1 /** 2 * \file ssl_ciphersuites.c 3 * 4 * \brief SSL ciphersuites for mbed TLS 5 * 6 * Copyright The Mbed TLS Contributors 7 * SPDX-License-Identifier: Apache-2.0 8 * 9 * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 * not use this file except in compliance with the License. 11 * You may obtain a copy of the License at 12 * 13 * http://www.apache.org/licenses/LICENSE-2.0 14 * 15 * Unless required by applicable law or agreed to in writing, software 16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 * See the License for the specific language governing permissions and 19 * limitations under the License. 20 */ 21 22 #include "common.h" 23 24 #if defined(MBEDTLS_SSL_TLS_C) 25 26 #include "mbedtls/platform.h" 27 28 #include "mbedtls/ssl_ciphersuites.h" 29 #include "mbedtls/ssl.h" 30 #include "ssl_misc.h" 31 32 #include "mbedtls/legacy_or_psa.h" 33 34 #include <string.h> 35 36 /* 37 * Ordered from most preferred to least preferred in terms of security. 38 * 39 * Current rule (except weak and null which come last): 40 * 1. By key exchange: 41 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK 42 * 2. By key length and cipher: 43 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 44 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 45 * 4. By hash function used when relevant 46 * 5. By key exchange/auth again: EC > non-EC 47 */ 48 static const int ciphersuite_preference[] = 49 { 50 #if defined(MBEDTLS_SSL_CIPHERSUITES) 51 MBEDTLS_SSL_CIPHERSUITES, 52 #else 53 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 54 /* TLS 1.3 ciphersuites */ 55 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, 56 MBEDTLS_TLS1_3_AES_256_GCM_SHA384, 57 MBEDTLS_TLS1_3_AES_128_GCM_SHA256, 58 MBEDTLS_TLS1_3_AES_128_CCM_SHA256, 59 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, 60 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 61 62 /* Chacha-Poly ephemeral suites */ 63 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 64 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 65 MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 66 67 /* All AES-256 ephemeral suites */ 68 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 69 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 70 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 71 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, 72 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, 73 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 74 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 75 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 76 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 77 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 78 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 79 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, 80 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, 81 82 /* All CAMELLIA-256 ephemeral suites */ 83 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 84 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 85 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 86 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 87 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 88 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, 89 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 90 91 /* All ARIA-256 ephemeral suites */ 92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, 93 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, 94 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, 95 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 96 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 97 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 98 99 /* All AES-128 ephemeral suites */ 100 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 101 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 102 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 103 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 104 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, 105 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 106 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 107 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 108 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 109 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 110 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 111 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 112 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, 113 114 /* All CAMELLIA-128 ephemeral suites */ 115 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 116 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 117 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 118 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 119 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 120 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 121 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 122 123 /* All ARIA-128 ephemeral suites */ 124 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, 125 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, 126 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, 127 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 128 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 129 MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 130 131 /* The PSK ephemeral suites */ 132 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 133 MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 134 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, 135 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, 136 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, 137 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 138 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 139 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 140 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, 141 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 142 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 143 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, 144 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, 145 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 146 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 147 148 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, 149 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, 150 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 151 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 152 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 153 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 154 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, 155 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 156 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 157 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, 158 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, 159 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 160 MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 161 162 /* The ECJPAKE suite */ 163 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, 164 165 /* All AES-256 suites */ 166 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, 167 MBEDTLS_TLS_RSA_WITH_AES_256_CCM, 168 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 169 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, 170 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 171 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 172 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 173 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 174 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 175 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 176 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, 177 178 /* All CAMELLIA-256 suites */ 179 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, 180 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, 181 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 182 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 183 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 184 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 185 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 186 187 /* All ARIA-256 suites */ 188 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 189 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 190 MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 191 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 192 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 193 MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 194 195 /* All AES-128 suites */ 196 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 197 MBEDTLS_TLS_RSA_WITH_AES_128_CCM, 198 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, 199 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, 200 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 201 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 202 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 203 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 204 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 205 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 206 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, 207 208 /* All CAMELLIA-128 suites */ 209 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, 210 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, 211 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 212 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 213 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 214 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 215 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 216 217 /* All ARIA-128 suites */ 218 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 219 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 220 MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 221 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 222 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 223 MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 224 225 /* The RSA PSK suites */ 226 MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, 227 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 228 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 229 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 230 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, 231 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, 232 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 233 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 234 235 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 236 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 237 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 238 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, 239 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, 240 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 241 MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 242 243 /* The PSK suites */ 244 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, 245 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, 246 MBEDTLS_TLS_PSK_WITH_AES_256_CCM, 247 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, 248 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, 249 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, 250 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, 251 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, 252 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 253 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 254 255 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, 256 MBEDTLS_TLS_PSK_WITH_AES_128_CCM, 257 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, 258 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, 259 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, 260 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, 261 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, 262 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 263 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 264 265 /* NULL suites */ 266 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, 267 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, 268 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, 269 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, 270 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, 271 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, 272 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, 273 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, 274 275 MBEDTLS_TLS_RSA_WITH_NULL_SHA256, 276 MBEDTLS_TLS_RSA_WITH_NULL_SHA, 277 MBEDTLS_TLS_RSA_WITH_NULL_MD5, 278 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, 279 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, 280 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, 281 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, 282 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, 283 MBEDTLS_TLS_PSK_WITH_NULL_SHA384, 284 MBEDTLS_TLS_PSK_WITH_NULL_SHA256, 285 MBEDTLS_TLS_PSK_WITH_NULL_SHA, 286 287 #endif /* MBEDTLS_SSL_CIPHERSUITES */ 288 0 289 }; 290 291 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 292 { 293 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) 294 #if defined(MBEDTLS_AES_C) 295 #if defined(MBEDTLS_GCM_C) 296 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 297 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", 298 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, 299 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 300 0, 301 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 302 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 303 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 304 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256", 305 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, 306 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 307 0, 308 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 309 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 310 #endif /* MBEDTLS_GCM_C */ 311 #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 312 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256", 313 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, 314 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 315 0, 316 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 317 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256", 318 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, 319 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 320 MBEDTLS_CIPHERSUITE_SHORT_TAG, 321 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 322 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_CCM_C */ 323 #endif /* MBEDTLS_AES_C */ 324 #if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 325 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, 326 "TLS1-3-CHACHA20-POLY1305-SHA256", 327 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 328 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 329 0, 330 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, 331 #endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 332 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ 333 334 #if defined(MBEDTLS_CHACHAPOLY_C) && \ 335 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ 336 defined(MBEDTLS_SSL_PROTO_TLS1_2) 337 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 338 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 339 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", 340 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 341 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 342 0, 343 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 344 #endif 345 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 346 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 347 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", 348 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 349 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 350 0, 351 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 352 #endif 353 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 354 { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 355 "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", 356 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 357 MBEDTLS_KEY_EXCHANGE_DHE_RSA, 358 0, 359 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 360 #endif 361 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 362 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, 363 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", 364 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 365 MBEDTLS_KEY_EXCHANGE_PSK, 366 0, 367 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 368 #endif 369 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 370 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 371 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", 372 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 373 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 374 0, 375 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 376 #endif 377 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 378 { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, 379 "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", 380 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 381 MBEDTLS_KEY_EXCHANGE_DHE_PSK, 382 0, 383 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 384 #endif 385 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 386 { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, 387 "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256", 388 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, 389 MBEDTLS_KEY_EXCHANGE_RSA_PSK, 390 0, 391 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 392 #endif 393 #endif /* MBEDTLS_CHACHAPOLY_C && 394 MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA && 395 MBEDTLS_SSL_PROTO_TLS1_2 */ 396 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 397 #if defined(MBEDTLS_AES_C) 398 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 399 #if defined(MBEDTLS_CIPHER_MODE_CBC) 400 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", 401 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 402 0, 403 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 404 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", 405 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 406 0, 407 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 408 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 409 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 410 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 411 #if defined(MBEDTLS_CIPHER_MODE_CBC) 412 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", 413 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 414 0, 415 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 416 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 417 #if defined(MBEDTLS_GCM_C) 418 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", 419 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 420 0, 421 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 422 #endif /* MBEDTLS_GCM_C */ 423 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 424 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 425 #if defined(MBEDTLS_CIPHER_MODE_CBC) 426 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", 427 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 428 0, 429 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 430 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 431 #if defined(MBEDTLS_GCM_C) 432 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", 433 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 434 0, 435 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 436 #endif /* MBEDTLS_GCM_C */ 437 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 438 #if defined(MBEDTLS_CCM_C) 439 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", 440 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 441 0, 442 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 443 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", 444 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 445 MBEDTLS_CIPHERSUITE_SHORT_TAG, 446 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 447 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", 448 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 449 0, 450 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 451 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", 452 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 453 MBEDTLS_CIPHERSUITE_SHORT_TAG, 454 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 455 #endif /* MBEDTLS_CCM_C */ 456 #endif /* MBEDTLS_AES_C */ 457 458 #if defined(MBEDTLS_CAMELLIA_C) 459 #if defined(MBEDTLS_CIPHER_MODE_CBC) 460 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 461 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 462 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 463 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 464 0, 465 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 466 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 467 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 468 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 469 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 470 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 471 0, 472 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 473 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 474 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 475 476 #if defined(MBEDTLS_GCM_C) 477 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 478 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 479 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 480 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 481 0, 482 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 483 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 484 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 485 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 486 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 487 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 488 0, 489 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 490 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 491 #endif /* MBEDTLS_GCM_C */ 492 #endif /* MBEDTLS_CAMELLIA_C */ 493 494 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 495 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 496 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", 497 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 498 MBEDTLS_CIPHERSUITE_WEAK, 499 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 500 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 501 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 502 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ 503 504 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 505 #if defined(MBEDTLS_AES_C) 506 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 507 #if defined(MBEDTLS_CIPHER_MODE_CBC) 508 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", 509 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 510 0, 511 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 512 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", 513 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 514 0, 515 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 516 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 517 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 518 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 519 #if defined(MBEDTLS_CIPHER_MODE_CBC) 520 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", 521 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 522 0, 523 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 524 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 525 #if defined(MBEDTLS_GCM_C) 526 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", 527 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 528 0, 529 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 530 #endif /* MBEDTLS_GCM_C */ 531 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 532 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 533 #if defined(MBEDTLS_CIPHER_MODE_CBC) 534 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", 535 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 536 0, 537 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 538 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 539 #if defined(MBEDTLS_GCM_C) 540 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", 541 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 542 0, 543 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 544 #endif /* MBEDTLS_GCM_C */ 545 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 546 #endif /* MBEDTLS_AES_C */ 547 548 #if defined(MBEDTLS_CAMELLIA_C) 549 #if defined(MBEDTLS_CIPHER_MODE_CBC) 550 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 551 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, 552 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 553 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 554 0, 555 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 556 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 557 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 558 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, 559 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", 560 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 561 0, 562 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 563 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 564 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 565 566 #if defined(MBEDTLS_GCM_C) 567 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 568 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, 569 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 570 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 571 0, 572 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 573 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 574 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 575 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, 576 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 577 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 578 0, 579 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 580 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 581 #endif /* MBEDTLS_GCM_C */ 582 #endif /* MBEDTLS_CAMELLIA_C */ 583 584 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 585 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 586 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", 587 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 588 MBEDTLS_CIPHERSUITE_WEAK, 589 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 590 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 591 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 592 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ 593 594 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 595 #if defined(MBEDTLS_AES_C) 596 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ 597 defined(MBEDTLS_GCM_C) 598 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", 599 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 600 0, 601 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 602 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_GCM_C */ 603 604 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 605 #if defined(MBEDTLS_GCM_C) 606 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", 607 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 608 0, 609 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 610 #endif /* MBEDTLS_GCM_C */ 611 612 #if defined(MBEDTLS_CIPHER_MODE_CBC) 613 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", 614 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 615 0, 616 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 617 618 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", 619 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 620 0, 621 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 622 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 623 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 624 625 #if defined(MBEDTLS_CIPHER_MODE_CBC) 626 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 627 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", 628 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 629 0, 630 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 631 632 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", 633 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 634 0, 635 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 636 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 637 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 638 #if defined(MBEDTLS_CCM_C) 639 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", 640 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 641 0, 642 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 643 { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", 644 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 645 MBEDTLS_CIPHERSUITE_SHORT_TAG, 646 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 647 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", 648 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 649 0, 650 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 651 { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", 652 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 653 MBEDTLS_CIPHERSUITE_SHORT_TAG, 654 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 655 #endif /* MBEDTLS_CCM_C */ 656 #endif /* MBEDTLS_AES_C */ 657 658 #if defined(MBEDTLS_CAMELLIA_C) 659 #if defined(MBEDTLS_CIPHER_MODE_CBC) 660 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 661 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", 662 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 663 0, 664 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 665 666 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", 667 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 668 0, 669 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 670 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 671 672 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 673 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", 674 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 675 0, 676 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 677 678 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", 679 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 680 0, 681 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 682 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 683 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 684 #if defined(MBEDTLS_GCM_C) 685 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 686 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", 687 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 688 0, 689 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 690 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 691 692 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 693 { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", 694 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 695 0, 696 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 697 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 698 #endif /* MBEDTLS_GCM_C */ 699 #endif /* MBEDTLS_CAMELLIA_C */ 700 701 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 702 703 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 704 #if defined(MBEDTLS_AES_C) 705 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ 706 defined(MBEDTLS_GCM_C) 707 { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", 708 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 709 0, 710 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 711 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_GCM_C */ 712 713 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 714 #if defined(MBEDTLS_GCM_C) 715 { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", 716 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 717 0, 718 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 719 #endif /* MBEDTLS_GCM_C */ 720 721 #if defined(MBEDTLS_CIPHER_MODE_CBC) 722 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", 723 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 724 0, 725 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 726 727 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", 728 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 729 0, 730 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 731 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 732 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 733 734 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 735 #if defined(MBEDTLS_CIPHER_MODE_CBC) 736 { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", 737 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 738 0, 739 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 740 741 { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", 742 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 743 0, 744 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 745 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 746 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 747 #if defined(MBEDTLS_CCM_C) 748 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", 749 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 750 0, 751 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 752 { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", 753 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 754 MBEDTLS_CIPHERSUITE_SHORT_TAG, 755 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 756 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", 757 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 758 0, 759 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 760 { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", 761 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 762 MBEDTLS_CIPHERSUITE_SHORT_TAG, 763 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 764 #endif /* MBEDTLS_CCM_C */ 765 #endif /* MBEDTLS_AES_C */ 766 767 #if defined(MBEDTLS_CAMELLIA_C) 768 #if defined(MBEDTLS_CIPHER_MODE_CBC) 769 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 770 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", 771 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 772 0, 773 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 774 775 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", 776 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 777 0, 778 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 779 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 780 781 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 782 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", 783 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 784 0, 785 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 786 787 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", 788 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 789 0, 790 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 791 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 792 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 793 794 #if defined(MBEDTLS_GCM_C) 795 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 796 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", 797 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 798 0, 799 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 800 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 801 802 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 803 { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", 804 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 805 0, 806 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 807 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 808 #endif /* MBEDTLS_GCM_C */ 809 #endif /* MBEDTLS_CAMELLIA_C */ 810 811 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 812 813 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 814 #if defined(MBEDTLS_AES_C) 815 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 816 #if defined(MBEDTLS_CIPHER_MODE_CBC) 817 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", 818 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 819 0, 820 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 821 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", 822 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 823 0, 824 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 825 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 826 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 827 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 828 #if defined(MBEDTLS_CIPHER_MODE_CBC) 829 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", 830 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 831 0, 832 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 833 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 834 #if defined(MBEDTLS_GCM_C) 835 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", 836 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 837 0, 838 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 839 #endif /* MBEDTLS_GCM_C */ 840 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 841 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 842 #if defined(MBEDTLS_CIPHER_MODE_CBC) 843 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", 844 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 845 0, 846 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 847 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 848 #if defined(MBEDTLS_GCM_C) 849 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", 850 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 851 0, 852 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 853 #endif /* MBEDTLS_GCM_C */ 854 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 855 #endif /* MBEDTLS_AES_C */ 856 857 #if defined(MBEDTLS_CAMELLIA_C) 858 #if defined(MBEDTLS_CIPHER_MODE_CBC) 859 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 860 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, 861 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", 862 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 863 0, 864 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 865 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 866 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 867 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, 868 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", 869 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 870 0, 871 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 872 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 873 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 874 875 #if defined(MBEDTLS_GCM_C) 876 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 877 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, 878 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", 879 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 880 0, 881 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 882 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 883 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 884 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, 885 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", 886 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 887 0, 888 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 889 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 890 #endif /* MBEDTLS_GCM_C */ 891 #endif /* MBEDTLS_CAMELLIA_C */ 892 893 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 894 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 895 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", 896 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 897 MBEDTLS_CIPHERSUITE_WEAK, 898 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 899 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 900 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 901 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ 902 903 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 904 #if defined(MBEDTLS_AES_C) 905 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 906 #if defined(MBEDTLS_CIPHER_MODE_CBC) 907 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", 908 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 909 0, 910 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 911 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", 912 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 913 0, 914 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 915 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 916 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 917 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 918 #if defined(MBEDTLS_CIPHER_MODE_CBC) 919 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", 920 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 921 0, 922 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 923 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 924 #if defined(MBEDTLS_GCM_C) 925 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", 926 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 927 0, 928 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 929 #endif /* MBEDTLS_GCM_C */ 930 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 931 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 932 #if defined(MBEDTLS_CIPHER_MODE_CBC) 933 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", 934 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 935 0, 936 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 937 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 938 #if defined(MBEDTLS_GCM_C) 939 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", 940 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 941 0, 942 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 943 #endif /* MBEDTLS_GCM_C */ 944 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 945 #endif /* MBEDTLS_AES_C */ 946 947 #if defined(MBEDTLS_CAMELLIA_C) 948 #if defined(MBEDTLS_CIPHER_MODE_CBC) 949 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 950 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, 951 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", 952 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 953 0, 954 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 955 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 956 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 957 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, 958 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", 959 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 960 0, 961 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 962 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 963 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 964 965 #if defined(MBEDTLS_GCM_C) 966 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 967 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, 968 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", 969 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 970 0, 971 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 972 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 973 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 974 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, 975 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", 976 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 977 0, 978 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 979 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 980 #endif /* MBEDTLS_GCM_C */ 981 #endif /* MBEDTLS_CAMELLIA_C */ 982 983 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 984 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 985 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", 986 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 987 MBEDTLS_CIPHERSUITE_WEAK, 988 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 989 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 990 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 991 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ 992 993 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 994 #if defined(MBEDTLS_AES_C) 995 #if defined(MBEDTLS_GCM_C) 996 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 997 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", 998 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 999 0, 1000 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1001 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1002 1003 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1004 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", 1005 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1006 0, 1007 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1008 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1009 #endif /* MBEDTLS_GCM_C */ 1010 1011 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1012 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1013 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", 1014 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1015 0, 1016 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1017 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1018 1019 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1020 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", 1021 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1022 0, 1023 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1024 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1025 1026 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1027 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", 1028 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1029 0, 1030 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1031 1032 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", 1033 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1034 0, 1035 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1036 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1037 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1038 #if defined(MBEDTLS_CCM_C) 1039 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", 1040 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1041 0, 1042 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1043 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", 1044 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1045 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1046 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1047 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", 1048 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1049 0, 1050 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1051 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", 1052 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1053 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1054 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1055 #endif /* MBEDTLS_CCM_C */ 1056 #endif /* MBEDTLS_AES_C */ 1057 1058 #if defined(MBEDTLS_CAMELLIA_C) 1059 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1060 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1061 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1062 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1063 0, 1064 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1065 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1066 1067 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1068 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1069 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1070 0, 1071 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1072 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1073 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1074 1075 #if defined(MBEDTLS_GCM_C) 1076 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1077 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1078 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1079 0, 1080 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1081 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1082 1083 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1084 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1085 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1086 0, 1087 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1088 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1089 #endif /* MBEDTLS_GCM_C */ 1090 #endif /* MBEDTLS_CAMELLIA_C */ 1091 1092 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1093 1094 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1095 #if defined(MBEDTLS_AES_C) 1096 #if defined(MBEDTLS_GCM_C) 1097 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1098 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", 1099 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1100 0, 1101 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1102 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1103 1104 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1105 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", 1106 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1107 0, 1108 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1109 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1110 #endif /* MBEDTLS_GCM_C */ 1111 1112 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1113 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1114 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", 1115 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1116 0, 1117 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1118 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1119 1120 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1121 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", 1122 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1123 0, 1124 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1125 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1126 1127 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1128 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", 1129 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1130 0, 1131 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1132 1133 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", 1134 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1135 0, 1136 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1137 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1138 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1139 #if defined(MBEDTLS_CCM_C) 1140 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", 1141 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1142 0, 1143 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1144 { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", 1145 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1146 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1147 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1148 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", 1149 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1150 0, 1151 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1152 { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", 1153 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1154 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1155 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1156 #endif /* MBEDTLS_CCM_C */ 1157 #endif /* MBEDTLS_AES_C */ 1158 1159 #if defined(MBEDTLS_CAMELLIA_C) 1160 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1161 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1162 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1163 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1164 0, 1165 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1166 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1167 1168 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1169 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1170 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1171 0, 1172 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1173 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1174 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1175 1176 #if defined(MBEDTLS_GCM_C) 1177 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1178 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1179 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1180 0, 1181 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1182 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1183 1184 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1185 { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1186 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1187 0, 1188 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1189 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1190 #endif /* MBEDTLS_GCM_C */ 1191 #endif /* MBEDTLS_CAMELLIA_C */ 1192 1193 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1194 1195 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1196 #if defined(MBEDTLS_AES_C) 1197 1198 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1199 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1200 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", 1201 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1202 0, 1203 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1204 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1205 1206 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1207 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", 1208 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1209 0, 1210 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1211 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1212 1213 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1214 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", 1215 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1216 0, 1217 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1218 1219 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", 1220 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1221 0, 1222 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1223 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1224 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1225 #endif /* MBEDTLS_AES_C */ 1226 1227 #if defined(MBEDTLS_CAMELLIA_C) 1228 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1229 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1230 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, 1231 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1232 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1233 0, 1234 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1235 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1236 1237 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1238 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, 1239 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1240 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1241 0, 1242 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1243 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1244 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1245 #endif /* MBEDTLS_CAMELLIA_C */ 1246 1247 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1248 1249 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1250 #if defined(MBEDTLS_AES_C) 1251 #if defined(MBEDTLS_GCM_C) 1252 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1253 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", 1254 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1255 0, 1256 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1257 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1258 1259 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1260 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", 1261 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1262 0, 1263 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1264 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1265 #endif /* MBEDTLS_GCM_C */ 1266 1267 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1268 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1269 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", 1270 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1271 0, 1272 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1273 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1274 1275 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1276 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", 1277 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1278 0, 1279 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1280 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1281 1282 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1283 { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", 1284 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1285 0, 1286 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1287 1288 { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", 1289 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1290 0, 1291 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1292 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1293 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1294 #endif /* MBEDTLS_AES_C */ 1295 1296 #if defined(MBEDTLS_CAMELLIA_C) 1297 #if defined(MBEDTLS_CIPHER_MODE_CBC) 1298 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1299 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", 1300 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1301 0, 1302 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1303 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1304 1305 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1306 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", 1307 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1308 0, 1309 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1310 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1311 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 1312 1313 #if defined(MBEDTLS_GCM_C) 1314 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1315 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", 1316 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1317 0, 1318 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1319 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1320 1321 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1322 { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", 1323 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1324 0, 1325 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1326 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1327 #endif /* MBEDTLS_GCM_C */ 1328 #endif /* MBEDTLS_CAMELLIA_C */ 1329 1330 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1331 1332 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 1333 #if defined(MBEDTLS_AES_C) 1334 #if defined(MBEDTLS_CCM_C) 1335 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", 1336 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, 1337 MBEDTLS_CIPHERSUITE_SHORT_TAG, 1338 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1339 #endif /* MBEDTLS_CCM_C */ 1340 #endif /* MBEDTLS_AES_C */ 1341 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 1342 1343 #if defined(MBEDTLS_CIPHER_NULL_CIPHER) 1344 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1345 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1346 { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", 1347 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, 1348 MBEDTLS_CIPHERSUITE_WEAK, 1349 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1350 #endif 1351 1352 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1353 { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", 1354 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 1355 MBEDTLS_CIPHERSUITE_WEAK, 1356 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1357 #endif 1358 1359 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1360 { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", 1361 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1362 MBEDTLS_CIPHERSUITE_WEAK, 1363 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1364 #endif 1365 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1366 1367 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1368 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1369 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", 1370 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, 1371 MBEDTLS_CIPHERSUITE_WEAK, 1372 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1373 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1374 1375 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1376 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", 1377 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1378 MBEDTLS_CIPHERSUITE_WEAK, 1379 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1380 #endif 1381 1382 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1383 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", 1384 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1385 MBEDTLS_CIPHERSUITE_WEAK, 1386 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1387 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1388 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1389 1390 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1391 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1392 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", 1393 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1394 MBEDTLS_CIPHERSUITE_WEAK, 1395 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1396 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1397 1398 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1399 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", 1400 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1401 MBEDTLS_CIPHERSUITE_WEAK, 1402 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1403 #endif 1404 1405 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1406 { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", 1407 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1408 MBEDTLS_CIPHERSUITE_WEAK, 1409 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1410 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1411 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1412 1413 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1414 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1415 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", 1416 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1417 MBEDTLS_CIPHERSUITE_WEAK, 1418 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1419 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1420 1421 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1422 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", 1423 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1424 MBEDTLS_CIPHERSUITE_WEAK, 1425 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1426 #endif 1427 1428 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1429 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", 1430 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1431 MBEDTLS_CIPHERSUITE_WEAK, 1432 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1433 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1434 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1435 1436 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1437 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1438 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", 1439 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1440 MBEDTLS_CIPHERSUITE_WEAK, 1441 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1442 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1443 1444 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1445 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", 1446 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1447 MBEDTLS_CIPHERSUITE_WEAK, 1448 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1449 #endif 1450 1451 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) 1452 { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", 1453 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1454 MBEDTLS_CIPHERSUITE_WEAK, 1455 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1456 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ 1457 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1458 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ 1459 1460 #if defined(MBEDTLS_ARIA_C) 1461 1462 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 1463 1464 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1465 { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, 1466 "TLS-RSA-WITH-ARIA-256-GCM-SHA384", 1467 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 1468 0, 1469 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1470 #endif 1471 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1472 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1473 { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, 1474 "TLS-RSA-WITH-ARIA-256-CBC-SHA384", 1475 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 1476 0, 1477 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1478 #endif 1479 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1480 { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, 1481 "TLS-RSA-WITH-ARIA-128-GCM-SHA256", 1482 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1483 0, 1484 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1485 #endif 1486 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1487 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1488 { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, 1489 "TLS-RSA-WITH-ARIA-128-CBC-SHA256", 1490 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 1491 0, 1492 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1493 #endif 1494 1495 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ 1496 1497 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 1498 1499 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1500 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, 1501 "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", 1502 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1503 0, 1504 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1505 #endif 1506 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1507 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1508 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, 1509 "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", 1510 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1511 0, 1512 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1513 #endif 1514 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1515 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, 1516 "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", 1517 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1518 0, 1519 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1520 #endif 1521 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1522 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1523 { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, 1524 "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", 1525 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 1526 0, 1527 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1528 #endif 1529 1530 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ 1531 1532 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 1533 1534 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1535 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, 1536 "TLS-PSK-WITH-ARIA-256-GCM-SHA384", 1537 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1538 0, 1539 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1540 #endif 1541 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1542 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1543 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, 1544 "TLS-PSK-WITH-ARIA-256-CBC-SHA384", 1545 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 1546 0, 1547 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1548 #endif 1549 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1550 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, 1551 "TLS-PSK-WITH-ARIA-128-GCM-SHA256", 1552 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1553 0, 1554 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1555 #endif 1556 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1557 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1558 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, 1559 "TLS-PSK-WITH-ARIA-128-CBC-SHA256", 1560 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 1561 0, 1562 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1563 #endif 1564 1565 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ 1566 1567 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) 1568 1569 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1570 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, 1571 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", 1572 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1573 0, 1574 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1575 #endif 1576 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1577 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1578 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, 1579 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", 1580 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1581 0, 1582 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1583 #endif 1584 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1585 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, 1586 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", 1587 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1588 0, 1589 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1590 #endif 1591 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1592 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1593 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, 1594 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", 1595 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 1596 0, 1597 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1598 #endif 1599 1600 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ 1601 1602 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) 1603 1604 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1605 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, 1606 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", 1607 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1608 0, 1609 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1610 #endif 1611 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1612 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1613 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, 1614 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", 1615 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1616 0, 1617 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1618 #endif 1619 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1620 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, 1621 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", 1622 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1623 0, 1624 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1625 #endif 1626 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1627 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1628 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, 1629 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", 1630 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 1631 0, 1632 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1633 #endif 1634 1635 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ 1636 1637 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 1638 1639 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1640 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1641 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, 1642 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", 1643 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1644 0, 1645 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1646 #endif 1647 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1648 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1649 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, 1650 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", 1651 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 1652 0, 1653 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1654 #endif 1655 1656 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ 1657 1658 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 1659 1660 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1661 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, 1662 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", 1663 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1664 0, 1665 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1666 #endif 1667 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1668 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1669 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, 1670 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", 1671 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1672 0, 1673 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1674 #endif 1675 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1676 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, 1677 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", 1678 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1679 0, 1680 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1681 #endif 1682 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1683 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1684 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, 1685 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", 1686 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 1687 0, 1688 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1689 #endif 1690 1691 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ 1692 1693 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 1694 1695 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1696 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, 1697 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", 1698 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1699 0, 1700 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1701 #endif 1702 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1703 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1704 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, 1705 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", 1706 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1707 0, 1708 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1709 #endif 1710 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1711 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, 1712 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", 1713 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1714 0, 1715 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1716 #endif 1717 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1718 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1719 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, 1720 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", 1721 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 1722 0, 1723 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1724 #endif 1725 1726 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ 1727 1728 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 1729 1730 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1731 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, 1732 "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", 1733 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1734 0, 1735 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1736 #endif 1737 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1738 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1739 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, 1740 "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", 1741 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1742 0, 1743 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1744 #endif 1745 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1746 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, 1747 "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", 1748 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1749 0, 1750 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1751 #endif 1752 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1753 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1754 { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, 1755 "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", 1756 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 1757 0, 1758 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1759 #endif 1760 1761 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ 1762 1763 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 1764 1765 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1766 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, 1767 "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", 1768 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1769 0, 1770 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1771 #endif 1772 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1773 defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1774 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, 1775 "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", 1776 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1777 0, 1778 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1779 #endif 1780 #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1781 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, 1782 "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", 1783 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1784 0, 1785 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1786 #endif 1787 #if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ 1788 defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)) 1789 { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, 1790 "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", 1791 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 1792 0, 1793 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, 1794 #endif 1795 1796 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ 1797 1798 #endif /* MBEDTLS_ARIA_C */ 1799 1800 1801 { 0, "", 1802 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, 1803 0, 0, 0 } 1804 }; 1805 1806 #if defined(MBEDTLS_SSL_CIPHERSUITES) 1807 const int *mbedtls_ssl_list_ciphersuites(void) 1808 { 1809 return ciphersuite_preference; 1810 } 1811 #else 1812 #define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \ 1813 sizeof(ciphersuite_definitions[0]) 1814 static int supported_ciphersuites[MAX_CIPHERSUITES]; 1815 static int supported_init = 0; 1816 1817 MBEDTLS_CHECK_RETURN_CRITICAL 1818 static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info) 1819 { 1820 (void) cs_info; 1821 1822 return 0; 1823 } 1824 1825 const int *mbedtls_ssl_list_ciphersuites(void) 1826 { 1827 /* 1828 * On initial call filter out all ciphersuites not supported by current 1829 * build based on presence in the ciphersuite_definitions. 1830 */ 1831 if (supported_init == 0) { 1832 const int *p; 1833 int *q; 1834 1835 for (p = ciphersuite_preference, q = supported_ciphersuites; 1836 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; 1837 p++) { 1838 const mbedtls_ssl_ciphersuite_t *cs_info; 1839 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL && 1840 !ciphersuite_is_removed(cs_info)) { 1841 *(q++) = *p; 1842 } 1843 } 1844 *q = 0; 1845 1846 supported_init = 1; 1847 } 1848 1849 return supported_ciphersuites; 1850 } 1851 #endif /* MBEDTLS_SSL_CIPHERSUITES */ 1852 1853 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( 1854 const char *ciphersuite_name) 1855 { 1856 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1857 1858 if (NULL == ciphersuite_name) { 1859 return NULL; 1860 } 1861 1862 while (cur->id != 0) { 1863 if (0 == strcmp(cur->name, ciphersuite_name)) { 1864 return cur; 1865 } 1866 1867 cur++; 1868 } 1869 1870 return NULL; 1871 } 1872 1873 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite) 1874 { 1875 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; 1876 1877 while (cur->id != 0) { 1878 if (cur->id == ciphersuite) { 1879 return cur; 1880 } 1881 1882 cur++; 1883 } 1884 1885 return NULL; 1886 } 1887 1888 const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id) 1889 { 1890 const mbedtls_ssl_ciphersuite_t *cur; 1891 1892 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); 1893 1894 if (cur == NULL) { 1895 return "unknown"; 1896 } 1897 1898 return cur->name; 1899 } 1900 1901 int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name) 1902 { 1903 const mbedtls_ssl_ciphersuite_t *cur; 1904 1905 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name); 1906 1907 if (cur == NULL) { 1908 return 0; 1909 } 1910 1911 return cur->id; 1912 } 1913 1914 size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info) 1915 { 1916 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1917 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1918 psa_key_type_t key_type; 1919 psa_algorithm_t alg; 1920 size_t key_bits; 1921 1922 status = mbedtls_ssl_cipher_to_psa(info->cipher, 1923 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16, 1924 &alg, &key_type, &key_bits); 1925 1926 if (status != PSA_SUCCESS) { 1927 return 0; 1928 } 1929 1930 return key_bits; 1931 #else 1932 const mbedtls_cipher_info_t * const cipher_info = 1933 mbedtls_cipher_info_from_type(info->cipher); 1934 1935 return mbedtls_cipher_info_get_key_bitlen(cipher_info); 1936 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 1937 } 1938 1939 #if defined(MBEDTLS_PK_C) 1940 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) 1941 { 1942 switch (info->key_exchange) { 1943 case MBEDTLS_KEY_EXCHANGE_RSA: 1944 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1945 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1946 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1947 return MBEDTLS_PK_RSA; 1948 1949 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1950 return MBEDTLS_PK_ECDSA; 1951 1952 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1953 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1954 return MBEDTLS_PK_ECKEY; 1955 1956 default: 1957 return MBEDTLS_PK_NONE; 1958 } 1959 } 1960 1961 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1962 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info) 1963 { 1964 switch (info->key_exchange) { 1965 case MBEDTLS_KEY_EXCHANGE_RSA: 1966 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1967 return PSA_ALG_RSA_PKCS1V15_CRYPT; 1968 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1969 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1970 return PSA_ALG_RSA_PKCS1V15_SIGN( 1971 mbedtls_hash_info_psa_from_md(info->mac)); 1972 1973 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1974 return PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(info->mac)); 1975 1976 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1977 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1978 return PSA_ALG_ECDH; 1979 1980 default: 1981 return PSA_ALG_NONE; 1982 } 1983 } 1984 1985 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info) 1986 { 1987 switch (info->key_exchange) { 1988 case MBEDTLS_KEY_EXCHANGE_RSA: 1989 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 1990 return PSA_KEY_USAGE_DECRYPT; 1991 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 1992 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 1993 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 1994 return PSA_KEY_USAGE_SIGN_HASH; 1995 1996 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 1997 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 1998 return PSA_KEY_USAGE_DERIVE; 1999 2000 default: 2001 return 0; 2002 } 2003 } 2004 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 2005 2006 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) 2007 { 2008 switch (info->key_exchange) { 2009 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 2010 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 2011 return MBEDTLS_PK_RSA; 2012 2013 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 2014 return MBEDTLS_PK_ECDSA; 2015 2016 default: 2017 return MBEDTLS_PK_NONE; 2018 } 2019 } 2020 2021 #endif /* MBEDTLS_PK_C */ 2022 2023 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ 2024 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 2025 int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) 2026 { 2027 switch (info->key_exchange) { 2028 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 2029 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 2030 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 2031 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 2032 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 2033 case MBEDTLS_KEY_EXCHANGE_ECJPAKE: 2034 return 1; 2035 2036 default: 2037 return 0; 2038 } 2039 } 2040 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ 2041 2042 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) 2043 int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) 2044 { 2045 switch (info->key_exchange) { 2046 case MBEDTLS_KEY_EXCHANGE_PSK: 2047 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 2048 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 2049 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 2050 return 1; 2051 2052 default: 2053 return 0; 2054 } 2055 } 2056 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ 2057 2058 #endif /* MBEDTLS_SSL_TLS_C */ 2059