1 /**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for Mbed TLS
5 *
6 * Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 */
9
10 #include "common.h"
11
12 #if defined(MBEDTLS_SSL_TLS_C)
13
14 #include "mbedtls/platform.h"
15
16 #include "mbedtls/ssl_ciphersuites.h"
17 #include "mbedtls/ssl.h"
18 #include "ssl_misc.h"
19 #if defined(MBEDTLS_USE_PSA_CRYPTO)
20 #include "mbedtls/psa_util.h"
21 #endif
22
23 #include <string.h>
24
25 /*
26 * Ordered from most preferred to least preferred in terms of security.
27 *
28 * Current rule (except weak and null which come last):
29 * 1. By key exchange:
30 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
31 * 2. By key length and cipher:
32 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
33 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
34 * 4. By hash function used when relevant
35 * 5. By key exchange/auth again: EC > non-EC
36 */
37 static const int ciphersuite_preference[] =
38 {
39 #if defined(MBEDTLS_SSL_CIPHERSUITES)
40 MBEDTLS_SSL_CIPHERSUITES,
41 #else
42 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
43 /* TLS 1.3 ciphersuites */
44 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
45 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
46 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
47 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
48 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
49 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
50
51 /* Chacha-Poly ephemeral suites */
52 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
53 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
54 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
55
56 /* All AES-256 ephemeral suites */
57 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
58 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
59 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
60 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
61 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
62 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
63 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
64 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
65 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
66 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
67 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
69 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
70
71 /* All CAMELLIA-256 ephemeral suites */
72 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
73 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
74 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
75 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
76 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
77 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
78 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
79
80 /* All ARIA-256 ephemeral suites */
81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
82 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
83 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
84 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
85 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
86 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
87
88 /* All AES-128 ephemeral suites */
89 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
90 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
91 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
93 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
94 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
95 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
96 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
97 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
98 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
99 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
100 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
101 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
102
103 /* All CAMELLIA-128 ephemeral suites */
104 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
105 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
106 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
107 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
108 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
109 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
110 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
111
112 /* All ARIA-128 ephemeral suites */
113 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
114 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
115 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
116 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
117 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
118 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
119
120 /* The PSK ephemeral suites */
121 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
122 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
123 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
124 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
125 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
126 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
127 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
128 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
129 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
130 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
131 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
132 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
133 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
134 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
135 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
136
137 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
138 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
139 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
140 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
141 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
142 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
143 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
144 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
145 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
146 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
147 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
148 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
149 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
150
151 /* The ECJPAKE suite */
152 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
153
154 /* All AES-256 suites */
155 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
156 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
157 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
158 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
159 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
160 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
161 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
162 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
163 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
164 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
165 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
166
167 /* All CAMELLIA-256 suites */
168 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
169 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
170 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
171 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
172 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
173 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
174 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
175
176 /* All ARIA-256 suites */
177 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
178 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
179 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
180 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
181 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
182 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
183
184 /* All AES-128 suites */
185 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
186 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
187 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
188 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
189 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
190 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
191 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
192 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
193 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
194 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
195 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
196
197 /* All CAMELLIA-128 suites */
198 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
199 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
200 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
201 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
202 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
203 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
204 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
205
206 /* All ARIA-128 suites */
207 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
208 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
209 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
210 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
211 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
212 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
213
214 /* The RSA PSK suites */
215 MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
216 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
217 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
218 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
219 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
220 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
221 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
222 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
223
224 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
225 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
226 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
227 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
228 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
229 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
230 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
231
232 /* The PSK suites */
233 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
234 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
235 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
236 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
237 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
238 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
239 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
240 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
241 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
242 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
243
244 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
245 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
246 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
247 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
248 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
249 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
250 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
251 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
252 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
253
254 /* NULL suites */
255 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
256 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
257 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
258 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
259 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
260 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
261 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
262 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
263
264 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
265 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
266 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
267 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
268 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
269 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
270 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
271 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
272 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
273 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
274 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
275
276 #endif /* MBEDTLS_SSL_CIPHERSUITES */
277 0
278 };
279
280 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
281 {
282 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
283 #if defined(MBEDTLS_SSL_HAVE_AES)
284 #if defined(MBEDTLS_SSL_HAVE_GCM)
285 #if defined(MBEDTLS_MD_CAN_SHA384)
286 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
287 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
288 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
289 0,
290 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
291 #endif /* MBEDTLS_MD_CAN_SHA384 */
292 #if defined(MBEDTLS_MD_CAN_SHA256)
293 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
294 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
295 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
296 0,
297 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
298 #endif /* MBEDTLS_MD_CAN_SHA256 */
299 #endif /* MBEDTLS_SSL_HAVE_GCM */
300 #if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256)
301 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
302 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
303 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
304 0,
305 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
306 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
307 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
308 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
309 MBEDTLS_CIPHERSUITE_SHORT_TAG,
310 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
311 #endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */
312 #endif /* MBEDTLS_SSL_HAVE_AES */
313 #if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256)
314 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
315 "TLS1-3-CHACHA20-POLY1305-SHA256",
316 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
317 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
318 0,
319 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
320 #endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */
321 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
322
323 #if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \
324 defined(MBEDTLS_MD_CAN_SHA256) && \
325 defined(MBEDTLS_SSL_PROTO_TLS1_2)
326 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
327 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
328 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
329 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
330 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
331 0,
332 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
333 #endif
334 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
335 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
336 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
337 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
338 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
339 0,
340 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
341 #endif
342 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
343 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
344 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
345 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
346 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
347 0,
348 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
349 #endif
350 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
351 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
352 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
353 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
354 MBEDTLS_KEY_EXCHANGE_PSK,
355 0,
356 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
357 #endif
358 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
359 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
360 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
361 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
362 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
363 0,
364 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
365 #endif
366 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
367 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
368 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
369 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
370 MBEDTLS_KEY_EXCHANGE_DHE_PSK,
371 0,
372 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
373 #endif
374 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
375 { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
376 "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
377 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
378 MBEDTLS_KEY_EXCHANGE_RSA_PSK,
379 0,
380 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
381 #endif
382 #endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY &&
383 MBEDTLS_MD_CAN_SHA256 &&
384 MBEDTLS_SSL_PROTO_TLS1_2 */
385 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
386 #if defined(MBEDTLS_SSL_HAVE_AES)
387 #if defined(MBEDTLS_MD_CAN_SHA1)
388 #if defined(MBEDTLS_SSL_HAVE_CBC)
389 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
390 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
391 0,
392 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
393 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
394 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
395 0,
396 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
397 #endif /* MBEDTLS_SSL_HAVE_CBC */
398 #endif /* MBEDTLS_MD_CAN_SHA1 */
399 #if defined(MBEDTLS_MD_CAN_SHA256)
400 #if defined(MBEDTLS_SSL_HAVE_CBC)
401 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
402 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
403 0,
404 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
405 #endif /* MBEDTLS_SSL_HAVE_CBC */
406 #if defined(MBEDTLS_SSL_HAVE_GCM)
407 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
408 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
409 0,
410 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
411 #endif /* MBEDTLS_SSL_HAVE_GCM */
412 #endif /* MBEDTLS_MD_CAN_SHA256 */
413 #if defined(MBEDTLS_MD_CAN_SHA384)
414 #if defined(MBEDTLS_SSL_HAVE_CBC)
415 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
416 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
417 0,
418 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
419 #endif /* MBEDTLS_SSL_HAVE_CBC */
420 #if defined(MBEDTLS_SSL_HAVE_GCM)
421 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
422 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
423 0,
424 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
425 #endif /* MBEDTLS_SSL_HAVE_GCM */
426 #endif /* MBEDTLS_MD_CAN_SHA384 */
427 #if defined(MBEDTLS_SSL_HAVE_CCM)
428 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
429 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
430 0,
431 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
432 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
433 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
434 MBEDTLS_CIPHERSUITE_SHORT_TAG,
435 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
436 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
437 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
438 0,
439 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
440 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
441 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
442 MBEDTLS_CIPHERSUITE_SHORT_TAG,
443 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
444 #endif /* MBEDTLS_SSL_HAVE_CCM */
445 #endif /* MBEDTLS_SSL_HAVE_AES */
446
447 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
448 #if defined(MBEDTLS_SSL_HAVE_CBC)
449 #if defined(MBEDTLS_MD_CAN_SHA256)
450 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
451 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
452 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
453 0,
454 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
455 #endif /* MBEDTLS_MD_CAN_SHA256 */
456 #if defined(MBEDTLS_MD_CAN_SHA384)
457 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
458 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
459 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
460 0,
461 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
462 #endif /* MBEDTLS_MD_CAN_SHA384 */
463 #endif /* MBEDTLS_SSL_HAVE_CBC */
464
465 #if defined(MBEDTLS_SSL_HAVE_GCM)
466 #if defined(MBEDTLS_MD_CAN_SHA256)
467 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
468 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
469 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
470 0,
471 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
472 #endif /* MBEDTLS_MD_CAN_SHA256 */
473 #if defined(MBEDTLS_MD_CAN_SHA384)
474 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
475 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
476 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
477 0,
478 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
479 #endif /* MBEDTLS_MD_CAN_SHA384 */
480 #endif /* MBEDTLS_SSL_HAVE_GCM */
481 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
482
483 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
484 #if defined(MBEDTLS_MD_CAN_SHA1)
485 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
486 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
487 MBEDTLS_CIPHERSUITE_WEAK,
488 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
489 #endif /* MBEDTLS_MD_CAN_SHA1 */
490 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
491 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
492
493 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
494 #if defined(MBEDTLS_SSL_HAVE_AES)
495 #if defined(MBEDTLS_MD_CAN_SHA1)
496 #if defined(MBEDTLS_SSL_HAVE_CBC)
497 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
498 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
499 0,
500 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
501 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
502 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
503 0,
504 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
505 #endif /* MBEDTLS_SSL_HAVE_CBC */
506 #endif /* MBEDTLS_MD_CAN_SHA1 */
507 #if defined(MBEDTLS_MD_CAN_SHA256)
508 #if defined(MBEDTLS_SSL_HAVE_CBC)
509 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
510 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
511 0,
512 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
513 #endif /* MBEDTLS_SSL_HAVE_CBC */
514 #if defined(MBEDTLS_SSL_HAVE_GCM)
515 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
516 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
517 0,
518 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
519 #endif /* MBEDTLS_SSL_HAVE_GCM */
520 #endif /* MBEDTLS_MD_CAN_SHA256 */
521 #if defined(MBEDTLS_MD_CAN_SHA384)
522 #if defined(MBEDTLS_SSL_HAVE_CBC)
523 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
524 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
525 0,
526 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
527 #endif /* MBEDTLS_SSL_HAVE_CBC */
528 #if defined(MBEDTLS_SSL_HAVE_GCM)
529 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
530 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
531 0,
532 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
533 #endif /* MBEDTLS_SSL_HAVE_GCM */
534 #endif /* MBEDTLS_MD_CAN_SHA384 */
535 #endif /* MBEDTLS_SSL_HAVE_AES */
536
537 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
538 #if defined(MBEDTLS_SSL_HAVE_CBC)
539 #if defined(MBEDTLS_MD_CAN_SHA256)
540 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
541 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
542 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
543 0,
544 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
545 #endif /* MBEDTLS_MD_CAN_SHA256 */
546 #if defined(MBEDTLS_MD_CAN_SHA384)
547 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
548 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
549 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
550 0,
551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
552 #endif /* MBEDTLS_MD_CAN_SHA384 */
553 #endif /* MBEDTLS_SSL_HAVE_CBC */
554
555 #if defined(MBEDTLS_SSL_HAVE_GCM)
556 #if defined(MBEDTLS_MD_CAN_SHA256)
557 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
558 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
559 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
560 0,
561 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
562 #endif /* MBEDTLS_MD_CAN_SHA256 */
563 #if defined(MBEDTLS_MD_CAN_SHA384)
564 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
565 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
566 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
567 0,
568 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
569 #endif /* MBEDTLS_MD_CAN_SHA384 */
570 #endif /* MBEDTLS_SSL_HAVE_GCM */
571 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
572
573 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
574 #if defined(MBEDTLS_MD_CAN_SHA1)
575 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
576 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
577 MBEDTLS_CIPHERSUITE_WEAK,
578 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
579 #endif /* MBEDTLS_MD_CAN_SHA1 */
580 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
581 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
582
583 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
584 #if defined(MBEDTLS_SSL_HAVE_AES)
585 #if defined(MBEDTLS_MD_CAN_SHA384) && \
586 defined(MBEDTLS_SSL_HAVE_GCM)
587 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
588 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
589 0,
590 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
591 #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
592
593 #if defined(MBEDTLS_MD_CAN_SHA256)
594 #if defined(MBEDTLS_SSL_HAVE_GCM)
595 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
596 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
597 0,
598 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
599 #endif /* MBEDTLS_SSL_HAVE_GCM */
600
601 #if defined(MBEDTLS_SSL_HAVE_CBC)
602 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
603 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
604 0,
605 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
606
607 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
608 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
609 0,
610 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
611 #endif /* MBEDTLS_SSL_HAVE_CBC */
612 #endif /* MBEDTLS_MD_CAN_SHA256 */
613
614 #if defined(MBEDTLS_SSL_HAVE_CBC)
615 #if defined(MBEDTLS_MD_CAN_SHA1)
616 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
617 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
618 0,
619 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
620
621 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
622 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
623 0,
624 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
625 #endif /* MBEDTLS_MD_CAN_SHA1 */
626 #endif /* MBEDTLS_SSL_HAVE_CBC */
627 #if defined(MBEDTLS_SSL_HAVE_CCM)
628 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
629 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
630 0,
631 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
632 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
633 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
634 MBEDTLS_CIPHERSUITE_SHORT_TAG,
635 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
636 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
637 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
638 0,
639 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
640 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
641 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
642 MBEDTLS_CIPHERSUITE_SHORT_TAG,
643 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
644 #endif /* MBEDTLS_SSL_HAVE_CCM */
645 #endif /* MBEDTLS_SSL_HAVE_AES */
646
647 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
648 #if defined(MBEDTLS_SSL_HAVE_CBC)
649 #if defined(MBEDTLS_MD_CAN_SHA256)
650 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
651 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
652 0,
653 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
654
655 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
656 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
657 0,
658 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
659 #endif /* MBEDTLS_MD_CAN_SHA256 */
660
661 #if defined(MBEDTLS_MD_CAN_SHA1)
662 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
663 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
664 0,
665 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
666
667 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
668 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
669 0,
670 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
671 #endif /* MBEDTLS_MD_CAN_SHA1 */
672 #endif /* MBEDTLS_SSL_HAVE_CBC */
673 #if defined(MBEDTLS_SSL_HAVE_GCM)
674 #if defined(MBEDTLS_MD_CAN_SHA256)
675 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
676 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
677 0,
678 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
679 #endif /* MBEDTLS_MD_CAN_SHA256 */
680
681 #if defined(MBEDTLS_MD_CAN_SHA384)
682 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
683 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
684 0,
685 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
686 #endif /* MBEDTLS_MD_CAN_SHA384 */
687 #endif /* MBEDTLS_SSL_HAVE_GCM */
688 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
689
690 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
691
692 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
693 #if defined(MBEDTLS_SSL_HAVE_AES)
694 #if defined(MBEDTLS_MD_CAN_SHA384) && \
695 defined(MBEDTLS_SSL_HAVE_GCM)
696 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
697 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
698 0,
699 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
700 #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
701
702 #if defined(MBEDTLS_MD_CAN_SHA256)
703 #if defined(MBEDTLS_SSL_HAVE_GCM)
704 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
705 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
706 0,
707 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
708 #endif /* MBEDTLS_SSL_HAVE_GCM */
709
710 #if defined(MBEDTLS_SSL_HAVE_CBC)
711 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
712 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
713 0,
714 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
715
716 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
717 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
718 0,
719 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
720 #endif /* MBEDTLS_SSL_HAVE_CBC */
721 #endif /* MBEDTLS_MD_CAN_SHA256 */
722
723 #if defined(MBEDTLS_MD_CAN_SHA1)
724 #if defined(MBEDTLS_SSL_HAVE_CBC)
725 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
726 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
727 0,
728 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
729
730 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
731 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
732 0,
733 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
734 #endif /* MBEDTLS_SSL_HAVE_CBC */
735 #endif /* MBEDTLS_MD_CAN_SHA1 */
736 #if defined(MBEDTLS_SSL_HAVE_CCM)
737 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
738 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
739 0,
740 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
741 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
742 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
743 MBEDTLS_CIPHERSUITE_SHORT_TAG,
744 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
745 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
746 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
747 0,
748 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
749 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
750 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
751 MBEDTLS_CIPHERSUITE_SHORT_TAG,
752 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
753 #endif /* MBEDTLS_SSL_HAVE_CCM */
754 #endif /* MBEDTLS_SSL_HAVE_AES */
755
756 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
757 #if defined(MBEDTLS_SSL_HAVE_CBC)
758 #if defined(MBEDTLS_MD_CAN_SHA256)
759 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
760 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
761 0,
762 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
763
764 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
765 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
766 0,
767 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
768 #endif /* MBEDTLS_MD_CAN_SHA256 */
769
770 #if defined(MBEDTLS_MD_CAN_SHA1)
771 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
772 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
773 0,
774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
775
776 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
777 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
778 0,
779 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
780 #endif /* MBEDTLS_MD_CAN_SHA1 */
781 #endif /* MBEDTLS_SSL_HAVE_CBC */
782
783 #if defined(MBEDTLS_SSL_HAVE_GCM)
784 #if defined(MBEDTLS_MD_CAN_SHA256)
785 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
786 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
787 0,
788 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
789 #endif /* MBEDTLS_MD_CAN_SHA256 */
790
791 #if defined(MBEDTLS_MD_CAN_SHA384)
792 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
793 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
794 0,
795 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
796 #endif /* MBEDTLS_MD_CAN_SHA384 */
797 #endif /* MBEDTLS_SSL_HAVE_GCM */
798 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
799
800 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
801
802 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
803 #if defined(MBEDTLS_SSL_HAVE_AES)
804 #if defined(MBEDTLS_MD_CAN_SHA1)
805 #if defined(MBEDTLS_SSL_HAVE_CBC)
806 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
807 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
808 0,
809 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
810 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
811 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
812 0,
813 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
814 #endif /* MBEDTLS_SSL_HAVE_CBC */
815 #endif /* MBEDTLS_MD_CAN_SHA1 */
816 #if defined(MBEDTLS_MD_CAN_SHA256)
817 #if defined(MBEDTLS_SSL_HAVE_CBC)
818 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
819 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
820 0,
821 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
822 #endif /* MBEDTLS_SSL_HAVE_CBC */
823 #if defined(MBEDTLS_SSL_HAVE_GCM)
824 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
825 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
826 0,
827 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
828 #endif /* MBEDTLS_SSL_HAVE_GCM */
829 #endif /* MBEDTLS_MD_CAN_SHA256 */
830 #if defined(MBEDTLS_MD_CAN_SHA384)
831 #if defined(MBEDTLS_SSL_HAVE_CBC)
832 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
833 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
834 0,
835 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
836 #endif /* MBEDTLS_SSL_HAVE_CBC */
837 #if defined(MBEDTLS_SSL_HAVE_GCM)
838 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
839 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
840 0,
841 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
842 #endif /* MBEDTLS_SSL_HAVE_GCM */
843 #endif /* MBEDTLS_MD_CAN_SHA384 */
844 #endif /* MBEDTLS_SSL_HAVE_AES */
845
846 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
847 #if defined(MBEDTLS_SSL_HAVE_CBC)
848 #if defined(MBEDTLS_MD_CAN_SHA256)
849 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
850 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
851 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
852 0,
853 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
854 #endif /* MBEDTLS_MD_CAN_SHA256 */
855 #if defined(MBEDTLS_MD_CAN_SHA384)
856 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
857 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
858 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
859 0,
860 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
861 #endif /* MBEDTLS_MD_CAN_SHA384 */
862 #endif /* MBEDTLS_SSL_HAVE_CBC */
863
864 #if defined(MBEDTLS_SSL_HAVE_GCM)
865 #if defined(MBEDTLS_MD_CAN_SHA256)
866 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
867 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
868 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
869 0,
870 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
871 #endif /* MBEDTLS_MD_CAN_SHA256 */
872 #if defined(MBEDTLS_MD_CAN_SHA384)
873 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
874 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
875 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
876 0,
877 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
878 #endif /* MBEDTLS_MD_CAN_SHA384 */
879 #endif /* MBEDTLS_SSL_HAVE_GCM */
880 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
881
882 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
883 #if defined(MBEDTLS_MD_CAN_SHA1)
884 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
885 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
886 MBEDTLS_CIPHERSUITE_WEAK,
887 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
888 #endif /* MBEDTLS_MD_CAN_SHA1 */
889 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
890 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
891
892 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
893 #if defined(MBEDTLS_SSL_HAVE_AES)
894 #if defined(MBEDTLS_MD_CAN_SHA1)
895 #if defined(MBEDTLS_SSL_HAVE_CBC)
896 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
897 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
898 0,
899 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
900 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
901 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
902 0,
903 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
904 #endif /* MBEDTLS_SSL_HAVE_CBC */
905 #endif /* MBEDTLS_MD_CAN_SHA1 */
906 #if defined(MBEDTLS_MD_CAN_SHA256)
907 #if defined(MBEDTLS_SSL_HAVE_CBC)
908 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
909 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
910 0,
911 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
912 #endif /* MBEDTLS_SSL_HAVE_CBC */
913 #if defined(MBEDTLS_SSL_HAVE_GCM)
914 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
915 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
916 0,
917 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
918 #endif /* MBEDTLS_SSL_HAVE_GCM */
919 #endif /* MBEDTLS_MD_CAN_SHA256 */
920 #if defined(MBEDTLS_MD_CAN_SHA384)
921 #if defined(MBEDTLS_SSL_HAVE_CBC)
922 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
923 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
924 0,
925 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
926 #endif /* MBEDTLS_SSL_HAVE_CBC */
927 #if defined(MBEDTLS_SSL_HAVE_GCM)
928 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
929 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
930 0,
931 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
932 #endif /* MBEDTLS_SSL_HAVE_GCM */
933 #endif /* MBEDTLS_MD_CAN_SHA384 */
934 #endif /* MBEDTLS_SSL_HAVE_AES */
935
936 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
937 #if defined(MBEDTLS_SSL_HAVE_CBC)
938 #if defined(MBEDTLS_MD_CAN_SHA256)
939 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
940 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
941 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
942 0,
943 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
944 #endif /* MBEDTLS_MD_CAN_SHA256 */
945 #if defined(MBEDTLS_MD_CAN_SHA384)
946 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
947 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
948 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
949 0,
950 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
951 #endif /* MBEDTLS_MD_CAN_SHA384 */
952 #endif /* MBEDTLS_SSL_HAVE_CBC */
953
954 #if defined(MBEDTLS_SSL_HAVE_GCM)
955 #if defined(MBEDTLS_MD_CAN_SHA256)
956 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
957 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
958 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
959 0,
960 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
961 #endif /* MBEDTLS_MD_CAN_SHA256 */
962 #if defined(MBEDTLS_MD_CAN_SHA384)
963 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
964 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
965 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
966 0,
967 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
968 #endif /* MBEDTLS_MD_CAN_SHA384 */
969 #endif /* MBEDTLS_SSL_HAVE_GCM */
970 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
971
972 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
973 #if defined(MBEDTLS_MD_CAN_SHA1)
974 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
975 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
976 MBEDTLS_CIPHERSUITE_WEAK,
977 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
978 #endif /* MBEDTLS_MD_CAN_SHA1 */
979 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
980 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
981
982 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
983 #if defined(MBEDTLS_SSL_HAVE_AES)
984 #if defined(MBEDTLS_SSL_HAVE_GCM)
985 #if defined(MBEDTLS_MD_CAN_SHA256)
986 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
987 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
988 0,
989 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
990 #endif /* MBEDTLS_MD_CAN_SHA256 */
991
992 #if defined(MBEDTLS_MD_CAN_SHA384)
993 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
994 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
995 0,
996 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
997 #endif /* MBEDTLS_MD_CAN_SHA384 */
998 #endif /* MBEDTLS_SSL_HAVE_GCM */
999
1000 #if defined(MBEDTLS_SSL_HAVE_CBC)
1001 #if defined(MBEDTLS_MD_CAN_SHA256)
1002 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
1003 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1004 0,
1005 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1006 #endif /* MBEDTLS_MD_CAN_SHA256 */
1007
1008 #if defined(MBEDTLS_MD_CAN_SHA384)
1009 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1010 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1011 0,
1012 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1013 #endif /* MBEDTLS_MD_CAN_SHA384 */
1014
1015 #if defined(MBEDTLS_MD_CAN_SHA1)
1016 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1017 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1018 0,
1019 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1020
1021 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1022 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1023 0,
1024 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1025 #endif /* MBEDTLS_MD_CAN_SHA1 */
1026 #endif /* MBEDTLS_SSL_HAVE_CBC */
1027 #if defined(MBEDTLS_SSL_HAVE_CCM)
1028 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1029 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1030 0,
1031 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1032 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1033 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1034 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1035 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1036 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1037 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1038 0,
1039 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1040 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1041 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1042 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1043 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1044 #endif /* MBEDTLS_SSL_HAVE_CCM */
1045 #endif /* MBEDTLS_SSL_HAVE_AES */
1046
1047 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1048 #if defined(MBEDTLS_SSL_HAVE_CBC)
1049 #if defined(MBEDTLS_MD_CAN_SHA256)
1050 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1051 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1052 0,
1053 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1054 #endif /* MBEDTLS_MD_CAN_SHA256 */
1055
1056 #if defined(MBEDTLS_MD_CAN_SHA384)
1057 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1058 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1059 0,
1060 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1061 #endif /* MBEDTLS_MD_CAN_SHA384 */
1062 #endif /* MBEDTLS_SSL_HAVE_CBC */
1063
1064 #if defined(MBEDTLS_SSL_HAVE_GCM)
1065 #if defined(MBEDTLS_MD_CAN_SHA256)
1066 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1067 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1068 0,
1069 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1070 #endif /* MBEDTLS_MD_CAN_SHA256 */
1071
1072 #if defined(MBEDTLS_MD_CAN_SHA384)
1073 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1074 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1075 0,
1076 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1077 #endif /* MBEDTLS_MD_CAN_SHA384 */
1078 #endif /* MBEDTLS_SSL_HAVE_GCM */
1079 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
1080
1081 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1082
1083 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1084 #if defined(MBEDTLS_SSL_HAVE_AES)
1085 #if defined(MBEDTLS_SSL_HAVE_GCM)
1086 #if defined(MBEDTLS_MD_CAN_SHA256)
1087 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1088 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1089 0,
1090 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1091 #endif /* MBEDTLS_MD_CAN_SHA256 */
1092
1093 #if defined(MBEDTLS_MD_CAN_SHA384)
1094 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1095 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1096 0,
1097 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1098 #endif /* MBEDTLS_MD_CAN_SHA384 */
1099 #endif /* MBEDTLS_SSL_HAVE_GCM */
1100
1101 #if defined(MBEDTLS_SSL_HAVE_CBC)
1102 #if defined(MBEDTLS_MD_CAN_SHA256)
1103 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1104 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1105 0,
1106 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1107 #endif /* MBEDTLS_MD_CAN_SHA256 */
1108
1109 #if defined(MBEDTLS_MD_CAN_SHA384)
1110 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1111 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1112 0,
1113 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1114 #endif /* MBEDTLS_MD_CAN_SHA384 */
1115
1116 #if defined(MBEDTLS_MD_CAN_SHA1)
1117 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1118 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1119 0,
1120 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1121
1122 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1123 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1124 0,
1125 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1126 #endif /* MBEDTLS_MD_CAN_SHA1 */
1127 #endif /* MBEDTLS_SSL_HAVE_CBC */
1128 #if defined(MBEDTLS_SSL_HAVE_CCM)
1129 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1130 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1131 0,
1132 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1133 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1134 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1135 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1136 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1137 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1138 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1139 0,
1140 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1141 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1142 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1143 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1144 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1145 #endif /* MBEDTLS_SSL_HAVE_CCM */
1146 #endif /* MBEDTLS_SSL_HAVE_AES */
1147
1148 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1149 #if defined(MBEDTLS_SSL_HAVE_CBC)
1150 #if defined(MBEDTLS_MD_CAN_SHA256)
1151 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1152 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1153 0,
1154 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1155 #endif /* MBEDTLS_MD_CAN_SHA256 */
1156
1157 #if defined(MBEDTLS_MD_CAN_SHA384)
1158 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1159 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1160 0,
1161 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1162 #endif /* MBEDTLS_MD_CAN_SHA384 */
1163 #endif /* MBEDTLS_SSL_HAVE_CBC */
1164
1165 #if defined(MBEDTLS_SSL_HAVE_GCM)
1166 #if defined(MBEDTLS_MD_CAN_SHA256)
1167 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1168 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1169 0,
1170 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1171 #endif /* MBEDTLS_MD_CAN_SHA256 */
1172
1173 #if defined(MBEDTLS_MD_CAN_SHA384)
1174 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1175 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1176 0,
1177 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1178 #endif /* MBEDTLS_MD_CAN_SHA384 */
1179 #endif /* MBEDTLS_SSL_HAVE_GCM */
1180 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
1181
1182 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1183
1184 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1185 #if defined(MBEDTLS_SSL_HAVE_AES)
1186
1187 #if defined(MBEDTLS_SSL_HAVE_CBC)
1188 #if defined(MBEDTLS_MD_CAN_SHA256)
1189 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1190 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1191 0,
1192 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1193 #endif /* MBEDTLS_MD_CAN_SHA256 */
1194
1195 #if defined(MBEDTLS_MD_CAN_SHA384)
1196 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1197 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1198 0,
1199 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1200 #endif /* MBEDTLS_MD_CAN_SHA384 */
1201
1202 #if defined(MBEDTLS_MD_CAN_SHA1)
1203 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1204 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1205 0,
1206 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1207
1208 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1209 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1210 0,
1211 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1212 #endif /* MBEDTLS_MD_CAN_SHA1 */
1213 #endif /* MBEDTLS_SSL_HAVE_CBC */
1214 #endif /* MBEDTLS_SSL_HAVE_AES */
1215
1216 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1217 #if defined(MBEDTLS_SSL_HAVE_CBC)
1218 #if defined(MBEDTLS_MD_CAN_SHA256)
1219 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
1220 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1221 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1222 0,
1223 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1224 #endif /* MBEDTLS_MD_CAN_SHA256 */
1225
1226 #if defined(MBEDTLS_MD_CAN_SHA384)
1227 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
1228 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1229 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1230 0,
1231 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1232 #endif /* MBEDTLS_MD_CAN_SHA384 */
1233 #endif /* MBEDTLS_SSL_HAVE_CBC */
1234 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
1235
1236 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1237
1238 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1239 #if defined(MBEDTLS_SSL_HAVE_AES)
1240 #if defined(MBEDTLS_SSL_HAVE_GCM)
1241 #if defined(MBEDTLS_MD_CAN_SHA256)
1242 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1243 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1244 0,
1245 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1246 #endif /* MBEDTLS_MD_CAN_SHA256 */
1247
1248 #if defined(MBEDTLS_MD_CAN_SHA384)
1249 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1250 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1251 0,
1252 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1253 #endif /* MBEDTLS_MD_CAN_SHA384 */
1254 #endif /* MBEDTLS_SSL_HAVE_GCM */
1255
1256 #if defined(MBEDTLS_SSL_HAVE_CBC)
1257 #if defined(MBEDTLS_MD_CAN_SHA256)
1258 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1259 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1260 0,
1261 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1262 #endif /* MBEDTLS_MD_CAN_SHA256 */
1263
1264 #if defined(MBEDTLS_MD_CAN_SHA384)
1265 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1266 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1267 0,
1268 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1269 #endif /* MBEDTLS_MD_CAN_SHA384 */
1270
1271 #if defined(MBEDTLS_MD_CAN_SHA1)
1272 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1273 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1274 0,
1275 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1276
1277 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1278 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1279 0,
1280 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1281 #endif /* MBEDTLS_MD_CAN_SHA1 */
1282 #endif /* MBEDTLS_SSL_HAVE_CBC */
1283 #endif /* MBEDTLS_SSL_HAVE_AES */
1284
1285 #if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
1286 #if defined(MBEDTLS_SSL_HAVE_CBC)
1287 #if defined(MBEDTLS_MD_CAN_SHA256)
1288 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1289 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1290 0,
1291 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1292 #endif /* MBEDTLS_MD_CAN_SHA256 */
1293
1294 #if defined(MBEDTLS_MD_CAN_SHA384)
1295 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1296 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1297 0,
1298 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1299 #endif /* MBEDTLS_MD_CAN_SHA384 */
1300 #endif /* MBEDTLS_SSL_HAVE_CBC */
1301
1302 #if defined(MBEDTLS_SSL_HAVE_GCM)
1303 #if defined(MBEDTLS_MD_CAN_SHA256)
1304 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1305 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1306 0,
1307 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1308 #endif /* MBEDTLS_MD_CAN_SHA256 */
1309
1310 #if defined(MBEDTLS_MD_CAN_SHA384)
1311 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1312 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1313 0,
1314 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1315 #endif /* MBEDTLS_MD_CAN_SHA384 */
1316 #endif /* MBEDTLS_SSL_HAVE_GCM */
1317 #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
1318
1319 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1320
1321 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1322 #if defined(MBEDTLS_SSL_HAVE_AES)
1323 #if defined(MBEDTLS_SSL_HAVE_CCM)
1324 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1325 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
1326 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1327 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1328 #endif /* MBEDTLS_SSL_HAVE_CCM */
1329 #endif /* MBEDTLS_SSL_HAVE_AES */
1330 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1331
1332 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1333 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1334 #if defined(MBEDTLS_MD_CAN_MD5)
1335 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1336 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
1337 MBEDTLS_CIPHERSUITE_WEAK,
1338 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1339 #endif
1340
1341 #if defined(MBEDTLS_MD_CAN_SHA1)
1342 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1343 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
1344 MBEDTLS_CIPHERSUITE_WEAK,
1345 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1346 #endif
1347
1348 #if defined(MBEDTLS_MD_CAN_SHA256)
1349 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1350 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1351 MBEDTLS_CIPHERSUITE_WEAK,
1352 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1353 #endif
1354 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1355
1356 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1357 #if defined(MBEDTLS_MD_CAN_SHA1)
1358 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1359 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1360 MBEDTLS_CIPHERSUITE_WEAK,
1361 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1362 #endif /* MBEDTLS_MD_CAN_SHA1 */
1363
1364 #if defined(MBEDTLS_MD_CAN_SHA256)
1365 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1366 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1367 MBEDTLS_CIPHERSUITE_WEAK,
1368 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1369 #endif
1370
1371 #if defined(MBEDTLS_MD_CAN_SHA384)
1372 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1373 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1374 MBEDTLS_CIPHERSUITE_WEAK,
1375 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1376 #endif /* MBEDTLS_MD_CAN_SHA384 */
1377 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1378
1379 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1380 #if defined(MBEDTLS_MD_CAN_SHA1)
1381 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1382 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1383 MBEDTLS_CIPHERSUITE_WEAK,
1384 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1385 #endif /* MBEDTLS_MD_CAN_SHA1 */
1386
1387 #if defined(MBEDTLS_MD_CAN_SHA256)
1388 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1389 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1390 MBEDTLS_CIPHERSUITE_WEAK,
1391 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1392 #endif
1393
1394 #if defined(MBEDTLS_MD_CAN_SHA384)
1395 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1396 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1397 MBEDTLS_CIPHERSUITE_WEAK,
1398 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1399 #endif /* MBEDTLS_MD_CAN_SHA384 */
1400 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1401
1402 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1403 #if defined(MBEDTLS_MD_CAN_SHA1)
1404 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1405 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1406 MBEDTLS_CIPHERSUITE_WEAK,
1407 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1408 #endif /* MBEDTLS_MD_CAN_SHA1 */
1409
1410 #if defined(MBEDTLS_MD_CAN_SHA256)
1411 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1412 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1413 MBEDTLS_CIPHERSUITE_WEAK,
1414 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1415 #endif
1416
1417 #if defined(MBEDTLS_MD_CAN_SHA384)
1418 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1419 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1420 MBEDTLS_CIPHERSUITE_WEAK,
1421 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1422 #endif /* MBEDTLS_MD_CAN_SHA384 */
1423 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1424
1425 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1426 #if defined(MBEDTLS_MD_CAN_SHA1)
1427 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1428 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1429 MBEDTLS_CIPHERSUITE_WEAK,
1430 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1431 #endif /* MBEDTLS_MD_CAN_SHA1 */
1432
1433 #if defined(MBEDTLS_MD_CAN_SHA256)
1434 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1435 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1436 MBEDTLS_CIPHERSUITE_WEAK,
1437 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1438 #endif
1439
1440 #if defined(MBEDTLS_MD_CAN_SHA384)
1441 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1442 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1443 MBEDTLS_CIPHERSUITE_WEAK,
1444 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1445 #endif /* MBEDTLS_MD_CAN_SHA384 */
1446 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1447 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
1448
1449 #if defined(MBEDTLS_SSL_HAVE_ARIA)
1450
1451 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1452
1453 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1454 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
1455 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
1456 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1457 0,
1458 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1459 #endif
1460 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1461 defined(MBEDTLS_MD_CAN_SHA384))
1462 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
1463 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
1464 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1465 0,
1466 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1467 #endif
1468 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1469 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
1470 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
1471 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1472 0,
1473 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1474 #endif
1475 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1476 defined(MBEDTLS_MD_CAN_SHA256))
1477 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
1478 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
1479 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1480 0,
1481 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1482 #endif
1483
1484 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1485
1486 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1487
1488 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1489 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
1490 "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
1491 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1492 0,
1493 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1494 #endif
1495 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1496 defined(MBEDTLS_MD_CAN_SHA384))
1497 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
1498 "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
1499 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1500 0,
1501 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1502 #endif
1503 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1504 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
1505 "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
1506 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1507 0,
1508 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1509 #endif
1510 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1511 defined(MBEDTLS_MD_CAN_SHA256))
1512 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
1513 "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
1514 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1515 0,
1516 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1517 #endif
1518
1519 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1520
1521 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1522
1523 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1524 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
1525 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1526 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1527 0,
1528 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1529 #endif
1530 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1531 defined(MBEDTLS_MD_CAN_SHA384))
1532 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
1533 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
1534 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1535 0,
1536 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1537 #endif
1538 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1539 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
1540 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
1541 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1542 0,
1543 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1544 #endif
1545 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1546 defined(MBEDTLS_MD_CAN_SHA256))
1547 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
1548 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
1549 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1550 0,
1551 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1552 #endif
1553
1554 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1555
1556 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1557
1558 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1559 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
1560 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
1561 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1562 0,
1563 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1564 #endif
1565 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1566 defined(MBEDTLS_MD_CAN_SHA384))
1567 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
1568 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
1569 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1570 0,
1571 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1572 #endif
1573 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1574 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
1575 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
1576 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1577 0,
1578 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1579 #endif
1580 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1581 defined(MBEDTLS_MD_CAN_SHA256))
1582 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
1583 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
1584 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1585 0,
1586 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1587 #endif
1588
1589 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1590
1591 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1592
1593 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1594 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
1595 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
1596 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1597 0,
1598 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1599 #endif
1600 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1601 defined(MBEDTLS_MD_CAN_SHA384))
1602 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
1603 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
1604 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1605 0,
1606 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1607 #endif
1608 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1609 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
1610 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
1611 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1612 0,
1613 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1614 #endif
1615 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1616 defined(MBEDTLS_MD_CAN_SHA256))
1617 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
1618 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
1619 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1620 0,
1621 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1622 #endif
1623
1624 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1625
1626 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1627
1628 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1629 defined(MBEDTLS_MD_CAN_SHA384))
1630 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
1631 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
1632 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1633 0,
1634 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1635 #endif
1636 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1637 defined(MBEDTLS_MD_CAN_SHA256))
1638 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
1639 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
1640 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1641 0,
1642 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1643 #endif
1644
1645 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1646
1647 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1648
1649 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1650 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
1651 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
1652 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1653 0,
1654 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1655 #endif
1656 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1657 defined(MBEDTLS_MD_CAN_SHA384))
1658 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
1659 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
1660 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1661 0,
1662 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1663 #endif
1664 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1665 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
1666 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
1667 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1668 0,
1669 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1670 #endif
1671 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1672 defined(MBEDTLS_MD_CAN_SHA256))
1673 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
1674 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
1675 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1676 0,
1677 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1678 #endif
1679
1680 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1681
1682 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1683
1684 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1685 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
1686 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
1687 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1688 0,
1689 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1690 #endif
1691 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1692 defined(MBEDTLS_MD_CAN_SHA384))
1693 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
1694 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
1695 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1696 0,
1697 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1698 #endif
1699 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1700 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
1701 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
1702 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1703 0,
1704 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1705 #endif
1706 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1707 defined(MBEDTLS_MD_CAN_SHA256))
1708 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
1709 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
1710 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1711 0,
1712 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1713 #endif
1714
1715 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1716
1717 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1718
1719 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1720 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
1721 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
1722 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1723 0,
1724 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1725 #endif
1726 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1727 defined(MBEDTLS_MD_CAN_SHA384))
1728 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
1729 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
1730 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1731 0,
1732 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1733 #endif
1734 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1735 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
1736 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
1737 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1738 0,
1739 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1740 #endif
1741 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1742 defined(MBEDTLS_MD_CAN_SHA256))
1743 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
1744 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
1745 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1746 0,
1747 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1748 #endif
1749
1750 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1751
1752 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1753
1754 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
1755 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
1756 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
1757 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1758 0,
1759 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1760 #endif
1761 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1762 defined(MBEDTLS_MD_CAN_SHA384))
1763 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
1764 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
1765 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1766 0,
1767 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1768 #endif
1769 #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256))
1770 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
1771 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
1772 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1773 0,
1774 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1775 #endif
1776 #if (defined(MBEDTLS_SSL_HAVE_CBC) && \
1777 defined(MBEDTLS_MD_CAN_SHA256))
1778 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
1779 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
1780 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1781 0,
1782 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1783 #endif
1784
1785 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1786
1787 #endif /* MBEDTLS_SSL_HAVE_ARIA */
1788
1789
1790 { 0, "",
1791 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
1792 0, 0, 0 }
1793 };
1794
1795 #if defined(MBEDTLS_SSL_CIPHERSUITES)
mbedtls_ssl_list_ciphersuites(void)1796 const int *mbedtls_ssl_list_ciphersuites(void)
1797 {
1798 return ciphersuite_preference;
1799 }
1800 #else
1801 #define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
1802 sizeof(ciphersuite_definitions[0])
1803 static int supported_ciphersuites[MAX_CIPHERSUITES];
1804 static int supported_init = 0;
1805
1806 MBEDTLS_CHECK_RETURN_CRITICAL
ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t * cs_info)1807 static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
1808 {
1809 (void) cs_info;
1810
1811 return 0;
1812 }
1813
mbedtls_ssl_list_ciphersuites(void)1814 const int *mbedtls_ssl_list_ciphersuites(void)
1815 {
1816 /*
1817 * On initial call filter out all ciphersuites not supported by current
1818 * build based on presence in the ciphersuite_definitions.
1819 */
1820 if (supported_init == 0) {
1821 const int *p;
1822 int *q;
1823
1824 for (p = ciphersuite_preference, q = supported_ciphersuites;
1825 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
1826 p++) {
1827 const mbedtls_ssl_ciphersuite_t *cs_info;
1828 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1829 !ciphersuite_is_removed(cs_info)) {
1830 *(q++) = *p;
1831 }
1832 }
1833 *q = 0;
1834
1835 supported_init = 1;
1836 }
1837
1838 return supported_ciphersuites;
1839 }
1840 #endif /* MBEDTLS_SSL_CIPHERSUITES */
1841
mbedtls_ssl_ciphersuite_from_string(const char * ciphersuite_name)1842 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
1843 const char *ciphersuite_name)
1844 {
1845 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1846
1847 if (NULL == ciphersuite_name) {
1848 return NULL;
1849 }
1850
1851 while (cur->id != 0) {
1852 if (0 == strcmp(cur->name, ciphersuite_name)) {
1853 return cur;
1854 }
1855
1856 cur++;
1857 }
1858
1859 return NULL;
1860 }
1861
mbedtls_ssl_ciphersuite_from_id(int ciphersuite)1862 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
1863 {
1864 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1865
1866 while (cur->id != 0) {
1867 if (cur->id == ciphersuite) {
1868 return cur;
1869 }
1870
1871 cur++;
1872 }
1873
1874 return NULL;
1875 }
1876
mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)1877 const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
1878 {
1879 const mbedtls_ssl_ciphersuite_t *cur;
1880
1881 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
1882
1883 if (cur == NULL) {
1884 return "unknown";
1885 }
1886
1887 return cur->name;
1888 }
1889
mbedtls_ssl_get_ciphersuite_id(const char * ciphersuite_name)1890 int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
1891 {
1892 const mbedtls_ssl_ciphersuite_t *cur;
1893
1894 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
1895
1896 if (cur == NULL) {
1897 return 0;
1898 }
1899
1900 return cur->id;
1901 }
1902
mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t * info)1903 size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
1904 {
1905 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1906 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1907 psa_key_type_t key_type;
1908 psa_algorithm_t alg;
1909 size_t key_bits;
1910
1911 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
1912 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1913 &alg, &key_type, &key_bits);
1914
1915 if (status != PSA_SUCCESS) {
1916 return 0;
1917 }
1918
1919 return key_bits;
1920 #else
1921 const mbedtls_cipher_info_t * const cipher_info =
1922 mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher);
1923
1924 return mbedtls_cipher_info_get_key_bitlen(cipher_info);
1925 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1926 }
1927
1928 #if defined(MBEDTLS_PK_C)
mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t * info)1929 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
1930 {
1931 switch (info->key_exchange) {
1932 case MBEDTLS_KEY_EXCHANGE_RSA:
1933 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1934 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1935 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1936 return MBEDTLS_PK_RSA;
1937
1938 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1939 return MBEDTLS_PK_ECDSA;
1940
1941 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1942 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1943 return MBEDTLS_PK_ECKEY;
1944
1945 default:
1946 return MBEDTLS_PK_NONE;
1947 }
1948 }
1949
1950 #if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t * info)1951 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
1952 {
1953 switch (info->key_exchange) {
1954 case MBEDTLS_KEY_EXCHANGE_RSA:
1955 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1956 return PSA_ALG_RSA_PKCS1V15_CRYPT;
1957 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1958 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1959 return PSA_ALG_RSA_PKCS1V15_SIGN(
1960 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
1961
1962 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1963 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
1964
1965 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1966 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1967 return PSA_ALG_ECDH;
1968
1969 default:
1970 return PSA_ALG_NONE;
1971 }
1972 }
1973
mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t * info)1974 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
1975 {
1976 switch (info->key_exchange) {
1977 case MBEDTLS_KEY_EXCHANGE_RSA:
1978 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1979 return PSA_KEY_USAGE_DECRYPT;
1980 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1981 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1982 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1983 return PSA_KEY_USAGE_SIGN_HASH;
1984
1985 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1986 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1987 return PSA_KEY_USAGE_DERIVE;
1988
1989 default:
1990 return 0;
1991 }
1992 }
1993 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1994
mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t * info)1995 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
1996 {
1997 switch (info->key_exchange) {
1998 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1999 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2000 return MBEDTLS_PK_RSA;
2001
2002 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2003 return MBEDTLS_PK_ECDSA;
2004
2005 default:
2006 return MBEDTLS_PK_NONE;
2007 }
2008 }
2009
2010 #endif /* MBEDTLS_PK_C */
2011
2012 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
2013 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
2014 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t * info)2015 int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
2016 {
2017 switch (info->key_exchange) {
2018 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
2019 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
2020 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2021 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
2022 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
2023 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
2024 return 1;
2025
2026 default:
2027 return 0;
2028 }
2029 }
2030 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
2031 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
2032 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
2033
2034 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t * info)2035 int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
2036 {
2037 switch (info->key_exchange) {
2038 case MBEDTLS_KEY_EXCHANGE_PSK:
2039 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
2040 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
2041 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2042 return 1;
2043
2044 default:
2045 return 0;
2046 }
2047 }
2048 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
2049
2050 #endif /* MBEDTLS_SSL_TLS_C */
2051