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
151 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
152 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
153 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
154 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
155 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]156
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]157 /* All ARIA-256 suites */
158 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
159 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
160 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
161 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
162 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
163 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
164
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]165 /* All AES-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]166 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
167 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
168 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
169 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
170 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
171 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
172 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
173 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
174 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
175 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
176 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]177
178 /* All CAMELLIA-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]179 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
180 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
181 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
182 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
183 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
184 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
185 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]186
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]187 /* All ARIA-128 suites */
188 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
189 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
190 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
191 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
192 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
193 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
194
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]195 /* The PSK suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]196 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]197 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
198 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
199 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
200 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
201 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
202 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
203 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]204 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
205 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]206
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]207 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
208 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
209 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
210 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
211 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
212 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
213 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]214 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
215 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]216
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]217 /* NULL suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]218 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
219 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
220 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
221 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
222 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]223
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]224 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
225 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
226 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
227 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
228 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]229 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
230 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
231 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]232
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]233#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]234 0
235};
236
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]237static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]238{
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]239#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]240#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]241#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]242#if defined(PSA_WANT_ALG_SHA_384)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]243 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]244 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
245 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
246 0,
247 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]248#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]249#if defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]250 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]251 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
252 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
253 0,
254 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]255#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]256#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]257#if defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]258 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]259 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
260 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
261 0,
262 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]263 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]264 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
265 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
266 MBEDTLS_CIPHERSUITE_SHORT_TAG,
267 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]268#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]269#endif /* PSA_WANT_KEY_TYPE_AES */
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]270#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]271 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
272 "TLS1-3-CHACHA20-POLY1305-SHA256",
273 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
274 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]275 0,
276 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]277#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && PSA_WANT_ALG_SHA_256 */
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]278#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]279
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]280#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]281 defined(PSA_WANT_ALG_SHA_256) && \
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]282 defined(MBEDTLS_SSL_PROTO_TLS1_2)
283#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
284 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
285 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
286 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
287 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]288 0,
289 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]290#endif
291#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
292 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
293 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
294 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
295 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]296 0,
297 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]298#endif
299#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
300 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
301 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
302 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
303 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]304 0,
305 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]306#endif
307#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
308 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
309 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
310 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
311 MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]312 0,
313 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]314#endif
315#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
316 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
317 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
318 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
319 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]320 0,
321 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]322#endif
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]323#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 &&
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]324 PSA_WANT_ALG_SHA_256 &&
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]325 MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]326#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]327#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]328#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]329#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]330 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
331 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]332 0,
333 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]334 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
335 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]336 0,
337 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]338#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]339#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]340#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]341#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]342 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
343 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]344 0,
345 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]346#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]347#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]348 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
349 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]350 0,
351 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]352#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]353#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]354#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]355#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]356 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
357 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]358 0,
359 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]360#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]361#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]362 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
363 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]364 0,
365 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]366#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]367#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]368#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]369 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
370 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]371 0,
372 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]373 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
374 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]375 MBEDTLS_CIPHERSUITE_SHORT_TAG,
376 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]377 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
378 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]379 0,
380 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]381 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
382 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]383 MBEDTLS_CIPHERSUITE_SHORT_TAG,
384 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]385#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]386#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]387
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]388#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]389#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]390#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]391 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
392 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]393 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]394 0,
395 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]396#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]397#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]398 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
399 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]400 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]401 0,
402 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]403#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]404#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]405
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]406#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]407#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]408 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
409 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]410 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]411 0,
412 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]413#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]414#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]415 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
416 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]417 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]418 0,
419 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]420#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]421#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]422#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]423
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]424#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]425#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]426 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
427 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]428 MBEDTLS_CIPHERSUITE_WEAK,
429 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]430#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]431#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
432#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]433
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]434#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]435#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]436#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]437#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]438 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
439 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]440 0,
441 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]442 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
443 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]444 0,
445 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]446#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]447#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]448#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]449#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]450 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
451 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]452 0,
453 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]454#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]455#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]456 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
457 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]458 0,
459 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]460#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]461#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]462#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]463#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]464 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
465 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]466 0,
467 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]468#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]469#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]470 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
471 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]472 0,
473 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]474#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]475#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]476#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]477
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]478#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]479#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]480#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]481 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
482 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]483 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]484 0,
485 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]486#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]487#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]488 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
489 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]490 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]491 0,
492 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]493#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]494#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]495
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]496#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]497#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]498 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
499 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]500 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]501 0,
502 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]503#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]504#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]505 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
506 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]507 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]508 0,
509 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]510#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]511#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]512#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]513
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]514#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]515#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]516 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
517 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]518 MBEDTLS_CIPHERSUITE_WEAK,
519 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]520#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]521#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
522#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]523
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]524#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]525#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]526#if defined(PSA_WANT_ALG_SHA_384) && \
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]527 defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]528 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
529 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]530 0,
531 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]532#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]533
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]534#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]535#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]536 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
537 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]538 0,
539 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]540#endif /* PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]541
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]542#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]543 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
544 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]545 0,
546 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]547
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]548 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
549 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]550 0,
551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]552#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]553#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]554
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]555#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]556#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]557 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
558 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]559 0,
560 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]561
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]562 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
563 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]564 0,
565 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]566#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]567#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]568#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]569 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
570 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]571 0,
572 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]573 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
574 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]575 MBEDTLS_CIPHERSUITE_SHORT_TAG,
576 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]577 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
578 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]579 0,
580 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]581 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
582 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]583 MBEDTLS_CIPHERSUITE_SHORT_TAG,
584 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]585#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]586#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]587
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]588#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]589#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]590#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]591 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
592 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]593 0,
594 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]595
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]596 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
597 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]598 0,
599 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]600#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]601
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]602#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]603 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
604 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]605 0,
606 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]607
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]608 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
609 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]610 0,
611 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]612#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]613#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]614#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]615#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]616 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
617 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]618 0,
619 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]620#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]621
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]622#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]623 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
624 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]625 0,
626 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]627#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]628#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]629#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]630
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]631#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]632
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]633#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]634#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]635#if defined(PSA_WANT_ALG_SHA_384) && \
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]636 defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]637 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
638 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]639 0,
640 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]641#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]642
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]643#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]644#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]645 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
646 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]647 0,
648 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]649#endif /* PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]650
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]651#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]652 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
653 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]654 0,
655 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]656
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]657 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
658 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]659 0,
660 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]661#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]662#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]663
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]664#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]665#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]666 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
667 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]668 0,
669 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]670
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]671 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
672 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]673 0,
674 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]675#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]676#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]677#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]678 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
679 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]680 0,
681 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]682 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
683 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]684 MBEDTLS_CIPHERSUITE_SHORT_TAG,
685 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]686 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
687 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]688 0,
689 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]690 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
691 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]692 MBEDTLS_CIPHERSUITE_SHORT_TAG,
693 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]694#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]695#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]696
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]697#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]698#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]699#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]700 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
701 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]702 0,
703 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]704
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]705 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
706 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]707 0,
708 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]709#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]710
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]711#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]712 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
713 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]714 0,
715 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]716
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]717 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
718 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]719 0,
720 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]721#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]722#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]723
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]724#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]725#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]726 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
727 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]728 0,
729 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]730#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]731
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]732#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]733 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
734 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]735 0,
736 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]737#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]738#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]739#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]740
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]741#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]742
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]743#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]744#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]745#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]746#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]747 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
748 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]749 0,
750 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]751 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
752 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]753 0,
754 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]755#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]756#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]757#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]758#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]759 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
760 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]761 0,
762 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]763#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]764#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]765 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
766 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]767 0,
768 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]769#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]770#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]771#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]772#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]773 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
774 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]775 0,
776 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]777#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]778#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]779 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
780 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]781 0,
782 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]783#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]784#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]785#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]786
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]787#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]788#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]789#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]790 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
791 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]792 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]793 0,
794 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]795#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]796#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]797 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
798 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]799 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]800 0,
801 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]802#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]803#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]804
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]805#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]806#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]807 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
808 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]809 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]810 0,
811 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]812#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]813#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]814 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
815 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]816 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]817 0,
818 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]819#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]820#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]821#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]822
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]823#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]824#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]825 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
826 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]827 MBEDTLS_CIPHERSUITE_WEAK,
828 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]829#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]830#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
831#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]832
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]833#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]834#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]835#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]836#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]837 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
838 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]839 0,
840 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]841 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
842 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]843 0,
844 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]845#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]846#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]847#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]848#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]849 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
850 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]851 0,
852 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]853#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]854#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]855 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
856 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]857 0,
858 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]859#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]860#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]861#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]862#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]863 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
864 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]865 0,
866 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]867#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]868#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]869 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
870 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]871 0,
872 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]873#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]874#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]875#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]876
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]877#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]878#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]879#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]880 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
881 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]882 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]883 0,
884 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]885#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]886#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]887 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
888 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]889 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]890 0,
891 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]892#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]893#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]894
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]895#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]896#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]897 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
898 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]899 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]900 0,
901 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]902#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]903#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]904 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
905 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]906 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]907 0,
908 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]909#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]910#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]911#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]912
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]913#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]914#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]915 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
916 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]917 MBEDTLS_CIPHERSUITE_WEAK,
918 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]919#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]920#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
921#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]922
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]923#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]924#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]925#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]926#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]927 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
928 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]929 0,
930 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]931#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]932
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]933#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]934 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
935 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]936 0,
937 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]938#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]939#endif /* PSA_WANT_ALG_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]940
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]941#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]942#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]943 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
944 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]945 0,
946 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]947#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]948
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]949#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]950 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
951 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]952 0,
953 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]954#endif /* PSA_WANT_ALG_SHA_384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]955
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]956#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]957 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
958 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]959 0,
960 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]961
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]962 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
963 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]964 0,
965 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]966#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]967#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]968#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]969 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
970 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]971 0,
972 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]973 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
974 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]975 MBEDTLS_CIPHERSUITE_SHORT_TAG,
976 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]977 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
978 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]979 0,
980 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]981 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
982 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]983 MBEDTLS_CIPHERSUITE_SHORT_TAG,
984 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]985#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]986#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]987
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]988#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]989#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]990#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]991 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
992 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]993 0,
994 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]995#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]996
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]997#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]998 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
999 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1000 0,
1001 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1002#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1003#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1004
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1005#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1006#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1007 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1008 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1009 0,
1010 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1011#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1012
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1013#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1014 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1015 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1016 0,
1017 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1018#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1019#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1020#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1021
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1022#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1023
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1024#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1025#if defined(PSA_WANT_KEY_TYPE_AES)
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1026
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1027#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1028#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1029 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1030 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1031 0,
1032 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1033#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1034
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1035#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1036 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1037 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1038 0,
1039 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1040#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1041
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1042#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1043 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1044 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1045 0,
1046 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1047
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1048 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1049 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1050 0,
1051 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1052#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1053#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1054#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1055
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1056#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1057#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1058#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1059 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1060 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1061 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1062 0,
1063 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1064#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1065
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1066#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1067 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1068 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1069 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1070 0,
1071 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1072#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1073#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]1074#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1075
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1076#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1077
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1078#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1079#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]1080#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1081 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1082 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1083 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1084 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]1085#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]1086#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1087#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1088
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1089#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1090#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Elena Uziunaiteb66a9912024-05-10 14:25:58 +0100[diff] [blame]1091#if defined(PSA_WANT_ALG_MD5)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1092 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1093 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1094 MBEDTLS_CIPHERSUITE_WEAK,
1095 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1096#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1097
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1098#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1099 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1100 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1101 MBEDTLS_CIPHERSUITE_WEAK,
1102 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1103#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1104
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1105#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1106 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1107 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1108 MBEDTLS_CIPHERSUITE_WEAK,
1109 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1110#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1111#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1112
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1113#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1114#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1115 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1116 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1117 MBEDTLS_CIPHERSUITE_WEAK,
1118 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1119#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1120
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1121#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1122 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1123 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1124 MBEDTLS_CIPHERSUITE_WEAK,
1125 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1126#endif
1127
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1128#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1129 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1130 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1131 MBEDTLS_CIPHERSUITE_WEAK,
1132 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1133#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1134#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1135
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1136#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1137#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1138 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1139 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1140 MBEDTLS_CIPHERSUITE_WEAK,
1141 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1142#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1143
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1144#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1145 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1146 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1147 MBEDTLS_CIPHERSUITE_WEAK,
1148 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1149#endif
1150
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1151#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1152 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1153 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1154 MBEDTLS_CIPHERSUITE_WEAK,
1155 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1156#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1157#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1158#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1159
Elena Uziunaite51c85a02024-07-05 11:20:17 +0100[diff] [blame]1160#if defined(PSA_WANT_KEY_TYPE_ARIA)
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1161
1162#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1163
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1164#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1165 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1166 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1167 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1168 0,
1169 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1170#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1171#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1172 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1173 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1174 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1175 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1176 0,
1177 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1178#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1179#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1180 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1181 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1182 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1183 0,
1184 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1185#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1186#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1187 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1188 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1189 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1190 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1191 0,
1192 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1193#endif
1194
1195#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1196
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1197#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1198
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1199#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1200 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1201 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1202 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1203 0,
1204 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1205#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1206#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1207 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1208 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1209 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1210 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1211 0,
1212 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1213#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1214#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1215 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1216 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1217 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1218 0,
1219 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1220#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1221#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1222 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1223 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1224 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1225 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1226 0,
1227 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1228#endif
1229
1230#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1231
1232#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1233
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1234#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1235 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1236 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1237 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1238 0,
1239 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1240#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1241#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1242 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1243 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1244 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1245 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1246 0,
1247 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1248#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1249#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1250 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1251 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1252 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1253 0,
1254 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1255#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1256#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1257 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1258 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1259 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1260 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1261 0,
1262 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1263#endif
1264
1265#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1266
1267#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1268
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1269#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1270 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1271 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1272 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1273 0,
1274 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1275#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1276#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1277 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1278 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1279 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1280 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1281 0,
1282 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1283#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1284#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1285 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1286 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1287 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1288 0,
1289 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1290#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1291#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1292 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1293 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1294 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1295 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1296 0,
1297 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1298#endif
1299
1300#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1301
1302#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1303
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1304#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1305 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1306 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1307 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1308 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1309 0,
1310 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1311#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1312#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1313 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1314 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1315 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1316 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1317 0,
1318 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1319#endif
1320
1321#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1322
1323#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1324
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1325#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1326 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1327 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1328 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1329 0,
1330 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1331#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1332#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1333 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1334 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1335 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1336 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1337 0,
1338 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1339#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1340#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1341 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1342 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1343 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1344 0,
1345 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1346#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1347#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1348 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1349 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1350 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1351 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1352 0,
1353 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1354#endif
1355
1356#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1357
1358#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1359
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1360#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1361 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1362 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1363 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1364 0,
1365 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1366#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1367#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1368 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1369 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1370 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1371 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1372 0,
1373 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1374#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1375#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1376 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1377 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1378 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1379 0,
1380 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1381#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1382#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1383 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1384 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1385 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1386 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1387 0,
1388 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1389#endif
1390
1391#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1392
1393#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1394
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1395#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1396 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1397 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1398 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1399 0,
1400 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1401#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1402#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1403 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1404 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1405 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1406 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1407 0,
1408 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1409#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1410#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1411 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1412 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1413 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1414 0,
1415 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1416#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1417#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1418 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1419 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1420 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1421 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1422 0,
1423 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1424#endif
1425
1426#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1427
Elena Uziunaite51c85a02024-07-05 11:20:17 +0100[diff] [blame]1428#endif /* PSA_WANT_KEY_TYPE_ARIA */
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1429
1430
Manuel Pégourié-Gonnarda2733712015-02-10 17:32:14 +0100[diff] [blame]1431 { 0, "",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1432 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1433 0, 0, 0 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1434};
1435
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1436#if defined(MBEDTLS_SSL_CIPHERSUITES)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1437const int *mbedtls_ssl_list_ciphersuites(void)
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1438{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1439 return ciphersuite_preference;
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1440}
1441#else
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1442#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
1443 sizeof(ciphersuite_definitions[0])
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1444static int supported_ciphersuites[MAX_CIPHERSUITES];
1445static int supported_init = 0;
1446
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]1447MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1448static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1449{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1450 (void) cs_info;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1451
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1452 return 0;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1453}
1454
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1455const int *mbedtls_ssl_list_ciphersuites(void)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1456{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1457 /*
1458 * On initial call filter out all ciphersuites not supported by current
1459 * build based on presence in the ciphersuite_definitions.
1460 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1461 if (supported_init == 0) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1462 const int *p;
1463 int *q;
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1464
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1465 for (p = ciphersuite_preference, q = supported_ciphersuites;
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1466 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1467 p++) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1468 const mbedtls_ssl_ciphersuite_t *cs_info;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1469 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1470 !ciphersuite_is_removed(cs_info)) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1471 *(q++) = *p;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1472 }
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1473 }
Manuel Pégourié-Gonnardbc4b7f02013-09-07 15:04:26 +0200[diff] [blame]1474 *q = 0;
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]1475
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1476 supported_init = 1;
1477 }
1478
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1479 return supported_ciphersuites;
Manuel Pégourié-Gonnardf78e4de2015-05-29 10:52:14 +0200[diff] [blame]1480}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1481#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1482
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1483const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1484 const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1485{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1486 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1487
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1488 if (NULL == ciphersuite_name) {
1489 return NULL;
1490 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1491
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1492 while (cur->id != 0) {
1493 if (0 == strcmp(cur->name, ciphersuite_name)) {
1494 return cur;
1495 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1496
1497 cur++;
1498 }
1499
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1500 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1501}
1502
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1503const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1504{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1505 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1506
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1507 while (cur->id != 0) {
1508 if (cur->id == ciphersuite) {
1509 return cur;
1510 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1511
1512 cur++;
1513 }
1514
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1515 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1516}
1517
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1518const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1519{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1520 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1521
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1522 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1523
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1524 if (cur == NULL) {
1525 return "unknown";
1526 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1527
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1528 return cur->name;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1529}
1530
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1531int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1532{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1533 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1534
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1535 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1536
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1537 if (cur == NULL) {
1538 return 0;
1539 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1540
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1541 return cur->id;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1542}
1543
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1544size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1545{
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1546#if defined(MBEDTLS_USE_PSA_CRYPTO)
1547 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1548 psa_key_type_t key_type;
1549 psa_algorithm_t alg;
1550 size_t key_bits;
1551
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1552 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1553 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1554 &alg, &key_type, &key_bits);
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1555
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1556 if (status != PSA_SUCCESS) {
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1557 return 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1558 }
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1559
1560 return key_bits;
Neil Armstrong689557c2022-05-12 08:30:59 +0200[diff] [blame]1561#else
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1562 const mbedtls_cipher_info_t * const cipher_info =
Agathiyan Bragadeesh8b52b882023-07-13 13:12:40 +0100[diff] [blame]1563 mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher);
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1564
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1565 return mbedtls_cipher_info_get_key_bitlen(cipher_info);
Neil Armstrong689557c2022-05-12 08:30:59 +0200[diff] [blame]1566#endif /* MBEDTLS_USE_PSA_CRYPTO */
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1567}
1568
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1569#if defined(MBEDTLS_PK_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1570mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1571{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1572 switch (info->key_exchange) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1573 case MBEDTLS_KEY_EXCHANGE_RSA:
1574 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1575 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1576 return MBEDTLS_PK_RSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1577
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1578 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1579 return MBEDTLS_PK_ECDSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1580
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1581 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1582 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1583 return MBEDTLS_PK_ECKEY;
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]1584
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1585 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1586 return MBEDTLS_PK_NONE;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1587 }
1588}
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1589
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1590#if defined(MBEDTLS_USE_PSA_CRYPTO)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1591psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1592{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1593 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1594 case MBEDTLS_KEY_EXCHANGE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1595 return PSA_ALG_RSA_PKCS1V15_CRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1596 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1597 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1598 return PSA_ALG_RSA_PKCS1V15_SIGN(
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1599 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1600
1601 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1602 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1603
1604 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1605 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1606 return PSA_ALG_ECDH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1607
1608 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1609 return PSA_ALG_NONE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1610 }
1611}
1612
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1613psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1614{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1615 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1616 case MBEDTLS_KEY_EXCHANGE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1617 return PSA_KEY_USAGE_DECRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1618 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1619 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1620 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1621 return PSA_KEY_USAGE_SIGN_HASH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1622
1623 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1624 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1625 return PSA_KEY_USAGE_DERIVE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1626
1627 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1628 return 0;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1629 }
1630}
1631#endif /* MBEDTLS_USE_PSA_CRYPTO */
1632
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1633mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1634{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1635 switch (info->key_exchange) {
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1636 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1637 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1638 return MBEDTLS_PK_RSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1639
1640 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1641 return MBEDTLS_PK_ECDSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1642
1643 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1644 return MBEDTLS_PK_NONE;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1645 }
1646}
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1647
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1648#endif /* MBEDTLS_PK_C */
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1649
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]1650#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]1651 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]1652 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1653int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1654{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1655 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1656 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1657 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1658 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1659 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1660 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]1661 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1662 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1663
1664 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1665 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1666 }
1667}
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]1668#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]1669 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
Valerio Setti45d56f32023-07-13 17:23:20 +0200[diff] [blame]1670 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1671
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1672#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1673int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1674{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1675 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1676 case MBEDTLS_KEY_EXCHANGE_PSK:
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1677 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1678 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1679
1680 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1681 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1682 }
1683}
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1684#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1685
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1686#endif /* MBEDTLS_SSL_TLS_C */