TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 91aaba0172dfa1c740bc67a12bc201bad4cd509c / . / library / ssl_ciphersuites.c
blob: 95aa5816ce30beb6b5c6831247ed00be09216a27 [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200[diff] [blame]4 * \brief SSL ciphersuites for Mbed TLS
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]5 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]6 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]20 */
21
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]22#include "common.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]23
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]24#if defined(MBEDTLS_SSL_TLS_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]25
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]26#include "mbedtls/platform.h"
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]27
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]28#include "mbedtls/ssl_ciphersuites.h"
29#include "mbedtls/ssl.h"
Manuel Pégourié-Gonnardcac90a12021-06-04 11:42:30 +0200[diff] [blame]30#include "ssl_misc.h"
Manuel Pégourié-Gonnard02b10d82023-03-28 12:33:20 +0200[diff] [blame]31#if defined(MBEDTLS_USE_PSA_CRYPTO)
32#include "md_psa.h"
33#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]34
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]35#include <string.h>
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]36
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]37/*
38 * Ordered from most preferred to least preferred in terms of security.
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]39 *
TRodziewicz75628d52021-06-18 12:56:27 +0200[diff] [blame]40 * Current rule (except weak and null which come last):
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]41 * 1. By key exchange:
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]42 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]43 * 2. By key length and cipher:
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]44 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
Manuel Pégourié-Gonnard42b53742014-06-19 16:18:26 +0200[diff] [blame]45 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
Manuel Pégourié-Gonnard6768da92014-05-14 12:26:51 +0200[diff] [blame]46 * 4. By hash function used when relevant
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]47 * 5. By key exchange/auth again: EC > non-EC
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]48 */
49static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]50{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]51#if defined(MBEDTLS_SSL_CIPHERSUITES)
52 MBEDTLS_SSL_CIPHERSUITES,
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]53#else
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]54#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]55 /* TLS 1.3 ciphersuites */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]56 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
Ronald Cron4bb67732023-02-16 15:51:18 +0100[diff] [blame]57 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
58 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]59 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
60 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]61#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]62
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]63 /* Chacha-Poly ephemeral suites */
64 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
65 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
66 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
67
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]68 /* All AES-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]69 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
70 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
71 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
72 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
73 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
74 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
75 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
76 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
77 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
78 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
79 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
80 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
81 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]82
83 /* All CAMELLIA-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]84 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
85 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
86 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
87 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
88 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
89 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
90 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]91
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]92 /* All ARIA-256 ephemeral suites */
93 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
94 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
95 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
96 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
97 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
98 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
99
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]100 /* All AES-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]101 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
102 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
103 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
104 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
105 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
106 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
107 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
108 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
109 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
110 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
111 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
112 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
113 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]114
115 /* All CAMELLIA-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]116 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
117 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
118 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
119 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
120 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
121 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
122 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]123
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]124 /* All ARIA-128 ephemeral suites */
125 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
126 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
127 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
128 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
129 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
130 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
131
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]132 /* The PSK ephemeral suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]133 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
134 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]135 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
136 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
137 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
138 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
139 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
140 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
141 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
142 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
143 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
144 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]145 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
146 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
147 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]148
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]149 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
150 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
151 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
152 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
153 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
154 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
155 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
156 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
157 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
158 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]159 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
160 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
161 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]162
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]163 /* The ECJPAKE suite */
164 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
165
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]166 /* All AES-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]167 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
168 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
169 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
170 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
171 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
172 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
173 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
174 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
175 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
176 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
177 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]178
179 /* All CAMELLIA-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]180 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
181 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
182 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
183 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
184 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
185 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
186 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]187
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]188 /* All ARIA-256 suites */
189 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
190 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
191 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
192 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
193 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
194 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
195
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]196 /* All AES-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]197 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
198 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
199 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
200 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
201 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
202 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
203 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
204 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
205 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
206 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
207 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]208
209 /* All CAMELLIA-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]210 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
211 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
212 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
213 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
214 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
215 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
216 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]217
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]218 /* All ARIA-128 suites */
219 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
220 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
221 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
222 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
223 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
224 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
225
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]226 /* The RSA PSK suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]227 MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]228 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
229 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
230 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
231 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
232 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]233 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
234 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]235
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]236 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
237 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
238 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
239 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
240 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]241 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
242 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]243
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]244 /* The PSK suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]245 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]246 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
247 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
248 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
249 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
250 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
251 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
252 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]253 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
254 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]255
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]256 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
257 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
258 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
259 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
260 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
261 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
262 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]263 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
264 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]265
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]266 /* NULL suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]267 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
268 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
269 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
270 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
271 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
272 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
273 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
274 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]275
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]276 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
277 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
278 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
279 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
280 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
281 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
282 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
283 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
284 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
285 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
286 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]287
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]288#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]289 0
290};
291
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]292static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]293{
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]294#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]295#if defined(MBEDTLS_AES_C)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]296#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]297#if defined(MBEDTLS_MD_CAN_SHA384)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]298 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]299 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
300 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
301 0,
302 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]303#endif /* MBEDTLS_MD_CAN_SHA384 */
304#if defined(MBEDTLS_MD_CAN_SHA256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]305 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]306 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
307 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
308 0,
309 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]310#endif /* MBEDTLS_MD_CAN_SHA256 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]311#endif /* MBEDTLS_SSL_HAVE_GCM */
312#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]313 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]314 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
315 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
316 0,
317 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]318 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]319 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
320 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
321 MBEDTLS_CIPHERSUITE_SHORT_TAG,
322 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]323#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]324#endif /* MBEDTLS_AES_C */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]325#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]326 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
327 "TLS1-3-CHACHA20-POLY1305-SHA256",
328 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
329 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]330 0,
331 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]332#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]333#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]334
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]335#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]336 defined(MBEDTLS_MD_CAN_SHA256) && \
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]337 defined(MBEDTLS_SSL_PROTO_TLS1_2)
338#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
339 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
340 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
341 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
342 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]343 0,
344 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]345#endif
346#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
347 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
348 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
349 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
350 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]351 0,
352 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]353#endif
354#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
355 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
356 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
357 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
358 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]359 0,
360 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]361#endif
362#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
363 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
364 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
365 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
366 MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]367 0,
368 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]369#endif
370#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
371 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
372 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
373 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
374 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]375 0,
376 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]377#endif
378#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
379 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
380 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
381 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
382 MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]383 0,
384 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]385#endif
386#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
387 { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
388 "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
389 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
390 MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]391 0,
392 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]393#endif
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]394#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY &&
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]395 MBEDTLS_MD_CAN_SHA256 &&
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]396 MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]397#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
398#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]399#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]400#if defined(MBEDTLS_CIPHER_MODE_CBC)
401 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
402 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]403 0,
404 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]405 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
406 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]407 0,
408 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]409#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]410#endif /* MBEDTLS_MD_CAN_SHA1 */
411#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]412#if defined(MBEDTLS_CIPHER_MODE_CBC)
413 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
414 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]415 0,
416 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]417#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]418#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]419 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
420 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]421 0,
422 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]423#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]424#endif /* MBEDTLS_MD_CAN_SHA256 */
425#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]426#if defined(MBEDTLS_CIPHER_MODE_CBC)
427 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
428 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]429 0,
430 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]431#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]432#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]433 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
434 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]435 0,
436 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]437#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]438#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]439#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]440 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
441 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]442 0,
443 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]444 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
445 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]446 MBEDTLS_CIPHERSUITE_SHORT_TAG,
447 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]448 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
449 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]450 0,
451 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]452 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
453 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]454 MBEDTLS_CIPHERSUITE_SHORT_TAG,
455 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]456#endif /* MBEDTLS_SSL_HAVE_CCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]457#endif /* MBEDTLS_AES_C */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]458
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]459#if defined(MBEDTLS_CAMELLIA_C)
460#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]461#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]462 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
463 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]464 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]465 0,
466 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]467#endif /* MBEDTLS_MD_CAN_SHA256 */
468#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]469 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
470 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]471 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]472 0,
473 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]474#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]475#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]476
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]477#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]478#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]479 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
480 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]481 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]482 0,
483 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]484#endif /* MBEDTLS_MD_CAN_SHA256 */
485#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]486 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
487 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]488 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]489 0,
490 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]491#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]492#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]493#endif /* MBEDTLS_CAMELLIA_C */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]494
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]495#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]496#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]497 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
498 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]499 MBEDTLS_CIPHERSUITE_WEAK,
500 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]501#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]502#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
503#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]504
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]505#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
506#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]507#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]508#if defined(MBEDTLS_CIPHER_MODE_CBC)
509 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
510 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]511 0,
512 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]513 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
514 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]515 0,
516 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]517#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]518#endif /* MBEDTLS_MD_CAN_SHA1 */
519#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]520#if defined(MBEDTLS_CIPHER_MODE_CBC)
521 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
522 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]523 0,
524 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]525#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settid4a10ce2023-10-03 15:11:48 +0200[diff] [blame]526#if (defined(MBEDTLS_GCM_C) || defined(PSA_WANT_ALG_GCM))
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]527 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
528 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]529 0,
530 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]531#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]532#endif /* MBEDTLS_MD_CAN_SHA256 */
533#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]534#if defined(MBEDTLS_CIPHER_MODE_CBC)
535 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
536 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]537 0,
538 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]539#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settid4a10ce2023-10-03 15:11:48 +0200[diff] [blame]540#if (defined(MBEDTLS_GCM_C) || defined(PSA_WANT_ALG_GCM))
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]541 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
542 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]543 0,
544 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]545#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]546#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]547#endif /* MBEDTLS_AES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]548
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]549#if defined(MBEDTLS_CAMELLIA_C)
550#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]551#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]552 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
553 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]554 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]555 0,
556 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]557#endif /* MBEDTLS_MD_CAN_SHA256 */
558#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]559 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
560 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]561 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]562 0,
563 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]564#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]565#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]566
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]567#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]568#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]569 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
570 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]571 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]572 0,
573 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]574#endif /* MBEDTLS_MD_CAN_SHA256 */
575#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]576 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
577 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]578 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]579 0,
580 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]581#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]582#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]583#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]584
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]585#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]586#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]587 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
588 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]589 MBEDTLS_CIPHERSUITE_WEAK,
590 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]591#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]592#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
593#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]594
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]595#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
596#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]597#if defined(MBEDTLS_MD_CAN_SHA384) && \
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]598 defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]599 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
600 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]601 0,
602 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]603#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]604
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]605#if defined(MBEDTLS_MD_CAN_SHA256)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]606#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]607 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
608 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]609 0,
610 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]611#endif /* MBEDTLS_SSL_HAVE_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]612
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]613#if defined(MBEDTLS_CIPHER_MODE_CBC)
614 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
615 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]616 0,
617 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]618
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]619 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
620 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]621 0,
622 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]623#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]624#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]625
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]626#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]627#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]628 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
629 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]630 0,
631 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]632
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]633 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
634 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]635 0,
636 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]637#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]638#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]639#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]640 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
641 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]642 0,
643 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]644 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
645 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]646 MBEDTLS_CIPHERSUITE_SHORT_TAG,
647 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]648 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
649 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]650 0,
651 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]652 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
653 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]654 MBEDTLS_CIPHERSUITE_SHORT_TAG,
655 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]656#endif /* MBEDTLS_SSL_HAVE_CCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]657#endif /* MBEDTLS_AES_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]658
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]659#if defined(MBEDTLS_CAMELLIA_C)
660#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]661#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]662 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
663 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]664 0,
665 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]666
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]667 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
668 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]669 0,
670 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]671#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]672
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]673#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]674 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
675 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]676 0,
677 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]678
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]679 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
680 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]681 0,
682 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]683#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]684#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]685#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]686#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]687 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
688 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]689 0,
690 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]691#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]692
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]693#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]694 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
695 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]696 0,
697 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]698#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]699#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]700#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]701
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]702#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]703
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]704#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
705#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]706#if defined(MBEDTLS_MD_CAN_SHA384) && \
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]707 defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]708 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
709 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]710 0,
711 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]712#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]713
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]714#if defined(MBEDTLS_MD_CAN_SHA256)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]715#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]716 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
717 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]718 0,
719 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]720#endif /* MBEDTLS_SSL_HAVE_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]721
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]722#if defined(MBEDTLS_CIPHER_MODE_CBC)
723 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
724 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]725 0,
726 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]727
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]728 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
729 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]730 0,
731 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]732#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]733#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]734
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]735#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]736#if defined(MBEDTLS_CIPHER_MODE_CBC)
737 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
738 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]739 0,
740 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]741
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]742 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
743 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]744 0,
745 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]746#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]747#endif /* MBEDTLS_MD_CAN_SHA1 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]748#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]749 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
750 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]751 0,
752 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]753 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
754 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]755 MBEDTLS_CIPHERSUITE_SHORT_TAG,
756 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]757 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
758 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]759 0,
760 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]761 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
762 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]763 MBEDTLS_CIPHERSUITE_SHORT_TAG,
764 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]765#endif /* MBEDTLS_SSL_HAVE_CCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]766#endif /* MBEDTLS_AES_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]767
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]768#if defined(MBEDTLS_CAMELLIA_C)
769#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]770#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]771 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
772 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]773 0,
774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]775
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]776 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
777 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]778 0,
779 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]780#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]781
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]782#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]783 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
784 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]785 0,
786 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]787
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]788 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
789 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]790 0,
791 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]792#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]793#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]794
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]795#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]796#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]797 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
798 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]799 0,
800 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]801#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]802
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]803#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]804 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
805 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]806 0,
807 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]808#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]809#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]810#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]811
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]812#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]813
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]814#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
815#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]816#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]817#if defined(MBEDTLS_CIPHER_MODE_CBC)
818 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
819 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]820 0,
821 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]822 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
823 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]824 0,
825 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]826#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]827#endif /* MBEDTLS_MD_CAN_SHA1 */
828#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]829#if defined(MBEDTLS_CIPHER_MODE_CBC)
830 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
831 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]832 0,
833 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]834#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]835#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]836 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
837 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]838 0,
839 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]840#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]841#endif /* MBEDTLS_MD_CAN_SHA256 */
842#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]843#if defined(MBEDTLS_CIPHER_MODE_CBC)
844 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
845 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]846 0,
847 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]848#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]849#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]850 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
851 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]852 0,
853 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]854#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]855#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]856#endif /* MBEDTLS_AES_C */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]857
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]858#if defined(MBEDTLS_CAMELLIA_C)
859#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]860#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]861 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
862 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]863 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]864 0,
865 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]866#endif /* MBEDTLS_MD_CAN_SHA256 */
867#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]868 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
869 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]870 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]871 0,
872 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]873#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]874#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]875
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]876#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]877#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]878 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
879 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]880 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]881 0,
882 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]883#endif /* MBEDTLS_MD_CAN_SHA256 */
884#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]885 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
886 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]887 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]888 0,
889 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]890#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]891#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]892#endif /* MBEDTLS_CAMELLIA_C */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]893
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]894#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]895#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]896 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
897 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]898 MBEDTLS_CIPHERSUITE_WEAK,
899 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]900#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]901#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
902#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]903
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]904#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
905#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]906#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]907#if defined(MBEDTLS_CIPHER_MODE_CBC)
908 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
909 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]910 0,
911 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]912 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
913 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]914 0,
915 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]916#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]917#endif /* MBEDTLS_MD_CAN_SHA1 */
918#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]919#if defined(MBEDTLS_CIPHER_MODE_CBC)
920 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
921 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]922 0,
923 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]924#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]925#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]926 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
927 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]928 0,
929 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]930#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]931#endif /* MBEDTLS_MD_CAN_SHA256 */
932#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]933#if defined(MBEDTLS_CIPHER_MODE_CBC)
934 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
935 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]936 0,
937 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]938#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]939#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]940 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
941 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]942 0,
943 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]944#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]945#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]946#endif /* MBEDTLS_AES_C */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]947
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]948#if defined(MBEDTLS_CAMELLIA_C)
949#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]950#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]951 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
952 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]953 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]954 0,
955 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]956#endif /* MBEDTLS_MD_CAN_SHA256 */
957#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]958 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
959 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]960 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]961 0,
962 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]963#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]964#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]965
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]966#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]967#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]968 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
969 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]970 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]971 0,
972 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]973#endif /* MBEDTLS_MD_CAN_SHA256 */
974#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]975 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
976 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]977 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]978 0,
979 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]980#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]981#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]982#endif /* MBEDTLS_CAMELLIA_C */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]983
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]984#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]985#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]986 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
987 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]988 MBEDTLS_CIPHERSUITE_WEAK,
989 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]990#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]991#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
992#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]993
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]994#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
995#if defined(MBEDTLS_AES_C)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]996#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]997#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]998 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
999 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1000 0,
1001 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1002#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1003
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1004#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1005 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
1006 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1007 0,
1008 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1009#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1010#endif /* MBEDTLS_SSL_HAVE_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1011
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1012#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1013#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1014 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
1015 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1016 0,
1017 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1018#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1019
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1020#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1021 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1022 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1023 0,
1024 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1025#endif /* MBEDTLS_MD_CAN_SHA384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1026
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1027#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1028 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1029 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1030 0,
1031 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1032
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1033 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1034 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1035 0,
1036 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1037#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1038#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1039#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1040 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1041 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1042 0,
1043 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1044 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1045 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1046 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1047 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1048 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1049 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1050 0,
1051 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1052 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1053 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1054 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1055 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1056#endif /* MBEDTLS_SSL_HAVE_CCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1057#endif /* MBEDTLS_AES_C */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1058
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1059#if defined(MBEDTLS_CAMELLIA_C)
1060#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1061#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1062 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1063 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1064 0,
1065 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1066#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1067
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1068#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1069 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1070 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1071 0,
1072 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1073#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1074#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1075
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1076#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1077#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1078 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1079 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1080 0,
1081 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1082#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1083
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1084#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1085 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1086 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1087 0,
1088 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1089#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1090#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1091#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1092
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1093#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1094
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1095#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1096#if defined(MBEDTLS_AES_C)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1097#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1098#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1099 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1100 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1101 0,
1102 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1103#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1104
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1105#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1106 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1107 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1108 0,
1109 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1110#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1111#endif /* MBEDTLS_SSL_HAVE_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1112
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1113#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1114#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1115 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1116 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1117 0,
1118 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1119#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1120
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1121#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1122 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1123 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1124 0,
1125 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1126#endif /* MBEDTLS_MD_CAN_SHA384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1127
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1128#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1129 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1130 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1131 0,
1132 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1133
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1134 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1135 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1136 0,
1137 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1138#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1139#endif /* MBEDTLS_CIPHER_MODE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1140#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1141 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1142 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1143 0,
1144 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1145 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1146 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1147 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1148 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1149 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1150 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1151 0,
1152 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1153 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1154 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1155 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1156 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1157#endif /* MBEDTLS_SSL_HAVE_CCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1158#endif /* MBEDTLS_AES_C */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1159
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1160#if defined(MBEDTLS_CAMELLIA_C)
1161#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1162#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1163 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1164 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1165 0,
1166 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1167#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1168
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1169#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1170 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1171 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1172 0,
1173 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1174#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1175#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1176
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1177#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1178#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1179 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1180 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1181 0,
1182 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1183#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1184
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1185#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1186 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1187 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1188 0,
1189 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1190#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1191#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1192#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1193
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1194#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1195
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1196#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1197#if defined(MBEDTLS_AES_C)
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1198
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1199#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1200#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1201 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1202 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1203 0,
1204 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1205#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1206
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1207#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1208 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1209 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1210 0,
1211 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1212#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1213
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1214#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1215 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1216 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1217 0,
1218 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1219
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1220 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1221 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1222 0,
1223 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1224#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1225#endif /* MBEDTLS_CIPHER_MODE_CBC */
1226#endif /* MBEDTLS_AES_C */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1227
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1228#if defined(MBEDTLS_CAMELLIA_C)
1229#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1230#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1231 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1232 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1233 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1234 0,
1235 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1236#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1237
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1238#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1239 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1240 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1241 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1242 0,
1243 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1244#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1245#endif /* MBEDTLS_CIPHER_MODE_CBC */
1246#endif /* MBEDTLS_CAMELLIA_C */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1247
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1248#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1249
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1250#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1251#if defined(MBEDTLS_AES_C)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1252#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1253#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1254 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1255 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1256 0,
1257 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1258#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1259
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1260#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1261 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1262 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1263 0,
1264 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1265#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1266#endif /* MBEDTLS_SSL_HAVE_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1267
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1268#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1269#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1270 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1271 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1272 0,
1273 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1274#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1275
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1276#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1277 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1278 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1279 0,
1280 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1281#endif /* MBEDTLS_MD_CAN_SHA384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1282
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1283#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1284 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1285 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1286 0,
1287 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1288
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1289 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1290 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1291 0,
1292 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1293#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1294#endif /* MBEDTLS_CIPHER_MODE_CBC */
1295#endif /* MBEDTLS_AES_C */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1296
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1297#if defined(MBEDTLS_CAMELLIA_C)
1298#if defined(MBEDTLS_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1299#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1300 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1301 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1302 0,
1303 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1304#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1305
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1306#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1307 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1308 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1309 0,
1310 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1311#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1312#endif /* MBEDTLS_CIPHER_MODE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1313
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1314#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1315#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1316 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1317 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1318 0,
1319 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1320#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1321
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1322#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1323 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1324 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1325 0,
1326 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1327#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1328#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1329#endif /* MBEDTLS_CAMELLIA_C */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1330
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1331#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1332
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1333#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1334#if defined(MBEDTLS_AES_C)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1335#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1336 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1337 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1338 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1339 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1340#endif /* MBEDTLS_SSL_HAVE_CCM */
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1341#endif /* MBEDTLS_AES_C */
1342#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1343
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1344#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1345#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1346#if defined(MBEDTLS_MD_CAN_MD5)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1347 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1348 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1349 MBEDTLS_CIPHERSUITE_WEAK,
1350 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1351#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1352
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1353#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1354 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1355 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1356 MBEDTLS_CIPHERSUITE_WEAK,
1357 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1358#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1359
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1360#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1361 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1362 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1363 MBEDTLS_CIPHERSUITE_WEAK,
1364 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1365#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1366#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1367
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1368#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1369#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1370 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1371 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1372 MBEDTLS_CIPHERSUITE_WEAK,
1373 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1374#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1375
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1376#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1377 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1378 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1379 MBEDTLS_CIPHERSUITE_WEAK,
1380 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1381#endif
1382
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1383#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1384 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1385 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1386 MBEDTLS_CIPHERSUITE_WEAK,
1387 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1388#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1389#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1390
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1391#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1392#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1393 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1394 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1395 MBEDTLS_CIPHERSUITE_WEAK,
1396 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1397#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1398
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1399#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1400 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1401 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1402 MBEDTLS_CIPHERSUITE_WEAK,
1403 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1404#endif
1405
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1406#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1407 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1408 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1409 MBEDTLS_CIPHERSUITE_WEAK,
1410 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1411#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1412#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1413
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1414#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1415#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1416 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1417 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1418 MBEDTLS_CIPHERSUITE_WEAK,
1419 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1420#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1421
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1422#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1423 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1424 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1425 MBEDTLS_CIPHERSUITE_WEAK,
1426 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1427#endif
1428
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1429#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1430 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1431 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1432 MBEDTLS_CIPHERSUITE_WEAK,
1433 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1434#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1435#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1436
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1437#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1438#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1439 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1440 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1441 MBEDTLS_CIPHERSUITE_WEAK,
1442 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1443#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnardef0eb1e2013-10-14 19:29:19 +0200[diff] [blame]1444
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1445#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1446 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1447 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1448 MBEDTLS_CIPHERSUITE_WEAK,
1449 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1450#endif
Manuel Pégourié-Gonnardef0eb1e2013-10-14 19:29:19 +0200[diff] [blame]1451
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1452#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1453 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1454 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1455 MBEDTLS_CIPHERSUITE_WEAK,
1456 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1457#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1458#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1459#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1460
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1461#if defined(MBEDTLS_ARIA_C)
1462
1463#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1464
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1465#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1466 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1467 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1468 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1469 0,
1470 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1471#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1472#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1473 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1474 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1475 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1476 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1477 0,
1478 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1479#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1480#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1481 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1482 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1483 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1484 0,
1485 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1486#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1487#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1488 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1489 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1490 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1491 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1492 0,
1493 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1494#endif
1495
1496#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1497
1498#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1499
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1500#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1501 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1502 "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1503 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1504 0,
1505 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1506#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1507#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1508 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1509 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1510 "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1511 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1512 0,
1513 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1514#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1515#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1516 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1517 "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1518 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1519 0,
1520 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1521#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1522#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1523 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1524 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1525 "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1526 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1527 0,
1528 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1529#endif
1530
1531#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1532
1533#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1534
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1535#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1536 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1537 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1538 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1539 0,
1540 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1541#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1542#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1543 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1544 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1545 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1546 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1547 0,
1548 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1549#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1550#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1551 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1552 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1553 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1554 0,
1555 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1556#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1557#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1558 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1559 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1560 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1561 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1562 0,
1563 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1564#endif
1565
1566#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1567
1568#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1569
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1570#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1571 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1572 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1573 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1574 0,
1575 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1576#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1577#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1578 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1579 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1580 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1581 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1582 0,
1583 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1584#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1585#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1586 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1587 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1588 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1589 0,
1590 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1591#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1592#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1593 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1594 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1595 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1596 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1597 0,
1598 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1599#endif
1600
1601#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1602
1603#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1604
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1605#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1606 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1607 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1608 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1609 0,
1610 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1611#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1612#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1613 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1614 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1615 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1616 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1617 0,
1618 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1619#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1620#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1621 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1622 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1623 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1624 0,
1625 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1626#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1627#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1628 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1629 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1630 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1631 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1632 0,
1633 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1634#endif
1635
1636#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1637
1638#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1639
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1640#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1641 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1642 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1643 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1644 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1645 0,
1646 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1647#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1648#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1649 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1650 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1651 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1652 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1653 0,
1654 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1655#endif
1656
1657#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1658
1659#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1660
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1661#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1662 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1663 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1664 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1665 0,
1666 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1667#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1668#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1669 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1670 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1671 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1672 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1673 0,
1674 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1675#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1676#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1677 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1678 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1679 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1680 0,
1681 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1682#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1683#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1684 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1685 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1686 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1687 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1688 0,
1689 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1690#endif
1691
1692#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1693
1694#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1695
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1696#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1697 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1698 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1699 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1700 0,
1701 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1702#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1703#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1704 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1705 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1706 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1707 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1708 0,
1709 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1710#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1711#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1712 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1713 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1714 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1715 0,
1716 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1717#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1718#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1719 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1720 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1721 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1722 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1723 0,
1724 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1725#endif
1726
1727#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1728
1729#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1730
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1731#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1732 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1733 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1734 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1735 0,
1736 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1737#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1738#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1739 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1740 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1741 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1742 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1743 0,
1744 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1745#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1746#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1747 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1748 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1749 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1750 0,
1751 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1752#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1753#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1754 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1755 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1756 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1757 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1758 0,
1759 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1760#endif
1761
1762#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1763
1764#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1765
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1766#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1767 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1768 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1769 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1770 0,
1771 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1772#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1773#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1774 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1775 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1776 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1777 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1778 0,
1779 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1780#endif
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1781#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1782 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1783 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1784 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1785 0,
1786 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1787#endif
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1788#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1789 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1790 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1791 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1792 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1793 0,
1794 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1795#endif
1796
1797#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1798
1799#endif /* MBEDTLS_ARIA_C */
1800
1801
Manuel Pégourié-Gonnarda2733712015-02-10 17:32:14 +0100[diff] [blame]1802 { 0, "",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1803 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1804 0, 0, 0 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1805};
1806
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1807#if defined(MBEDTLS_SSL_CIPHERSUITES)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1808const int *mbedtls_ssl_list_ciphersuites(void)
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1809{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1810 return ciphersuite_preference;
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1811}
1812#else
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1813#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
1814 sizeof(ciphersuite_definitions[0])
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1815static int supported_ciphersuites[MAX_CIPHERSUITES];
1816static int supported_init = 0;
1817
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]1818MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1819static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1820{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1821 (void) cs_info;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1822
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1823 return 0;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1824}
1825
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1826const int *mbedtls_ssl_list_ciphersuites(void)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1827{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1828 /*
1829 * On initial call filter out all ciphersuites not supported by current
1830 * build based on presence in the ciphersuite_definitions.
1831 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1832 if (supported_init == 0) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1833 const int *p;
1834 int *q;
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1835
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1836 for (p = ciphersuite_preference, q = supported_ciphersuites;
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1837 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1838 p++) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1839 const mbedtls_ssl_ciphersuite_t *cs_info;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1840 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1841 !ciphersuite_is_removed(cs_info)) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1842 *(q++) = *p;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1843 }
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1844 }
Manuel Pégourié-Gonnardbc4b7f02013-09-07 15:04:26 +0200[diff] [blame]1845 *q = 0;
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]1846
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1847 supported_init = 1;
1848 }
1849
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1850 return supported_ciphersuites;
Manuel Pégourié-Gonnardf78e4de2015-05-29 10:52:14 +0200[diff] [blame]1851}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1852#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1853
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1854const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1855 const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1856{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1857 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1858
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1859 if (NULL == ciphersuite_name) {
1860 return NULL;
1861 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1862
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1863 while (cur->id != 0) {
1864 if (0 == strcmp(cur->name, ciphersuite_name)) {
1865 return cur;
1866 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1867
1868 cur++;
1869 }
1870
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1871 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1872}
1873
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1874const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1875{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1876 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1877
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1878 while (cur->id != 0) {
1879 if (cur->id == ciphersuite) {
1880 return cur;
1881 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1882
1883 cur++;
1884 }
1885
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1886 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1887}
1888
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1889const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1890{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1891 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1892
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1893 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1894
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1895 if (cur == NULL) {
1896 return "unknown";
1897 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1898
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1899 return cur->name;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1900}
1901
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1902int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1903{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1904 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1905
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1906 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1907
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1908 if (cur == NULL) {
1909 return 0;
1910 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1911
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1912 return cur->id;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1913}
1914
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1915size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1916{
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1917#if defined(MBEDTLS_USE_PSA_CRYPTO)
1918 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1919 psa_key_type_t key_type;
1920 psa_algorithm_t alg;
1921 size_t key_bits;
1922
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1923 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1924 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1925 &alg, &key_type, &key_bits);
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1926
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1927 if (status != PSA_SUCCESS) {
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1928 return 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1929 }
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1930
1931 return key_bits;
Neil Armstrong689557c2022-05-12 08:30:59 +0200[diff] [blame]1932#else
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1933 const mbedtls_cipher_info_t * const cipher_info =
Agathiyan Bragadeesh8b52b882023-07-13 13:12:40 +0100[diff] [blame]1934 mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher);
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1935
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1936 return mbedtls_cipher_info_get_key_bitlen(cipher_info);
Neil Armstrong689557c2022-05-12 08:30:59 +0200[diff] [blame]1937#endif /* MBEDTLS_USE_PSA_CRYPTO */
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1938}
1939
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1940#if defined(MBEDTLS_PK_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1941mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1942{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1943 switch (info->key_exchange) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1944 case MBEDTLS_KEY_EXCHANGE_RSA:
1945 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1946 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1947 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1948 return MBEDTLS_PK_RSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1949
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1950 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1951 return MBEDTLS_PK_ECDSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1952
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1953 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1954 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1955 return MBEDTLS_PK_ECKEY;
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]1956
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1957 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1958 return MBEDTLS_PK_NONE;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1959 }
1960}
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1961
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1962#if defined(MBEDTLS_USE_PSA_CRYPTO)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1963psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1964{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1965 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1966 case MBEDTLS_KEY_EXCHANGE_RSA:
1967 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1968 return PSA_ALG_RSA_PKCS1V15_CRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1969 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1970 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1971 return PSA_ALG_RSA_PKCS1V15_SIGN(
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1972 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1973
1974 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1975 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1976
1977 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1978 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1979 return PSA_ALG_ECDH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1980
1981 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1982 return PSA_ALG_NONE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1983 }
1984}
1985
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1986psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1987{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1988 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1989 case MBEDTLS_KEY_EXCHANGE_RSA:
1990 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1991 return PSA_KEY_USAGE_DECRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1992 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1993 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1994 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1995 return PSA_KEY_USAGE_SIGN_HASH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1996
1997 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1998 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1999 return PSA_KEY_USAGE_DERIVE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]2000
2001 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2002 return 0;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]2003 }
2004}
2005#endif /* MBEDTLS_USE_PSA_CRYPTO */
2006
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2007mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2008{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2009 switch (info->key_exchange) {
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2010 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
2011 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2012 return MBEDTLS_PK_RSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2013
2014 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2015 return MBEDTLS_PK_ECDSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2016
2017 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2018 return MBEDTLS_PK_NONE;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2019 }
2020}
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2021
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2022#endif /* MBEDTLS_PK_C */
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]2023
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]2024#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]2025 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]2026 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2027int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2028{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2029 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2030 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2031 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2032 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2033 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
2034 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]2035 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2036 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2037
2038 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2039 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2040 }
2041}
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]2042#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]2043 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
Valerio Setti45d56f32023-07-13 17:23:20 +0200[diff] [blame]2044 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2045
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]2046#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2047int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2048{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2049 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2050 case MBEDTLS_KEY_EXCHANGE_PSK:
2051 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
2052 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
2053 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2054 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2055
2056 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2057 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2058 }
2059}
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]2060#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2061
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2062#endif /* MBEDTLS_SSL_TLS_C */