1 /**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for mbed TLS
5 *
6 * Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #include "common.h"
23
24 #if defined(MBEDTLS_SSL_TLS_C)
25
26 #include "mbedtls/platform.h"
27
28 #include "mbedtls/ssl_ciphersuites.h"
29 #include "mbedtls/ssl.h"
30 #include "ssl_misc.h"
31
32 #include "mbedtls/legacy_or_psa.h"
33
34 #include <string.h>
35
36 /*
37 * Ordered from most preferred to least preferred in terms of security.
38 *
39 * Current rule (except weak and null which come last):
40 * 1. By key exchange:
41 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
42 * 2. By key length and cipher:
43 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
44 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
45 * 4. By hash function used when relevant
46 * 5. By key exchange/auth again: EC > non-EC
47 */
48 static const int ciphersuite_preference[] =
49 {
50 #if defined(MBEDTLS_SSL_CIPHERSUITES)
51 MBEDTLS_SSL_CIPHERSUITES,
52 #else
53 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
54 /* TLS 1.3 ciphersuites */
55 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
56 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
57 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
58 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
59 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
60 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
61
62 /* Chacha-Poly ephemeral suites */
63 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
64 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
65 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
66
67 /* All AES-256 ephemeral suites */
68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
69 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
70 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
71 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
72 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
73 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
74 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
75 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
76 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
77 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
78 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
79 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
80 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
81
82 /* All CAMELLIA-256 ephemeral suites */
83 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
84 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
85 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
86 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
87 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
88 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
89 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
90
91 /* All ARIA-256 ephemeral suites */
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
93 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
94 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
95 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
96 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
97 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
98
99 /* All AES-128 ephemeral suites */
100 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
101 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
102 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
103 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
104 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
105 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
106 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
107 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
108 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
109 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
110 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
111 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
112 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
113
114 /* All CAMELLIA-128 ephemeral suites */
115 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
116 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
117 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
118 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
119 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
120 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
121 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
122
123 /* All ARIA-128 ephemeral suites */
124 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
125 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
126 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
127 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
128 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
129 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
130
131 /* The PSK ephemeral suites */
132 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
133 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
134 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
135 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
136 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
137 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
138 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
139 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
140 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
141 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
142 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
143 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
144 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
145 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
146 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
147
148 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
149 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
150 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
151 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
152 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
153 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
154 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
155 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
156 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
157 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
158 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
159 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
160 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
161
162 /* The ECJPAKE suite */
163 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
164
165 /* All AES-256 suites */
166 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
167 MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
168 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
169 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
170 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
171 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
172 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
173 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
174 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
175 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
176 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
177
178 /* All CAMELLIA-256 suites */
179 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
180 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
181 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
182 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
183 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
184 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
185 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
186
187 /* All ARIA-256 suites */
188 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
189 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
190 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
191 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
192 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
193 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
194
195 /* All AES-128 suites */
196 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
197 MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
198 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
199 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
200 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
201 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
202 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
203 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
204 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
205 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
206 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
207
208 /* All CAMELLIA-128 suites */
209 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
210 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
211 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
212 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
213 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
214 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
215 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
216
217 /* All ARIA-128 suites */
218 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
219 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
220 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
221 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
222 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
223 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
224
225 /* The RSA PSK suites */
226 MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
227 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
228 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
229 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
230 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
231 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
232 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
233 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
234
235 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
236 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
237 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
238 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
239 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
240 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
241 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
242
243 /* The PSK suites */
244 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
245 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
246 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
247 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
248 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
249 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
250 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
251 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
252 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
253 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
254
255 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
256 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
257 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
258 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
259 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
260 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
261 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
262 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
263 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
264
265 /* NULL suites */
266 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
267 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
268 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
269 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
270 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
271 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
272 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
273 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
274
275 MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
276 MBEDTLS_TLS_RSA_WITH_NULL_SHA,
277 MBEDTLS_TLS_RSA_WITH_NULL_MD5,
278 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
279 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
280 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
281 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
282 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
283 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
284 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
285 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
286
287 #endif /* MBEDTLS_SSL_CIPHERSUITES */
288 0
289 };
290
291 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
292 {
293 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
294 #if defined(MBEDTLS_AES_C)
295 #if defined(MBEDTLS_GCM_C)
296 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
297 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
298 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
299 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
300 0,
301 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
302 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
303 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
304 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
305 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
306 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
307 0,
308 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
309 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
310 #endif /* MBEDTLS_GCM_C */
311 #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
312 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
313 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
314 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
315 0,
316 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
317 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
318 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
319 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
320 MBEDTLS_CIPHERSUITE_SHORT_TAG,
321 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
322 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_CCM_C */
323 #endif /* MBEDTLS_AES_C */
324 #if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
325 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
326 "TLS1-3-CHACHA20-POLY1305-SHA256",
327 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
328 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
329 0,
330 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
331 #endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
332 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
333
334 #if defined(MBEDTLS_CHACHAPOLY_C) && \
335 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
336 defined(MBEDTLS_SSL_PROTO_TLS1_2)
337 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
338 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
339 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
340 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
341 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
342 0,
343 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
344 #endif
345 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
346 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
347 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
348 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
349 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
350 0,
351 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
352 #endif
353 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
354 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
355 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
356 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
357 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
358 0,
359 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
360 #endif
361 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
362 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
363 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
364 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
365 MBEDTLS_KEY_EXCHANGE_PSK,
366 0,
367 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
368 #endif
369 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
370 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
371 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
372 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
373 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
374 0,
375 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
376 #endif
377 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
378 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
379 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
380 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
381 MBEDTLS_KEY_EXCHANGE_DHE_PSK,
382 0,
383 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
384 #endif
385 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
386 { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
387 "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
388 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
389 MBEDTLS_KEY_EXCHANGE_RSA_PSK,
390 0,
391 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
392 #endif
393 #endif /* MBEDTLS_CHACHAPOLY_C &&
394 MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA &&
395 MBEDTLS_SSL_PROTO_TLS1_2 */
396 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
397 #if defined(MBEDTLS_AES_C)
398 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
399 #if defined(MBEDTLS_CIPHER_MODE_CBC)
400 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
401 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
402 0,
403 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
404 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
405 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
406 0,
407 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
408 #endif /* MBEDTLS_CIPHER_MODE_CBC */
409 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
410 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
411 #if defined(MBEDTLS_CIPHER_MODE_CBC)
412 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
413 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
414 0,
415 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
416 #endif /* MBEDTLS_CIPHER_MODE_CBC */
417 #if defined(MBEDTLS_GCM_C)
418 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
419 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
420 0,
421 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
422 #endif /* MBEDTLS_GCM_C */
423 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
424 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
425 #if defined(MBEDTLS_CIPHER_MODE_CBC)
426 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
427 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
428 0,
429 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
430 #endif /* MBEDTLS_CIPHER_MODE_CBC */
431 #if defined(MBEDTLS_GCM_C)
432 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
433 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
434 0,
435 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
436 #endif /* MBEDTLS_GCM_C */
437 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
438 #if defined(MBEDTLS_CCM_C)
439 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
440 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
441 0,
442 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
443 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
444 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
445 MBEDTLS_CIPHERSUITE_SHORT_TAG,
446 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
447 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
448 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
449 0,
450 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
451 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
452 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
453 MBEDTLS_CIPHERSUITE_SHORT_TAG,
454 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
455 #endif /* MBEDTLS_CCM_C */
456 #endif /* MBEDTLS_AES_C */
457
458 #if defined(MBEDTLS_CAMELLIA_C)
459 #if defined(MBEDTLS_CIPHER_MODE_CBC)
460 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
461 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
462 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
463 0,
464 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
465 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
466 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
467 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
468 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
469 0,
470 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
471 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
472 #endif /* MBEDTLS_CIPHER_MODE_CBC */
473
474 #if defined(MBEDTLS_GCM_C)
475 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
476 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
477 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
478 0,
479 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
480 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
481 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
482 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
483 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
484 0,
485 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
486 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
487 #endif /* MBEDTLS_GCM_C */
488 #endif /* MBEDTLS_CAMELLIA_C */
489
490 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
491 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
492 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
493 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
494 MBEDTLS_CIPHERSUITE_WEAK,
495 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
496 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
497 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
498 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
499
500 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
501 #if defined(MBEDTLS_AES_C)
502 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
503 #if defined(MBEDTLS_CIPHER_MODE_CBC)
504 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
505 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
506 0,
507 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
508 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
509 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
510 0,
511 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
512 #endif /* MBEDTLS_CIPHER_MODE_CBC */
513 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
514 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
515 #if defined(MBEDTLS_CIPHER_MODE_CBC)
516 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
517 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
518 0,
519 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
520 #endif /* MBEDTLS_CIPHER_MODE_CBC */
521 #if defined(MBEDTLS_GCM_C)
522 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
523 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
524 0,
525 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
526 #endif /* MBEDTLS_GCM_C */
527 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
528 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
529 #if defined(MBEDTLS_CIPHER_MODE_CBC)
530 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
531 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
532 0,
533 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
534 #endif /* MBEDTLS_CIPHER_MODE_CBC */
535 #if defined(MBEDTLS_GCM_C)
536 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
537 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
538 0,
539 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
540 #endif /* MBEDTLS_GCM_C */
541 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
542 #endif /* MBEDTLS_AES_C */
543
544 #if defined(MBEDTLS_CAMELLIA_C)
545 #if defined(MBEDTLS_CIPHER_MODE_CBC)
546 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
547 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
548 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
549 0,
550 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
551 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
552 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
553 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
554 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
555 0,
556 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
557 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
558 #endif /* MBEDTLS_CIPHER_MODE_CBC */
559
560 #if defined(MBEDTLS_GCM_C)
561 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
562 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
563 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
564 0,
565 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
566 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
567 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
568 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
569 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
570 0,
571 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
572 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
573 #endif /* MBEDTLS_GCM_C */
574 #endif /* MBEDTLS_CAMELLIA_C */
575
576 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
577 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
578 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
579 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
580 MBEDTLS_CIPHERSUITE_WEAK,
581 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
582 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
583 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
584 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
585
586 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
587 #if defined(MBEDTLS_AES_C)
588 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
589 defined(MBEDTLS_GCM_C)
590 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
591 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
592 0,
593 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
594 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_GCM_C */
595
596 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
597 #if defined(MBEDTLS_GCM_C)
598 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
599 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
600 0,
601 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
602 #endif /* MBEDTLS_GCM_C */
603
604 #if defined(MBEDTLS_CIPHER_MODE_CBC)
605 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
606 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
607 0,
608 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
609
610 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
611 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
612 0,
613 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
614 #endif /* MBEDTLS_CIPHER_MODE_CBC */
615 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
616
617 #if defined(MBEDTLS_CIPHER_MODE_CBC)
618 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
619 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
620 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
621 0,
622 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
623
624 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
625 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
626 0,
627 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
628 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
629 #endif /* MBEDTLS_CIPHER_MODE_CBC */
630 #if defined(MBEDTLS_CCM_C)
631 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
632 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
633 0,
634 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
635 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
636 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
637 MBEDTLS_CIPHERSUITE_SHORT_TAG,
638 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
639 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
640 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
641 0,
642 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
643 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
644 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
645 MBEDTLS_CIPHERSUITE_SHORT_TAG,
646 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
647 #endif /* MBEDTLS_CCM_C */
648 #endif /* MBEDTLS_AES_C */
649
650 #if defined(MBEDTLS_CAMELLIA_C)
651 #if defined(MBEDTLS_CIPHER_MODE_CBC)
652 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
653 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
654 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
655 0,
656 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
657
658 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
659 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
660 0,
661 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
662 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
663
664 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
665 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
666 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
667 0,
668 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
669
670 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
671 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
672 0,
673 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
674 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
675 #endif /* MBEDTLS_CIPHER_MODE_CBC */
676 #if defined(MBEDTLS_GCM_C)
677 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
678 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
679 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
680 0,
681 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
682 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
683
684 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
685 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
686 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
687 0,
688 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
689 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
690 #endif /* MBEDTLS_GCM_C */
691 #endif /* MBEDTLS_CAMELLIA_C */
692
693 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
694
695 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
696 #if defined(MBEDTLS_AES_C)
697 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
698 defined(MBEDTLS_GCM_C)
699 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
700 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
701 0,
702 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
703 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_GCM_C */
704
705 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
706 #if defined(MBEDTLS_GCM_C)
707 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
708 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
709 0,
710 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
711 #endif /* MBEDTLS_GCM_C */
712
713 #if defined(MBEDTLS_CIPHER_MODE_CBC)
714 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
715 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
716 0,
717 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
718
719 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
720 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
721 0,
722 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
723 #endif /* MBEDTLS_CIPHER_MODE_CBC */
724 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
725
726 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
727 #if defined(MBEDTLS_CIPHER_MODE_CBC)
728 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
729 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
730 0,
731 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
732
733 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
734 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
735 0,
736 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
737 #endif /* MBEDTLS_CIPHER_MODE_CBC */
738 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
739 #if defined(MBEDTLS_CCM_C)
740 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
741 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
742 0,
743 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
744 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
745 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
746 MBEDTLS_CIPHERSUITE_SHORT_TAG,
747 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
748 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
749 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
750 0,
751 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
752 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
753 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
754 MBEDTLS_CIPHERSUITE_SHORT_TAG,
755 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
756 #endif /* MBEDTLS_CCM_C */
757 #endif /* MBEDTLS_AES_C */
758
759 #if defined(MBEDTLS_CAMELLIA_C)
760 #if defined(MBEDTLS_CIPHER_MODE_CBC)
761 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
762 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
763 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
764 0,
765 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
766
767 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
768 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
769 0,
770 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
771 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
772
773 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
774 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
775 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
776 0,
777 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
778
779 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
780 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
781 0,
782 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
783 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
784 #endif /* MBEDTLS_CIPHER_MODE_CBC */
785
786 #if defined(MBEDTLS_GCM_C)
787 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
788 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
789 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
790 0,
791 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
792 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
793
794 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
795 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
796 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
797 0,
798 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
799 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
800 #endif /* MBEDTLS_GCM_C */
801 #endif /* MBEDTLS_CAMELLIA_C */
802
803 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
804
805 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
806 #if defined(MBEDTLS_AES_C)
807 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
808 #if defined(MBEDTLS_CIPHER_MODE_CBC)
809 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
810 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
811 0,
812 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
813 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
814 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
815 0,
816 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
817 #endif /* MBEDTLS_CIPHER_MODE_CBC */
818 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
819 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
820 #if defined(MBEDTLS_CIPHER_MODE_CBC)
821 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
822 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
823 0,
824 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
825 #endif /* MBEDTLS_CIPHER_MODE_CBC */
826 #if defined(MBEDTLS_GCM_C)
827 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
828 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
829 0,
830 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
831 #endif /* MBEDTLS_GCM_C */
832 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
833 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
834 #if defined(MBEDTLS_CIPHER_MODE_CBC)
835 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
836 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
837 0,
838 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
839 #endif /* MBEDTLS_CIPHER_MODE_CBC */
840 #if defined(MBEDTLS_GCM_C)
841 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
842 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
843 0,
844 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
845 #endif /* MBEDTLS_GCM_C */
846 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
847 #endif /* MBEDTLS_AES_C */
848
849 #if defined(MBEDTLS_CAMELLIA_C)
850 #if defined(MBEDTLS_CIPHER_MODE_CBC)
851 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
852 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
853 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
854 0,
855 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
856 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
857 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
858 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
859 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
860 0,
861 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
862 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
863 #endif /* MBEDTLS_CIPHER_MODE_CBC */
864
865 #if defined(MBEDTLS_GCM_C)
866 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
867 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
868 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
869 0,
870 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
871 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
872 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
873 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
874 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
875 0,
876 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
877 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
878 #endif /* MBEDTLS_GCM_C */
879 #endif /* MBEDTLS_CAMELLIA_C */
880
881 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
882 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
883 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
884 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
885 MBEDTLS_CIPHERSUITE_WEAK,
886 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
887 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
888 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
889 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
890
891 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
892 #if defined(MBEDTLS_AES_C)
893 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
894 #if defined(MBEDTLS_CIPHER_MODE_CBC)
895 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
896 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
897 0,
898 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
899 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
900 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
901 0,
902 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
903 #endif /* MBEDTLS_CIPHER_MODE_CBC */
904 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
905 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
906 #if defined(MBEDTLS_CIPHER_MODE_CBC)
907 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
908 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
909 0,
910 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
911 #endif /* MBEDTLS_CIPHER_MODE_CBC */
912 #if defined(MBEDTLS_GCM_C)
913 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
914 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
915 0,
916 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
917 #endif /* MBEDTLS_GCM_C */
918 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
919 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
920 #if defined(MBEDTLS_CIPHER_MODE_CBC)
921 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
922 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
923 0,
924 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
925 #endif /* MBEDTLS_CIPHER_MODE_CBC */
926 #if defined(MBEDTLS_GCM_C)
927 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
928 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
929 0,
930 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
931 #endif /* MBEDTLS_GCM_C */
932 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
933 #endif /* MBEDTLS_AES_C */
934
935 #if defined(MBEDTLS_CAMELLIA_C)
936 #if defined(MBEDTLS_CIPHER_MODE_CBC)
937 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
938 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
939 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
940 0,
941 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
942 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
943 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
944 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
945 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
946 0,
947 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
948 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
949 #endif /* MBEDTLS_CIPHER_MODE_CBC */
950
951 #if defined(MBEDTLS_GCM_C)
952 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
953 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
954 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
955 0,
956 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
957 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
958 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
959 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
960 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
961 0,
962 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
963 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
964 #endif /* MBEDTLS_GCM_C */
965 #endif /* MBEDTLS_CAMELLIA_C */
966
967 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
968 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
969 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
970 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
971 MBEDTLS_CIPHERSUITE_WEAK,
972 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
973 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
974 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
975 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
976
977 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
978 #if defined(MBEDTLS_AES_C)
979 #if defined(MBEDTLS_GCM_C)
980 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
981 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
982 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
983 0,
984 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
985 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
986
987 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
988 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
989 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
990 0,
991 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
992 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
993 #endif /* MBEDTLS_GCM_C */
994
995 #if defined(MBEDTLS_CIPHER_MODE_CBC)
996 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
997 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
998 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
999 0,
1000 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1001 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1002
1003 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1004 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1005 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1006 0,
1007 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1008 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1009
1010 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1011 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1012 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1013 0,
1014 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1015
1016 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1017 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1018 0,
1019 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1020 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1021 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1022 #if defined(MBEDTLS_CCM_C)
1023 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1024 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1025 0,
1026 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1027 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1028 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1029 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1030 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1031 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1032 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1033 0,
1034 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1035 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1036 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1037 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1038 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1039 #endif /* MBEDTLS_CCM_C */
1040 #endif /* MBEDTLS_AES_C */
1041
1042 #if defined(MBEDTLS_CAMELLIA_C)
1043 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1044 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1045 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1046 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1047 0,
1048 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1049 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1050
1051 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1052 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1053 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1054 0,
1055 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1056 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1057 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1058
1059 #if defined(MBEDTLS_GCM_C)
1060 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1061 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1062 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1063 0,
1064 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1065 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1066
1067 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1068 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1069 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1070 0,
1071 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1072 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1073 #endif /* MBEDTLS_GCM_C */
1074 #endif /* MBEDTLS_CAMELLIA_C */
1075
1076 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1077
1078 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1079 #if defined(MBEDTLS_AES_C)
1080 #if defined(MBEDTLS_GCM_C)
1081 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1082 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1083 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1084 0,
1085 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1086 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1087
1088 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1089 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1090 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1091 0,
1092 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1093 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1094 #endif /* MBEDTLS_GCM_C */
1095
1096 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1097 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1098 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1099 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1100 0,
1101 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1102 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1103
1104 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1105 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1106 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1107 0,
1108 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1109 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1110
1111 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1112 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1113 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1114 0,
1115 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1116
1117 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1118 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1119 0,
1120 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1121 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1122 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1123 #if defined(MBEDTLS_CCM_C)
1124 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1125 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1126 0,
1127 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1128 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1129 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1130 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1131 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1132 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1133 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1134 0,
1135 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1136 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1137 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1138 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1139 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1140 #endif /* MBEDTLS_CCM_C */
1141 #endif /* MBEDTLS_AES_C */
1142
1143 #if defined(MBEDTLS_CAMELLIA_C)
1144 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1145 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1146 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1147 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1148 0,
1149 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1150 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1151
1152 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1153 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1154 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1155 0,
1156 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1157 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1158 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1159
1160 #if defined(MBEDTLS_GCM_C)
1161 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1162 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1163 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1164 0,
1165 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1166 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1167
1168 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1169 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1170 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1171 0,
1172 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1173 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1174 #endif /* MBEDTLS_GCM_C */
1175 #endif /* MBEDTLS_CAMELLIA_C */
1176
1177 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1178
1179 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1180 #if defined(MBEDTLS_AES_C)
1181
1182 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1183 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1184 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1185 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1186 0,
1187 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1188 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1189
1190 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1191 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1192 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1193 0,
1194 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1195 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1196
1197 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1198 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1199 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1200 0,
1201 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1202
1203 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1204 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1205 0,
1206 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1207 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1208 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1209 #endif /* MBEDTLS_AES_C */
1210
1211 #if defined(MBEDTLS_CAMELLIA_C)
1212 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1213 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1214 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1215 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1216 0,
1217 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1218 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1219
1220 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1221 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1222 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1223 0,
1224 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1225 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1226 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1227 #endif /* MBEDTLS_CAMELLIA_C */
1228
1229 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1230
1231 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1232 #if defined(MBEDTLS_AES_C)
1233 #if defined(MBEDTLS_GCM_C)
1234 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1235 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1236 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1237 0,
1238 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1239 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1240
1241 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1242 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1243 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1244 0,
1245 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1246 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1247 #endif /* MBEDTLS_GCM_C */
1248
1249 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1250 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1251 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1252 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1253 0,
1254 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1255 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1256
1257 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1258 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1259 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1260 0,
1261 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1262 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1263
1264 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1265 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1266 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1267 0,
1268 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1269
1270 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1271 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1272 0,
1273 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1274 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1275 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1276 #endif /* MBEDTLS_AES_C */
1277
1278 #if defined(MBEDTLS_CAMELLIA_C)
1279 #if defined(MBEDTLS_CIPHER_MODE_CBC)
1280 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1281 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1282 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1283 0,
1284 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1285 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1286
1287 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1288 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1289 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1290 0,
1291 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1292 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1293 #endif /* MBEDTLS_CIPHER_MODE_CBC */
1294
1295 #if defined(MBEDTLS_GCM_C)
1296 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1297 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1298 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1299 0,
1300 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1301 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1302
1303 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1304 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1305 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1306 0,
1307 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1308 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1309 #endif /* MBEDTLS_GCM_C */
1310 #endif /* MBEDTLS_CAMELLIA_C */
1311
1312 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1313
1314 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1315 #if defined(MBEDTLS_AES_C)
1316 #if defined(MBEDTLS_CCM_C)
1317 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
1318 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
1319 MBEDTLS_CIPHERSUITE_SHORT_TAG,
1320 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1321 #endif /* MBEDTLS_CCM_C */
1322 #endif /* MBEDTLS_AES_C */
1323 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
1324
1325 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
1326 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1327 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1328 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1329 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
1330 MBEDTLS_CIPHERSUITE_WEAK,
1331 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1332 #endif
1333
1334 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1335 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1336 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
1337 MBEDTLS_CIPHERSUITE_WEAK,
1338 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1339 #endif
1340
1341 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1342 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1343 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1344 MBEDTLS_CIPHERSUITE_WEAK,
1345 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1346 #endif
1347 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1348
1349 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1350 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1351 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1352 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
1353 MBEDTLS_CIPHERSUITE_WEAK,
1354 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1355 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1356
1357 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1358 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1359 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1360 MBEDTLS_CIPHERSUITE_WEAK,
1361 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1362 #endif
1363
1364 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1365 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1366 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1367 MBEDTLS_CIPHERSUITE_WEAK,
1368 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1369 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1370 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1371
1372 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1373 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1374 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1375 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1376 MBEDTLS_CIPHERSUITE_WEAK,
1377 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1378 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1379
1380 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1381 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1382 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1383 MBEDTLS_CIPHERSUITE_WEAK,
1384 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1385 #endif
1386
1387 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1388 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1389 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1390 MBEDTLS_CIPHERSUITE_WEAK,
1391 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1392 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1393 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1394
1395 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1396 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1397 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1398 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1399 MBEDTLS_CIPHERSUITE_WEAK,
1400 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1401 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1402
1403 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1404 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1405 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1406 MBEDTLS_CIPHERSUITE_WEAK,
1407 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1408 #endif
1409
1410 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1411 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1412 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1413 MBEDTLS_CIPHERSUITE_WEAK,
1414 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1415 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1416 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1417
1418 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1419 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1420 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1421 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1422 MBEDTLS_CIPHERSUITE_WEAK,
1423 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1424 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1425
1426 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1427 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1428 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1429 MBEDTLS_CIPHERSUITE_WEAK,
1430 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1431 #endif
1432
1433 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
1434 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1435 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1436 MBEDTLS_CIPHERSUITE_WEAK,
1437 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1438 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
1439 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1440 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
1441
1442 #if defined(MBEDTLS_ARIA_C)
1443
1444 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
1445
1446 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1447 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
1448 "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
1449 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1450 0,
1451 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1452 #endif
1453 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1454 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
1455 "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
1456 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
1457 0,
1458 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1459 #endif
1460 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1461 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
1462 "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
1463 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1464 0,
1465 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1466 #endif
1467 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1468 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
1469 "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
1470 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
1471 0,
1472 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1473 #endif
1474
1475 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
1476
1477 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
1478
1479 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1480 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
1481 "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
1482 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1483 0,
1484 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1485 #endif
1486 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1487 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
1488 "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
1489 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1490 0,
1491 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1492 #endif
1493 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1494 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
1495 "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
1496 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1497 0,
1498 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1499 #endif
1500 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1501 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
1502 "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
1503 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
1504 0,
1505 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1506 #endif
1507
1508 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
1509
1510 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
1511
1512 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1513 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
1514 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
1515 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK,
1516 0,
1517 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1518 #endif
1519 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1520 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
1521 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
1522 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
1523 0,
1524 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1525 #endif
1526 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1527 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
1528 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
1529 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1530 0,
1531 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1532 #endif
1533 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1534 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
1535 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
1536 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
1537 0,
1538 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1539 #endif
1540
1541 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
1542
1543 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
1544
1545 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1546 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
1547 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
1548 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1549 0,
1550 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1551 #endif
1552 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1553 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
1554 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
1555 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1556 0,
1557 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1558 #endif
1559 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1560 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
1561 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
1562 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1563 0,
1564 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1565 #endif
1566 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1567 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
1568 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
1569 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
1570 0,
1571 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1572 #endif
1573
1574 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
1575
1576 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
1577
1578 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1579 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
1580 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
1581 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1582 0,
1583 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1584 #endif
1585 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1586 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
1587 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
1588 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1589 0,
1590 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1591 #endif
1592 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1593 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
1594 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
1595 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1596 0,
1597 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1598 #endif
1599 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1600 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
1601 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
1602 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
1603 0,
1604 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1605 #endif
1606
1607 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
1608
1609 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1610
1611 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1612 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
1613 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
1614 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1615 0,
1616 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1617 #endif
1618 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1619 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
1620 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
1621 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
1622 0,
1623 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1624 #endif
1625
1626 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1627
1628 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
1629
1630 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1631 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
1632 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
1633 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1634 0,
1635 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1636 #endif
1637 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1638 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
1639 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
1640 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1641 0,
1642 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1643 #endif
1644 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1645 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
1646 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
1647 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1648 0,
1649 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1650 #endif
1651 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1652 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
1653 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
1654 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1655 0,
1656 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1657 #endif
1658
1659 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1660
1661 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1662
1663 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1664 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
1665 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
1666 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1667 0,
1668 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1669 #endif
1670 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1671 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
1672 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
1673 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1674 0,
1675 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1676 #endif
1677 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1678 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
1679 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
1680 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1681 0,
1682 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1683 #endif
1684 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1685 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
1686 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
1687 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1688 0,
1689 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1690 #endif
1691
1692 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1693
1694 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
1695
1696 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1697 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
1698 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
1699 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1700 0,
1701 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1702 #endif
1703 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1704 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
1705 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
1706 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1707 0,
1708 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1709 #endif
1710 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1711 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
1712 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
1713 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1714 0,
1715 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1716 #endif
1717 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1718 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
1719 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
1720 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
1721 0,
1722 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1723 #endif
1724
1725 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
1726
1727 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
1728
1729 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1730 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
1731 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
1732 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1733 0,
1734 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1735 #endif
1736 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1737 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
1738 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
1739 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1740 0,
1741 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1742 #endif
1743 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1744 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
1745 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
1746 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1747 0,
1748 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1749 #endif
1750 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
1751 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
1752 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
1753 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
1754 0,
1755 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1756 #endif
1757
1758 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
1759
1760 #endif /* MBEDTLS_ARIA_C */
1761
1762
1763 { 0, "",
1764 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
1765 0, 0, 0 }
1766 };
1767
1768 #if defined(MBEDTLS_SSL_CIPHERSUITES)
mbedtls_ssl_list_ciphersuites(void)1769 const int *mbedtls_ssl_list_ciphersuites( void )
1770 {
1771 return( ciphersuite_preference );
1772 }
1773 #else
1774 #define MAX_CIPHERSUITES sizeof( ciphersuite_definitions ) / \
1775 sizeof( ciphersuite_definitions[0] )
1776 static int supported_ciphersuites[MAX_CIPHERSUITES];
1777 static int supported_init = 0;
1778
1779 MBEDTLS_CHECK_RETURN_CRITICAL
ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t * cs_info)1780 static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info )
1781 {
1782 (void)cs_info;
1783
1784 return( 0 );
1785 }
1786
mbedtls_ssl_list_ciphersuites(void)1787 const int *mbedtls_ssl_list_ciphersuites( void )
1788 {
1789 /*
1790 * On initial call filter out all ciphersuites not supported by current
1791 * build based on presence in the ciphersuite_definitions.
1792 */
1793 if( supported_init == 0 )
1794 {
1795 const int *p;
1796 int *q;
1797
1798 for( p = ciphersuite_preference, q = supported_ciphersuites;
1799 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
1800 p++ )
1801 {
1802 const mbedtls_ssl_ciphersuite_t *cs_info;
1803 if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL &&
1804 !ciphersuite_is_removed( cs_info ) )
1805 {
1806 *(q++) = *p;
1807 }
1808 }
1809 *q = 0;
1810
1811 supported_init = 1;
1812 }
1813
1814 return( supported_ciphersuites );
1815 }
1816 #endif /* MBEDTLS_SSL_CIPHERSUITES */
1817
mbedtls_ssl_ciphersuite_from_string(const char * ciphersuite_name)1818 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
1819 const char *ciphersuite_name )
1820 {
1821 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1822
1823 if( NULL == ciphersuite_name )
1824 return( NULL );
1825
1826 while( cur->id != 0 )
1827 {
1828 if( 0 == strcmp( cur->name, ciphersuite_name ) )
1829 return( cur );
1830
1831 cur++;
1832 }
1833
1834 return( NULL );
1835 }
1836
mbedtls_ssl_ciphersuite_from_id(int ciphersuite)1837 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite )
1838 {
1839 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1840
1841 while( cur->id != 0 )
1842 {
1843 if( cur->id == ciphersuite )
1844 return( cur );
1845
1846 cur++;
1847 }
1848
1849 return( NULL );
1850 }
1851
mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)1852 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id )
1853 {
1854 const mbedtls_ssl_ciphersuite_t *cur;
1855
1856 cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
1857
1858 if( cur == NULL )
1859 return( "unknown" );
1860
1861 return( cur->name );
1862 }
1863
mbedtls_ssl_get_ciphersuite_id(const char * ciphersuite_name)1864 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name )
1865 {
1866 const mbedtls_ssl_ciphersuite_t *cur;
1867
1868 cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name );
1869
1870 if( cur == NULL )
1871 return( 0 );
1872
1873 return( cur->id );
1874 }
1875
mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t * info)1876 size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( const mbedtls_ssl_ciphersuite_t *info )
1877 {
1878 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1879 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1880 psa_key_type_t key_type;
1881 psa_algorithm_t alg;
1882 size_t key_bits;
1883
1884 status = mbedtls_ssl_cipher_to_psa( info->cipher,
1885 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1886 &alg, &key_type, &key_bits );
1887
1888 if( status != PSA_SUCCESS )
1889 return 0;
1890
1891 return key_bits;
1892 #else
1893 const mbedtls_cipher_info_t * const cipher_info =
1894 mbedtls_cipher_info_from_type( info->cipher );
1895
1896 return( mbedtls_cipher_info_get_key_bitlen( cipher_info ) );
1897 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1898 }
1899
1900 #if defined(MBEDTLS_PK_C)
mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t * info)1901 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info )
1902 {
1903 switch( info->key_exchange )
1904 {
1905 case MBEDTLS_KEY_EXCHANGE_RSA:
1906 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1907 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1908 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1909 return( MBEDTLS_PK_RSA );
1910
1911 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1912 return( MBEDTLS_PK_ECDSA );
1913
1914 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1915 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1916 return( MBEDTLS_PK_ECKEY );
1917
1918 default:
1919 return( MBEDTLS_PK_NONE );
1920 }
1921 }
1922
1923 #if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t * info)1924 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg( const mbedtls_ssl_ciphersuite_t *info )
1925 {
1926 switch( info->key_exchange )
1927 {
1928 case MBEDTLS_KEY_EXCHANGE_RSA:
1929 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1930 return( PSA_ALG_RSA_PKCS1V15_CRYPT );
1931 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1932 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1933 return( PSA_ALG_RSA_PKCS1V15_SIGN(
1934 mbedtls_hash_info_psa_from_md( info->mac ) ) );
1935
1936 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1937 return( PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( info->mac ) ) );
1938
1939 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1940 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1941 return( PSA_ALG_ECDH );
1942
1943 default:
1944 return( PSA_ALG_NONE );
1945 }
1946 }
1947
mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t * info)1948 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage( const mbedtls_ssl_ciphersuite_t *info )
1949 {
1950 switch( info->key_exchange )
1951 {
1952 case MBEDTLS_KEY_EXCHANGE_RSA:
1953 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
1954 return( PSA_KEY_USAGE_DECRYPT );
1955 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1956 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1957 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1958 return( PSA_KEY_USAGE_SIGN_HASH );
1959
1960 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1961 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1962 return( PSA_KEY_USAGE_DERIVE );
1963
1964 default:
1965 return( 0 );
1966 }
1967 }
1968 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1969
mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t * info)1970 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info )
1971 {
1972 switch( info->key_exchange )
1973 {
1974 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
1975 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1976 return( MBEDTLS_PK_RSA );
1977
1978 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1979 return( MBEDTLS_PK_ECDSA );
1980
1981 default:
1982 return( MBEDTLS_PK_NONE );
1983 }
1984 }
1985
1986 #endif /* MBEDTLS_PK_C */
1987
1988 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
1989 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t * info)1990 int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
1991 {
1992 switch( info->key_exchange )
1993 {
1994 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1995 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1996 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1997 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1998 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1999 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
2000 return( 1 );
2001
2002 default:
2003 return( 0 );
2004 }
2005 }
2006 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
2007
2008 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t * info)2009 int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
2010 {
2011 switch( info->key_exchange )
2012 {
2013 case MBEDTLS_KEY_EXCHANGE_PSK:
2014 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
2015 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
2016 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
2017 return( 1 );
2018
2019 default:
2020 return( 0 );
2021 }
2022 }
2023 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
2024
2025 #endif /* MBEDTLS_SSL_TLS_C */
2026
