/src/mbedtls/library/ssl_ciphersuites.c
Line | Count | Source (jump to first uncovered line) |
1 | | /** |
2 | | * \file ssl_ciphersuites.c |
3 | | * |
4 | | * \brief SSL ciphersuites for Mbed TLS |
5 | | * |
6 | | * Copyright The Mbed TLS Contributors |
7 | | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
8 | | */ |
9 | | |
10 | | #include "common.h" |
11 | | |
12 | | #if defined(MBEDTLS_SSL_TLS_C) |
13 | | |
14 | | #include "mbedtls/platform.h" |
15 | | |
16 | | #include "mbedtls/ssl_ciphersuites.h" |
17 | | #include "mbedtls/ssl.h" |
18 | | #include "ssl_misc.h" |
19 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
20 | | #include "mbedtls/psa_util.h" |
21 | | #endif |
22 | | |
23 | | #include <string.h> |
24 | | |
25 | | /* |
26 | | * Ordered from most preferred to least preferred in terms of security. |
27 | | * |
28 | | * Current rule (except weak and null which come last): |
29 | | * 1. By key exchange: |
30 | | * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK |
31 | | * 2. By key length and cipher: |
32 | | * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 |
33 | | * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8 |
34 | | * 4. By hash function used when relevant |
35 | | * 5. By key exchange/auth again: EC > non-EC |
36 | | */ |
37 | | static const int ciphersuite_preference[] = |
38 | | { |
39 | | #if defined(MBEDTLS_SSL_CIPHERSUITES) |
40 | | MBEDTLS_SSL_CIPHERSUITES, |
41 | | #else |
42 | | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
43 | | /* TLS 1.3 ciphersuites */ |
44 | | MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, |
45 | | MBEDTLS_TLS1_3_AES_256_GCM_SHA384, |
46 | | MBEDTLS_TLS1_3_AES_128_GCM_SHA256, |
47 | | MBEDTLS_TLS1_3_AES_128_CCM_SHA256, |
48 | | MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, |
49 | | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
50 | | |
51 | | /* Chacha-Poly ephemeral suites */ |
52 | | MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, |
53 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, |
54 | | MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, |
55 | | |
56 | | /* All AES-256 ephemeral suites */ |
57 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
58 | | MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
59 | | MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, |
60 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, |
61 | | MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, |
62 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, |
63 | | MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, |
64 | | MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, |
65 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
66 | | MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
67 | | MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, |
68 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, |
69 | | MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, |
70 | | |
71 | | /* All CAMELLIA-256 ephemeral suites */ |
72 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, |
73 | | MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, |
74 | | MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, |
75 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, |
76 | | MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, |
77 | | MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
78 | | MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
79 | | |
80 | | /* All ARIA-256 ephemeral suites */ |
81 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, |
82 | | MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, |
83 | | MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, |
84 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, |
85 | | MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, |
86 | | MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, |
87 | | |
88 | | /* All AES-128 ephemeral suites */ |
89 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
90 | | MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
91 | | MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, |
92 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, |
93 | | MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, |
94 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, |
95 | | MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, |
96 | | MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, |
97 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
98 | | MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
99 | | MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, |
100 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, |
101 | | MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, |
102 | | |
103 | | /* All CAMELLIA-128 ephemeral suites */ |
104 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, |
105 | | MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, |
106 | | MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, |
107 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, |
108 | | MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
109 | | MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
110 | | MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
111 | | |
112 | | /* All ARIA-128 ephemeral suites */ |
113 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, |
114 | | MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, |
115 | | MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, |
116 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, |
117 | | MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, |
118 | | MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, |
119 | | |
120 | | /* The PSK ephemeral suites */ |
121 | | MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, |
122 | | MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, |
123 | | MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, |
124 | | MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, |
125 | | MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, |
126 | | MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, |
127 | | MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, |
128 | | MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, |
129 | | MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, |
130 | | MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
131 | | MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
132 | | MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, |
133 | | MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, |
134 | | MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, |
135 | | MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, |
136 | | |
137 | | MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, |
138 | | MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, |
139 | | MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, |
140 | | MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, |
141 | | MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, |
142 | | MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, |
143 | | MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, |
144 | | MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
145 | | MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
146 | | MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, |
147 | | MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, |
148 | | MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, |
149 | | MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, |
150 | | |
151 | | /* The ECJPAKE suite */ |
152 | | MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, |
153 | | |
154 | | /* All AES-256 suites */ |
155 | | MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, |
156 | | MBEDTLS_TLS_RSA_WITH_AES_256_CCM, |
157 | | MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, |
158 | | MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, |
159 | | MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, |
160 | | MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, |
161 | | MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, |
162 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, |
163 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, |
164 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
165 | | MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, |
166 | | |
167 | | /* All CAMELLIA-256 suites */ |
168 | | MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, |
169 | | MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
170 | | MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, |
171 | | MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, |
172 | | MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, |
173 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, |
174 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, |
175 | | |
176 | | /* All ARIA-256 suites */ |
177 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, |
178 | | MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, |
179 | | MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, |
180 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, |
181 | | MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, |
182 | | MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, |
183 | | |
184 | | /* All AES-128 suites */ |
185 | | MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, |
186 | | MBEDTLS_TLS_RSA_WITH_AES_128_CCM, |
187 | | MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, |
188 | | MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, |
189 | | MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, |
190 | | MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, |
191 | | MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, |
192 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, |
193 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, |
194 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
195 | | MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, |
196 | | |
197 | | /* All CAMELLIA-128 suites */ |
198 | | MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, |
199 | | MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
200 | | MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, |
201 | | MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, |
202 | | MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
203 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, |
204 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, |
205 | | |
206 | | /* All ARIA-128 suites */ |
207 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, |
208 | | MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, |
209 | | MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, |
210 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, |
211 | | MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, |
212 | | MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, |
213 | | |
214 | | /* The RSA PSK suites */ |
215 | | MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, |
216 | | MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, |
217 | | MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, |
218 | | MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, |
219 | | MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, |
220 | | MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
221 | | MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, |
222 | | MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, |
223 | | |
224 | | MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, |
225 | | MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, |
226 | | MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, |
227 | | MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, |
228 | | MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
229 | | MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, |
230 | | MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, |
231 | | |
232 | | /* The PSK suites */ |
233 | | MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, |
234 | | MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, |
235 | | MBEDTLS_TLS_PSK_WITH_AES_256_CCM, |
236 | | MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, |
237 | | MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, |
238 | | MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, |
239 | | MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
240 | | MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, |
241 | | MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, |
242 | | MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, |
243 | | |
244 | | MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, |
245 | | MBEDTLS_TLS_PSK_WITH_AES_128_CCM, |
246 | | MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, |
247 | | MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, |
248 | | MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, |
249 | | MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
250 | | MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, |
251 | | MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, |
252 | | MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, |
253 | | |
254 | | /* NULL suites */ |
255 | | MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, |
256 | | MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, |
257 | | MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, |
258 | | MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, |
259 | | MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, |
260 | | MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, |
261 | | MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, |
262 | | MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, |
263 | | |
264 | | MBEDTLS_TLS_RSA_WITH_NULL_SHA256, |
265 | | MBEDTLS_TLS_RSA_WITH_NULL_SHA, |
266 | | MBEDTLS_TLS_RSA_WITH_NULL_MD5, |
267 | | MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, |
268 | | MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, |
269 | | MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, |
270 | | MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, |
271 | | MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, |
272 | | MBEDTLS_TLS_PSK_WITH_NULL_SHA384, |
273 | | MBEDTLS_TLS_PSK_WITH_NULL_SHA256, |
274 | | MBEDTLS_TLS_PSK_WITH_NULL_SHA, |
275 | | |
276 | | #endif /* MBEDTLS_SSL_CIPHERSUITES */ |
277 | | 0 |
278 | | }; |
279 | | |
280 | | static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = |
281 | | { |
282 | | #if defined(MBEDTLS_SSL_PROTO_TLS1_3) |
283 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
284 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
285 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
286 | | { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", |
287 | | MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, |
288 | | MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ |
289 | | 0, |
290 | | MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, |
291 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
292 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
293 | | { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256", |
294 | | MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, |
295 | | MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ |
296 | | 0, |
297 | | MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, |
298 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
299 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
300 | | #if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256) |
301 | | { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256", |
302 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, |
303 | | MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ |
304 | | 0, |
305 | | MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, |
306 | | { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256", |
307 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, |
308 | | MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ |
309 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
310 | | MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, |
311 | | #endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */ |
312 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
313 | | #if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256) |
314 | | { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, |
315 | | "TLS1-3-CHACHA20-POLY1305-SHA256", |
316 | | MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, |
317 | | MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ |
318 | | 0, |
319 | | MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, |
320 | | #endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */ |
321 | | #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ |
322 | | |
323 | | #if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \ |
324 | | defined(MBEDTLS_MD_CAN_SHA256) && \ |
325 | | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
326 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) |
327 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, |
328 | | "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", |
329 | | MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, |
330 | | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
331 | | 0, |
332 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
333 | | #endif |
334 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) |
335 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, |
336 | | "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", |
337 | | MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, |
338 | | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
339 | | 0, |
340 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
341 | | #endif |
342 | | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) |
343 | | { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, |
344 | | "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", |
345 | | MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, |
346 | | MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
347 | | 0, |
348 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
349 | | #endif |
350 | | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) |
351 | | { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, |
352 | | "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", |
353 | | MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, |
354 | | MBEDTLS_KEY_EXCHANGE_PSK, |
355 | | 0, |
356 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
357 | | #endif |
358 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
359 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, |
360 | | "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", |
361 | | MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, |
362 | | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
363 | | 0, |
364 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
365 | | #endif |
366 | | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
367 | | { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, |
368 | | "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", |
369 | | MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, |
370 | | MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
371 | | 0, |
372 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
373 | | #endif |
374 | | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
375 | | { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, |
376 | | "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256", |
377 | | MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, |
378 | | MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
379 | | 0, |
380 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
381 | | #endif |
382 | | #endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && |
383 | | MBEDTLS_MD_CAN_SHA256 && |
384 | | MBEDTLS_SSL_PROTO_TLS1_2 */ |
385 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) |
386 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
387 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
388 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
389 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", |
390 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
391 | | 0, |
392 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
393 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", |
394 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
395 | | 0, |
396 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
397 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
398 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
399 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
400 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
401 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", |
402 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
403 | | 0, |
404 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
405 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
406 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
407 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", |
408 | | MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
409 | | 0, |
410 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
411 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
412 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
413 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
414 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
415 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", |
416 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
417 | | 0, |
418 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
419 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
420 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
421 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", |
422 | | MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
423 | | 0, |
424 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
425 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
426 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
427 | | #if defined(MBEDTLS_SSL_HAVE_CCM) |
428 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", |
429 | | MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
430 | | 0, |
431 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
432 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", |
433 | | MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
434 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
435 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
436 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", |
437 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
438 | | 0, |
439 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
440 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", |
441 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
442 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
443 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
444 | | #endif /* MBEDTLS_SSL_HAVE_CCM */ |
445 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
446 | | |
447 | | #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) |
448 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
449 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
450 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, |
451 | | "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", |
452 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
453 | | 0, |
454 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
455 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
456 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
457 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, |
458 | | "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", |
459 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
460 | | 0, |
461 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
462 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
463 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
464 | | |
465 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
466 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
467 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, |
468 | | "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", |
469 | | MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
470 | | 0, |
471 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
472 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
473 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
474 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, |
475 | | "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", |
476 | | MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
477 | | 0, |
478 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
479 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
480 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
481 | | #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ |
482 | | |
483 | | #if defined(MBEDTLS_CIPHER_NULL_CIPHER) |
484 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
485 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", |
486 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
487 | | MBEDTLS_CIPHERSUITE_WEAK, |
488 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
489 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
490 | | #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ |
491 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ |
492 | | |
493 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) |
494 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
495 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
496 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
497 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", |
498 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
499 | | 0, |
500 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
501 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", |
502 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
503 | | 0, |
504 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
505 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
506 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
507 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
508 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
509 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", |
510 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
511 | | 0, |
512 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
513 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
514 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
515 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", |
516 | | MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
517 | | 0, |
518 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
519 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
520 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
521 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
522 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
523 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", |
524 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
525 | | 0, |
526 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
527 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
528 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
529 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", |
530 | | MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
531 | | 0, |
532 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
533 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
534 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
535 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
536 | | |
537 | | #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) |
538 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
539 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
540 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
541 | | "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", |
542 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
543 | | 0, |
544 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
545 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
546 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
547 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, |
548 | | "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", |
549 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
550 | | 0, |
551 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
552 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
553 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
554 | | |
555 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
556 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
557 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, |
558 | | "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", |
559 | | MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
560 | | 0, |
561 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
562 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
563 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
564 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, |
565 | | "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", |
566 | | MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
567 | | 0, |
568 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
569 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
570 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
571 | | #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ |
572 | | |
573 | | #if defined(MBEDTLS_CIPHER_NULL_CIPHER) |
574 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
575 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", |
576 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
577 | | MBEDTLS_CIPHERSUITE_WEAK, |
578 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
579 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
580 | | #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ |
581 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ |
582 | | |
583 | | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) |
584 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
585 | | #if defined(MBEDTLS_MD_CAN_SHA384) && \ |
586 | | defined(MBEDTLS_SSL_HAVE_GCM) |
587 | | { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", |
588 | | MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
589 | | 0, |
590 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
591 | | #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */ |
592 | | |
593 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
594 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
595 | | { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", |
596 | | MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
597 | | 0, |
598 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
599 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
600 | | |
601 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
602 | | { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", |
603 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
604 | | 0, |
605 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
606 | | |
607 | | { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", |
608 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
609 | | 0, |
610 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
611 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
612 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
613 | | |
614 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
615 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
616 | | { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", |
617 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
618 | | 0, |
619 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
620 | | |
621 | | { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", |
622 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
623 | | 0, |
624 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
625 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
626 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
627 | | #if defined(MBEDTLS_SSL_HAVE_CCM) |
628 | | { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", |
629 | | MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
630 | | 0, |
631 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
632 | | { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", |
633 | | MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
634 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
635 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
636 | | { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", |
637 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
638 | | 0, |
639 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
640 | | { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", |
641 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
642 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
643 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
644 | | #endif /* MBEDTLS_SSL_HAVE_CCM */ |
645 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
646 | | |
647 | | #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) |
648 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
649 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
650 | | { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", |
651 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
652 | | 0, |
653 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
654 | | |
655 | | { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", |
656 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
657 | | 0, |
658 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
659 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
660 | | |
661 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
662 | | { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", |
663 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
664 | | 0, |
665 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
666 | | |
667 | | { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", |
668 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
669 | | 0, |
670 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
671 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
672 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
673 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
674 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
675 | | { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", |
676 | | MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
677 | | 0, |
678 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
679 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
680 | | |
681 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
682 | | { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", |
683 | | MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
684 | | 0, |
685 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
686 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
687 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
688 | | #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ |
689 | | |
690 | | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ |
691 | | |
692 | | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) |
693 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
694 | | #if defined(MBEDTLS_MD_CAN_SHA384) && \ |
695 | | defined(MBEDTLS_SSL_HAVE_GCM) |
696 | | { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", |
697 | | MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, |
698 | | 0, |
699 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
700 | | #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */ |
701 | | |
702 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
703 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
704 | | { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", |
705 | | MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
706 | | 0, |
707 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
708 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
709 | | |
710 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
711 | | { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", |
712 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
713 | | 0, |
714 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
715 | | |
716 | | { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", |
717 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
718 | | 0, |
719 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
720 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
721 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
722 | | |
723 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
724 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
725 | | { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", |
726 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, |
727 | | 0, |
728 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
729 | | |
730 | | { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", |
731 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, |
732 | | 0, |
733 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
734 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
735 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
736 | | #if defined(MBEDTLS_SSL_HAVE_CCM) |
737 | | { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", |
738 | | MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
739 | | 0, |
740 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
741 | | { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", |
742 | | MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
743 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
744 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
745 | | { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", |
746 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
747 | | 0, |
748 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
749 | | { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", |
750 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
751 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
752 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
753 | | #endif /* MBEDTLS_SSL_HAVE_CCM */ |
754 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
755 | | |
756 | | #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) |
757 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
758 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
759 | | { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", |
760 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
761 | | 0, |
762 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
763 | | |
764 | | { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", |
765 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
766 | | 0, |
767 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
768 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
769 | | |
770 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
771 | | { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", |
772 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, |
773 | | 0, |
774 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
775 | | |
776 | | { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", |
777 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, |
778 | | 0, |
779 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
780 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
781 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
782 | | |
783 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
784 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
785 | | { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", |
786 | | MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
787 | | 0, |
788 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
789 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
790 | | |
791 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
792 | | { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", |
793 | | MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, |
794 | | 0, |
795 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
796 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
797 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
798 | | #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ |
799 | | |
800 | | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ |
801 | | |
802 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) |
803 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
804 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
805 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
806 | | { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", |
807 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
808 | | 0, |
809 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
810 | | { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", |
811 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
812 | | 0, |
813 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
814 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
815 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
816 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
817 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
818 | | { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", |
819 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
820 | | 0, |
821 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
822 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
823 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
824 | | { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", |
825 | | MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
826 | | 0, |
827 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
828 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
829 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
830 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
831 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
832 | | { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", |
833 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
834 | | 0, |
835 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
836 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
837 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
838 | | { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", |
839 | | MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
840 | | 0, |
841 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
842 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
843 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
844 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
845 | | |
846 | | #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) |
847 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
848 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
849 | | { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
850 | | "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", |
851 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
852 | | 0, |
853 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
854 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
855 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
856 | | { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, |
857 | | "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", |
858 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
859 | | 0, |
860 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
861 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
862 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
863 | | |
864 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
865 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
866 | | { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, |
867 | | "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", |
868 | | MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
869 | | 0, |
870 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
871 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
872 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
873 | | { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, |
874 | | "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", |
875 | | MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
876 | | 0, |
877 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
878 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
879 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
880 | | #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ |
881 | | |
882 | | #if defined(MBEDTLS_CIPHER_NULL_CIPHER) |
883 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
884 | | { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", |
885 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
886 | | MBEDTLS_CIPHERSUITE_WEAK, |
887 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
888 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
889 | | #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ |
890 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ |
891 | | |
892 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
893 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
894 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
895 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
896 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", |
897 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
898 | | 0, |
899 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
900 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", |
901 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
902 | | 0, |
903 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
904 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
905 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
906 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
907 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
908 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", |
909 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
910 | | 0, |
911 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
912 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
913 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
914 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", |
915 | | MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
916 | | 0, |
917 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
918 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
919 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
920 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
921 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
922 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", |
923 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
924 | | 0, |
925 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
926 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
927 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
928 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", |
929 | | MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
930 | | 0, |
931 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
932 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
933 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
934 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
935 | | |
936 | | #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) |
937 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
938 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
939 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, |
940 | | "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", |
941 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
942 | | 0, |
943 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
944 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
945 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
946 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, |
947 | | "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", |
948 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
949 | | 0, |
950 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
951 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
952 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
953 | | |
954 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
955 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
956 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, |
957 | | "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", |
958 | | MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
959 | | 0, |
960 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
961 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
962 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
963 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, |
964 | | "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", |
965 | | MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
966 | | 0, |
967 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
968 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
969 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
970 | | #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ |
971 | | |
972 | | #if defined(MBEDTLS_CIPHER_NULL_CIPHER) |
973 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
974 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", |
975 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
976 | | MBEDTLS_CIPHERSUITE_WEAK, |
977 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
978 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
979 | | #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ |
980 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
981 | | |
982 | | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) |
983 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
984 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
985 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
986 | | { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", |
987 | | MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, |
988 | | 0, |
989 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
990 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
991 | | |
992 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
993 | | { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", |
994 | | MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, |
995 | | 0, |
996 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
997 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
998 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
999 | | |
1000 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
1001 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1002 | | { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", |
1003 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, |
1004 | | 0, |
1005 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1006 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1007 | | |
1008 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1009 | | { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", |
1010 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, |
1011 | | 0, |
1012 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1013 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1014 | | |
1015 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
1016 | | { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", |
1017 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, |
1018 | | 0, |
1019 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1020 | | |
1021 | | { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", |
1022 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, |
1023 | | 0, |
1024 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1025 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
1026 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
1027 | | #if defined(MBEDTLS_SSL_HAVE_CCM) |
1028 | | { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", |
1029 | | MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, |
1030 | | 0, |
1031 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1032 | | { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", |
1033 | | MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, |
1034 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
1035 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1036 | | { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", |
1037 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, |
1038 | | 0, |
1039 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1040 | | { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", |
1041 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, |
1042 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
1043 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1044 | | #endif /* MBEDTLS_SSL_HAVE_CCM */ |
1045 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
1046 | | |
1047 | | #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) |
1048 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
1049 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1050 | | { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", |
1051 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, |
1052 | | 0, |
1053 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1054 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1055 | | |
1056 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1057 | | { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", |
1058 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, |
1059 | | 0, |
1060 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1061 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1062 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
1063 | | |
1064 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
1065 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1066 | | { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", |
1067 | | MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, |
1068 | | 0, |
1069 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1070 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1071 | | |
1072 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1073 | | { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", |
1074 | | MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, |
1075 | | 0, |
1076 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1077 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1078 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
1079 | | #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ |
1080 | | |
1081 | | #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ |
1082 | | |
1083 | | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
1084 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
1085 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
1086 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1087 | | { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", |
1088 | | MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1089 | | 0, |
1090 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1091 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1092 | | |
1093 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1094 | | { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", |
1095 | | MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1096 | | 0, |
1097 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1098 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1099 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
1100 | | |
1101 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
1102 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1103 | | { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", |
1104 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1105 | | 0, |
1106 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1107 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1108 | | |
1109 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1110 | | { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", |
1111 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1112 | | 0, |
1113 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1114 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1115 | | |
1116 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
1117 | | { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", |
1118 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1119 | | 0, |
1120 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1121 | | |
1122 | | { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", |
1123 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1124 | | 0, |
1125 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1126 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
1127 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
1128 | | #if defined(MBEDTLS_SSL_HAVE_CCM) |
1129 | | { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", |
1130 | | MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1131 | | 0, |
1132 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1133 | | { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", |
1134 | | MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1135 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
1136 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1137 | | { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", |
1138 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1139 | | 0, |
1140 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1141 | | { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", |
1142 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1143 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
1144 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1145 | | #endif /* MBEDTLS_SSL_HAVE_CCM */ |
1146 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
1147 | | |
1148 | | #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) |
1149 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
1150 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1151 | | { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", |
1152 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1153 | | 0, |
1154 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1155 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1156 | | |
1157 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1158 | | { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", |
1159 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1160 | | 0, |
1161 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1162 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1163 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
1164 | | |
1165 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
1166 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1167 | | { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", |
1168 | | MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1169 | | 0, |
1170 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1171 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1172 | | |
1173 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1174 | | { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", |
1175 | | MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1176 | | 0, |
1177 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1178 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1179 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
1180 | | #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ |
1181 | | |
1182 | | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
1183 | | |
1184 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
1185 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
1186 | | |
1187 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
1188 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1189 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", |
1190 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
1191 | | 0, |
1192 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1193 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1194 | | |
1195 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1196 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", |
1197 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
1198 | | 0, |
1199 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1200 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1201 | | |
1202 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
1203 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", |
1204 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
1205 | | 0, |
1206 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1207 | | |
1208 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", |
1209 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
1210 | | 0, |
1211 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1212 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
1213 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
1214 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
1215 | | |
1216 | | #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) |
1217 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
1218 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1219 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, |
1220 | | "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", |
1221 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
1222 | | 0, |
1223 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1224 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1225 | | |
1226 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1227 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, |
1228 | | "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", |
1229 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
1230 | | 0, |
1231 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1232 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1233 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
1234 | | #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ |
1235 | | |
1236 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ |
1237 | | |
1238 | | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
1239 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
1240 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
1241 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1242 | | { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", |
1243 | | MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1244 | | 0, |
1245 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1246 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1247 | | |
1248 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1249 | | { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", |
1250 | | MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1251 | | 0, |
1252 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1253 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1254 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
1255 | | |
1256 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
1257 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1258 | | { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", |
1259 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1260 | | 0, |
1261 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1262 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1263 | | |
1264 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1265 | | { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", |
1266 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1267 | | 0, |
1268 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1269 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1270 | | |
1271 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
1272 | | { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", |
1273 | | MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1274 | | 0, |
1275 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1276 | | |
1277 | | { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", |
1278 | | MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1279 | | 0, |
1280 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1281 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
1282 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
1283 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
1284 | | |
1285 | | #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) |
1286 | | #if defined(MBEDTLS_SSL_HAVE_CBC) |
1287 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1288 | | { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", |
1289 | | MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1290 | | 0, |
1291 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1292 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1293 | | |
1294 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1295 | | { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", |
1296 | | MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1297 | | 0, |
1298 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1299 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1300 | | #endif /* MBEDTLS_SSL_HAVE_CBC */ |
1301 | | |
1302 | | #if defined(MBEDTLS_SSL_HAVE_GCM) |
1303 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1304 | | { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", |
1305 | | MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1306 | | 0, |
1307 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1308 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
1309 | | |
1310 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1311 | | { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", |
1312 | | MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1313 | | 0, |
1314 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1315 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1316 | | #endif /* MBEDTLS_SSL_HAVE_GCM */ |
1317 | | #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ |
1318 | | |
1319 | | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ |
1320 | | |
1321 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
1322 | | #if defined(MBEDTLS_SSL_HAVE_AES) |
1323 | | #if defined(MBEDTLS_SSL_HAVE_CCM) |
1324 | | { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", |
1325 | | MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, |
1326 | | MBEDTLS_CIPHERSUITE_SHORT_TAG, |
1327 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1328 | | #endif /* MBEDTLS_SSL_HAVE_CCM */ |
1329 | | #endif /* MBEDTLS_SSL_HAVE_AES */ |
1330 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
1331 | | |
1332 | | #if defined(MBEDTLS_CIPHER_NULL_CIPHER) |
1333 | | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) |
1334 | | #if defined(MBEDTLS_MD_CAN_MD5) |
1335 | | { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", |
1336 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, |
1337 | | MBEDTLS_CIPHERSUITE_WEAK, |
1338 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1339 | | #endif |
1340 | | |
1341 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
1342 | | { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", |
1343 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, |
1344 | | MBEDTLS_CIPHERSUITE_WEAK, |
1345 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1346 | | #endif |
1347 | | |
1348 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1349 | | { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", |
1350 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
1351 | | MBEDTLS_CIPHERSUITE_WEAK, |
1352 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1353 | | #endif |
1354 | | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ |
1355 | | |
1356 | | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) |
1357 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
1358 | | { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", |
1359 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, |
1360 | | MBEDTLS_CIPHERSUITE_WEAK, |
1361 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1362 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
1363 | | |
1364 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1365 | | { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", |
1366 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, |
1367 | | MBEDTLS_CIPHERSUITE_WEAK, |
1368 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1369 | | #endif |
1370 | | |
1371 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1372 | | { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", |
1373 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, |
1374 | | MBEDTLS_CIPHERSUITE_WEAK, |
1375 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1376 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1377 | | #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ |
1378 | | |
1379 | | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
1380 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
1381 | | { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", |
1382 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1383 | | MBEDTLS_CIPHERSUITE_WEAK, |
1384 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1385 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
1386 | | |
1387 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1388 | | { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", |
1389 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1390 | | MBEDTLS_CIPHERSUITE_WEAK, |
1391 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1392 | | #endif |
1393 | | |
1394 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1395 | | { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", |
1396 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1397 | | MBEDTLS_CIPHERSUITE_WEAK, |
1398 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1399 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1400 | | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
1401 | | |
1402 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
1403 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
1404 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", |
1405 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
1406 | | MBEDTLS_CIPHERSUITE_WEAK, |
1407 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1408 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
1409 | | |
1410 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1411 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", |
1412 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
1413 | | MBEDTLS_CIPHERSUITE_WEAK, |
1414 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1415 | | #endif |
1416 | | |
1417 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1418 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", |
1419 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
1420 | | MBEDTLS_CIPHERSUITE_WEAK, |
1421 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1422 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1423 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ |
1424 | | |
1425 | | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
1426 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
1427 | | { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", |
1428 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1429 | | MBEDTLS_CIPHERSUITE_WEAK, |
1430 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1431 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
1432 | | |
1433 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
1434 | | { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", |
1435 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1436 | | MBEDTLS_CIPHERSUITE_WEAK, |
1437 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1438 | | #endif |
1439 | | |
1440 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
1441 | | { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", |
1442 | | MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1443 | | MBEDTLS_CIPHERSUITE_WEAK, |
1444 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1445 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
1446 | | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ |
1447 | | #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ |
1448 | | |
1449 | | #if defined(MBEDTLS_SSL_HAVE_ARIA) |
1450 | | |
1451 | | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) |
1452 | | |
1453 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) |
1454 | | { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, |
1455 | | "TLS-RSA-WITH-ARIA-256-GCM-SHA384", |
1456 | | MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, |
1457 | | 0, |
1458 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1459 | | #endif |
1460 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1461 | | defined(MBEDTLS_MD_CAN_SHA384)) |
1462 | | { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, |
1463 | | "TLS-RSA-WITH-ARIA-256-CBC-SHA384", |
1464 | | MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, |
1465 | | 0, |
1466 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1467 | | #endif |
1468 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) |
1469 | | { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, |
1470 | | "TLS-RSA-WITH-ARIA-128-GCM-SHA256", |
1471 | | MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
1472 | | 0, |
1473 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1474 | | #endif |
1475 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1476 | | defined(MBEDTLS_MD_CAN_SHA256)) |
1477 | | { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, |
1478 | | "TLS-RSA-WITH-ARIA-128-CBC-SHA256", |
1479 | | MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, |
1480 | | 0, |
1481 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1482 | | #endif |
1483 | | |
1484 | | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ |
1485 | | |
1486 | | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
1487 | | |
1488 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) |
1489 | | { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, |
1490 | | "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", |
1491 | | MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1492 | | 0, |
1493 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1494 | | #endif |
1495 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1496 | | defined(MBEDTLS_MD_CAN_SHA384)) |
1497 | | { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, |
1498 | | "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", |
1499 | | MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1500 | | 0, |
1501 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1502 | | #endif |
1503 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) |
1504 | | { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, |
1505 | | "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", |
1506 | | MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1507 | | 0, |
1508 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1509 | | #endif |
1510 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1511 | | defined(MBEDTLS_MD_CAN_SHA256)) |
1512 | | { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, |
1513 | | "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", |
1514 | | MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, |
1515 | | 0, |
1516 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1517 | | #endif |
1518 | | |
1519 | | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ |
1520 | | |
1521 | | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) |
1522 | | |
1523 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) |
1524 | | { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, |
1525 | | "TLS-PSK-WITH-ARIA-256-GCM-SHA384", |
1526 | | MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, |
1527 | | 0, |
1528 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1529 | | #endif |
1530 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1531 | | defined(MBEDTLS_MD_CAN_SHA384)) |
1532 | | { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, |
1533 | | "TLS-PSK-WITH-ARIA-256-CBC-SHA384", |
1534 | | MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, |
1535 | | 0, |
1536 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1537 | | #endif |
1538 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) |
1539 | | { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, |
1540 | | "TLS-PSK-WITH-ARIA-128-GCM-SHA256", |
1541 | | MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, |
1542 | | 0, |
1543 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1544 | | #endif |
1545 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1546 | | defined(MBEDTLS_MD_CAN_SHA256)) |
1547 | | { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, |
1548 | | "TLS-PSK-WITH-ARIA-128-CBC-SHA256", |
1549 | | MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, |
1550 | | 0, |
1551 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1552 | | #endif |
1553 | | |
1554 | | #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ |
1555 | | |
1556 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) |
1557 | | |
1558 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) |
1559 | | { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, |
1560 | | "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", |
1561 | | MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
1562 | | 0, |
1563 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1564 | | #endif |
1565 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1566 | | defined(MBEDTLS_MD_CAN_SHA384)) |
1567 | | { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, |
1568 | | "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", |
1569 | | MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
1570 | | 0, |
1571 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1572 | | #endif |
1573 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) |
1574 | | { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, |
1575 | | "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", |
1576 | | MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
1577 | | 0, |
1578 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1579 | | #endif |
1580 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1581 | | defined(MBEDTLS_MD_CAN_SHA256)) |
1582 | | { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, |
1583 | | "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", |
1584 | | MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, |
1585 | | 0, |
1586 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1587 | | #endif |
1588 | | |
1589 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ |
1590 | | |
1591 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) |
1592 | | |
1593 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) |
1594 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, |
1595 | | "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", |
1596 | | MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
1597 | | 0, |
1598 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1599 | | #endif |
1600 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1601 | | defined(MBEDTLS_MD_CAN_SHA384)) |
1602 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, |
1603 | | "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", |
1604 | | MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
1605 | | 0, |
1606 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1607 | | #endif |
1608 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) |
1609 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, |
1610 | | "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", |
1611 | | MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
1612 | | 0, |
1613 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1614 | | #endif |
1615 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1616 | | defined(MBEDTLS_MD_CAN_SHA256)) |
1617 | | { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, |
1618 | | "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", |
1619 | | MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, |
1620 | | 0, |
1621 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1622 | | #endif |
1623 | | |
1624 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ |
1625 | | |
1626 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
1627 | | |
1628 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1629 | | defined(MBEDTLS_MD_CAN_SHA384)) |
1630 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, |
1631 | | "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", |
1632 | | MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
1633 | | 0, |
1634 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1635 | | #endif |
1636 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1637 | | defined(MBEDTLS_MD_CAN_SHA256)) |
1638 | | { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, |
1639 | | "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", |
1640 | | MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, |
1641 | | 0, |
1642 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1643 | | #endif |
1644 | | |
1645 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ |
1646 | | |
1647 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) |
1648 | | |
1649 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) |
1650 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, |
1651 | | "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", |
1652 | | MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
1653 | | 0, |
1654 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1655 | | #endif |
1656 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1657 | | defined(MBEDTLS_MD_CAN_SHA384)) |
1658 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, |
1659 | | "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", |
1660 | | MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
1661 | | 0, |
1662 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1663 | | #endif |
1664 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) |
1665 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, |
1666 | | "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", |
1667 | | MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
1668 | | 0, |
1669 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1670 | | #endif |
1671 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1672 | | defined(MBEDTLS_MD_CAN_SHA256)) |
1673 | | { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, |
1674 | | "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", |
1675 | | MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, |
1676 | | 0, |
1677 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1678 | | #endif |
1679 | | |
1680 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ |
1681 | | |
1682 | | #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
1683 | | |
1684 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) |
1685 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, |
1686 | | "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", |
1687 | | MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
1688 | | 0, |
1689 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1690 | | #endif |
1691 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1692 | | defined(MBEDTLS_MD_CAN_SHA384)) |
1693 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, |
1694 | | "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", |
1695 | | MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
1696 | | 0, |
1697 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1698 | | #endif |
1699 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) |
1700 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, |
1701 | | "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", |
1702 | | MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
1703 | | 0, |
1704 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1705 | | #endif |
1706 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1707 | | defined(MBEDTLS_MD_CAN_SHA256)) |
1708 | | { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, |
1709 | | "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", |
1710 | | MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, |
1711 | | 0, |
1712 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1713 | | #endif |
1714 | | |
1715 | | #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
1716 | | |
1717 | | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) |
1718 | | |
1719 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) |
1720 | | { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, |
1721 | | "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", |
1722 | | MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
1723 | | 0, |
1724 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1725 | | #endif |
1726 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1727 | | defined(MBEDTLS_MD_CAN_SHA384)) |
1728 | | { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, |
1729 | | "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", |
1730 | | MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
1731 | | 0, |
1732 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1733 | | #endif |
1734 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) |
1735 | | { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, |
1736 | | "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", |
1737 | | MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
1738 | | 0, |
1739 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1740 | | #endif |
1741 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1742 | | defined(MBEDTLS_MD_CAN_SHA256)) |
1743 | | { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, |
1744 | | "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", |
1745 | | MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, |
1746 | | 0, |
1747 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1748 | | #endif |
1749 | | |
1750 | | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ |
1751 | | |
1752 | | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
1753 | | |
1754 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) |
1755 | | { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, |
1756 | | "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", |
1757 | | MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1758 | | 0, |
1759 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1760 | | #endif |
1761 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1762 | | defined(MBEDTLS_MD_CAN_SHA384)) |
1763 | | { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, |
1764 | | "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", |
1765 | | MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1766 | | 0, |
1767 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1768 | | #endif |
1769 | | #if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) |
1770 | | { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, |
1771 | | "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", |
1772 | | MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1773 | | 0, |
1774 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1775 | | #endif |
1776 | | #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ |
1777 | | defined(MBEDTLS_MD_CAN_SHA256)) |
1778 | | { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, |
1779 | | "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", |
1780 | | MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, |
1781 | | 0, |
1782 | | MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, |
1783 | | #endif |
1784 | | |
1785 | | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
1786 | | |
1787 | | #endif /* MBEDTLS_SSL_HAVE_ARIA */ |
1788 | | |
1789 | | |
1790 | | { 0, "", |
1791 | | MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, |
1792 | | 0, 0, 0 } |
1793 | | }; |
1794 | | |
1795 | | #if defined(MBEDTLS_SSL_CIPHERSUITES) |
1796 | | const int *mbedtls_ssl_list_ciphersuites(void) |
1797 | | { |
1798 | | return ciphersuite_preference; |
1799 | | } |
1800 | | #else |
1801 | 190 | #define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \ |
1802 | 190 | sizeof(ciphersuite_definitions[0]) |
1803 | | static int supported_ciphersuites[MAX_CIPHERSUITES]; |
1804 | | static int supported_init = 0; |
1805 | | |
1806 | | MBEDTLS_CHECK_RETURN_CRITICAL |
1807 | | static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info) |
1808 | 190 | { |
1809 | 190 | (void) cs_info; |
1810 | | |
1811 | 190 | return 0; |
1812 | 190 | } |
1813 | | |
1814 | | const int *mbedtls_ssl_list_ciphersuites(void) |
1815 | 1.59k | { |
1816 | | /* |
1817 | | * On initial call filter out all ciphersuites not supported by current |
1818 | | * build based on presence in the ciphersuite_definitions. |
1819 | | */ |
1820 | 1.59k | if (supported_init == 0) { |
1821 | 1 | const int *p; |
1822 | 1 | int *q; |
1823 | | |
1824 | 1 | for (p = ciphersuite_preference, q = supported_ciphersuites; |
1825 | 191 | *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; |
1826 | 190 | p++) { |
1827 | 190 | const mbedtls_ssl_ciphersuite_t *cs_info; |
1828 | 190 | if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL && |
1829 | 190 | !ciphersuite_is_removed(cs_info)) { |
1830 | 190 | *(q++) = *p; |
1831 | 190 | } |
1832 | 190 | } |
1833 | 1 | *q = 0; |
1834 | | |
1835 | 1 | supported_init = 1; |
1836 | 1 | } |
1837 | | |
1838 | 1.59k | return supported_ciphersuites; |
1839 | 1.59k | } |
1840 | | #endif /* MBEDTLS_SSL_CIPHERSUITES */ |
1841 | | |
1842 | | const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( |
1843 | | const char *ciphersuite_name) |
1844 | 0 | { |
1845 | 0 | const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; |
1846 | |
|
1847 | 0 | if (NULL == ciphersuite_name) { |
1848 | 0 | return NULL; |
1849 | 0 | } |
1850 | | |
1851 | 0 | while (cur->id != 0) { |
1852 | 0 | if (0 == strcmp(cur->name, ciphersuite_name)) { |
1853 | 0 | return cur; |
1854 | 0 | } |
1855 | | |
1856 | 0 | cur++; |
1857 | 0 | } |
1858 | | |
1859 | 0 | return NULL; |
1860 | 0 | } |
1861 | | |
1862 | | const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite) |
1863 | 4.73k | { |
1864 | 4.73k | const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; |
1865 | | |
1866 | 447k | while (cur->id != 0) { |
1867 | 447k | if (cur->id == ciphersuite) { |
1868 | 4.73k | return cur; |
1869 | 4.73k | } |
1870 | | |
1871 | 443k | cur++; |
1872 | 443k | } |
1873 | | |
1874 | 0 | return NULL; |
1875 | 4.73k | } |
1876 | | |
1877 | | const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id) |
1878 | 221 | { |
1879 | 221 | const mbedtls_ssl_ciphersuite_t *cur; |
1880 | | |
1881 | 221 | cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); |
1882 | | |
1883 | 221 | if (cur == NULL) { |
1884 | 0 | return "unknown"; |
1885 | 0 | } |
1886 | | |
1887 | 221 | return cur->name; |
1888 | 221 | } |
1889 | | |
1890 | | int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name) |
1891 | 0 | { |
1892 | 0 | const mbedtls_ssl_ciphersuite_t *cur; |
1893 | |
|
1894 | 0 | cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name); |
1895 | |
|
1896 | 0 | if (cur == NULL) { |
1897 | 0 | return 0; |
1898 | 0 | } |
1899 | | |
1900 | 0 | return cur->id; |
1901 | 0 | } |
1902 | | |
1903 | | size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info) |
1904 | 0 | { |
1905 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
1906 | | psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
1907 | | psa_key_type_t key_type; |
1908 | | psa_algorithm_t alg; |
1909 | | size_t key_bits; |
1910 | | |
1911 | | status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher, |
1912 | | info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16, |
1913 | | &alg, &key_type, &key_bits); |
1914 | | |
1915 | | if (status != PSA_SUCCESS) { |
1916 | | return 0; |
1917 | | } |
1918 | | |
1919 | | return key_bits; |
1920 | | #else |
1921 | 0 | const mbedtls_cipher_info_t * const cipher_info = |
1922 | 0 | mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher); |
1923 | |
|
1924 | 0 | return mbedtls_cipher_info_get_key_bitlen(cipher_info); |
1925 | 0 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
1926 | 0 | } |
1927 | | |
1928 | | #if defined(MBEDTLS_PK_C) |
1929 | | mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) |
1930 | 1.76k | { |
1931 | 1.76k | switch (info->key_exchange) { |
1932 | 796 | case MBEDTLS_KEY_EXCHANGE_RSA: |
1933 | 922 | case MBEDTLS_KEY_EXCHANGE_DHE_RSA: |
1934 | 960 | case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: |
1935 | 1.36k | case MBEDTLS_KEY_EXCHANGE_RSA_PSK: |
1936 | 1.36k | return MBEDTLS_PK_RSA; |
1937 | | |
1938 | 46 | case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: |
1939 | 46 | return MBEDTLS_PK_ECDSA; |
1940 | | |
1941 | 50 | case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: |
1942 | 133 | case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: |
1943 | 133 | return MBEDTLS_PK_ECKEY; |
1944 | | |
1945 | 221 | default: |
1946 | 221 | return MBEDTLS_PK_NONE; |
1947 | 1.76k | } |
1948 | 1.76k | } |
1949 | | |
1950 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
1951 | | psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info) |
1952 | | { |
1953 | | switch (info->key_exchange) { |
1954 | | case MBEDTLS_KEY_EXCHANGE_RSA: |
1955 | | case MBEDTLS_KEY_EXCHANGE_RSA_PSK: |
1956 | | return PSA_ALG_RSA_PKCS1V15_CRYPT; |
1957 | | case MBEDTLS_KEY_EXCHANGE_DHE_RSA: |
1958 | | case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: |
1959 | | return PSA_ALG_RSA_PKCS1V15_SIGN( |
1960 | | mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); |
1961 | | |
1962 | | case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: |
1963 | | return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); |
1964 | | |
1965 | | case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: |
1966 | | case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: |
1967 | | return PSA_ALG_ECDH; |
1968 | | |
1969 | | default: |
1970 | | return PSA_ALG_NONE; |
1971 | | } |
1972 | | } |
1973 | | |
1974 | | psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info) |
1975 | | { |
1976 | | switch (info->key_exchange) { |
1977 | | case MBEDTLS_KEY_EXCHANGE_RSA: |
1978 | | case MBEDTLS_KEY_EXCHANGE_RSA_PSK: |
1979 | | return PSA_KEY_USAGE_DECRYPT; |
1980 | | case MBEDTLS_KEY_EXCHANGE_DHE_RSA: |
1981 | | case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: |
1982 | | case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: |
1983 | | return PSA_KEY_USAGE_SIGN_HASH; |
1984 | | |
1985 | | case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: |
1986 | | case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: |
1987 | | return PSA_KEY_USAGE_DERIVE; |
1988 | | |
1989 | | default: |
1990 | | return 0; |
1991 | | } |
1992 | | } |
1993 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
1994 | | |
1995 | | mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) |
1996 | 442 | { |
1997 | 442 | switch (info->key_exchange) { |
1998 | 0 | case MBEDTLS_KEY_EXCHANGE_DHE_RSA: |
1999 | 0 | case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: |
2000 | 0 | return MBEDTLS_PK_RSA; |
2001 | | |
2002 | 0 | case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: |
2003 | 0 | return MBEDTLS_PK_ECDSA; |
2004 | | |
2005 | 442 | default: |
2006 | 442 | return MBEDTLS_PK_NONE; |
2007 | 442 | } |
2008 | 442 | } |
2009 | | |
2010 | | #endif /* MBEDTLS_PK_C */ |
2011 | | |
2012 | | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ |
2013 | | defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ |
2014 | | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
2015 | | int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) |
2016 | 3.46k | { |
2017 | 3.46k | switch (info->key_exchange) { |
2018 | 287 | case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: |
2019 | 545 | case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: |
2020 | 795 | case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: |
2021 | 1.01k | case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: |
2022 | 1.31k | case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: |
2023 | 1.31k | case MBEDTLS_KEY_EXCHANGE_ECJPAKE: |
2024 | 1.31k | return 1; |
2025 | | |
2026 | 2.14k | default: |
2027 | 2.14k | return 0; |
2028 | 3.46k | } |
2029 | 3.46k | } |
2030 | | #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || |
2031 | | * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || |
2032 | | * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ |
2033 | | |
2034 | | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) |
2035 | | int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) |
2036 | 2.30k | { |
2037 | 2.30k | switch (info->key_exchange) { |
2038 | 184 | case MBEDTLS_KEY_EXCHANGE_PSK: |
2039 | 975 | case MBEDTLS_KEY_EXCHANGE_RSA_PSK: |
2040 | 1.07k | case MBEDTLS_KEY_EXCHANGE_DHE_PSK: |
2041 | 1.16k | case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: |
2042 | 1.16k | return 1; |
2043 | | |
2044 | 1.13k | default: |
2045 | 1.13k | return 0; |
2046 | 2.30k | } |
2047 | 2.30k | } |
2048 | | #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ |
2049 | | |
2050 | | #endif /* MBEDTLS_SSL_TLS_C */ |