TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/mbedtls-3.6 / . / library / ssl_ciphersuites.c
blob: 23619a26c88f6d9cf25144a7e1e5c63b63b86f42 [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
Gilles Peskinee820c0a2023-08-03 17:45:20 +0200[diff] [blame]4 * \brief SSL ciphersuites for Mbed TLS
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]5 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]6 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]8 */
9
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]10#include "common.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]11
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]12#if defined(MBEDTLS_SSL_TLS_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]13
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]14#include "mbedtls/platform.h"
SimonBd5800b72016-04-26 07:43:27 +0100[diff] [blame]15
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]16#include "mbedtls/ssl_ciphersuites.h"
17#include "mbedtls/ssl.h"
Manuel Pégourié-Gonnardcac90a12021-06-04 11:42:30 +0200[diff] [blame]18#include "ssl_misc.h"
Manuel Pégourié-Gonnard02b10d82023-03-28 12:33:20 +0200[diff] [blame]19#if defined(MBEDTLS_USE_PSA_CRYPTO)
Valerio Setti384fbde2024-01-02 13:26:40 +0100[diff] [blame]20#include "mbedtls/psa_util.h"
Manuel Pégourié-Gonnard02b10d82023-03-28 12:33:20 +0200[diff] [blame]21#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]22
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]23#include <string.h>
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]24
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]25/*
26 * Ordered from most preferred to least preferred in terms of security.
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]27 *
TRodziewicz75628d52021-06-18 12:56:27 +0200[diff] [blame]28 * Current rule (except weak and null which come last):
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]29 * 1. By key exchange:
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]30 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]31 * 2. By key length and cipher:
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]32 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
Manuel Pégourié-Gonnard42b53742014-06-19 16:18:26 +0200[diff] [blame]33 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
Manuel Pégourié-Gonnard6768da92014-05-14 12:26:51 +0200[diff] [blame]34 * 4. By hash function used when relevant
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]35 * 5. By key exchange/auth again: EC > non-EC
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]36 */
37static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]38{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]39#if defined(MBEDTLS_SSL_CIPHERSUITES)
40 MBEDTLS_SSL_CIPHERSUITES,
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]41#else
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]42#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]43 /* TLS 1.3 ciphersuites */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]44 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
Ronald Cron4bb67732023-02-16 15:51:18 +0100[diff] [blame]45 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
46 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]47 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
48 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]49#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]50
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]51 /* Chacha-Poly ephemeral suites */
52 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
53 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
54 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
55
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]56 /* All AES-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]57 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
58 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
59 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
60 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
61 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
62 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
63 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
64 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
65 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
66 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
67 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
69 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]70
71 /* All CAMELLIA-256 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]72 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
73 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
74 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
75 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
76 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
77 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
78 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]79
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]80 /* All ARIA-256 ephemeral suites */
81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
82 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
83 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
84 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
85 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
86 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
87
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]88 /* All AES-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]89 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
90 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
91 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
93 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
94 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
95 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
96 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
97 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
98 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
99 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
100 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
101 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]102
103 /* All CAMELLIA-128 ephemeral suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]104 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
105 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
106 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
107 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
108 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
109 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
110 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]111
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]112 /* All ARIA-128 ephemeral suites */
113 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
114 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
115 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
116 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
117 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
118 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
119
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]120 /* The PSK ephemeral suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]121 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
122 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]123 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
124 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
125 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
126 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
127 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
128 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
129 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
130 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
131 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
132 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]133 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
134 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
135 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]136
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]137 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
138 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
139 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
140 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
141 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
142 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
143 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
144 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
145 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
146 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]147 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
148 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
149 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]150
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]151 /* The ECJPAKE suite */
152 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
153
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]154 /* All AES-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]155 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
156 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
157 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
158 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
159 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
160 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
161 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
162 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
163 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
164 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
165 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]166
167 /* All CAMELLIA-256 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]168 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
169 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
170 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
171 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
172 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
173 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
174 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]175
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]176 /* All ARIA-256 suites */
177 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
178 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
179 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
180 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
181 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
182 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
183
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]184 /* All AES-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]185 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
186 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
187 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
188 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
189 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
190 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
191 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
192 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
193 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
194 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
195 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]196
197 /* All CAMELLIA-128 suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]198 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
199 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
200 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
201 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
202 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
203 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
204 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]205
Manuel Pégourié-Gonnardaf37f0f2018-02-20 11:03:40 +0100[diff] [blame]206 /* All ARIA-128 suites */
207 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
208 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
209 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
210 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
211 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
212 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
213
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]214 /* The RSA PSK suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]215 MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]216 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
217 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
218 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
219 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
220 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]221 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
222 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]223
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]224 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
225 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
226 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
227 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
228 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]229 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
230 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]231
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]232 /* The PSK suites */
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]233 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]234 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
235 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
236 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
237 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
238 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
239 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
240 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]241 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
242 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]243
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]244 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
245 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
246 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
247 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
248 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
249 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
250 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]251 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
252 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]253
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]254 /* NULL suites */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]255 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
256 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
257 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
258 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
259 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
260 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
261 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
262 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
Manuel Pégourié-Gonnard6fb0f742013-10-25 17:08:15 +0200[diff] [blame]263
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]264 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
265 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
266 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
267 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
268 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
269 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
270 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
271 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
272 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
273 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
274 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]275
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]276#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]277 0
278};
279
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]280static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]281{
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]282#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]283#if defined(MBEDTLS_SSL_HAVE_AES)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]284#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]285#if defined(MBEDTLS_MD_CAN_SHA384)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]286 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]287 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
288 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
289 0,
290 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]291#endif /* MBEDTLS_MD_CAN_SHA384 */
292#if defined(MBEDTLS_MD_CAN_SHA256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]293 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]294 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
295 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
296 0,
297 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]298#endif /* MBEDTLS_MD_CAN_SHA256 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]299#endif /* MBEDTLS_SSL_HAVE_GCM */
300#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]301 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]302 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
303 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
304 0,
305 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]306 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]307 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
308 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
309 MBEDTLS_CIPHERSUITE_SHORT_TAG,
310 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]311#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]312#endif /* MBEDTLS_SSL_HAVE_AES */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]313#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256)
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]314 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
315 "TLS1-3-CHACHA20-POLY1305-SHA256",
316 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
317 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]318 0,
319 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]320#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]321#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
Hanno Becker8ca26922021-07-23 19:24:23 +0100[diff] [blame]322
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]323#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]324 defined(MBEDTLS_MD_CAN_SHA256) && \
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]325 defined(MBEDTLS_SSL_PROTO_TLS1_2)
326#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
327 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
328 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
329 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
330 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]331 0,
332 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]333#endif
334#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
335 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
336 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
337 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
338 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]339 0,
340 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]341#endif
342#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
343 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
344 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
345 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
346 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]347 0,
348 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]349#endif
350#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
351 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
352 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
353 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
354 MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]355 0,
356 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]357#endif
358#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
359 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
360 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
361 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
362 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]363 0,
364 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]365#endif
366#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
367 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
368 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
369 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
370 MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]371 0,
372 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]373#endif
374#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
375 { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
376 "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
377 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
378 MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]379 0,
380 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]381#endif
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]382#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY &&
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]383 MBEDTLS_MD_CAN_SHA256 &&
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]384 MBEDTLS_SSL_PROTO_TLS1_2 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]385#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]386#if defined(MBEDTLS_SSL_HAVE_AES)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]387#if defined(MBEDTLS_MD_CAN_SHA1)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]388#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]389 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
390 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]391 0,
392 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]393 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
394 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]395 0,
396 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]397#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]398#endif /* MBEDTLS_MD_CAN_SHA1 */
399#if defined(MBEDTLS_MD_CAN_SHA256)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]400#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]401 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
402 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]403 0,
404 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]405#endif /* MBEDTLS_SSL_HAVE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]406#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]407 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
408 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]409 0,
410 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]411#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]412#endif /* MBEDTLS_MD_CAN_SHA256 */
413#if defined(MBEDTLS_MD_CAN_SHA384)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]414#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]415 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
416 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]417 0,
418 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]419#endif /* MBEDTLS_SSL_HAVE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]420#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]421 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
422 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]423 0,
424 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]425#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]426#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]427#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]428 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
429 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]430 0,
431 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]432 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
433 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]434 MBEDTLS_CIPHERSUITE_SHORT_TAG,
435 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]436 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
437 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]438 0,
439 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]440 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
441 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]442 MBEDTLS_CIPHERSUITE_SHORT_TAG,
443 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]444#endif /* MBEDTLS_SSL_HAVE_CCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]445#endif /* MBEDTLS_SSL_HAVE_AES */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]446
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]447#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
448#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]449#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]450 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
451 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]452 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]453 0,
454 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]455#endif /* MBEDTLS_MD_CAN_SHA256 */
456#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]457 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
458 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]459 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]460 0,
461 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]462#endif /* MBEDTLS_MD_CAN_SHA384 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]463#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]464
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]465#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]466#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]467 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
468 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]469 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]470 0,
471 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]472#endif /* MBEDTLS_MD_CAN_SHA256 */
473#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]474 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
475 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]476 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]477 0,
478 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]479#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]480#endif /* MBEDTLS_SSL_HAVE_GCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]481#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]482
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]483#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]484#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]485 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
486 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]487 MBEDTLS_CIPHERSUITE_WEAK,
488 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]489#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]490#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
491#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]492
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]493#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]494#if defined(MBEDTLS_SSL_HAVE_AES)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]495#if defined(MBEDTLS_MD_CAN_SHA1)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]496#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]497 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
498 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]499 0,
500 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]501 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
502 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]503 0,
504 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]505#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]506#endif /* MBEDTLS_MD_CAN_SHA1 */
507#if defined(MBEDTLS_MD_CAN_SHA256)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]508#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]509 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
510 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]511 0,
512 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]513#endif /* MBEDTLS_SSL_HAVE_CBC */
514#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]515 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
516 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]517 0,
518 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]519#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]520#endif /* MBEDTLS_MD_CAN_SHA256 */
521#if defined(MBEDTLS_MD_CAN_SHA384)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]522#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]523 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
524 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]525 0,
526 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]527#endif /* MBEDTLS_SSL_HAVE_CBC */
528#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]529 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
530 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]531 0,
532 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]533#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]534#endif /* MBEDTLS_MD_CAN_SHA384 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]535#endif /* MBEDTLS_SSL_HAVE_AES */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]536
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]537#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
538#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]539#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]540 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
541 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]542 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]543 0,
544 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]545#endif /* MBEDTLS_MD_CAN_SHA256 */
546#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]547 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
548 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]549 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]550 0,
551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]552#endif /* MBEDTLS_MD_CAN_SHA384 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]553#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]554
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]555#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]556#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]557 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
558 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]559 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]560 0,
561 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]562#endif /* MBEDTLS_MD_CAN_SHA256 */
563#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]564 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
565 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]566 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]567 0,
568 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]569#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]570#endif /* MBEDTLS_SSL_HAVE_GCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]571#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]572
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]573#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]574#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]575 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
576 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]577 MBEDTLS_CIPHERSUITE_WEAK,
578 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]579#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]580#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
581#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]582
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]583#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]584#if defined(MBEDTLS_SSL_HAVE_AES)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]585#if defined(MBEDTLS_MD_CAN_SHA384) && \
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]586 defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]587 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
588 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]589 0,
590 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]591#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]592
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]593#if defined(MBEDTLS_MD_CAN_SHA256)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]594#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]595 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
596 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]597 0,
598 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]599#endif /* MBEDTLS_SSL_HAVE_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]600
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]601#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]602 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
603 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]604 0,
605 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]606
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]607 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
608 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]609 0,
610 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]611#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]612#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]613
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]614#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]615#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]616 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
617 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]618 0,
619 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]620
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]621 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
622 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]623 0,
624 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]625#endif /* MBEDTLS_MD_CAN_SHA1 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]626#endif /* MBEDTLS_SSL_HAVE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]627#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]628 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
629 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]630 0,
631 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]632 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
633 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]634 MBEDTLS_CIPHERSUITE_SHORT_TAG,
635 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]636 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
637 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]638 0,
639 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]640 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
641 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]642 MBEDTLS_CIPHERSUITE_SHORT_TAG,
643 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]644#endif /* MBEDTLS_SSL_HAVE_CCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]645#endif /* MBEDTLS_SSL_HAVE_AES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]646
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]647#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
648#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]649#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]650 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
651 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]652 0,
653 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]654
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]655 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
656 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]657 0,
658 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]659#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]660
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]661#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]662 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
663 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]664 0,
665 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]666
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]667 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
668 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]669 0,
670 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]671#endif /* MBEDTLS_MD_CAN_SHA1 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]672#endif /* MBEDTLS_SSL_HAVE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]673#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]674#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]675 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
676 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]677 0,
678 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]679#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]680
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]681#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]682 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
683 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]684 0,
685 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]686#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]687#endif /* MBEDTLS_SSL_HAVE_GCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]688#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]689
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]690#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]691
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]692#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]693#if defined(MBEDTLS_SSL_HAVE_AES)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]694#if defined(MBEDTLS_MD_CAN_SHA384) && \
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]695 defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]696 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
697 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]698 0,
699 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]700#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]701
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]702#if defined(MBEDTLS_MD_CAN_SHA256)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]703#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]704 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
705 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]706 0,
707 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]708#endif /* MBEDTLS_SSL_HAVE_GCM */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]709
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]710#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]711 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
712 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]713 0,
714 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]715
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]716 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
717 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]718 0,
719 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]720#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]721#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]722
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]723#if defined(MBEDTLS_MD_CAN_SHA1)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]724#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]725 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
726 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]727 0,
728 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]729
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]730 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
731 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]732 0,
733 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]734#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]735#endif /* MBEDTLS_MD_CAN_SHA1 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]736#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]737 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
738 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]739 0,
740 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]741 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
742 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]743 MBEDTLS_CIPHERSUITE_SHORT_TAG,
744 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]745 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
746 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]747 0,
748 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]749 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
750 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]751 MBEDTLS_CIPHERSUITE_SHORT_TAG,
752 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]753#endif /* MBEDTLS_SSL_HAVE_CCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]754#endif /* MBEDTLS_SSL_HAVE_AES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]755
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]756#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
757#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]758#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]759 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
760 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]761 0,
762 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]763
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]764 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
765 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]766 0,
767 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]768#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]769
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]770#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]771 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
772 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]773 0,
774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]775
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]776 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
777 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]778 0,
779 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]780#endif /* MBEDTLS_MD_CAN_SHA1 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]781#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]782
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]783#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]784#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]785 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
786 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]787 0,
788 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]789#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]790
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]791#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]792 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
793 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]794 0,
795 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]796#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]797#endif /* MBEDTLS_SSL_HAVE_GCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]798#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]799
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]800#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]801
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]802#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]803#if defined(MBEDTLS_SSL_HAVE_AES)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]804#if defined(MBEDTLS_MD_CAN_SHA1)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]805#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]806 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
807 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]808 0,
809 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]810 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
811 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]812 0,
813 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]814#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]815#endif /* MBEDTLS_MD_CAN_SHA1 */
816#if defined(MBEDTLS_MD_CAN_SHA256)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]817#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]818 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
819 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]820 0,
821 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]822#endif /* MBEDTLS_SSL_HAVE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]823#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]824 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
825 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]826 0,
827 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]828#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]829#endif /* MBEDTLS_MD_CAN_SHA256 */
830#if defined(MBEDTLS_MD_CAN_SHA384)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]831#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]832 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
833 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]834 0,
835 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]836#endif /* MBEDTLS_SSL_HAVE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]837#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]838 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
839 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]840 0,
841 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]842#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]843#endif /* MBEDTLS_MD_CAN_SHA384 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]844#endif /* MBEDTLS_SSL_HAVE_AES */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]845
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]846#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
847#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]848#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]849 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
850 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]851 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]852 0,
853 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]854#endif /* MBEDTLS_MD_CAN_SHA256 */
855#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]856 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
857 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]858 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]859 0,
860 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]861#endif /* MBEDTLS_MD_CAN_SHA384 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]862#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]863
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]864#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]865#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]866 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
867 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]868 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]869 0,
870 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]871#endif /* MBEDTLS_MD_CAN_SHA256 */
872#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]873 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
874 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]875 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]876 0,
877 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]878#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]879#endif /* MBEDTLS_SSL_HAVE_GCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]880#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]881
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]882#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]883#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]884 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
885 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]886 MBEDTLS_CIPHERSUITE_WEAK,
887 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]888#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]889#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
890#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]891
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]892#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]893#if defined(MBEDTLS_SSL_HAVE_AES)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]894#if defined(MBEDTLS_MD_CAN_SHA1)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]895#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]896 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
897 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]898 0,
899 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]900 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
901 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]902 0,
903 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]904#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]905#endif /* MBEDTLS_MD_CAN_SHA1 */
906#if defined(MBEDTLS_MD_CAN_SHA256)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]907#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]908 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
909 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]910 0,
911 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]912#endif /* MBEDTLS_SSL_HAVE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]913#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]914 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
915 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]916 0,
917 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]918#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]919#endif /* MBEDTLS_MD_CAN_SHA256 */
920#if defined(MBEDTLS_MD_CAN_SHA384)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]921#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]922 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
923 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]924 0,
925 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]926#endif /* MBEDTLS_SSL_HAVE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]927#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]928 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
929 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]930 0,
931 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]932#endif /* MBEDTLS_SSL_HAVE_GCM */
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]933#endif /* MBEDTLS_MD_CAN_SHA384 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]934#endif /* MBEDTLS_SSL_HAVE_AES */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]935
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]936#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
937#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]938#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]939 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
940 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]941 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]942 0,
943 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]944#endif /* MBEDTLS_MD_CAN_SHA256 */
945#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]946 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
947 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]948 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]949 0,
950 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]951#endif /* MBEDTLS_MD_CAN_SHA384 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]952#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]953
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]954#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]955#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]956 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
957 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]958 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]959 0,
960 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]961#endif /* MBEDTLS_MD_CAN_SHA256 */
962#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]963 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
964 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]965 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]966 0,
967 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]968#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]969#endif /* MBEDTLS_SSL_HAVE_GCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]970#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]971
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]972#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]973#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]974 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
975 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]976 MBEDTLS_CIPHERSUITE_WEAK,
977 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]978#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]979#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
980#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]981
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]982#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]983#if defined(MBEDTLS_SSL_HAVE_AES)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]984#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]985#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]986 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
987 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]988 0,
989 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]990#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]991
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]992#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]993 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
994 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]995 0,
996 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]997#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]998#endif /* MBEDTLS_SSL_HAVE_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]999
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1000#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1001#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1002 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
1003 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1004 0,
1005 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1006#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1007
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1008#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1009 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1010 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1011 0,
1012 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1013#endif /* MBEDTLS_MD_CAN_SHA384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1014
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1015#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1016 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1017 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1018 0,
1019 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1020
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1021 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1022 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1023 0,
1024 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1025#endif /* MBEDTLS_MD_CAN_SHA1 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1026#endif /* MBEDTLS_SSL_HAVE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1027#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1028 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1029 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1030 0,
1031 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1032 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1033 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1034 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1035 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1036 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1037 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1038 0,
1039 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1040 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1041 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1042 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1043 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1044#endif /* MBEDTLS_SSL_HAVE_CCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1045#endif /* MBEDTLS_SSL_HAVE_AES */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1046
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1047#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1048#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1049#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1050 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1051 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1052 0,
1053 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1054#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1055
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1056#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1057 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1058 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1059 0,
1060 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1061#endif /* MBEDTLS_MD_CAN_SHA384 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1062#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1063
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1064#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1065#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1066 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1067 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1068 0,
1069 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1070#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1071
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1072#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1073 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1074 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1075 0,
1076 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1077#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1078#endif /* MBEDTLS_SSL_HAVE_GCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1079#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1080
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1081#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1082
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1083#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1084#if defined(MBEDTLS_SSL_HAVE_AES)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1085#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1086#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1087 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1088 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1089 0,
1090 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1091#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1092
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1093#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1094 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1095 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1096 0,
1097 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1098#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1099#endif /* MBEDTLS_SSL_HAVE_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1100
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1101#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1102#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1103 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1104 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1105 0,
1106 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1107#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1108
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1109#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1110 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1111 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1112 0,
1113 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1114#endif /* MBEDTLS_MD_CAN_SHA384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1115
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1116#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1117 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1118 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1119 0,
1120 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1121
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1122 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1123 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1124 0,
1125 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1126#endif /* MBEDTLS_MD_CAN_SHA1 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1127#endif /* MBEDTLS_SSL_HAVE_CBC */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1128#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1129 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1130 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1131 0,
1132 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1133 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1134 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1135 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1136 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1137 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1138 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1139 0,
1140 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1141 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1142 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1143 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1144 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1145#endif /* MBEDTLS_SSL_HAVE_CCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1146#endif /* MBEDTLS_SSL_HAVE_AES */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1147
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1148#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1149#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1150#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1151 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1152 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1153 0,
1154 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1155#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1156
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1157#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1158 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1159 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1160 0,
1161 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1162#endif /* MBEDTLS_MD_CAN_SHA384 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1163#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1164
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1165#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1166#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1167 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1168 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1169 0,
1170 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1171#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1172
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1173#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1174 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1175 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1176 0,
1177 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1178#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1179#endif /* MBEDTLS_SSL_HAVE_GCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1180#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1181
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1182#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1183
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1184#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1185#if defined(MBEDTLS_SSL_HAVE_AES)
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1186
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1187#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1188#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1189 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1190 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1191 0,
1192 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1193#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1194
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1195#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1196 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1197 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1198 0,
1199 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1200#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1201
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1202#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1203 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1204 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1205 0,
1206 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1207
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1208 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1209 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1210 0,
1211 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1212#endif /* MBEDTLS_MD_CAN_SHA1 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1213#endif /* MBEDTLS_SSL_HAVE_CBC */
1214#endif /* MBEDTLS_SSL_HAVE_AES */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1215
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1216#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1217#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1218#if defined(MBEDTLS_MD_CAN_SHA256)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1219 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1220 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1221 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1222 0,
1223 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1224#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1225
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1226#if defined(MBEDTLS_MD_CAN_SHA384)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1227 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1228 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1229 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1230 0,
1231 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1232#endif /* MBEDTLS_MD_CAN_SHA384 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1233#endif /* MBEDTLS_SSL_HAVE_CBC */
1234#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1235
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1236#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1237
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1238#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1239#if defined(MBEDTLS_SSL_HAVE_AES)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1240#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1241#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1242 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1243 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1244 0,
1245 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1246#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1247
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1248#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1249 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1250 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1251 0,
1252 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1253#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1254#endif /* MBEDTLS_SSL_HAVE_GCM */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1255
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1256#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1257#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1258 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1259 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1260 0,
1261 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1262#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1263
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1264#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1265 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1266 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1267 0,
1268 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1269#endif /* MBEDTLS_MD_CAN_SHA384 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]1270
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1271#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1272 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1273 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1274 0,
1275 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1276
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1277 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1278 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1279 0,
1280 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1281#endif /* MBEDTLS_MD_CAN_SHA1 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1282#endif /* MBEDTLS_SSL_HAVE_CBC */
1283#endif /* MBEDTLS_SSL_HAVE_AES */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1284
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1285#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1286#if defined(MBEDTLS_SSL_HAVE_CBC)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1287#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1288 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1289 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1290 0,
1291 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1292#endif /* MBEDTLS_MD_CAN_SHA256 */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1293
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1294#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1295 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1296 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1297 0,
1298 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1299#endif /* MBEDTLS_MD_CAN_SHA384 */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1300#endif /* MBEDTLS_SSL_HAVE_CBC */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1301
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1302#if defined(MBEDTLS_SSL_HAVE_GCM)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1303#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1304 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1305 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1306 0,
1307 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1308#endif /* MBEDTLS_MD_CAN_SHA256 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]1309
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1310#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1311 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1312 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1313 0,
1314 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1315#endif /* MBEDTLS_MD_CAN_SHA384 */
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1316#endif /* MBEDTLS_SSL_HAVE_GCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1317#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]1318
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1319#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]1320
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1321#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1322#if defined(MBEDTLS_SSL_HAVE_AES)
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1323#if defined(MBEDTLS_SSL_HAVE_CCM)
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1324 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1325 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1326 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1327 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Valerio Settie5707042023-10-11 11:54:42 +0200[diff] [blame]1328#endif /* MBEDTLS_SSL_HAVE_CCM */
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1329#endif /* MBEDTLS_SSL_HAVE_AES */
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]1330#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1331
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1332#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1333#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1334#if defined(MBEDTLS_MD_CAN_MD5)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1335 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1336 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1337 MBEDTLS_CIPHERSUITE_WEAK,
1338 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1339#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1340
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1341#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1342 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1343 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1344 MBEDTLS_CIPHERSUITE_WEAK,
1345 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1346#endif
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1347
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1348#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1349 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1350 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1351 MBEDTLS_CIPHERSUITE_WEAK,
1352 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard057e0cf2013-10-14 14:19:31 +0200[diff] [blame]1353#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1354#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1355
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1356#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1357#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1358 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1359 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1360 MBEDTLS_CIPHERSUITE_WEAK,
1361 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1362#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1363
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1364#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1365 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1366 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1367 MBEDTLS_CIPHERSUITE_WEAK,
1368 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1369#endif
1370
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1371#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1372 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1373 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1374 MBEDTLS_CIPHERSUITE_WEAK,
1375 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1376#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1377#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1378
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1379#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1380#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1381 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1382 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1383 MBEDTLS_CIPHERSUITE_WEAK,
1384 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1385#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1386
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1387#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1388 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1389 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1390 MBEDTLS_CIPHERSUITE_WEAK,
1391 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1392#endif
1393
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1394#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1395 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1396 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1397 MBEDTLS_CIPHERSUITE_WEAK,
1398 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1399#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1400#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1401
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1402#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1403#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1404 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1405 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1406 MBEDTLS_CIPHERSUITE_WEAK,
1407 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1408#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1409
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1410#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1411 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1412 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1413 MBEDTLS_CIPHERSUITE_WEAK,
1414 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1415#endif
1416
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1417#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1418 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1419 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1420 MBEDTLS_CIPHERSUITE_WEAK,
1421 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1422#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1423#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]1424
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1425#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1426#if defined(MBEDTLS_MD_CAN_SHA1)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1427 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1428 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1429 MBEDTLS_CIPHERSUITE_WEAK,
1430 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1431#endif /* MBEDTLS_MD_CAN_SHA1 */
Manuel Pégourié-Gonnardef0eb1e2013-10-14 19:29:19 +0200[diff] [blame]1432
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1433#if defined(MBEDTLS_MD_CAN_SHA256)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1434 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1435 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1436 MBEDTLS_CIPHERSUITE_WEAK,
1437 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnard98d9a2c2013-10-25 18:03:18 +0200[diff] [blame]1438#endif
Manuel Pégourié-Gonnardef0eb1e2013-10-14 19:29:19 +0200[diff] [blame]1439
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1440#if defined(MBEDTLS_MD_CAN_SHA384)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1441 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1442 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1443 MBEDTLS_CIPHERSUITE_WEAK,
1444 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1445#endif /* MBEDTLS_MD_CAN_SHA384 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1446#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1447#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]1448
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1449#if defined(MBEDTLS_SSL_HAVE_ARIA)
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1450
1451#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1452
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1453#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1454 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1455 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1456 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1457 0,
1458 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1459#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1460#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1461 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1462 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1463 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1464 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1465 0,
1466 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1467#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1468#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1469 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1470 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1471 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1472 0,
1473 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1474#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1475#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1476 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1477 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1478 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1479 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1480 0,
1481 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1482#endif
1483
1484#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1485
1486#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1487
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1488#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1489 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1490 "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1491 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1492 0,
1493 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1494#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1495#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1496 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1497 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1498 "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1499 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1500 0,
1501 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1502#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1503#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1504 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1505 "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1506 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1507 0,
1508 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1509#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1510#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1511 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1512 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1513 "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1514 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1515 0,
1516 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1517#endif
1518
1519#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1520
1521#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1522
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1523#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1524 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1525 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1526 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1527 0,
1528 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1529#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1530#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1531 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1532 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1533 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1534 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1535 0,
1536 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1537#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1538#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1539 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1540 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1541 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1542 0,
1543 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1544#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1545#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1546 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1547 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1548 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1549 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1550 0,
1551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1552#endif
1553
1554#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1555
1556#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1557
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1558#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1559 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1560 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1561 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1562 0,
1563 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1564#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1565#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1566 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1567 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1568 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1569 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1570 0,
1571 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1572#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1573#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1574 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1575 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1576 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1577 0,
1578 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1579#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1580#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1581 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1582 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1583 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1584 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1585 0,
1586 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1587#endif
1588
1589#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1590
1591#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1592
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1593#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1594 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1595 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1596 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1597 0,
1598 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1599#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1600#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1601 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1602 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1603 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1604 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1605 0,
1606 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1607#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1608#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1609 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1610 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1611 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1612 0,
1613 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1614#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1615#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1616 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1617 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1618 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1619 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1620 0,
1621 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1622#endif
1623
1624#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1625
1626#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1627
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1628#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1629 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1630 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1631 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1632 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1633 0,
1634 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1635#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1636#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1637 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1638 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1639 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1640 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1641 0,
1642 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1643#endif
1644
1645#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1646
1647#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1648
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1649#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1650 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1651 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1652 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1653 0,
1654 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1655#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1656#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1657 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1658 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1659 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1660 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1661 0,
1662 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1663#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1664#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1665 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1666 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1667 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1668 0,
1669 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1670#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1671#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1672 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1673 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1674 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1675 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1676 0,
1677 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1678#endif
1679
1680#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1681
1682#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1683
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1684#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1685 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1686 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1687 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1688 0,
1689 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1690#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1691#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1692 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1693 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1694 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1695 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1696 0,
1697 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1698#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1699#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1700 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1701 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1702 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1703 0,
1704 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1705#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1706#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1707 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1708 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1709 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1710 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1711 0,
1712 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1713#endif
1714
1715#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1716
1717#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1718
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1719#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1720 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1721 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1722 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1723 0,
1724 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1725#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1726#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1727 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1728 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1729 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1730 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1731 0,
1732 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1733#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1734#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1735 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1736 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1737 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1738 0,
1739 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1740#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1741#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1742 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1743 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1744 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1745 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1746 0,
1747 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1748#endif
1749
1750#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1751
1752#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1753
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1754#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1755 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1756 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1757 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1758 0,
1759 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1760#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1761#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1762 defined(MBEDTLS_MD_CAN_SHA384))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1763 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1764 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1765 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1766 0,
1767 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1768#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1769#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1770 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1771 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1772 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1773 0,
1774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1775#endif
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1776#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
Manuel Pégourié-Gonnardbef824d2023-03-17 12:50:01 +0100[diff] [blame]1777 defined(MBEDTLS_MD_CAN_SHA256))
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1778 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1779 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1780 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1781 0,
1782 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1783#endif
1784
1785#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1786
Pengyu Lv829dd202023-11-08 12:01:26 +0800[diff] [blame]1787#endif /* MBEDTLS_SSL_HAVE_ARIA */
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]1788
1789
Manuel Pégourié-Gonnarda2733712015-02-10 17:32:14 +0100[diff] [blame]1790 { 0, "",
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1791 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
Glenn Strauss60bfe602022-03-14 19:04:24 -0400[diff] [blame]1792 0, 0, 0 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1793};
1794
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1795#if defined(MBEDTLS_SSL_CIPHERSUITES)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1796const int *mbedtls_ssl_list_ciphersuites(void)
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1797{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1798 return ciphersuite_preference;
Manuel Pégourié-Gonnarddfc7df02014-06-30 17:59:55 +0200[diff] [blame]1799}
1800#else
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1801#define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
1802 sizeof(ciphersuite_definitions[0])
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1803static int supported_ciphersuites[MAX_CIPHERSUITES];
1804static int supported_init = 0;
1805
Manuel Pégourié-Gonnarda3115dc2022-06-17 10:52:54 +0200[diff] [blame]1806MBEDTLS_CHECK_RETURN_CRITICAL
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1807static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1808{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1809 (void) cs_info;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1810
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1811 return 0;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1812}
1813
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1814const int *mbedtls_ssl_list_ciphersuites(void)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1815{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1816 /*
1817 * On initial call filter out all ciphersuites not supported by current
1818 * build based on presence in the ciphersuite_definitions.
1819 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1820 if (supported_init == 0) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1821 const int *p;
1822 int *q;
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1823
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1824 for (p = ciphersuite_preference, q = supported_ciphersuites;
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1825 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1826 p++) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1827 const mbedtls_ssl_ciphersuite_t *cs_info;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1828 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1829 !ciphersuite_is_removed(cs_info)) {
Manuel Pégourié-Gonnard791684c2014-06-30 17:38:22 +0200[diff] [blame]1830 *(q++) = *p;
Andres Amaya Garcia4a512282018-10-30 18:21:41 +0000[diff] [blame]1831 }
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1832 }
Manuel Pégourié-Gonnardbc4b7f02013-09-07 15:04:26 +0200[diff] [blame]1833 *q = 0;
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]1834
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]1835 supported_init = 1;
1836 }
1837
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1838 return supported_ciphersuites;
Manuel Pégourié-Gonnardf78e4de2015-05-29 10:52:14 +0200[diff] [blame]1839}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1840#endif /* MBEDTLS_SSL_CIPHERSUITES */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1841
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1842const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1843 const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1844{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1845 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1846
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1847 if (NULL == ciphersuite_name) {
1848 return NULL;
1849 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1850
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1851 while (cur->id != 0) {
1852 if (0 == strcmp(cur->name, ciphersuite_name)) {
1853 return cur;
1854 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1855
1856 cur++;
1857 }
1858
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1859 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1860}
1861
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1862const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1863{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1864 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1865
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1866 while (cur->id != 0) {
1867 if (cur->id == ciphersuite) {
1868 return cur;
1869 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1870
1871 cur++;
1872 }
1873
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1874 return NULL;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1875}
1876
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1877const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1878{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1879 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1880
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1881 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1882
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1883 if (cur == NULL) {
1884 return "unknown";
1885 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1886
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1887 return cur->name;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1888}
1889
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1890int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1891{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1892 const mbedtls_ssl_ciphersuite_t *cur;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1893
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1894 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1895
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1896 if (cur == NULL) {
1897 return 0;
1898 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1899
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1900 return cur->id;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1901}
1902
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1903size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1904{
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1905#if defined(MBEDTLS_USE_PSA_CRYPTO)
1906 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1907 psa_key_type_t key_type;
1908 psa_algorithm_t alg;
1909 size_t key_bits;
1910
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1911 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1912 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1913 &alg, &key_type, &key_bits);
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1914
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1915 if (status != PSA_SUCCESS) {
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1916 return 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1917 }
Neil Armstrong801abb62022-05-04 17:38:10 +0200[diff] [blame]1918
1919 return key_bits;
Neil Armstrong689557c2022-05-12 08:30:59 +0200[diff] [blame]1920#else
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1921 const mbedtls_cipher_info_t * const cipher_info =
Agathiyan Bragadeesh8b52b882023-07-13 13:12:40 +0100[diff] [blame]1922 mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher);
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1923
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1924 return mbedtls_cipher_info_get_key_bitlen(cipher_info);
Neil Armstrong689557c2022-05-12 08:30:59 +0200[diff] [blame]1925#endif /* MBEDTLS_USE_PSA_CRYPTO */
Glenn Strauss8f526902022-01-13 00:04:49 -0500[diff] [blame]1926}
1927
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1928#if defined(MBEDTLS_PK_C)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1929mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1930{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1931 switch (info->key_exchange) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1932 case MBEDTLS_KEY_EXCHANGE_RSA:
1933 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1934 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1935 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1936 return MBEDTLS_PK_RSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1937
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1938 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1939 return MBEDTLS_PK_ECDSA;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1940
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1941 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1942 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1943 return MBEDTLS_PK_ECKEY;
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]1944
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1945 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1946 return MBEDTLS_PK_NONE;
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]1947 }
1948}
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1949
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1950#if defined(MBEDTLS_USE_PSA_CRYPTO)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1951psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1952{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1953 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1954 case MBEDTLS_KEY_EXCHANGE_RSA:
1955 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1956 return PSA_ALG_RSA_PKCS1V15_CRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1957 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1958 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1959 return PSA_ALG_RSA_PKCS1V15_SIGN(
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1960 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1961
1962 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Dave Rodgman2eab4622023-10-05 13:30:37 +0100[diff] [blame]1963 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1964
1965 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1966 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1967 return PSA_ALG_ECDH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1968
1969 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1970 return PSA_ALG_NONE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1971 }
1972}
1973
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1974psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1975{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1976 switch (info->key_exchange) {
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1977 case MBEDTLS_KEY_EXCHANGE_RSA:
1978 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1979 return PSA_KEY_USAGE_DECRYPT;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1980 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1981 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1982 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1983 return PSA_KEY_USAGE_SIGN_HASH;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1984
1985 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1986 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1987 return PSA_KEY_USAGE_DERIVE;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1988
1989 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1990 return 0;
Neil Armstrong0c9c10a2022-05-12 14:15:06 +0200[diff] [blame]1991 }
1992}
1993#endif /* MBEDTLS_USE_PSA_CRYPTO */
1994
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1995mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1996{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1997 switch (info->key_exchange) {
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]1998 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1999 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2000 return MBEDTLS_PK_RSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2001
2002 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2003 return MBEDTLS_PK_ECDSA;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2004
2005 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2006 return MBEDTLS_PK_NONE;
Hanno Becker7e5437a2017-04-28 17:15:26 +0100[diff] [blame]2007 }
2008}
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2009
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2010#endif /* MBEDTLS_PK_C */
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]2011
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]2012#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]2013 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]2014 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2015int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2016{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2017 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2018 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2019 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2020 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2021 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
2022 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Ron Eldor755bb6a2018-02-14 19:30:48 +0200[diff] [blame]2023 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2024 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2025
2026 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2027 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2028 }
2029}
Valerio Setti7aeec542023-07-05 18:57:21 +0200[diff] [blame]2030#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
Valerio Settie9646ec2023-08-02 20:02:28 +0200[diff] [blame]2031 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
Valerio Setti45d56f32023-07-13 17:23:20 +0200[diff] [blame]2032 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2033
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]2034#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2035int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2036{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2037 switch (info->key_exchange) {
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2038 case MBEDTLS_KEY_EXCHANGE_PSK:
2039 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
2040 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
2041 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2042 return 1;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2043
2044 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2045 return 0;
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2046 }
2047}
Gilles Peskineeccd8882020-03-10 12:19:08 +0100[diff] [blame]2048#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
Hanno Beckerd300a572017-06-20 14:31:29 +0100[diff] [blame]2049
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2050#endif /* MBEDTLS_SSL_TLS_C */