1 /**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for mbed TLS
5 *
6 * Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #include "common.h"
23
24 #if defined(MBEDTLS_SSL_TLS_C)
25
26 #include "mbedtls/platform.h"
27
28 #include "mbedtls/ssl_ciphersuites.h"
29 #include "mbedtls/ssl.h"
30 #include "ssl_misc.h"
31
32 #include "mbedtls/legacy_or_psa.h"
33
34 #include <string.h>
35
36 /*
37 * Ordered from most preferred to least preferred in terms of security.
38 *
39 * Current rule (except weak and null which come last):
40 * 1. By key exchange:
41 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
42 * 2. By key length and cipher:
43 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
44 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
45 * 4. By hash function used when relevant
46 * 5. By key exchange/auth again: EC > non-EC
47 */
48 static const int ciphersuite_preference[] =
49 {
50 #if defined(MBEDTLS_SSL_CIPHERSUITES)
51 MBEDTLS_SSL_CIPHERSUITES,
52 #else
53 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
54 /* TLS 1.3 ciphersuites */
55 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
56 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
57 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
58 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
59 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
60 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
61
62 /* Chacha-Poly ephemeral suites */
63 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
64 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
65 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
66
67 /* All AES-256 ephemeral suites */
68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
69 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
70 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
71 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
72 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
73 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
74 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
75 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
76 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
77 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
78 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
79 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
80 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
81
82 /* All CAMELLIA-256 ephemeral suites */
83 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
84 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
85 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
86 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
87 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
88 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
89 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
90
91 /* All ARIA-256 ephemeral suites */
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
93 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
94 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
95 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
96 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
97 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
98
99 /* All AES-128 ephemeral suites */
100 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
101 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
102 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
103 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
104 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
105 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
106 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
107 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
108 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
109 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
110 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
111 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
112 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
113
114 /* All CAMELLIA-128 ephemeral suites */
115 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
116 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
117 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
118 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
119 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
120 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
121 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
122
123 /* All ARIA-128 ephemeral suites */
124 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
125 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
126 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
127 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
128 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
129 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
130
131 /* The PSK ephemeral suites */
132 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
133 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
134 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
135 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
136 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
137 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
138 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
139 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
140 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
141 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
142 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
143 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
144 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
145 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
146 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
147
148 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
149 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
150 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
151 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
152 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
153 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
154 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
155 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
156 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
157 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
158 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
159 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
160 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
161
162 /* The ECJPAKE suite */
163 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
164
165 /* All AES-256 suites */
166 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
167 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
168 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
169 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
170 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
171 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
172 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
173 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
174 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
175 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
176 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
177
178 /* All CAMELLIA-256 suites */
179 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
180 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
181 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
182 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
183 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
184 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
185 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
186
187 /* All ARIA-256 suites */
188 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
189 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
190 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
191 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
192 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
193 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
194
195 /* All AES-128 suites */
196 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
197 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
198 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
199 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
200 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
201 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
202 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
203 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
204 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
205 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
206 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
207
208 /* All CAMELLIA-128 suites */
209 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
210 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
211 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
212 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
213 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
214 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
215 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
216
217 /* All ARIA-128 suites */
218 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
219 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
220 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
221 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
222 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
223 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
224
225 /* The RSA PSK suites */
226 MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
227 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
228 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
229 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
230 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
231 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
232 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
233 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
234
235 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
236 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
237 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
238 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
239 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
240 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
241 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
242
243 /* The PSK suites */
244 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
245 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
246 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
247 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
248 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
249 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
250 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
251 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
252 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
253 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
254
255 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
256 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
257 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
258 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
259 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
260 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
261 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
262 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
263 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
264
265 /* NULL suites */
266 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
267 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
268 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
269 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
270 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
271 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
272 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
273 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
274
275 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
276 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
277 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
278 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
279 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
280 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
281 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
282 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
283 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
284 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
285 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
286
287 #endif /* MBEDTLS_SSL_CIPHERSUITES */
288 0
289 };
290
291 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
292 {
293 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
294 #if defined(MBEDTLS_AES_C)
295 #if defined(MBEDTLS_GCM_C)
296 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
297 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
298 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
299 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
300 0,
301 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
302 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
303 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
304 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
305 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
306 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
307 0,
308 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
309 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
310 #endif /* MBEDTLS_GCM_C */
311 #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
312 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
313 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
314 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
315 0,
316 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
317 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
318 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
319 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
320 MBEDTLS_CIPHERSUITE_SHORT_TAG,
321 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
322 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_CCM_C */
323 #endif /* MBEDTLS_AES_C */
324 #if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
325 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
326 "TLS1-3-CHACHA20-POLY1305-SHA256",
327 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
328 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
329 0,
330 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
331 #endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
332 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
333
334 #if defined(MBEDTLS_CHACHAPOLY_C) && \
335 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
336 defined(MBEDTLS_SSL_PROTO_TLS1_2)
337 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
338 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
339 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
340 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
341 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
342 0,
343 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
344 #endif
345 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
346 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
347 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
348 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
349 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
350 0,
351 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
352 #endif
353 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
354 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
355 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
356 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
357 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
358 0,
359 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
360 #endif
361 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
362 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
363 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
364 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
365 MBEDTLS_KEY_EXCHANGE_PSK,
366 0,
367 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
368 #endif
369 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
370 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
371 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
372 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
373 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
374 0,
375 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
376 #endif
377 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
378 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
379 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
380 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
381 MBEDTLS_KEY_EXCHANGE_DHE_PSK,
382 0,
383 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
384 #endif
385 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
386 { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
387 "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
388 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
389 MBEDTLS_KEY_EXCHANGE_RSA_PSK,
390 0,
391 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
392 #endif
393 #endif /* MBEDTLS_CHACHAPOLY_C &&
394 MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA &&
395 MBEDTLS_SSL_PROTO_TLS1_2 */
396 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
397 #if defined(MBEDTLS_AES_C)
398 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
399 #if defined(MBEDTLS_CIPHER_MODE_CBC)
400 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
401 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
402 0,
403 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
404 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
405 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
406 0,
407 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
408 #endif /* MBEDTLS_CIPHER_MODE_CBC */
409 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
410 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
411 #if defined(MBEDTLS_CIPHER_MODE_CBC)
412 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
413 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
414 0,
415 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
416 #endif /* MBEDTLS_CIPHER_MODE_CBC */
417 #if defined(MBEDTLS_GCM_C)
418 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
419 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
420 0,
421 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
422 #endif /* MBEDTLS_GCM_C */
423 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
424 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
425 #if defined(MBEDTLS_CIPHER_MODE_CBC)
426 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
427 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
428 0,
429 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
430 #endif /* MBEDTLS_CIPHER_MODE_CBC */
431 #if defined(MBEDTLS_GCM_C)
432 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
433 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
434 0,
435 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
436 #endif /* MBEDTLS_GCM_C */
437 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
438 #if defined(MBEDTLS_CCM_C)
439 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
440 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
441 0,
442 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
443 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
444 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
445 MBEDTLS_CIPHERSUITE_SHORT_TAG,
446 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
447 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
448 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
449 0,
450 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
451 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
452 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
453 MBEDTLS_CIPHERSUITE_SHORT_TAG,
454 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
455 #endif /* MBEDTLS_CCM_C */
456 #endif /* MBEDTLS_AES_C */
457
458 #if defined(MBEDTLS_CAMELLIA_C)
459 #if defined(MBEDTLS_CIPHER_MODE_CBC)
460 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
461 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
462 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
463 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
464 0,
465 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
466 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
467 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
468 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
469 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
470 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
471 0,
472 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
473 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
474 #endif /* MBEDTLS_CIPHER_MODE_CBC */
475
476 #if defined(MBEDTLS_GCM_C)
477 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
478 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
479 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
480 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
481 0,
482 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
483 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
484 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
485 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
486 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
487 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
488 0,
489 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
490 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
491 #endif /* MBEDTLS_GCM_C */
492 #endif /* MBEDTLS_CAMELLIA_C */
493
494 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
495 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
496 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
497 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
498 MBEDTLS_CIPHERSUITE_WEAK,
499 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
500 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
501 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
502 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
503
504 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
505 #if defined(MBEDTLS_AES_C)
506 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
507 #if defined(MBEDTLS_CIPHER_MODE_CBC)
508 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
509 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
510 0,
511 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
512 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
513 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
514 0,
515 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
516 #endif /* MBEDTLS_CIPHER_MODE_CBC */
517 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
518 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
519 #if defined(MBEDTLS_CIPHER_MODE_CBC)
520 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
521 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
522 0,
523 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
524 #endif /* MBEDTLS_CIPHER_MODE_CBC */
525 #if defined(MBEDTLS_GCM_C)
526 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
527 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
528 0,
529 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
530 #endif /* MBEDTLS_GCM_C */
531 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
532 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
533 #if defined(MBEDTLS_CIPHER_MODE_CBC)
534 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
535 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
536 0,
537 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
538 #endif /* MBEDTLS_CIPHER_MODE_CBC */
539 #if defined(MBEDTLS_GCM_C)
540 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
541 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
542 0,
543 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
544 #endif /* MBEDTLS_GCM_C */
545 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
546 #endif /* MBEDTLS_AES_C */
547
548 #if defined(MBEDTLS_CAMELLIA_C)
549 #if defined(MBEDTLS_CIPHER_MODE_CBC)
550 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
551 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
552 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
553 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
554 0,
555 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
556 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
557 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
558 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
559 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
560 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
561 0,
562 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
563 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
564 #endif /* MBEDTLS_CIPHER_MODE_CBC */
565
566 #if defined(MBEDTLS_GCM_C)
567 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
568 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
569 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
570 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
571 0,
572 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
573 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
574 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
575 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
576 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
577 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
578 0,
579 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
580 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
581 #endif /* MBEDTLS_GCM_C */
582 #endif /* MBEDTLS_CAMELLIA_C */
583
584 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
585 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
586 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
587 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
588 MBEDTLS_CIPHERSUITE_WEAK,
589 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
590 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
591 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
592 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
593
594 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
595 #if defined(MBEDTLS_AES_C)
596 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
597 defined(MBEDTLS_GCM_C)
598 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
599 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
600 0,
601 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
602 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_GCM_C */
603
604 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
605 #if defined(MBEDTLS_GCM_C)
606 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
607 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
608 0,
609 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
610 #endif /* MBEDTLS_GCM_C */
611
612 #if defined(MBEDTLS_CIPHER_MODE_CBC)
613 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
614 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
615 0,
616 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
617
618 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
619 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
620 0,
621 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
622 #endif /* MBEDTLS_CIPHER_MODE_CBC */
623 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
624
625 #if defined(MBEDTLS_CIPHER_MODE_CBC)
626 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
627 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
628 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
629 0,
630 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
631
632 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
633 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
634 0,
635 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
636 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
637 #endif /* MBEDTLS_CIPHER_MODE_CBC */
638 #if defined(MBEDTLS_CCM_C)
639 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
640 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
641 0,
642 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
643 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
644 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
645 MBEDTLS_CIPHERSUITE_SHORT_TAG,
646 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
647 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
648 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
649 0,
650 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
651 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
652 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
653 MBEDTLS_CIPHERSUITE_SHORT_TAG,
654 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
655 #endif /* MBEDTLS_CCM_C */
656 #endif /* MBEDTLS_AES_C */
657
658 #if defined(MBEDTLS_CAMELLIA_C)
659 #if defined(MBEDTLS_CIPHER_MODE_CBC)
660 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
661 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
662 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
663 0,
664 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
665
666 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
667 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
668 0,
669 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
670 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
671
672 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
673 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
674 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
675 0,
676 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
677
678 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
679 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
680 0,
681 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
682 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
683 #endif /* MBEDTLS_CIPHER_MODE_CBC */
684 #if defined(MBEDTLS_GCM_C)
685 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
686 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
687 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
688 0,
689 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
690 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
691
692 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
693 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
694 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
695 0,
696 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
697 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
698 #endif /* MBEDTLS_GCM_C */
699 #endif /* MBEDTLS_CAMELLIA_C */
700
701 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
702
703 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
704 #if defined(MBEDTLS_AES_C)
705 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
706 defined(MBEDTLS_GCM_C)
707 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
708 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
709 0,
710 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
711 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_GCM_C */
712
713 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
714 #if defined(MBEDTLS_GCM_C)
715 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
716 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
717 0,
718 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
719 #endif /* MBEDTLS_GCM_C */
720
721 #if defined(MBEDTLS_CIPHER_MODE_CBC)
722 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
723 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
724 0,
725 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
726
727 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
728 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
729 0,
730 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
731 #endif /* MBEDTLS_CIPHER_MODE_CBC */
732 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
733
734 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
735 #if defined(MBEDTLS_CIPHER_MODE_CBC)
736 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
737 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
738 0,
739 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
740
741 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
742 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
743 0,
744 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
745 #endif /* MBEDTLS_CIPHER_MODE_CBC */
746 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
747 #if defined(MBEDTLS_CCM_C)
748 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
749 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
750 0,
751 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
752 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
753 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
754 MBEDTLS_CIPHERSUITE_SHORT_TAG,
755 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
756 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
757 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
758 0,
759 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
760 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
761 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
762 MBEDTLS_CIPHERSUITE_SHORT_TAG,
763 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
764 #endif /* MBEDTLS_CCM_C */
765 #endif /* MBEDTLS_AES_C */
766
767 #if defined(MBEDTLS_CAMELLIA_C)
768 #if defined(MBEDTLS_CIPHER_MODE_CBC)
769 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
770 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
771 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
772 0,
773 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
774
775 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
776 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
777 0,
778 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
779 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
780
781 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
782 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
783 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
784 0,
785 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
786
787 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
788 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
789 0,
790 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
791 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
792 #endif /* MBEDTLS_CIPHER_MODE_CBC */
793
794 #if defined(MBEDTLS_GCM_C)
795 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
796 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
797 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
798 0,
799 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
800 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
801
802 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
803 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
804 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
805 0,
806 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
807 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
808 #endif /* MBEDTLS_GCM_C */
809 #endif /* MBEDTLS_CAMELLIA_C */
810
811 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
812
813 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
814 #if defined(MBEDTLS_AES_C)
815 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
816 #if defined(MBEDTLS_CIPHER_MODE_CBC)
817 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
818 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
819 0,
820 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
821 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
822 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
823 0,
824 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
825 #endif /* MBEDTLS_CIPHER_MODE_CBC */
826 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
827 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
828 #if defined(MBEDTLS_CIPHER_MODE_CBC)
829 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
830 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
831 0,
832 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
833 #endif /* MBEDTLS_CIPHER_MODE_CBC */
834 #if defined(MBEDTLS_GCM_C)
835 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
836 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
837 0,
838 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
839 #endif /* MBEDTLS_GCM_C */
840 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
841 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
842 #if defined(MBEDTLS_CIPHER_MODE_CBC)
843 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
844 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
845 0,
846 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
847 #endif /* MBEDTLS_CIPHER_MODE_CBC */
848 #if defined(MBEDTLS_GCM_C)
849 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
850 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
851 0,
852 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
853 #endif /* MBEDTLS_GCM_C */
854 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
855 #endif /* MBEDTLS_AES_C */
856
857 #if defined(MBEDTLS_CAMELLIA_C)
858 #if defined(MBEDTLS_CIPHER_MODE_CBC)
859 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
860 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
861 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
862 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
863 0,
864 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
865 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
866 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
867 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
868 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
869 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
870 0,
871 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
872 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
873 #endif /* MBEDTLS_CIPHER_MODE_CBC */
874
875 #if defined(MBEDTLS_GCM_C)
876 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
877 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
878 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
879 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
880 0,
881 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
882 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
883 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
884 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
885 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
886 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
887 0,
888 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
889 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
890 #endif /* MBEDTLS_GCM_C */
891 #endif /* MBEDTLS_CAMELLIA_C */
892
893 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
894 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
895 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
896 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
897 MBEDTLS_CIPHERSUITE_WEAK,
898 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
899 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
900 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
901 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
902
903 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
904 #if defined(MBEDTLS_AES_C)
905 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
906 #if defined(MBEDTLS_CIPHER_MODE_CBC)
907 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
908 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
909 0,
910 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
911 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
912 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
913 0,
914 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
915 #endif /* MBEDTLS_CIPHER_MODE_CBC */
916 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
917 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
918 #if defined(MBEDTLS_CIPHER_MODE_CBC)
919 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
920 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
921 0,
922 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
923 #endif /* MBEDTLS_CIPHER_MODE_CBC */
924 #if defined(MBEDTLS_GCM_C)
925 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
926 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
927 0,
928 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
929 #endif /* MBEDTLS_GCM_C */
930 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
931 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
932 #if defined(MBEDTLS_CIPHER_MODE_CBC)
933 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
934 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
935 0,
936 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
937 #endif /* MBEDTLS_CIPHER_MODE_CBC */
938 #if defined(MBEDTLS_GCM_C)
939 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
940 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
941 0,
942 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
943 #endif /* MBEDTLS_GCM_C */
944 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
945 #endif /* MBEDTLS_AES_C */
946
947 #if defined(MBEDTLS_CAMELLIA_C)
948 #if defined(MBEDTLS_CIPHER_MODE_CBC)
949 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
950 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
951 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
952 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
953 0,
954 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
955 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
956 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
957 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
958 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
959 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
960 0,
961 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
962 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
963 #endif /* MBEDTLS_CIPHER_MODE_CBC */
964
965 #if defined(MBEDTLS_GCM_C)
966 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
967 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
968 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
969 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
970 0,
971 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
972 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
973 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
974 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
975 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
976 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
977 0,
978 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
979 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
980 #endif /* MBEDTLS_GCM_C */
981 #endif /* MBEDTLS_CAMELLIA_C */
982
983 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
984 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
985 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
986 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
987 MBEDTLS_CIPHERSUITE_WEAK,
988 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
989 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
990 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
991 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
992
993 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
994 #if defined(MBEDTLS_AES_C)
995 #if defined(MBEDTLS_GCM_C)
996 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
997 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
998 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
999 0,
1000 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1001 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1002
1003 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1004 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
1005 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1006 0,
1007 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1008 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1009 #endif /* MBEDTLS_GCM_C */
1010
1011 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1012 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1013 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
1014 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1015 0,
1016 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1017 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1018
1019 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1020 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1021 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1022 0,
1023 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1024 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1025
1026 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1027 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1028 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1029 0,
1030 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1031
1032 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1033 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1034 0,
1035 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1036 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1037 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1038 #if defined(MBEDTLS_CCM_C)
1039 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1040 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1041 0,
1042 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1043 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1044 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1045 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1046 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1047 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1048 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1049 0,
1050 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1051 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1052 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1053 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1054 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1055 #endif /* MBEDTLS_CCM_C */
1056 #endif /* MBEDTLS_AES_C */
1057
1058 #if defined(MBEDTLS_CAMELLIA_C)
1059 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1060 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1061 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1062 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1063 0,
1064 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1065 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1066
1067 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1068 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1069 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1070 0,
1071 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1072 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1073 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1074
1075 #if defined(MBEDTLS_GCM_C)
1076 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1077 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1078 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1079 0,
1080 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1081 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1082
1083 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1084 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1085 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1086 0,
1087 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1088 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1089 #endif /* MBEDTLS_GCM_C */
1090 #endif /* MBEDTLS_CAMELLIA_C */
1091
1092 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1093
1094 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1095 #if defined(MBEDTLS_AES_C)
1096 #if defined(MBEDTLS_GCM_C)
1097 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1098 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1099 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1100 0,
1101 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1102 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1103
1104 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1105 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1106 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1107 0,
1108 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1109 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1110 #endif /* MBEDTLS_GCM_C */
1111
1112 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1113 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1114 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1115 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1116 0,
1117 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1118 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1119
1120 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1121 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1122 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1123 0,
1124 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1125 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1126
1127 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1128 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1129 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1130 0,
1131 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1132
1133 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1134 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1135 0,
1136 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1137 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1138 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1139 #if defined(MBEDTLS_CCM_C)
1140 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1141 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1142 0,
1143 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1144 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1145 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1146 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1147 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1148 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1149 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1150 0,
1151 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1152 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1153 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1154 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1155 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1156 #endif /* MBEDTLS_CCM_C */
1157 #endif /* MBEDTLS_AES_C */
1158
1159 #if defined(MBEDTLS_CAMELLIA_C)
1160 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1161 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1162 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1163 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1164 0,
1165 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1166 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1167
1168 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1169 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1170 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1171 0,
1172 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1173 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1174 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1175
1176 #if defined(MBEDTLS_GCM_C)
1177 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1178 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1179 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1180 0,
1181 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1182 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1183
1184 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1185 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1186 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1187 0,
1188 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1189 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1190 #endif /* MBEDTLS_GCM_C */
1191 #endif /* MBEDTLS_CAMELLIA_C */
1192
1193 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1194
1195 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1196 #if defined(MBEDTLS_AES_C)
1197
1198 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1199 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1200 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1201 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1202 0,
1203 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1204 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1205
1206 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1207 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1208 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1209 0,
1210 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1211 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1212
1213 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1214 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1215 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1216 0,
1217 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1218
1219 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1220 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1221 0,
1222 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1223 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1224 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1225 #endif /* MBEDTLS_AES_C */
1226
1227 #if defined(MBEDTLS_CAMELLIA_C)
1228 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1229 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1230 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1231 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1232 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1233 0,
1234 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1235 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1236
1237 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1238 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1239 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1240 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1241 0,
1242 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1243 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1244 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1245 #endif /* MBEDTLS_CAMELLIA_C */
1246
1247 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1248
1249 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1250 #if defined(MBEDTLS_AES_C)
1251 #if defined(MBEDTLS_GCM_C)
1252 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1253 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1254 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1255 0,
1256 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1257 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1258
1259 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1260 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1261 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1262 0,
1263 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1264 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1265 #endif /* MBEDTLS_GCM_C */
1266
1267 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1268 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1269 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1270 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1271 0,
1272 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1273 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1274
1275 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1276 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1277 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1278 0,
1279 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1280 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1281
1282 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1283 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1284 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1285 0,
1286 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1287
1288 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1289 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1290 0,
1291 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1292 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1293 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1294 #endif /* MBEDTLS_AES_C */
1295
1296 #if defined(MBEDTLS_CAMELLIA_C)
1297 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1298 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1299 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1300 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1301 0,
1302 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1303 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1304
1305 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1306 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1307 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1308 0,
1309 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1310 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1311 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1312
1313 #if defined(MBEDTLS_GCM_C)
1314 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1315 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1316 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1317 0,
1318 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1319 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1320
1321 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1322 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1323 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1324 0,
1325 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1326 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1327 #endif /* MBEDTLS_GCM_C */
1328 #endif /* MBEDTLS_CAMELLIA_C */
1329
1330 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1331
1332 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1333 #if defined(MBEDTLS_AES_C)
1334 #if defined(MBEDTLS_CCM_C)
1335 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1336 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
1337 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1338 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1339 #endif /* MBEDTLS_CCM_C */
1340 #endif /* MBEDTLS_AES_C */
1341 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1342
1343 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1344 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1345 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1346 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1347 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
1348 MBEDTLS_CIPHERSUITE_WEAK,
1349 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1350 #endif
1351
1352 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1353 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1354 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
1355 MBEDTLS_CIPHERSUITE_WEAK,
1356 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1357 #endif
1358
1359 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1360 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1361 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1362 MBEDTLS_CIPHERSUITE_WEAK,
1363 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1364 #endif
1365 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1366
1367 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1368 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1369 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1370 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1371 MBEDTLS_CIPHERSUITE_WEAK,
1372 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1373 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1374
1375 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1376 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1377 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1378 MBEDTLS_CIPHERSUITE_WEAK,
1379 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1380 #endif
1381
1382 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1383 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1384 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1385 MBEDTLS_CIPHERSUITE_WEAK,
1386 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1387 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1388 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1389
1390 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1391 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1392 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1393 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1394 MBEDTLS_CIPHERSUITE_WEAK,
1395 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1396 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1397
1398 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1399 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1400 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1401 MBEDTLS_CIPHERSUITE_WEAK,
1402 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1403 #endif
1404
1405 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1406 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1407 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1408 MBEDTLS_CIPHERSUITE_WEAK,
1409 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1410 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1411 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1412
1413 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1414 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1415 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1416 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1417 MBEDTLS_CIPHERSUITE_WEAK,
1418 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1419 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1420
1421 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1422 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1423 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1424 MBEDTLS_CIPHERSUITE_WEAK,
1425 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1426 #endif
1427
1428 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1429 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1430 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1431 MBEDTLS_CIPHERSUITE_WEAK,
1432 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1433 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1434 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1435
1436 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1437 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1438 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1439 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1440 MBEDTLS_CIPHERSUITE_WEAK,
1441 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1442 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1443
1444 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1445 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1446 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1447 MBEDTLS_CIPHERSUITE_WEAK,
1448 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1449 #endif
1450
1451 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1452 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1453 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1454 MBEDTLS_CIPHERSUITE_WEAK,
1455 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1456 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1457 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1458 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
1459
1460 #if defined(MBEDTLS_ARIA_C)
1461
1462 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1463
1464 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1465 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
1466 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
1467 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1468 0,
1469 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1470 #endif
1471 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1472 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1473 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
1474 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
1475 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1476 0,
1477 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1478 #endif
1479 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1480 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
1481 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
1482 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1483 0,
1484 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1485 #endif
1486 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1487 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1488 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
1489 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
1490 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1491 0,
1492 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1493 #endif
1494
1495 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1496
1497 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1498
1499 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1500 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
1501 "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
1502 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1503 0,
1504 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1505 #endif
1506 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1507 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1508 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
1509 "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
1510 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1511 0,
1512 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1513 #endif
1514 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1515 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
1516 "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
1517 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1518 0,
1519 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1520 #endif
1521 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1522 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1523 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
1524 "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
1525 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1526 0,
1527 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1528 #endif
1529
1530 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1531
1532 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1533
1534 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1535 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
1536 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1537 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1538 0,
1539 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1540 #endif
1541 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1542 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1543 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
1544 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
1545 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1546 0,
1547 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1548 #endif
1549 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1550 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
1551 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
1552 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1553 0,
1554 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1555 #endif
1556 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1557 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1558 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
1559 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
1560 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1561 0,
1562 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1563 #endif
1564
1565 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1566
1567 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1568
1569 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1570 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
1571 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
1572 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1573 0,
1574 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1575 #endif
1576 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1577 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1578 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
1579 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
1580 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1581 0,
1582 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1583 #endif
1584 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1585 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
1586 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
1587 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1588 0,
1589 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1590 #endif
1591 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1592 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1593 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
1594 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
1595 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1596 0,
1597 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1598 #endif
1599
1600 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1601
1602 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1603
1604 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1605 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
1606 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
1607 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1608 0,
1609 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1610 #endif
1611 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1612 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1613 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
1614 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
1615 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1616 0,
1617 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1618 #endif
1619 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1620 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
1621 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
1622 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1623 0,
1624 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1625 #endif
1626 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1627 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1628 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
1629 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
1630 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1631 0,
1632 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1633 #endif
1634
1635 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1636
1637 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1638
1639 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1640 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1641 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
1642 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
1643 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1644 0,
1645 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1646 #endif
1647 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1648 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1649 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
1650 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
1651 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1652 0,
1653 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1654 #endif
1655
1656 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1657
1658 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1659
1660 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1661 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
1662 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
1663 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1664 0,
1665 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1666 #endif
1667 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1668 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1669 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
1670 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
1671 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1672 0,
1673 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1674 #endif
1675 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1676 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
1677 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
1678 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1679 0,
1680 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1681 #endif
1682 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1683 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1684 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
1685 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
1686 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1687 0,
1688 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1689 #endif
1690
1691 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1692
1693 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1694
1695 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1696 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
1697 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
1698 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1699 0,
1700 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1701 #endif
1702 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1703 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1704 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
1705 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
1706 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1707 0,
1708 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1709 #endif
1710 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1711 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
1712 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
1713 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1714 0,
1715 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1716 #endif
1717 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1718 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1719 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
1720 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
1721 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1722 0,
1723 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1724 #endif
1725
1726 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1727
1728 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1729
1730 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1731 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
1732 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
1733 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1734 0,
1735 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1736 #endif
1737 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1738 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1739 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
1740 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
1741 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1742 0,
1743 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1744 #endif
1745 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1746 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
1747 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
1748 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1749 0,
1750 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1751 #endif
1752 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1753 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1754 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
1755 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
1756 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1757 0,
1758 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1759 #endif
1760
1761 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1762
1763 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1764
1765 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1766 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
1767 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
1768 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1769 0,
1770 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1771 #endif
1772 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1773 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1774 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
1775 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
1776 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1777 0,
1778 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1779 #endif
1780 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1781 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
1782 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
1783 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1784 0,
1785 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1786 #endif
1787 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \
1788 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1789 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
1790 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
1791 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1792 0,
1793 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1794 #endif
1795
1796 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1797
1798 #endif /* MBEDTLS_ARIA_C */
1799
1800
1801 { 0, "",
1802 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
1803 0, 0, 0 }
1804 };
1805
1806 #if defined(MBEDTLS_SSL_CIPHERSUITES)
mbedtls_ssl_list_ciphersuites(void)1807 const int *mbedtls_ssl_list_ciphersuites(void)
1808 {
1809 return ciphersuite_preference;
1810 }
1811 #else
1812 #define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
1813 sizeof(ciphersuite_definitions[0])
1814 static int supported_ciphersuites[MAX_CIPHERSUITES];
1815 static int supported_init = 0;
1816
1817 MBEDTLS_CHECK_RETURN_CRITICAL
ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t * cs_info)1818 static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
1819 {
1820 (void) cs_info;
1821
1822 return 0;
1823 }
1824
mbedtls_ssl_list_ciphersuites(void)1825 const int *mbedtls_ssl_list_ciphersuites(void)
1826 {
1827 /*
1828 * On initial call filter out all ciphersuites not supported by current
1829 * build based on presence in the ciphersuite_definitions.
1830 */
1831 if (supported_init == 0) {
1832 const int *p;
1833 int *q;
1834
1835 for (p = ciphersuite_preference, q = supported_ciphersuites;
1836 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
1837 p++) {
1838 const mbedtls_ssl_ciphersuite_t *cs_info;
1839 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1840 !ciphersuite_is_removed(cs_info)) {
1841 *(q++) = *p;
1842 }
1843 }
1844 *q = 0;
1845
1846 supported_init = 1;
1847 }
1848
1849 return supported_ciphersuites;
1850 }
1851 #endif /* MBEDTLS_SSL_CIPHERSUITES */
1852
mbedtls_ssl_ciphersuite_from_string(const char * ciphersuite_name)1853 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
1854 const char *ciphersuite_name)
1855 {
1856 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1857
1858 if (NULL == ciphersuite_name) {
1859 return NULL;
1860 }
1861
1862 while (cur->id != 0) {
1863 if (0 == strcmp(cur->name, ciphersuite_name)) {
1864 return cur;
1865 }
1866
1867 cur++;
1868 }
1869
1870 return NULL;
1871 }
1872
mbedtls_ssl_ciphersuite_from_id(int ciphersuite)1873 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
1874 {
1875 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1876
1877 while (cur->id != 0) {
1878 if (cur->id == ciphersuite) {
1879 return cur;
1880 }
1881
1882 cur++;
1883 }
1884
1885 return NULL;
1886 }
1887
mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)1888 const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
1889 {
1890 const mbedtls_ssl_ciphersuite_t *cur;
1891
1892 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
1893
1894 if (cur == NULL) {
1895 return "unknown";
1896 }
1897
1898 return cur->name;
1899 }
1900
mbedtls_ssl_get_ciphersuite_id(const char * ciphersuite_name)1901 int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
1902 {
1903 const mbedtls_ssl_ciphersuite_t *cur;
1904
1905 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
1906
1907 if (cur == NULL) {
1908 return 0;
1909 }
1910
1911 return cur->id;
1912 }
1913
mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t * info)1914 size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
1915 {
1916 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1917 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1918 psa_key_type_t key_type;
1919 psa_algorithm_t alg;
1920 size_t key_bits;
1921
1922 status = mbedtls_ssl_cipher_to_psa(info->cipher,
1923 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1924 &alg, &key_type, &key_bits);
1925
1926 if (status != PSA_SUCCESS) {
1927 return 0;
1928 }
1929
1930 return key_bits;
1931 #else
1932 const mbedtls_cipher_info_t * const cipher_info =
1933 mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)info->cipher);
1934
1935 return mbedtls_cipher_info_get_key_bitlen(cipher_info);
1936 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1937 }
1938
1939 #if defined(MBEDTLS_PK_C)
mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t * info)1940 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
1941 {
1942 switch (info->key_exchange) {
1943 case MBEDTLS_KEY_EXCHANGE_RSA:
1944 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1945 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1946 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1947 return MBEDTLS_PK_RSA;
1948
1949 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1950 return MBEDTLS_PK_ECDSA;
1951
1952 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1953 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1954 return MBEDTLS_PK_ECKEY;
1955
1956 default:
1957 return MBEDTLS_PK_NONE;
1958 }
1959 }
1960
1961 #if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t * info)1962 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
1963 {
1964 switch (info->key_exchange) {
1965 case MBEDTLS_KEY_EXCHANGE_RSA:
1966 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1967 return PSA_ALG_RSA_PKCS1V15_CRYPT;
1968 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1969 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1970 return PSA_ALG_RSA_PKCS1V15_SIGN(
1971 mbedtls_hash_info_psa_from_md(info->mac));
1972
1973 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1974 return PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(info->mac));
1975
1976 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1977 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1978 return PSA_ALG_ECDH;
1979
1980 default:
1981 return PSA_ALG_NONE;
1982 }
1983 }
1984
mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t * info)1985 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
1986 {
1987 switch (info->key_exchange) {
1988 case MBEDTLS_KEY_EXCHANGE_RSA:
1989 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1990 return PSA_KEY_USAGE_DECRYPT;
1991 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1992 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1993 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1994 return PSA_KEY_USAGE_SIGN_HASH;
1995
1996 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1997 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1998 return PSA_KEY_USAGE_DERIVE;
1999
2000 default:
2001 return 0;
2002 }
2003 }
2004 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2005
mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t * info)2006 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
2007 {
2008 switch (info->key_exchange) {
2009 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
2010 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2011 return MBEDTLS_PK_RSA;
2012
2013 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2014 return MBEDTLS_PK_ECDSA;
2015
2016 default:
2017 return MBEDTLS_PK_NONE;
2018 }
2019 }
2020
2021 #endif /* MBEDTLS_PK_C */
2022
2023 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
2024 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t * info)2025 int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
2026 {
2027 switch (info->key_exchange) {
2028 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2029 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2030 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2031 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
2032 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
2033 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
2034 return 1;
2035
2036 default:
2037 return 0;
2038 }
2039 }
2040 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
2041
2042 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t * info)2043 int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
2044 {
2045 switch (info->key_exchange) {
2046 case MBEDTLS_KEY_EXCHANGE_PSK:
2047 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
2048 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
2049 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2050 return 1;
2051
2052 default:
2053 return 0;
2054 }
2055 }
2056 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
2057
2058 #endif /* MBEDTLS_SSL_TLS_C */
2059