• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /**
2  * \file ssl_ciphersuites.c
3  *
4  * \brief SSL ciphersuites for mbed TLS
5  *
6  *  Copyright The Mbed TLS Contributors
7  *  SPDX-License-Identifier: Apache-2.0
8  *
9  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
10  *  not use this file except in compliance with the License.
11  *  You may obtain a copy of the License at
12  *
13  *  http://www.apache.org/licenses/LICENSE-2.0
14  *
15  *  Unless required by applicable law or agreed to in writing, software
16  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  *  See the License for the specific language governing permissions and
19  *  limitations under the License.
20  */
21 
22 #include "common.h"
23 
24 #if defined(MBEDTLS_SSL_TLS_C)
25 
26 #include "mbedtls/platform.h"
27 
28 #include "mbedtls/ssl_ciphersuites.h"
29 #include "mbedtls/ssl.h"
30 #include "ssl_misc.h"
31 
32 #include "mbedtls/legacy_or_psa.h"
33 
34 #include <string.h>
35 
36 /*
37  * Ordered from most preferred to least preferred in terms of security.
38  *
39  * Current rule (except weak and null which come last):
40  * 1. By key exchange:
41  *    Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
42  * 2. By key length and cipher:
43  *    ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
44  * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
45  * 4. By hash function used when relevant
46  * 5. By key exchange/auth again: EC > non-EC
47  */
48 static const int ciphersuite_preference[] =
49 {
50 #if defined(MBEDTLS_SSL_CIPHERSUITES)
51     MBEDTLS_SSL_CIPHERSUITES,
52 #else
53 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
54     /* TLS 1.3 ciphersuites */
55     MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
56     MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
57     MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
58     MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
59     MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
60 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
61 
62     /* Chacha-Poly ephemeral suites */
63     MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
64     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
65     MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
66 
67     /* All AES-256 ephemeral suites */
68     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
69     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
70     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
71     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
72     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
73     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
74     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
75     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
76     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
77     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
78     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
79     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
80     MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
81 
82     /* All CAMELLIA-256 ephemeral suites */
83     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
84     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
85     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
86     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
87     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
88     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
89     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
90 
91     /* All ARIA-256 ephemeral suites */
92     MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
93     MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
94     MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
95     MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
96     MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
97     MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
98 
99     /* All AES-128 ephemeral suites */
100     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
101     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
102     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
103     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
104     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
105     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
106     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
107     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
108     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
109     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
110     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
111     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
112     MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
113 
114     /* All CAMELLIA-128 ephemeral suites */
115     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
116     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
117     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
118     MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
119     MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
120     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
121     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
122 
123     /* All ARIA-128 ephemeral suites */
124     MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
125     MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
126     MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
127     MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
128     MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
129     MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
130 
131     /* The PSK ephemeral suites */
132     MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
133     MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
134     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
135     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
136     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
137     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
138     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
139     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
140     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
141     MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
142     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
143     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
144     MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
145     MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
146     MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
147 
148     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
149     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
150     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
151     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
152     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
153     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
154     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
155     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
156     MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
157     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
158     MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
159     MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
160     MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
161 
162     /* The ECJPAKE suite */
163     MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
164 
165     /* All AES-256 suites */
166     MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
167     MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
168     MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
169     MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
170     MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
171     MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
172     MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
173     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
174     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
175     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
176     MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
177 
178     /* All CAMELLIA-256 suites */
179     MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
180     MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
181     MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
182     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
183     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
184     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
185     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
186 
187     /* All ARIA-256 suites */
188     MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
189     MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
190     MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
191     MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
192     MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
193     MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
194 
195     /* All AES-128 suites */
196     MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
197     MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
198     MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
199     MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
200     MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
201     MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
202     MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
203     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
204     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
205     MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
206     MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
207 
208     /* All CAMELLIA-128 suites */
209     MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
210     MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
211     MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
212     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
213     MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
214     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
215     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
216 
217     /* All ARIA-128 suites */
218     MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
219     MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
220     MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
221     MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
222     MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
223     MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
224 
225     /* The RSA PSK suites */
226     MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
227     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
228     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
229     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
230     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
231     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
232     MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
233     MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
234 
235     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
236     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
237     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
238     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
239     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
240     MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
241     MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
242 
243     /* The PSK suites */
244     MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
245     MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
246     MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
247     MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
248     MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
249     MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
250     MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
251     MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
252     MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
253     MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
254 
255     MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
256     MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
257     MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
258     MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
259     MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
260     MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
261     MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
262     MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
263     MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
264 
265     /* NULL suites */
266     MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
267     MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
268     MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
269     MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
270     MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
271     MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
272     MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
273     MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
274 
275     MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
276     MBEDTLS_TLS_RSA_WITH_NULL_SHA,
277     MBEDTLS_TLS_RSA_WITH_NULL_MD5,
278     MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
279     MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
280     MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
281     MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
282     MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
283     MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
284     MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
285     MBEDTLS_TLS_PSK_WITH_NULL_SHA,
286 
287 #endif /* MBEDTLS_SSL_CIPHERSUITES */
288     0
289 };
290 
291 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
292 {
293 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
294 #if defined(MBEDTLS_AES_C)
295 #if defined(MBEDTLS_GCM_C)
296 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
297     { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
298       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
299       MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
300       0,
301       MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
302 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
303 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
304     { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
305       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
306       MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
307       0,
308       MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
309 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
310 #endif /* MBEDTLS_GCM_C */
311 #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
312     { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
313       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
314       MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
315       0,
316       MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
317     { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
318       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
319       MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
320       MBEDTLS_CIPHERSUITE_SHORT_TAG,
321       MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
322 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_CCM_C */
323 #endif /* MBEDTLS_AES_C */
324 #if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
325     { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
326       "TLS1-3-CHACHA20-POLY1305-SHA256",
327       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
328       MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
329       0,
330       MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
331 #endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
332 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
333 
334 #if defined(MBEDTLS_CHACHAPOLY_C) && \
335     defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
336     defined(MBEDTLS_SSL_PROTO_TLS1_2)
337 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
338     { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
339       "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
340       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
341       MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
342       0,
343       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
344 #endif
345 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
346     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
347       "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
348       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
349       MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
350       0,
351       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
352 #endif
353 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
354     { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
355       "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
356       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
357       MBEDTLS_KEY_EXCHANGE_DHE_RSA,
358       0,
359       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
360 #endif
361 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
362     { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
363       "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
364       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
365       MBEDTLS_KEY_EXCHANGE_PSK,
366       0,
367       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
368 #endif
369 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
370     { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
371       "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
372       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
373       MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
374       0,
375       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
376 #endif
377 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
378     { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
379       "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
380       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
381       MBEDTLS_KEY_EXCHANGE_DHE_PSK,
382       0,
383       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
384 #endif
385 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
386     { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
387       "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
388       MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
389       MBEDTLS_KEY_EXCHANGE_RSA_PSK,
390       0,
391       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
392 #endif
393 #endif /* MBEDTLS_CHACHAPOLY_C &&
394           MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA &&
395           MBEDTLS_SSL_PROTO_TLS1_2 */
396 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
397 #if defined(MBEDTLS_AES_C)
398 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
399 #if defined(MBEDTLS_CIPHER_MODE_CBC)
400     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
401       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
402       0,
403       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
404     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
405       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
406       0,
407       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
408 #endif /* MBEDTLS_CIPHER_MODE_CBC */
409 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
410 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
411 #if defined(MBEDTLS_CIPHER_MODE_CBC)
412     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
413       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
414       0,
415       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
416 #endif /* MBEDTLS_CIPHER_MODE_CBC */
417 #if defined(MBEDTLS_GCM_C)
418     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
419       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
420       0,
421       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
422 #endif /* MBEDTLS_GCM_C */
423 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
424 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
425 #if defined(MBEDTLS_CIPHER_MODE_CBC)
426     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
427       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
428       0,
429       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
430 #endif /* MBEDTLS_CIPHER_MODE_CBC */
431 #if defined(MBEDTLS_GCM_C)
432     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
433       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
434       0,
435       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
436 #endif /* MBEDTLS_GCM_C */
437 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
438 #if defined(MBEDTLS_CCM_C)
439     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
440       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
441       0,
442       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
443     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
444       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
445       MBEDTLS_CIPHERSUITE_SHORT_TAG,
446       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
447     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
448       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
449       0,
450       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
451     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
452       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
453       MBEDTLS_CIPHERSUITE_SHORT_TAG,
454       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
455 #endif /* MBEDTLS_CCM_C */
456 #endif /* MBEDTLS_AES_C */
457 
458 #if defined(MBEDTLS_CAMELLIA_C)
459 #if defined(MBEDTLS_CIPHER_MODE_CBC)
460 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
461     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
462       "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
463       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
464       0,
465       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
466 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
467 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
468     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
469       "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
470       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
471       0,
472       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
473 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
474 #endif /* MBEDTLS_CIPHER_MODE_CBC */
475 
476 #if defined(MBEDTLS_GCM_C)
477 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
478     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
479       "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
480       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
481       0,
482       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
483 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
484 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
485     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
486       "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
487       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
488       0,
489       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
490 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
491 #endif /* MBEDTLS_GCM_C */
492 #endif /* MBEDTLS_CAMELLIA_C */
493 
494 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
495 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
496     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
497       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
498       MBEDTLS_CIPHERSUITE_WEAK,
499       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
500 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
501 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
502 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
503 
504 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
505 #if defined(MBEDTLS_AES_C)
506 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
507 #if defined(MBEDTLS_CIPHER_MODE_CBC)
508     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
509       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
510       0,
511       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
512     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
513       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
514       0,
515       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
516 #endif /* MBEDTLS_CIPHER_MODE_CBC */
517 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
518 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
519 #if defined(MBEDTLS_CIPHER_MODE_CBC)
520     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
521       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
522       0,
523       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
524 #endif /* MBEDTLS_CIPHER_MODE_CBC */
525 #if defined(MBEDTLS_GCM_C)
526     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
527       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
528       0,
529       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
530 #endif /* MBEDTLS_GCM_C */
531 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
532 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
533 #if defined(MBEDTLS_CIPHER_MODE_CBC)
534     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
535       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
536       0,
537       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
538 #endif /* MBEDTLS_CIPHER_MODE_CBC */
539 #if defined(MBEDTLS_GCM_C)
540     { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
541       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
542       0,
543       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
544 #endif /* MBEDTLS_GCM_C */
545 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
546 #endif /* MBEDTLS_AES_C */
547 
548 #if defined(MBEDTLS_CAMELLIA_C)
549 #if defined(MBEDTLS_CIPHER_MODE_CBC)
550 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
551     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
552       "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
553       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
554       0,
555       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
556 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
557 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
558     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
559       "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
560       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
561       0,
562       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
563 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
564 #endif /* MBEDTLS_CIPHER_MODE_CBC */
565 
566 #if defined(MBEDTLS_GCM_C)
567 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
568     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
569       "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
570       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
571       0,
572       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
573 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
574 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
575     { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
576       "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
577       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
578       0,
579       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
580 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
581 #endif /* MBEDTLS_GCM_C */
582 #endif /* MBEDTLS_CAMELLIA_C */
583 
584 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
585 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
586     { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
587       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
588       MBEDTLS_CIPHERSUITE_WEAK,
589       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
590 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
591 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
592 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
593 
594 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
595 #if defined(MBEDTLS_AES_C)
596 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
597     defined(MBEDTLS_GCM_C)
598     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
599       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
600       0,
601       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
602 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_GCM_C */
603 
604 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
605 #if defined(MBEDTLS_GCM_C)
606     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
607       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
608       0,
609       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
610 #endif /* MBEDTLS_GCM_C */
611 
612 #if defined(MBEDTLS_CIPHER_MODE_CBC)
613     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
614       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
615       0,
616       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
617 
618     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
619       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
620       0,
621       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
622 #endif /* MBEDTLS_CIPHER_MODE_CBC */
623 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
624 
625 #if defined(MBEDTLS_CIPHER_MODE_CBC)
626 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
627     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
628       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
629       0,
630       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
631 
632     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
633       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
634       0,
635       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
636 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
637 #endif /* MBEDTLS_CIPHER_MODE_CBC */
638 #if defined(MBEDTLS_CCM_C)
639     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
640       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
641       0,
642       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
643     { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
644       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
645       MBEDTLS_CIPHERSUITE_SHORT_TAG,
646       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
647     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
648       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
649       0,
650       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
651     { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
652       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
653       MBEDTLS_CIPHERSUITE_SHORT_TAG,
654       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
655 #endif /* MBEDTLS_CCM_C */
656 #endif /* MBEDTLS_AES_C */
657 
658 #if defined(MBEDTLS_CAMELLIA_C)
659 #if defined(MBEDTLS_CIPHER_MODE_CBC)
660 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
661     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
662       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
663       0,
664       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
665 
666     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
667       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
668       0,
669       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
670 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
671 
672 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
673     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
674       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
675       0,
676       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
677 
678     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
679       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
680       0,
681       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
682 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
683 #endif /* MBEDTLS_CIPHER_MODE_CBC */
684 #if defined(MBEDTLS_GCM_C)
685 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
686     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
687       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
688       0,
689       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
690 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
691 
692 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
693     { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
694       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
695       0,
696       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
697 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
698 #endif /* MBEDTLS_GCM_C */
699 #endif /* MBEDTLS_CAMELLIA_C */
700 
701 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
702 
703 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
704 #if defined(MBEDTLS_AES_C)
705 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
706     defined(MBEDTLS_GCM_C)
707     { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
708       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
709       0,
710       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
711 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_GCM_C */
712 
713 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
714 #if defined(MBEDTLS_GCM_C)
715     { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
716       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
717       0,
718       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
719 #endif /* MBEDTLS_GCM_C */
720 
721 #if defined(MBEDTLS_CIPHER_MODE_CBC)
722     { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
723       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
724       0,
725       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
726 
727     { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
728       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
729       0,
730       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
731 #endif /* MBEDTLS_CIPHER_MODE_CBC */
732 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
733 
734 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
735 #if defined(MBEDTLS_CIPHER_MODE_CBC)
736     { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
737       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
738       0,
739       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
740 
741     { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
742       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
743       0,
744       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
745 #endif /* MBEDTLS_CIPHER_MODE_CBC */
746 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
747 #if defined(MBEDTLS_CCM_C)
748     { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
749       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
750       0,
751       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
752     { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
753       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
754       MBEDTLS_CIPHERSUITE_SHORT_TAG,
755       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
756     { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
757       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
758       0,
759       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
760     { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
761       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
762       MBEDTLS_CIPHERSUITE_SHORT_TAG,
763       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
764 #endif /* MBEDTLS_CCM_C */
765 #endif /* MBEDTLS_AES_C */
766 
767 #if defined(MBEDTLS_CAMELLIA_C)
768 #if defined(MBEDTLS_CIPHER_MODE_CBC)
769 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
770     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
771       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
772       0,
773       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
774 
775     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
776       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
777       0,
778       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
779 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
780 
781 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
782     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
783       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
784       0,
785       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
786 
787     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
788       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
789       0,
790       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
791 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
792 #endif /* MBEDTLS_CIPHER_MODE_CBC */
793 
794 #if defined(MBEDTLS_GCM_C)
795 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
796     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
797       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
798       0,
799       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
800 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
801 
802 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
803     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
804       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
805       0,
806       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
807 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
808 #endif /* MBEDTLS_GCM_C */
809 #endif /* MBEDTLS_CAMELLIA_C */
810 
811 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
812 
813 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
814 #if defined(MBEDTLS_AES_C)
815 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
816 #if defined(MBEDTLS_CIPHER_MODE_CBC)
817     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
818       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
819       0,
820       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
821     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
822       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
823       0,
824       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
825 #endif /* MBEDTLS_CIPHER_MODE_CBC */
826 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
827 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
828 #if defined(MBEDTLS_CIPHER_MODE_CBC)
829     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
830       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
831       0,
832       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
833 #endif /* MBEDTLS_CIPHER_MODE_CBC */
834 #if defined(MBEDTLS_GCM_C)
835     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
836       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
837       0,
838       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
839 #endif /* MBEDTLS_GCM_C */
840 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
841 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
842 #if defined(MBEDTLS_CIPHER_MODE_CBC)
843     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
844       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
845       0,
846       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
847 #endif /* MBEDTLS_CIPHER_MODE_CBC */
848 #if defined(MBEDTLS_GCM_C)
849     { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
850       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
851       0,
852       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
853 #endif /* MBEDTLS_GCM_C */
854 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
855 #endif /* MBEDTLS_AES_C */
856 
857 #if defined(MBEDTLS_CAMELLIA_C)
858 #if defined(MBEDTLS_CIPHER_MODE_CBC)
859 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
860     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
861       "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
862       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
863       0,
864       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
865 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
866 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
867     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
868       "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
869       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
870       0,
871       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
872 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
873 #endif /* MBEDTLS_CIPHER_MODE_CBC */
874 
875 #if defined(MBEDTLS_GCM_C)
876 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
877     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
878       "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
879       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
880       0,
881       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
882 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
883 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
884     { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
885       "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
886       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
887       0,
888       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
889 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
890 #endif /* MBEDTLS_GCM_C */
891 #endif /* MBEDTLS_CAMELLIA_C */
892 
893 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
894 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
895     { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
896       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
897       MBEDTLS_CIPHERSUITE_WEAK,
898       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
899 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
900 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
901 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
902 
903 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
904 #if defined(MBEDTLS_AES_C)
905 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
906 #if defined(MBEDTLS_CIPHER_MODE_CBC)
907     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
908       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
909       0,
910       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
911     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
912       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
913       0,
914       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
915 #endif /* MBEDTLS_CIPHER_MODE_CBC */
916 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
917 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
918 #if defined(MBEDTLS_CIPHER_MODE_CBC)
919     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
920       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
921       0,
922       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
923 #endif /* MBEDTLS_CIPHER_MODE_CBC */
924 #if defined(MBEDTLS_GCM_C)
925     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
926       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
927       0,
928       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
929 #endif /* MBEDTLS_GCM_C */
930 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
931 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
932 #if defined(MBEDTLS_CIPHER_MODE_CBC)
933     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
934       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
935       0,
936       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
937 #endif /* MBEDTLS_CIPHER_MODE_CBC */
938 #if defined(MBEDTLS_GCM_C)
939     { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
940       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
941       0,
942       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
943 #endif /* MBEDTLS_GCM_C */
944 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
945 #endif /* MBEDTLS_AES_C */
946 
947 #if defined(MBEDTLS_CAMELLIA_C)
948 #if defined(MBEDTLS_CIPHER_MODE_CBC)
949 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
950     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
951       "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
952       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
953       0,
954       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
955 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
956 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
957     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
958       "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
959       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
960       0,
961       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
962 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
963 #endif /* MBEDTLS_CIPHER_MODE_CBC */
964 
965 #if defined(MBEDTLS_GCM_C)
966 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
967     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
968       "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
969       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
970       0,
971       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
972 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
973 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
974     { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
975       "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
976       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
977       0,
978       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
979 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
980 #endif /* MBEDTLS_GCM_C */
981 #endif /* MBEDTLS_CAMELLIA_C */
982 
983 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
984 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
985     { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
986       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
987       MBEDTLS_CIPHERSUITE_WEAK,
988       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
989 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
990 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
991 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
992 
993 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
994 #if defined(MBEDTLS_AES_C)
995 #if defined(MBEDTLS_GCM_C)
996 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
997     { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
998       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
999       0,
1000       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1001 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1002 
1003 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1004     { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
1005       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1006       0,
1007       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1008 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1009 #endif /* MBEDTLS_GCM_C */
1010 
1011 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1012 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1013     { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
1014       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1015       0,
1016       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1017 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1018 
1019 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1020     { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1021       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1022       0,
1023       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1024 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1025 
1026 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1027     { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1028       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1029       0,
1030       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1031 
1032     { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1033       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1034       0,
1035       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1036 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1037 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1038 #if defined(MBEDTLS_CCM_C)
1039     { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1040       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1041       0,
1042       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1043     { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1044       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1045       MBEDTLS_CIPHERSUITE_SHORT_TAG,
1046       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1047     { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1048       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1049       0,
1050       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1051     { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1052       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1053       MBEDTLS_CIPHERSUITE_SHORT_TAG,
1054       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1055 #endif /* MBEDTLS_CCM_C */
1056 #endif /* MBEDTLS_AES_C */
1057 
1058 #if defined(MBEDTLS_CAMELLIA_C)
1059 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1060 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1061     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1062       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1063       0,
1064       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1065 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1066 
1067 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1068     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1069       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1070       0,
1071       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1072 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1073 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1074 
1075 #if defined(MBEDTLS_GCM_C)
1076 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1077     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1078       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1079       0,
1080       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1081 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1082 
1083 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1084     { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1085       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1086       0,
1087       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1088 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1089 #endif /* MBEDTLS_GCM_C */
1090 #endif /* MBEDTLS_CAMELLIA_C */
1091 
1092 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1093 
1094 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1095 #if defined(MBEDTLS_AES_C)
1096 #if defined(MBEDTLS_GCM_C)
1097 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1098     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1099       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1100       0,
1101       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1102 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1103 
1104 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1105     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1106       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1107       0,
1108       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1109 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1110 #endif /* MBEDTLS_GCM_C */
1111 
1112 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1113 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1114     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1115       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1116       0,
1117       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1118 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1119 
1120 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1121     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1122       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1123       0,
1124       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1125 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1126 
1127 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1128     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1129       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1130       0,
1131       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1132 
1133     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1134       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1135       0,
1136       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1137 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1138 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1139 #if defined(MBEDTLS_CCM_C)
1140     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1141       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1142       0,
1143       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1144     { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1145       MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1146       MBEDTLS_CIPHERSUITE_SHORT_TAG,
1147       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1148     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1149       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1150       0,
1151       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1152     { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1153       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1154       MBEDTLS_CIPHERSUITE_SHORT_TAG,
1155       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1156 #endif /* MBEDTLS_CCM_C */
1157 #endif /* MBEDTLS_AES_C */
1158 
1159 #if defined(MBEDTLS_CAMELLIA_C)
1160 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1161 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1162     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1163       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1164       0,
1165       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1166 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1167 
1168 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1169     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1170       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1171       0,
1172       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1173 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1174 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1175 
1176 #if defined(MBEDTLS_GCM_C)
1177 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1178     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1179       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1180       0,
1181       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1182 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1183 
1184 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1185     { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1186       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1187       0,
1188       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1189 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1190 #endif /* MBEDTLS_GCM_C */
1191 #endif /* MBEDTLS_CAMELLIA_C */
1192 
1193 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1194 
1195 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1196 #if defined(MBEDTLS_AES_C)
1197 
1198 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1199 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1200     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1201       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1202       0,
1203       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1204 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1205 
1206 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1207     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1208       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1209       0,
1210       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1211 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1212 
1213 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1214     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1215       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1216       0,
1217       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1218 
1219     { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1220       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1221       0,
1222       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1223 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1224 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1225 #endif /* MBEDTLS_AES_C */
1226 
1227 #if defined(MBEDTLS_CAMELLIA_C)
1228 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1229 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1230     { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1231       "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1232       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1233       0,
1234       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1235 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1236 
1237 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1238     { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1239       "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1240       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1241       0,
1242       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1243 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1244 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1245 #endif /* MBEDTLS_CAMELLIA_C */
1246 
1247 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1248 
1249 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1250 #if defined(MBEDTLS_AES_C)
1251 #if defined(MBEDTLS_GCM_C)
1252 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1253     { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1254       MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1255       0,
1256       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1257 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1258 
1259 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1260     { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1261       MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1262       0,
1263       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1264 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1265 #endif /* MBEDTLS_GCM_C */
1266 
1267 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1268 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1269     { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1270       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1271       0,
1272       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1273 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1274 
1275 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1276     { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1277       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1278       0,
1279       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1280 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1281 
1282 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1283     { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1284       MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1285       0,
1286       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1287 
1288     { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1289       MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1290       0,
1291       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1292 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1293 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1294 #endif /* MBEDTLS_AES_C */
1295 
1296 #if defined(MBEDTLS_CAMELLIA_C)
1297 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1298 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1299     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1300       MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1301       0,
1302       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1303 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1304 
1305 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1306     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1307       MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1308       0,
1309       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1310 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1311 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1312 
1313 #if defined(MBEDTLS_GCM_C)
1314 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1315     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1316       MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1317       0,
1318       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1319 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1320 
1321 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1322     { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1323       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1324       0,
1325       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1326 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1327 #endif /* MBEDTLS_GCM_C */
1328 #endif /* MBEDTLS_CAMELLIA_C */
1329 
1330 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1331 
1332 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1333 #if defined(MBEDTLS_AES_C)
1334 #if defined(MBEDTLS_CCM_C)
1335     { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1336       MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
1337       MBEDTLS_CIPHERSUITE_SHORT_TAG,
1338       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1339 #endif /* MBEDTLS_CCM_C */
1340 #endif /* MBEDTLS_AES_C */
1341 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1342 
1343 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1344 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1345 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1346     { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1347       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
1348       MBEDTLS_CIPHERSUITE_WEAK,
1349       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1350 #endif
1351 
1352 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1353     { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1354       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
1355       MBEDTLS_CIPHERSUITE_WEAK,
1356       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1357 #endif
1358 
1359 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1360     { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1361       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1362       MBEDTLS_CIPHERSUITE_WEAK,
1363       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1364 #endif
1365 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1366 
1367 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1368 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1369     { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1370       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1371       MBEDTLS_CIPHERSUITE_WEAK,
1372       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1373 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1374 
1375 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1376     { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1377       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1378       MBEDTLS_CIPHERSUITE_WEAK,
1379       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1380 #endif
1381 
1382 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1383     { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1384       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1385       MBEDTLS_CIPHERSUITE_WEAK,
1386       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1387 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1388 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1389 
1390 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1391 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1392     { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1393       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1394       MBEDTLS_CIPHERSUITE_WEAK,
1395       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1396 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1397 
1398 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1399     { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1400       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1401       MBEDTLS_CIPHERSUITE_WEAK,
1402       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1403 #endif
1404 
1405 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1406     { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1407       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1408       MBEDTLS_CIPHERSUITE_WEAK,
1409       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1410 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1411 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1412 
1413 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1414 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1415     { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1416       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1417       MBEDTLS_CIPHERSUITE_WEAK,
1418       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1419 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1420 
1421 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1422     { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1423       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1424       MBEDTLS_CIPHERSUITE_WEAK,
1425       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1426 #endif
1427 
1428 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1429     { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1430       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1431       MBEDTLS_CIPHERSUITE_WEAK,
1432       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1433 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1434 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1435 
1436 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1437 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1438     { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1439       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1440       MBEDTLS_CIPHERSUITE_WEAK,
1441       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1442 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1443 
1444 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1445     { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1446       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1447       MBEDTLS_CIPHERSUITE_WEAK,
1448       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1449 #endif
1450 
1451 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1452     { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1453       MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1454       MBEDTLS_CIPHERSUITE_WEAK,
1455       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1456 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1457 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1458 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
1459 
1460 #if defined(MBEDTLS_ARIA_C)
1461 
1462 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1463 
1464 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1465     { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
1466       "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
1467       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1468       0,
1469       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1470 #endif
1471 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1472     defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1473     { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
1474       "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
1475       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1476       0,
1477       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1478 #endif
1479 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1480     { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
1481       "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
1482       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1483       0,
1484       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1485 #endif
1486 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1487     defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1488     { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
1489       "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
1490       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1491       0,
1492       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1493 #endif
1494 
1495 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1496 
1497 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1498 
1499 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1500     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
1501       "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
1502       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1503       0,
1504       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1505 #endif
1506 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1507     defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1508     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
1509       "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
1510       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1511       0,
1512       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1513 #endif
1514 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1515     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
1516       "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
1517       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1518       0,
1519       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1520 #endif
1521 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1522     defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1523     { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
1524       "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
1525       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1526       0,
1527       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1528 #endif
1529 
1530 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1531 
1532 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1533 
1534 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1535     { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
1536       "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1537       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1538       0,
1539       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1540 #endif
1541 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1542     defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1543     { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
1544       "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
1545       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1546       0,
1547       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1548 #endif
1549 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1550     { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
1551       "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
1552       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1553       0,
1554       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1555 #endif
1556 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1557     defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1558     { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
1559       "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
1560       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1561       0,
1562       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1563 #endif
1564 
1565 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1566 
1567 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1568 
1569 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1570     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
1571       "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
1572       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1573       0,
1574       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1575 #endif
1576 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1577     defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1578     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
1579       "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
1580       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1581       0,
1582       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1583 #endif
1584 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1585     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
1586       "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
1587       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1588       0,
1589       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1590 #endif
1591 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1592     defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1593     { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
1594       "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
1595       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1596       0,
1597       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1598 #endif
1599 
1600 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1601 
1602 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1603 
1604 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1605     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
1606       "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
1607       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1608       0,
1609       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1610 #endif
1611 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1612     defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1613     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
1614       "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
1615       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1616       0,
1617       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1618 #endif
1619 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1620     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
1621       "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
1622       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1623       0,
1624       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1625 #endif
1626 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1627     defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1628     { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
1629       "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
1630       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1631       0,
1632       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1633 #endif
1634 
1635 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1636 
1637 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1638 
1639 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1640     defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1641     { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
1642       "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
1643       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1644       0,
1645       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1646 #endif
1647 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1648     defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1649     { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
1650       "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
1651       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1652       0,
1653       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1654 #endif
1655 
1656 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1657 
1658 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1659 
1660 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1661     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
1662       "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
1663       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1664       0,
1665       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1666 #endif
1667 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1668     defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1669     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
1670       "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
1671       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1672       0,
1673       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1674 #endif
1675 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1676     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
1677       "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
1678       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1679       0,
1680       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1681 #endif
1682 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1683     defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1684     { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
1685       "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
1686       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1687       0,
1688       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1689 #endif
1690 
1691 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1692 
1693 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1694 
1695 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1696     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
1697       "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
1698       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1699       0,
1700       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1701 #endif
1702 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1703     defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1704     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
1705       "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
1706       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1707       0,
1708       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1709 #endif
1710 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1711     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
1712       "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
1713       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1714       0,
1715       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1716 #endif
1717 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1718     defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1719     { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
1720       "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
1721       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1722       0,
1723       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1724 #endif
1725 
1726 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1727 
1728 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1729 
1730 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1731     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
1732       "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
1733       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1734       0,
1735       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1736 #endif
1737 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1738     defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1739     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
1740       "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
1741       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1742       0,
1743       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1744 #endif
1745 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1746     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
1747       "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
1748       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1749       0,
1750       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1751 #endif
1752 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1753     defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1754     { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
1755       "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
1756       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1757       0,
1758       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1759 #endif
1760 
1761 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1762 
1763 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1764 
1765 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1766     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
1767       "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
1768       MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1769       0,
1770       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1771 #endif
1772 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1773     defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1774     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
1775       "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
1776       MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1777       0,
1778       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1779 #endif
1780 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1781     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
1782       "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
1783       MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1784       0,
1785       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1786 #endif
1787 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1788     defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1789     { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
1790       "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
1791       MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1792       0,
1793       MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1794 #endif
1795 
1796 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1797 
1798 #endif /* MBEDTLS_ARIA_C */
1799 
1800 
1801     { 0, "",
1802       MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
1803       0, 0, 0 }
1804 };
1805 
1806 #if defined(MBEDTLS_SSL_CIPHERSUITES)
mbedtls_ssl_list_ciphersuites(void)1807 const int *mbedtls_ssl_list_ciphersuites(void)
1808 {
1809     return ciphersuite_preference;
1810 }
1811 #else
1812 #define MAX_CIPHERSUITES    sizeof(ciphersuite_definitions) /         \
1813     sizeof(ciphersuite_definitions[0])
1814 static int supported_ciphersuites[MAX_CIPHERSUITES];
1815 static int supported_init = 0;
1816 
1817 MBEDTLS_CHECK_RETURN_CRITICAL
ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t * cs_info)1818 static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
1819 {
1820     (void) cs_info;
1821 
1822     return 0;
1823 }
1824 
mbedtls_ssl_list_ciphersuites(void)1825 const int *mbedtls_ssl_list_ciphersuites(void)
1826 {
1827     /*
1828      * On initial call filter out all ciphersuites not supported by current
1829      * build based on presence in the ciphersuite_definitions.
1830      */
1831     if (supported_init == 0) {
1832         const int *p;
1833         int *q;
1834 
1835         for (p = ciphersuite_preference, q = supported_ciphersuites;
1836              *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
1837              p++) {
1838             const mbedtls_ssl_ciphersuite_t *cs_info;
1839             if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1840                 !ciphersuite_is_removed(cs_info)) {
1841                 *(q++) = *p;
1842             }
1843         }
1844         *q = 0;
1845 
1846         supported_init = 1;
1847     }
1848 
1849     return supported_ciphersuites;
1850 }
1851 #endif /* MBEDTLS_SSL_CIPHERSUITES */
1852 
mbedtls_ssl_ciphersuite_from_string(const char * ciphersuite_name)1853 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
1854     const char *ciphersuite_name)
1855 {
1856     const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1857 
1858     if (NULL == ciphersuite_name) {
1859         return NULL;
1860     }
1861 
1862     while (cur->id != 0) {
1863         if (0 == strcmp(cur->name, ciphersuite_name)) {
1864             return cur;
1865         }
1866 
1867         cur++;
1868     }
1869 
1870     return NULL;
1871 }
1872 
mbedtls_ssl_ciphersuite_from_id(int ciphersuite)1873 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
1874 {
1875     const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1876 
1877     while (cur->id != 0) {
1878         if (cur->id == ciphersuite) {
1879             return cur;
1880         }
1881 
1882         cur++;
1883     }
1884 
1885     return NULL;
1886 }
1887 
mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)1888 const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
1889 {
1890     const mbedtls_ssl_ciphersuite_t *cur;
1891 
1892     cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
1893 
1894     if (cur == NULL) {
1895         return "unknown";
1896     }
1897 
1898     return cur->name;
1899 }
1900 
mbedtls_ssl_get_ciphersuite_id(const char * ciphersuite_name)1901 int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
1902 {
1903     const mbedtls_ssl_ciphersuite_t *cur;
1904 
1905     cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
1906 
1907     if (cur == NULL) {
1908         return 0;
1909     }
1910 
1911     return cur->id;
1912 }
1913 
mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t * info)1914 size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
1915 {
1916 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1917     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1918     psa_key_type_t key_type;
1919     psa_algorithm_t alg;
1920     size_t key_bits;
1921 
1922     status = mbedtls_ssl_cipher_to_psa(info->cipher,
1923                                        info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1924                                        &alg, &key_type, &key_bits);
1925 
1926     if (status != PSA_SUCCESS) {
1927         return 0;
1928     }
1929 
1930     return key_bits;
1931 #else
1932     const mbedtls_cipher_info_t * const cipher_info =
1933         mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)info->cipher);
1934 
1935     return mbedtls_cipher_info_get_key_bitlen(cipher_info);
1936 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1937 }
1938 
1939 #if defined(MBEDTLS_PK_C)
mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t * info)1940 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
1941 {
1942     switch (info->key_exchange) {
1943         case MBEDTLS_KEY_EXCHANGE_RSA:
1944         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1945         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1946         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1947             return MBEDTLS_PK_RSA;
1948 
1949         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1950             return MBEDTLS_PK_ECDSA;
1951 
1952         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1953         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1954             return MBEDTLS_PK_ECKEY;
1955 
1956         default:
1957             return MBEDTLS_PK_NONE;
1958     }
1959 }
1960 
1961 #if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t * info)1962 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
1963 {
1964     switch (info->key_exchange) {
1965         case MBEDTLS_KEY_EXCHANGE_RSA:
1966         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1967             return PSA_ALG_RSA_PKCS1V15_CRYPT;
1968         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1969         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1970             return PSA_ALG_RSA_PKCS1V15_SIGN(
1971                 mbedtls_hash_info_psa_from_md(info->mac));
1972 
1973         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1974             return PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(info->mac));
1975 
1976         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1977         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1978             return PSA_ALG_ECDH;
1979 
1980         default:
1981             return PSA_ALG_NONE;
1982     }
1983 }
1984 
mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t * info)1985 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
1986 {
1987     switch (info->key_exchange) {
1988         case MBEDTLS_KEY_EXCHANGE_RSA:
1989         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1990             return PSA_KEY_USAGE_DECRYPT;
1991         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1992         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1993         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1994             return PSA_KEY_USAGE_SIGN_HASH;
1995 
1996         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1997         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1998             return PSA_KEY_USAGE_DERIVE;
1999 
2000         default:
2001             return 0;
2002     }
2003 }
2004 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2005 
mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t * info)2006 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
2007 {
2008     switch (info->key_exchange) {
2009         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
2010         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2011             return MBEDTLS_PK_RSA;
2012 
2013         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2014             return MBEDTLS_PK_ECDSA;
2015 
2016         default:
2017             return MBEDTLS_PK_NONE;
2018     }
2019 }
2020 
2021 #endif /* MBEDTLS_PK_C */
2022 
2023 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
2024     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t * info)2025 int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
2026 {
2027     switch (info->key_exchange) {
2028         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2029         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2030         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2031         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
2032         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
2033         case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
2034             return 1;
2035 
2036         default:
2037             return 0;
2038     }
2039 }
2040 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
2041 
2042 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t * info)2043 int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
2044 {
2045     switch (info->key_exchange) {
2046         case MBEDTLS_KEY_EXCHANGE_PSK:
2047         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
2048         case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
2049         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2050             return 1;
2051 
2052         default:
2053             return 0;
2054     }
2055 }
2056 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
2057 
2058 #endif /* MBEDTLS_SSL_TLS_C */
2059