TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / eddbb5a829e4b22e21a02ffe62eb7c00b4165d02 / . / library / ssl_ciphersuites.c
blob: e4cc2263270722436146ba56857322ae38337466 [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200[diff] [blame]4 * \brief SSL ciphersuites for Mbed TLS
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]5 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]6 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]8 */
9
Harry Ramsey0f6bc412024-10-04 10:36:54 +0100[diff] [blame]10#include "ssl_misc.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]11
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]12#if defined(MBEDTLS_SSL_TLS_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]13
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]14#include "mbedtls/platform.h"
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]15
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]16#include "mbedtls/ssl_ciphersuites.h"
17#include "mbedtls/ssl.h"
Manuel Pégourié-Gonnardcac90a12021-06-04 11:42:30 +0200[diff] [blame]18#include "ssl_misc.h"
Valerio Setti384fbde2024-01-02 13:26:40 +0100[diff] [blame]19#include "mbedtls/psa_util.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]20
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]21#include <string.h>
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]22
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]23/*
24 * Ordered from most preferred to least preferred in terms of security.
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]25 *
TRodziewicz75628d52021-06-18 12:56:27 +0200[diff] [blame]26 * Current rule (except weak and null which come last):
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]27 * 1. By key exchange:
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]28 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]29 * 2. By key length and cipher:
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]30 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
Manuel Pégourié-Gonnard42b53742014-06-19 16:18:26 +0200[diff] [blame]31 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
Manuel Pégourié-Gonnard6768da92014-05-14 12:26:51 +0200[diff] [blame]32 * 4. By hash function used when relevant
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]33 * 5. By key exchange/auth again: EC > non-EC
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]34 */
35static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]36{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37#if defined(MBEDTLS_SSL_CIPHERSUITES)
38 MBEDTLS_SSL_CIPHERSUITES,
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]39#else
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]40#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]41 /* TLS 1.3 ciphersuites */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]42 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
Ronald Cron4bb67732023-02-16 15:51:18 +0100[diff] [blame]43 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
44 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]45 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
46 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]47#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]48
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]49 /* Chacha-Poly ephemeral suites */
50 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
51 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]52
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]53 /* All AES-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]54 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
55 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]56 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]57 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
58 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]59 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
60 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]61 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]62
63 /* All CAMELLIA-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]64 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
65 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]66 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
67 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]68
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]69 /* All ARIA-256 ephemeral suites */
70 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
71 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]72 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
73 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]74
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]75 /* All AES-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]76 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
77 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]78 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
80 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
82 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]83 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]84
85 /* All CAMELLIA-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]86 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
87 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]88 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
89 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]90
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]91 /* All ARIA-128 ephemeral suites */
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
93 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]94 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
95 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]96
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]97 /* The PSK ephemeral suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]98 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]100 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]101 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]102 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]103
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]104 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]105 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]106 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]107 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]108
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]109 /* The ECJPAKE suite */
110 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
111
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]112 /* All AES-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]113 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
114 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
115 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
116 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
117 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
118 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
119 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
120 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
121 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
122 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
123 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]124
125 /* All CAMELLIA-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]126 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
127 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
128 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
129 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
130 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
131 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
132 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]133
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]134 /* All ARIA-256 suites */
135 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
136 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
137 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
138 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
139 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
140 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
141
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]142 /* All AES-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]143 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
144 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
145 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
146 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
147 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
148 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
149 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
150 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
151 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
152 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
153 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]154
155 /* All CAMELLIA-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]156 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
157 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
158 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
159 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
160 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
161 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
162 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]163
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]164 /* All ARIA-128 suites */
165 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
166 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
167 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
168 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
169 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
170 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
171
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]172 /* The PSK suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]173 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]174 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
175 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
176 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
177 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
178 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
179 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
180 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]181 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
182 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]183
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]184 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
185 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
186 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
187 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
188 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
189 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
190 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]191 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
192 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]193
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]194 /* NULL suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]195 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
196 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
197 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
198 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
199 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]200
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]201 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
202 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
203 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
204 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
205 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]206 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
207 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
208 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]209
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]210#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]211 0
212};
213
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]214static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]215{
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]216#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]217#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]218#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]219#if defined(PSA_WANT_ALG_SHA_384)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]220 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]221 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
222 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
223 0,
224 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]225#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]226#if defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]227 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]228 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
229 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
230 0,
231 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]232#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]233#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]234#if defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]235 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]236 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
237 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
238 0,
239 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]240 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]241 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
242 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
243 MBEDTLS_CIPHERSUITE_SHORT_TAG,
244 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]245#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]246#endif /* PSA_WANT_KEY_TYPE_AES */
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]247#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && defined(PSA_WANT_ALG_SHA_256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]248 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
249 "TLS1-3-CHACHA20-POLY1305-SHA256",
250 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
251 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]252 0,
253 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]254#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && PSA_WANT_ALG_SHA_256 */
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]255#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]256
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]257#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]258 defined(PSA_WANT_ALG_SHA_256) && \
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]259 defined(MBEDTLS_SSL_PROTO_TLS1_2)
260#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
261 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
262 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
263 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
264 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]265 0,
266 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]267#endif
268#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
269 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
270 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
271 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
272 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]273 0,
274 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]275#endif
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]276#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
277 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
278 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
279 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
280 MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]281 0,
282 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]283#endif
284#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
285 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
286 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
287 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
288 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]289 0,
290 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]291#endif
Elena Uziunaite5c70c302024-07-05 11:44:44 +0100[diff] [blame]292#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 &&
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]293 PSA_WANT_ALG_SHA_256 &&
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]294 MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]295#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]296#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]297#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]298#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]299 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
300 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]301 0,
302 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]303 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
304 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]305 0,
306 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]307#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]308#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]309#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]310#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]311 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
312 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]313 0,
314 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]315#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]316#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]317 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
318 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]319 0,
320 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]321#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]322#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]323#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]324#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]325 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
326 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]327 0,
328 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]329#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]330#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]331 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
332 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]333 0,
334 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]335#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]336#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]337#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]338 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
339 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]340 0,
341 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]342 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
343 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]344 MBEDTLS_CIPHERSUITE_SHORT_TAG,
345 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]346 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
347 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]348 0,
349 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]350 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
351 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]352 MBEDTLS_CIPHERSUITE_SHORT_TAG,
353 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]354#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]355#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]356
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]357#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]358#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]359#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]360 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
361 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]362 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]363 0,
364 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]365#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]366#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]367 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
368 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]369 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]370 0,
371 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]372#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]373#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]374
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]375#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]376#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]377 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
378 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]379 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]380 0,
381 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]382#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]383#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]384 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
385 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]386 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]387 0,
388 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]389#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]390#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]391#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]392
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]393#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]394#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]395 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
396 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]397 MBEDTLS_CIPHERSUITE_WEAK,
398 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]399#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]400#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
401#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]402
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]403#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]404#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]405#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]406#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]407 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
408 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]409 0,
410 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]411 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
412 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]413 0,
414 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]415#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]416#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]417#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]418#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]419 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
420 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]421 0,
422 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]423#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]424#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]425 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
426 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]427 0,
428 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]429#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]430#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]431#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]432#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]433 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
434 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]435 0,
436 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]437#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]438#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]439 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
440 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]441 0,
442 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]443#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]444#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]445#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]446
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]447#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]448#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]449#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]450 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
451 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]452 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]453 0,
454 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]455#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]456#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]457 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
458 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]459 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]460 0,
461 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]462#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]463#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]464
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]465#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]466#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]467 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
468 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]469 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]470 0,
471 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]472#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]473#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]474 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
475 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]476 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]477 0,
478 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]479#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]480#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]481#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]482
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]483#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]484#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]485 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
486 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]487 MBEDTLS_CIPHERSUITE_WEAK,
488 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]489#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]490#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
491#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]492
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]493#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]494#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]495#if defined(PSA_WANT_ALG_SHA_384) && \
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]496 defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]497 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
498 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]499 0,
500 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]501#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]502
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]503#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]504#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]505 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
506 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]507 0,
508 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]509#endif /* PSA_WANT_ALG_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]510
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]511#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]512 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
513 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]514 0,
515 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]516
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]517 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
518 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]519 0,
520 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]521#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]522#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]523
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]524#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]525#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]526 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
527 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]528 0,
529 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]530
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]531 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
532 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]533 0,
534 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]535#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]536#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]537#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]538 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
539 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]540 0,
541 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]542 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
543 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]544 MBEDTLS_CIPHERSUITE_SHORT_TAG,
545 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]546 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
547 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]548 0,
549 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]550 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
551 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]552 MBEDTLS_CIPHERSUITE_SHORT_TAG,
553 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]554#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]555#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]556
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]557#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]558#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]559#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]560 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
561 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]562 0,
563 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]564
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]565 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
566 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]567 0,
568 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]569#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]570
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]571#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]572 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
573 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]574 0,
575 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]576
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]577 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
578 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]579 0,
580 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]581#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]582#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]583
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]584#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]585#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]586 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
587 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]588 0,
589 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]590#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]591
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]592#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]593 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
594 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]595 0,
596 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]597#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]598#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]599#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]600
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]601#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]602
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]603#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]604#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]605#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]606#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]607 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
608 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]609 0,
610 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]611 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
612 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]613 0,
614 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]615#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]616#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]617#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]618#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]619 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
620 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]621 0,
622 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]623#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]624#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]625 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
626 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]627 0,
628 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]629#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]630#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]631#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]632#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]633 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
634 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]635 0,
636 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]637#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]638#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]639 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
640 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]641 0,
642 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]643#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]644#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]645#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]646
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]647#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]648#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]649#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]650 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
651 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]652 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]653 0,
654 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]655#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]656#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]657 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
658 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]659 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]660 0,
661 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]662#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]663#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]664
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]665#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]666#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]667 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
668 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]669 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]670 0,
671 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]672#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]673#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]674 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
675 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]676 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]677 0,
678 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]679#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]680#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]681#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]682
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]683#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]684#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]685 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
686 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]687 MBEDTLS_CIPHERSUITE_WEAK,
688 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]689#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]690#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
691#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]692
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]693#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]694#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]695#if defined(PSA_WANT_ALG_SHA_1)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]696#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]697 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
698 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]699 0,
700 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]701 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
702 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]703 0,
704 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]705#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]706#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]707#if defined(PSA_WANT_ALG_SHA_256)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]708#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]709 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
710 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]711 0,
712 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]713#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]714#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]715 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
716 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]717 0,
718 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]719#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]720#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]721#if defined(PSA_WANT_ALG_SHA_384)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]722#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]723 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
724 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]725 0,
726 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]727#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]728#if defined(PSA_WANT_ALG_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]729 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
730 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]731 0,
732 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]733#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]734#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]735#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]736
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]737#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]738#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]739#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]740 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
741 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]742 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]743 0,
744 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]745#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]746#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]747 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
748 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]749 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]750 0,
751 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]752#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]753#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]754
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]755#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]756#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]757 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
758 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]759 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]760 0,
761 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]762#endif /* PSA_WANT_ALG_SHA_256 */
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]763#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]764 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
765 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]766 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]767 0,
768 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]769#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]770#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]771#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]772
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]773#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]774#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]775 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
776 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]777 MBEDTLS_CIPHERSUITE_WEAK,
778 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]779#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]780#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
781#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]782
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]783#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]784#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]785#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]786#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]787 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
788 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]789 0,
790 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]791#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]792
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]793#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]794 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
795 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]796 0,
797 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]798#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]799#endif /* PSA_WANT_ALG_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]800
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]801#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]802#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]803 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
804 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]805 0,
806 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]807#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]808
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]809#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]810 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
811 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]812 0,
813 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]814#endif /* PSA_WANT_ALG_SHA_384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]815
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]816#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]817 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
818 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]819 0,
820 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]821
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]822 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
823 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]824 0,
825 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]826#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]827#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]828#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]829 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
830 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]831 0,
832 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]833 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
834 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]835 MBEDTLS_CIPHERSUITE_SHORT_TAG,
836 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]837 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
838 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]839 0,
840 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]841 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
842 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]843 MBEDTLS_CIPHERSUITE_SHORT_TAG,
844 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]845#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]846#endif /* PSA_WANT_KEY_TYPE_AES */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]847
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]848#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]849#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]850#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]851 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
852 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]853 0,
854 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]855#endif /* PSA_WANT_ALG_SHA_256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]856
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]857#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]858 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
859 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]860 0,
861 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]862#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]863#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]864
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]865#if defined(PSA_WANT_ALG_GCM)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]866#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]867 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
868 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]869 0,
870 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]871#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]872
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]873#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]874 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
875 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]876 0,
877 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]878#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]879#endif /* PSA_WANT_ALG_GCM */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]880#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]881
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]882#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]883
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]884#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]885#if defined(PSA_WANT_KEY_TYPE_AES)
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]886
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]887#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]888#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]889 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
890 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]891 0,
892 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]893#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]894
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]895#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]896 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
897 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]898 0,
899 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]900#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]901
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]902#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]903 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
904 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]905 0,
906 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]907
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]908 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
909 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]910 0,
911 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]912#endif /* PSA_WANT_ALG_SHA_1 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]913#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]914#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]915
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]916#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]917#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]918#if defined(PSA_WANT_ALG_SHA_256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]919 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
920 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]921 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]922 0,
923 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]924#endif /* PSA_WANT_ALG_SHA_256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]925
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]926#if defined(PSA_WANT_ALG_SHA_384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]927 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
928 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]929 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]930 0,
931 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]932#endif /* PSA_WANT_ALG_SHA_384 */
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]933#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
Elena Uziunaiteda41b602024-07-05 11:27:21 +0100[diff] [blame]934#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]935
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]936#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]937
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]938#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]939#if defined(PSA_WANT_KEY_TYPE_AES)
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]940#if defined(PSA_WANT_ALG_CCM)
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]941 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
942 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]943 MBEDTLS_CIPHERSUITE_SHORT_TAG,
944 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaitec2561722024-07-05 11:37:33 +0100[diff] [blame]945#endif /* PSA_WANT_ALG_CCM */
Elena Uziunaite6121a342024-07-05 11:16:53 +0100[diff] [blame]946#endif /* PSA_WANT_KEY_TYPE_AES */
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]947#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
948
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]949#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
950#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Elena Uziunaiteb66a9912024-05-10 14:25:58 +0100[diff] [blame]951#if defined(PSA_WANT_ALG_MD5)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]952 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
953 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]954 MBEDTLS_CIPHERSUITE_WEAK,
955 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]956#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]957
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]958#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]959 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
960 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]961 MBEDTLS_CIPHERSUITE_WEAK,
962 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]963#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]964
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]965#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]966 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
967 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]968 MBEDTLS_CIPHERSUITE_WEAK,
969 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]970#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]971#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]972
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]973#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]974#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]975 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
976 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]977 MBEDTLS_CIPHERSUITE_WEAK,
978 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]979#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]980
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]981#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]982 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
983 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]984 MBEDTLS_CIPHERSUITE_WEAK,
985 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]986#endif
987
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]988#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]989 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
990 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]991 MBEDTLS_CIPHERSUITE_WEAK,
992 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]993#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]994#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]995
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]996#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]997#if defined(PSA_WANT_ALG_SHA_1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]998 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
999 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1000 MBEDTLS_CIPHERSUITE_WEAK,
1001 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaite9fc5be02024-09-04 18:12:59 +0100[diff] [blame]1002#endif /* PSA_WANT_ALG_SHA_1 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1003
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1004#if defined(PSA_WANT_ALG_SHA_256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1005 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1006 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1007 MBEDTLS_CIPHERSUITE_WEAK,
1008 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1009#endif
1010
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1011#if defined(PSA_WANT_ALG_SHA_384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1012 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1013 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1014 MBEDTLS_CIPHERSUITE_WEAK,
1015 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1016#endif /* PSA_WANT_ALG_SHA_384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1017#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1018#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1019
Elena Uziunaite51c85a02024-07-05 11:20:17 +0100[diff] [blame]1020#if defined(PSA_WANT_KEY_TYPE_ARIA)
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1021
1022#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1023
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1024#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1025 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1026 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1027 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1028 0,
1029 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1030#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1031#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1032 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1033 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1034 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1035 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1036 0,
1037 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1038#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1039#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1040 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1041 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1042 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1043 0,
1044 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1045#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1046#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1047 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1048 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1049 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1050 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1051 0,
1052 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1053#endif
1054
1055#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1056
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1057#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1058
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1059#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1060 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1061 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1062 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1063 0,
1064 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1065#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1066#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1067 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1068 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1069 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1070 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1071 0,
1072 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1073#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1074#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1075 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1076 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1077 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1078 0,
1079 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1080#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1081#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1082 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1083 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1084 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1085 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1086 0,
1087 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1088#endif
1089
1090#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1091
1092#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1093
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1094#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1095 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1096 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1097 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1098 0,
1099 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1100#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1101#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1102 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1103 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1104 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1105 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1106 0,
1107 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1108#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1109#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1110 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1111 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1112 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1113 0,
1114 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1115#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1116#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1117 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1118 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1119 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1120 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1121 0,
1122 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1123#endif
1124
1125#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1126
1127#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1128
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1129#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1130 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1131 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1132 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1133 0,
1134 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1135#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1136#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1137 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1138 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1139 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1140 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1141 0,
1142 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1143#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1144#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1145 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1146 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1147 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1148 0,
1149 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1150#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1151#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1152 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1153 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1154 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1155 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1156 0,
1157 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1158#endif
1159
1160#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1161
1162#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1163
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1164#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1165 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1166 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1167 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1168 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1169 0,
1170 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1171#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1172#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1173 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1174 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1175 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1176 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1177 0,
1178 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1179#endif
1180
1181#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1182
1183#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1184
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1185#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1186 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1187 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1188 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1189 0,
1190 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1191#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1192#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1193 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1194 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1195 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1196 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1197 0,
1198 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1199#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1200#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1201 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1202 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1203 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1204 0,
1205 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1206#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1207#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1208 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1209 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1210 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1211 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1212 0,
1213 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1214#endif
1215
1216#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1217
1218#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1219
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1220#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1221 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1222 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1223 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1224 0,
1225 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1226#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1227#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaiteb476d4b2024-05-23 15:33:41 +0100[diff] [blame]1228 defined(PSA_WANT_ALG_SHA_384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1229 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1230 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1231 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1232 0,
1233 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1234#endif
Elena Uziunaite83a0d9d2024-07-05 11:41:22 +0100[diff] [blame]1235#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1236 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1237 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1238 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1239 0,
1240 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1241#endif
Elena Uziunaite74342c72024-07-05 11:31:29 +0100[diff] [blame]1242#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
Elena Uziunaite0916cd72024-05-23 17:01:07 +0100[diff] [blame]1243 defined(PSA_WANT_ALG_SHA_256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1244 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1245 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1246 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1247 0,
1248 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1249#endif
1250
1251#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1252
Elena Uziunaite51c85a02024-07-05 11:20:17 +0100[diff] [blame]1253#endif /* PSA_WANT_KEY_TYPE_ARIA */
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1254
1255
Manuel Pégourié-Gonnarda2733712015-02-10 17:32:14 +0100[diff] [blame]1256 { 0, "",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1257 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1258 0, 0, 0 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1259};
1260
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1261#if defined(MBEDTLS_SSL_CIPHERSUITES)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1262const int *mbedtls_ssl_list_ciphersuites(void)
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1263{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1264 return ciphersuite_preference;
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1265}
1266#else
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1267#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
1268 sizeof(ciphersuite_definitions[0])
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1269static int supported_ciphersuites[MAX_CIPHERSUITES];
1270static int supported_init = 0;
1271
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]1272MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1273static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1274{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1275 (void) cs_info;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1276
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1277 return 0;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1278}
1279
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1280const int *mbedtls_ssl_list_ciphersuites(void)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1281{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1282 /*
1283 * On initial call filter out all ciphersuites not supported by current
1284 * build based on presence in the ciphersuite_definitions.
1285 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1286 if (supported_init == 0) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1287 const int *p;
1288 int *q;
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1289
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1290 for (p = ciphersuite_preference, q = supported_ciphersuites;
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1291 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1292 p++) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1293 const mbedtls_ssl_ciphersuite_t *cs_info;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1294 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1295 !ciphersuite_is_removed(cs_info)) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1296 *(q++) = *p;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1297 }
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1298 }
Manuel Pégourié-Gonnardbc4b7f02013-09-07 15:04:26 +0200[diff] [blame]1299 *q = 0;
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]1300
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1301 supported_init = 1;
1302 }
1303
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1304 return supported_ciphersuites;
Manuel Pégourié-Gonnardf78e4de2015-05-29 10:52:14 +0200[diff] [blame]1305}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1306#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1307
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1308const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1309 const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1310{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1311 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1312
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1313 if (NULL == ciphersuite_name) {
1314 return NULL;
1315 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1316
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1317 while (cur->id != 0) {
1318 if (0 == strcmp(cur->name, ciphersuite_name)) {
1319 return cur;
1320 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1321
1322 cur++;
1323 }
1324
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1325 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1326}
1327
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1328const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1329{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1330 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1331
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1332 while (cur->id != 0) {
1333 if (cur->id == ciphersuite) {
1334 return cur;
1335 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1336
1337 cur++;
1338 }
1339
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1340 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1341}
1342
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1343const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1344{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1345 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1346
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1347 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1348
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1349 if (cur == NULL) {
1350 return "unknown";
1351 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1352
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1353 return cur->name;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1354}
1355
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1356int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1357{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1358 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1359
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1360 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1361
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1362 if (cur == NULL) {
1363 return 0;
1364 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1365
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1366 return cur->id;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1367}
1368
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1369size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1370{
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1371 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1372 psa_key_type_t key_type;
1373 psa_algorithm_t alg;
1374 size_t key_bits;
1375
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1376 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1377 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1378 &alg, &key_type, &key_bits);
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1379
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1380 if (status != PSA_SUCCESS) {
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1381 return 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1382 }
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1383
1384 return key_bits;
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1385}
1386
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1387#if defined(MBEDTLS_PK_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1388mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1389{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1390 switch (info->key_exchange) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1391 case MBEDTLS_KEY_EXCHANGE_RSA:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1392 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1393 return MBEDTLS_PK_RSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1394
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1395 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1396 return MBEDTLS_PK_ECDSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1397
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1398 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1399 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1400 return MBEDTLS_PK_ECKEY;
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]1401
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1402 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1403 return MBEDTLS_PK_NONE;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1404 }
1405}
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1406
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1407psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1408{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1409 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1410 case MBEDTLS_KEY_EXCHANGE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1411 return PSA_ALG_RSA_PKCS1V15_CRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1412 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1413 return PSA_ALG_RSA_PKCS1V15_SIGN(
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1414 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1415
1416 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1417 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1418
1419 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1420 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1421 return PSA_ALG_ECDH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1422
1423 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1424 return PSA_ALG_NONE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1425 }
1426}
1427
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1428psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1429{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1430 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1431 case MBEDTLS_KEY_EXCHANGE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1432 return PSA_KEY_USAGE_DECRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1433 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1434 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1435 return PSA_KEY_USAGE_SIGN_HASH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1436
1437 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1438 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1439 return PSA_KEY_USAGE_DERIVE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1440
1441 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1442 return 0;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1443 }
1444}
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1445
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1446mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1447{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1448 switch (info->key_exchange) {
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1449 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1450 return MBEDTLS_PK_RSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1451
1452 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1453 return MBEDTLS_PK_ECDSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1454
1455 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1456 return MBEDTLS_PK_NONE;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1457 }
1458}
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1459
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1460#endif /* MBEDTLS_PK_C */
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1461
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]1462#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]1463 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]1464 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1465int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1466{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1467 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1468 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1469 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1470 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1471 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1472 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]1473 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1474 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1475
1476 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1477 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1478 }
1479}
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]1480#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]1481 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
Valerio Setti45d56f32023-07-13 17:23:20 +0200[diff] [blame]1482 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1483
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1484#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1485int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1486{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1487 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1488 case MBEDTLS_KEY_EXCHANGE_PSK:
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1489 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1490 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1491
1492 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1493 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1494 }
1495}
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]1496#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]1497
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1498#endif /* MBEDTLS_SSL_TLS_C */