1 /**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for Mbed TLS
5 *
6 * Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 */
9
10 #include "ssl_misc.h"
11
12 #if defined(MBEDTLS_SSL_TLS_C)
13
14 #include "mbedtls/platform.h"
15
16 #include "mbedtls/ssl_ciphersuites.h"
17 #include "mbedtls/ssl.h"
18 #include "ssl_misc.h"
19 #include "mbedtls/psa_util.h"
20
21 #include <string.h>
22
23 /*
24 * Ordered from most preferred to least preferred in terms of security.
25 *
26 * Current rule (except weak and null which come last):
27 * 1. By key exchange:
28 * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
29 * 2. By key length and cipher:
30 * ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
31 * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
32 * 4. By hash function used when relevant
33 * 5. By key exchange/auth again: EC > non-EC
34 */
35 static const int ciphersuite_preference[] =
36 {
37 #if defined(MBEDTLS_SSL_CIPHERSUITES)
38 MBEDTLS_SSL_CIPHERSUITES,
39 #else
40 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
41 /* TLS 1.3 ciphersuites */
42 MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
43 MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
44 MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
45 MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
46 MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
47 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
48
49 /* Chacha-Poly ephemeral suites */
50 MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
51 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
52
53 /* All AES-256 ephemeral suites */
54 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
55 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
56 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
57 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
58 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
59 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
60 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
61 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
62
63 /* All CAMELLIA-256 ephemeral suites */
64 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
65 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
66 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
67 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
68
69 /* All ARIA-256 ephemeral suites */
70 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
71 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
72 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
73 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
74
75 /* All AES-128 ephemeral suites */
76 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
77 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
78 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
79 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
80 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
81 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
82 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
83 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
84
85 /* All CAMELLIA-128 ephemeral suites */
86 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
87 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
88 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
89 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
90
91 /* All ARIA-128 ephemeral suites */
92 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
93 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
94 MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
95 MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
96
97 /* The PSK ephemeral suites */
98 MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
99 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
100 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
101 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
102 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
103
104 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
105 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
106 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
107 MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
108
109 /* The ECJPAKE suite */
110 MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
111
112 /* All AES-256 suites */
113 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
114 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
115 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
116 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
117 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
118 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
119
120 /* All CAMELLIA-256 suites */
121 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
122 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
123 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
124 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
125
126 /* All ARIA-256 suites */
127 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
128 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
129 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
130 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
131
132 /* All AES-128 suites */
133 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
134 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
135 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
136 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
137 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
138 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
139
140 /* All CAMELLIA-128 suites */
141 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
142 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
143 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
144 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
145
146 /* All ARIA-128 suites */
147 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
148 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
149 MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
150 MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
151
152 /* The PSK suites */
153 MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
154 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
155 MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
156 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
157 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
158 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
159 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
160 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
161 MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
162 MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
163
164 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
165 MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
166 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
167 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
168 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
169 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
170 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
171 MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
172 MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
173
174 /* NULL suites */
175 MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
176 MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
177 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
178 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
179 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
180
181 MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
182 MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
183 MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
184 MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
185 MBEDTLS_TLS_PSK_WITH_NULL_SHA,
186
187 #endif /* MBEDTLS_SSL_CIPHERSUITES */
188 0
189 };
190
191 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
192 {
193 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
194 #if defined(PSA_WANT_KEY_TYPE_AES)
195 #if defined(PSA_WANT_ALG_GCM)
196 #if defined(PSA_WANT_ALG_SHA_384)
197 { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
198 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
199 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
200 0,
201 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
202 #endif /* PSA_WANT_ALG_SHA_384 */
203 #if defined(PSA_WANT_ALG_SHA_256)
204 { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
205 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
206 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
207 0,
208 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
209 #endif /* PSA_WANT_ALG_SHA_256 */
210 #endif /* PSA_WANT_ALG_GCM */
211 #if defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_ALG_SHA_256)
212 { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
213 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
214 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
215 0,
216 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
217 { MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, "TLS1-3-AES-128-CCM-8-SHA256",
218 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
219 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
220 MBEDTLS_CIPHERSUITE_SHORT_TAG,
221 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
222 #endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ALG_CCM */
223 #endif /* PSA_WANT_KEY_TYPE_AES */
224 #if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && defined(PSA_WANT_ALG_SHA_256)
225 { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
226 "TLS1-3-CHACHA20-POLY1305-SHA256",
227 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
228 MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
229 0,
230 MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
231 #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && PSA_WANT_ALG_SHA_256 */
232 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
233
234 #if defined(PSA_WANT_ALG_CHACHA20_POLY1305) && \
235 defined(PSA_WANT_ALG_SHA_256) && \
236 defined(MBEDTLS_SSL_PROTO_TLS1_2)
237 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
238 { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
239 "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
240 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
241 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
242 0,
243 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
244 #endif
245 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
246 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
247 "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
248 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
249 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
250 0,
251 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
252 #endif
253 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
254 { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
255 "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
256 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
257 MBEDTLS_KEY_EXCHANGE_PSK,
258 0,
259 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
260 #endif
261 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
262 { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
263 "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
264 MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
265 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
266 0,
267 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
268 #endif
269 #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 &&
270 PSA_WANT_ALG_SHA_256 &&
271 MBEDTLS_SSL_PROTO_TLS1_2 */
272 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
273 #if defined(PSA_WANT_KEY_TYPE_AES)
274 #if defined(PSA_WANT_ALG_SHA_1)
275 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
276 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
277 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
278 0,
279 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
280 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
281 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
282 0,
283 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
284 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
285 #endif /* PSA_WANT_ALG_SHA_1 */
286 #if defined(PSA_WANT_ALG_SHA_256)
287 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
288 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
289 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
290 0,
291 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
292 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
293 #if defined(PSA_WANT_ALG_GCM)
294 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
295 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
296 0,
297 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
298 #endif /* PSA_WANT_ALG_GCM */
299 #endif /* PSA_WANT_ALG_SHA_256 */
300 #if defined(PSA_WANT_ALG_SHA_384)
301 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
302 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
303 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
304 0,
305 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
306 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
307 #if defined(PSA_WANT_ALG_GCM)
308 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
309 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
310 0,
311 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
312 #endif /* PSA_WANT_ALG_GCM */
313 #endif /* PSA_WANT_ALG_SHA_384 */
314 #if defined(PSA_WANT_ALG_CCM)
315 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
316 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
317 0,
318 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
319 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
320 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
321 MBEDTLS_CIPHERSUITE_SHORT_TAG,
322 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
323 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
324 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
325 0,
326 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
327 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
328 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
329 MBEDTLS_CIPHERSUITE_SHORT_TAG,
330 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
331 #endif /* PSA_WANT_ALG_CCM */
332 #endif /* PSA_WANT_KEY_TYPE_AES */
333
334 #if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
335 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
336 #if defined(PSA_WANT_ALG_SHA_256)
337 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
338 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
339 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
340 0,
341 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
342 #endif /* PSA_WANT_ALG_SHA_256 */
343 #if defined(PSA_WANT_ALG_SHA_384)
344 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
345 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
346 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
347 0,
348 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
349 #endif /* PSA_WANT_ALG_SHA_384 */
350 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
351
352 #if defined(PSA_WANT_ALG_GCM)
353 #if defined(PSA_WANT_ALG_SHA_256)
354 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
355 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
356 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
357 0,
358 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
359 #endif /* PSA_WANT_ALG_SHA_256 */
360 #if defined(PSA_WANT_ALG_SHA_384)
361 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
362 "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
363 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
364 0,
365 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
366 #endif /* PSA_WANT_ALG_SHA_384 */
367 #endif /* PSA_WANT_ALG_GCM */
368 #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
369
370 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
371 #if defined(PSA_WANT_ALG_SHA_1)
372 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
373 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
374 MBEDTLS_CIPHERSUITE_WEAK,
375 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
376 #endif /* PSA_WANT_ALG_SHA_1 */
377 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
378 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
379
380 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
381 #if defined(PSA_WANT_KEY_TYPE_AES)
382 #if defined(PSA_WANT_ALG_SHA_1)
383 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
384 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
385 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
386 0,
387 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
388 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
389 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
390 0,
391 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
392 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
393 #endif /* PSA_WANT_ALG_SHA_1 */
394 #if defined(PSA_WANT_ALG_SHA_256)
395 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
396 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
397 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
398 0,
399 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
400 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
401 #if defined(PSA_WANT_ALG_GCM)
402 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
403 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
404 0,
405 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
406 #endif /* PSA_WANT_ALG_GCM */
407 #endif /* PSA_WANT_ALG_SHA_256 */
408 #if defined(PSA_WANT_ALG_SHA_384)
409 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
410 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
411 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
412 0,
413 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
414 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
415 #if defined(PSA_WANT_ALG_GCM)
416 { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
417 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
418 0,
419 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
420 #endif /* PSA_WANT_ALG_GCM */
421 #endif /* PSA_WANT_ALG_SHA_384 */
422 #endif /* PSA_WANT_KEY_TYPE_AES */
423
424 #if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
425 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
426 #if defined(PSA_WANT_ALG_SHA_256)
427 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
428 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
429 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
430 0,
431 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
432 #endif /* PSA_WANT_ALG_SHA_256 */
433 #if defined(PSA_WANT_ALG_SHA_384)
434 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
435 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
436 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
437 0,
438 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
439 #endif /* PSA_WANT_ALG_SHA_384 */
440 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
441
442 #if defined(PSA_WANT_ALG_GCM)
443 #if defined(PSA_WANT_ALG_SHA_256)
444 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
445 "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
446 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
447 0,
448 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
449 #endif /* PSA_WANT_ALG_SHA_256 */
450 #if defined(PSA_WANT_ALG_SHA_384)
451 { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
452 "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
453 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
454 0,
455 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
456 #endif /* PSA_WANT_ALG_SHA_384 */
457 #endif /* PSA_WANT_ALG_GCM */
458 #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
459
460 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
461 #if defined(PSA_WANT_ALG_SHA_1)
462 { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
463 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
464 MBEDTLS_CIPHERSUITE_WEAK,
465 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
466 #endif /* PSA_WANT_ALG_SHA_1 */
467 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
468 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
469
470 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
471 #if defined(PSA_WANT_KEY_TYPE_AES)
472 #if defined(PSA_WANT_ALG_SHA_1)
473 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
474 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
475 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
476 0,
477 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
478 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
479 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
480 0,
481 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
482 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
483 #endif /* PSA_WANT_ALG_SHA_1 */
484 #if defined(PSA_WANT_ALG_SHA_256)
485 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
486 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
487 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
488 0,
489 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
490 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
491 #if defined(PSA_WANT_ALG_GCM)
492 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
493 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
494 0,
495 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
496 #endif /* PSA_WANT_ALG_GCM */
497 #endif /* PSA_WANT_ALG_SHA_256 */
498 #if defined(PSA_WANT_ALG_SHA_384)
499 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
500 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
501 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
502 0,
503 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
504 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
505 #if defined(PSA_WANT_ALG_GCM)
506 { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
507 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
508 0,
509 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
510 #endif /* PSA_WANT_ALG_GCM */
511 #endif /* PSA_WANT_ALG_SHA_384 */
512 #endif /* PSA_WANT_KEY_TYPE_AES */
513
514 #if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
515 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
516 #if defined(PSA_WANT_ALG_SHA_256)
517 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
518 "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
519 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
520 0,
521 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
522 #endif /* PSA_WANT_ALG_SHA_256 */
523 #if defined(PSA_WANT_ALG_SHA_384)
524 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
525 "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
526 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
527 0,
528 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
529 #endif /* PSA_WANT_ALG_SHA_384 */
530 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
531
532 #if defined(PSA_WANT_ALG_GCM)
533 #if defined(PSA_WANT_ALG_SHA_256)
534 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
535 "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
536 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
537 0,
538 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
539 #endif /* PSA_WANT_ALG_SHA_256 */
540 #if defined(PSA_WANT_ALG_SHA_384)
541 { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
542 "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
543 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
544 0,
545 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
546 #endif /* PSA_WANT_ALG_SHA_384 */
547 #endif /* PSA_WANT_ALG_GCM */
548 #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
549
550 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
551 #if defined(PSA_WANT_ALG_SHA_1)
552 { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
553 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
554 MBEDTLS_CIPHERSUITE_WEAK,
555 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
556 #endif /* PSA_WANT_ALG_SHA_1 */
557 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
558 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
559
560 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
561 #if defined(PSA_WANT_KEY_TYPE_AES)
562 #if defined(PSA_WANT_ALG_SHA_1)
563 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
564 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
565 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
566 0,
567 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
568 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
569 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
570 0,
571 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
572 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
573 #endif /* PSA_WANT_ALG_SHA_1 */
574 #if defined(PSA_WANT_ALG_SHA_256)
575 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
576 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
577 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
578 0,
579 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
580 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
581 #if defined(PSA_WANT_ALG_GCM)
582 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
583 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
584 0,
585 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
586 #endif /* PSA_WANT_ALG_GCM */
587 #endif /* PSA_WANT_ALG_SHA_256 */
588 #if defined(PSA_WANT_ALG_SHA_384)
589 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
590 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
591 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
592 0,
593 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
594 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
595 #if defined(PSA_WANT_ALG_GCM)
596 { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
597 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
598 0,
599 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
600 #endif /* PSA_WANT_ALG_GCM */
601 #endif /* PSA_WANT_ALG_SHA_384 */
602 #endif /* PSA_WANT_KEY_TYPE_AES */
603
604 #if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
605 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
606 #if defined(PSA_WANT_ALG_SHA_256)
607 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
608 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
609 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
610 0,
611 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
612 #endif /* PSA_WANT_ALG_SHA_256 */
613 #if defined(PSA_WANT_ALG_SHA_384)
614 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
615 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
616 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
617 0,
618 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
619 #endif /* PSA_WANT_ALG_SHA_384 */
620 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
621
622 #if defined(PSA_WANT_ALG_GCM)
623 #if defined(PSA_WANT_ALG_SHA_256)
624 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
625 "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
626 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
627 0,
628 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
629 #endif /* PSA_WANT_ALG_SHA_256 */
630 #if defined(PSA_WANT_ALG_SHA_384)
631 { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
632 "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
633 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
634 0,
635 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
636 #endif /* PSA_WANT_ALG_SHA_384 */
637 #endif /* PSA_WANT_ALG_GCM */
638 #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
639
640 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
641 #if defined(PSA_WANT_ALG_SHA_1)
642 { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
643 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
644 MBEDTLS_CIPHERSUITE_WEAK,
645 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
646 #endif /* PSA_WANT_ALG_SHA_1 */
647 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
648 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
649
650 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
651 #if defined(PSA_WANT_KEY_TYPE_AES)
652 #if defined(PSA_WANT_ALG_GCM)
653 #if defined(PSA_WANT_ALG_SHA_256)
654 { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
655 MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
656 0,
657 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
658 #endif /* PSA_WANT_ALG_SHA_256 */
659
660 #if defined(PSA_WANT_ALG_SHA_384)
661 { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
662 MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
663 0,
664 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
665 #endif /* PSA_WANT_ALG_SHA_384 */
666 #endif /* PSA_WANT_ALG_GCM */
667
668 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
669 #if defined(PSA_WANT_ALG_SHA_256)
670 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
671 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
672 0,
673 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
674 #endif /* PSA_WANT_ALG_SHA_256 */
675
676 #if defined(PSA_WANT_ALG_SHA_384)
677 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
678 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
679 0,
680 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
681 #endif /* PSA_WANT_ALG_SHA_384 */
682
683 #if defined(PSA_WANT_ALG_SHA_1)
684 { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
685 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
686 0,
687 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
688
689 { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
690 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
691 0,
692 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
693 #endif /* PSA_WANT_ALG_SHA_1 */
694 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
695 #if defined(PSA_WANT_ALG_CCM)
696 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
697 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
698 0,
699 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
700 { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
701 MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
702 MBEDTLS_CIPHERSUITE_SHORT_TAG,
703 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
704 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
705 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
706 0,
707 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
708 { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
709 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
710 MBEDTLS_CIPHERSUITE_SHORT_TAG,
711 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
712 #endif /* PSA_WANT_ALG_CCM */
713 #endif /* PSA_WANT_KEY_TYPE_AES */
714
715 #if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
716 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
717 #if defined(PSA_WANT_ALG_SHA_256)
718 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
719 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
720 0,
721 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
722 #endif /* PSA_WANT_ALG_SHA_256 */
723
724 #if defined(PSA_WANT_ALG_SHA_384)
725 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
726 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
727 0,
728 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
729 #endif /* PSA_WANT_ALG_SHA_384 */
730 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
731
732 #if defined(PSA_WANT_ALG_GCM)
733 #if defined(PSA_WANT_ALG_SHA_256)
734 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
735 MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
736 0,
737 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
738 #endif /* PSA_WANT_ALG_SHA_256 */
739
740 #if defined(PSA_WANT_ALG_SHA_384)
741 { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
742 MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
743 0,
744 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
745 #endif /* PSA_WANT_ALG_SHA_384 */
746 #endif /* PSA_WANT_ALG_GCM */
747 #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
748
749 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
750
751 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
752 #if defined(PSA_WANT_KEY_TYPE_AES)
753
754 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
755 #if defined(PSA_WANT_ALG_SHA_256)
756 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
757 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
758 0,
759 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
760 #endif /* PSA_WANT_ALG_SHA_256 */
761
762 #if defined(PSA_WANT_ALG_SHA_384)
763 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
764 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
765 0,
766 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
767 #endif /* PSA_WANT_ALG_SHA_384 */
768
769 #if defined(PSA_WANT_ALG_SHA_1)
770 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
771 MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
772 0,
773 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
774
775 { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
776 MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
777 0,
778 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
779 #endif /* PSA_WANT_ALG_SHA_1 */
780 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
781 #endif /* PSA_WANT_KEY_TYPE_AES */
782
783 #if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
784 #if defined(PSA_WANT_ALG_CBC_NO_PADDING)
785 #if defined(PSA_WANT_ALG_SHA_256)
786 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
787 "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
788 MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
789 0,
790 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
791 #endif /* PSA_WANT_ALG_SHA_256 */
792
793 #if defined(PSA_WANT_ALG_SHA_384)
794 { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
795 "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
796 MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
797 0,
798 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
799 #endif /* PSA_WANT_ALG_SHA_384 */
800 #endif /* PSA_WANT_ALG_CBC_NO_PADDING */
801 #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
802
803 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
804
805 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
806 #if defined(PSA_WANT_KEY_TYPE_AES)
807 #if defined(PSA_WANT_ALG_CCM)
808 { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
809 MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
810 MBEDTLS_CIPHERSUITE_SHORT_TAG,
811 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
812 #endif /* PSA_WANT_ALG_CCM */
813 #endif /* PSA_WANT_KEY_TYPE_AES */
814 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
815
816 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
817 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
818 #if defined(PSA_WANT_ALG_SHA_1)
819 { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
820 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
821 MBEDTLS_CIPHERSUITE_WEAK,
822 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
823 #endif /* PSA_WANT_ALG_SHA_1 */
824
825 #if defined(PSA_WANT_ALG_SHA_256)
826 { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
827 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
828 MBEDTLS_CIPHERSUITE_WEAK,
829 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
830 #endif
831
832 #if defined(PSA_WANT_ALG_SHA_384)
833 { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
834 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
835 MBEDTLS_CIPHERSUITE_WEAK,
836 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
837 #endif /* PSA_WANT_ALG_SHA_384 */
838 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
839
840 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
841 #if defined(PSA_WANT_ALG_SHA_1)
842 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
843 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
844 MBEDTLS_CIPHERSUITE_WEAK,
845 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
846 #endif /* PSA_WANT_ALG_SHA_1 */
847
848 #if defined(PSA_WANT_ALG_SHA_256)
849 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
850 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
851 MBEDTLS_CIPHERSUITE_WEAK,
852 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
853 #endif
854
855 #if defined(PSA_WANT_ALG_SHA_384)
856 { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
857 MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
858 MBEDTLS_CIPHERSUITE_WEAK,
859 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
860 #endif /* PSA_WANT_ALG_SHA_384 */
861 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
862 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
863
864 #if defined(PSA_WANT_KEY_TYPE_ARIA)
865
866 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
867
868 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
869 { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
870 "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
871 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
872 0,
873 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
874 #endif
875 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
876 defined(PSA_WANT_ALG_SHA_384))
877 { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
878 "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
879 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
880 0,
881 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
882 #endif
883 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
884 { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
885 "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
886 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
887 0,
888 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
889 #endif
890 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
891 defined(PSA_WANT_ALG_SHA_256))
892 { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
893 "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
894 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
895 0,
896 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
897 #endif
898
899 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
900
901 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
902
903 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
904 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
905 "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
906 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
907 0,
908 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
909 #endif
910 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
911 defined(PSA_WANT_ALG_SHA_384))
912 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
913 "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
914 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
915 0,
916 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
917 #endif
918 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
919 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
920 "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
921 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
922 0,
923 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
924 #endif
925 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
926 defined(PSA_WANT_ALG_SHA_256))
927 { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
928 "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
929 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
930 0,
931 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
932 #endif
933
934 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
935
936 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
937
938 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
939 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
940 "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
941 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
942 0,
943 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
944 #endif
945 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
946 defined(PSA_WANT_ALG_SHA_384))
947 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
948 "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
949 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
950 0,
951 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
952 #endif
953 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
954 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
955 "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
956 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
957 0,
958 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
959 #endif
960 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
961 defined(PSA_WANT_ALG_SHA_256))
962 { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
963 "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
964 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
965 0,
966 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
967 #endif
968
969 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
970
971 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
972
973 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
974 defined(PSA_WANT_ALG_SHA_384))
975 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
976 "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
977 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
978 0,
979 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
980 #endif
981 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
982 defined(PSA_WANT_ALG_SHA_256))
983 { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
984 "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
985 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
986 0,
987 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
988 #endif
989
990 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
991
992 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
993
994 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
995 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
996 "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
997 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
998 0,
999 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1000 #endif
1001 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
1002 defined(PSA_WANT_ALG_SHA_384))
1003 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
1004 "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
1005 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1006 0,
1007 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1008 #endif
1009 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
1010 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
1011 "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
1012 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1013 0,
1014 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1015 #endif
1016 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
1017 defined(PSA_WANT_ALG_SHA_256))
1018 { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
1019 "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
1020 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
1021 0,
1022 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1023 #endif
1024
1025 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
1026
1027 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
1028
1029 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
1030 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
1031 "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
1032 MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1033 0,
1034 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1035 #endif
1036 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
1037 defined(PSA_WANT_ALG_SHA_384))
1038 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
1039 "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
1040 MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1041 0,
1042 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1043 #endif
1044 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
1045 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
1046 "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
1047 MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1048 0,
1049 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1050 #endif
1051 #if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
1052 defined(PSA_WANT_ALG_SHA_256))
1053 { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
1054 "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
1055 MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
1056 0,
1057 MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
1058 #endif
1059
1060 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1061
1062 #endif /* PSA_WANT_KEY_TYPE_ARIA */
1063
1064
1065 { 0, "",
1066 MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
1067 0, 0, 0 }
1068 };
1069
1070 #if defined(MBEDTLS_SSL_CIPHERSUITES)
mbedtls_ssl_list_ciphersuites(void)1071 const int *mbedtls_ssl_list_ciphersuites(void)
1072 {
1073 return ciphersuite_preference;
1074 }
1075 #else
1076 #define MAX_CIPHERSUITES sizeof(ciphersuite_definitions) / \
1077 sizeof(ciphersuite_definitions[0])
1078 static int supported_ciphersuites[MAX_CIPHERSUITES];
1079 static int supported_init = 0;
1080
1081 MBEDTLS_CHECK_RETURN_CRITICAL
ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t * cs_info)1082 static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info)
1083 {
1084 (void) cs_info;
1085
1086 return 0;
1087 }
1088
mbedtls_ssl_list_ciphersuites(void)1089 const int *mbedtls_ssl_list_ciphersuites(void)
1090 {
1091 /*
1092 * On initial call filter out all ciphersuites not supported by current
1093 * build based on presence in the ciphersuite_definitions.
1094 */
1095 if (supported_init == 0) {
1096 const int *p;
1097 int *q;
1098
1099 for (p = ciphersuite_preference, q = supported_ciphersuites;
1100 *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
1101 p++) {
1102 const mbedtls_ssl_ciphersuite_t *cs_info;
1103 if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL &&
1104 !ciphersuite_is_removed(cs_info)) {
1105 *(q++) = *p;
1106 }
1107 }
1108 *q = 0;
1109
1110 supported_init = 1;
1111 }
1112
1113 return supported_ciphersuites;
1114 }
1115 #endif /* MBEDTLS_SSL_CIPHERSUITES */
1116
mbedtls_ssl_ciphersuite_from_string(const char * ciphersuite_name)1117 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
1118 const char *ciphersuite_name)
1119 {
1120 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1121
1122 if (NULL == ciphersuite_name) {
1123 return NULL;
1124 }
1125
1126 while (cur->id != 0) {
1127 if (0 == strcmp(cur->name, ciphersuite_name)) {
1128 return cur;
1129 }
1130
1131 cur++;
1132 }
1133
1134 return NULL;
1135 }
1136
mbedtls_ssl_ciphersuite_from_id(int ciphersuite)1137 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite)
1138 {
1139 const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
1140
1141 while (cur->id != 0) {
1142 if (cur->id == ciphersuite) {
1143 return cur;
1144 }
1145
1146 cur++;
1147 }
1148
1149 return NULL;
1150 }
1151
mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)1152 const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id)
1153 {
1154 const mbedtls_ssl_ciphersuite_t *cur;
1155
1156 cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
1157
1158 if (cur == NULL) {
1159 return "unknown";
1160 }
1161
1162 return cur->name;
1163 }
1164
mbedtls_ssl_get_ciphersuite_id(const char * ciphersuite_name)1165 int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)
1166 {
1167 const mbedtls_ssl_ciphersuite_t *cur;
1168
1169 cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name);
1170
1171 if (cur == NULL) {
1172 return 0;
1173 }
1174
1175 return cur->id;
1176 }
1177
mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t * info)1178 size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
1179 {
1180 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1181 psa_key_type_t key_type;
1182 psa_algorithm_t alg;
1183 size_t key_bits;
1184
1185 status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
1186 info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
1187 &alg, &key_type, &key_bits);
1188
1189 if (status != PSA_SUCCESS) {
1190 return 0;
1191 }
1192
1193 return key_bits;
1194 }
1195
1196 #if defined(MBEDTLS_PK_C)
mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t * info)1197 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
1198 {
1199 switch (info->key_exchange) {
1200 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1201 return MBEDTLS_PK_RSA;
1202
1203 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1204 return MBEDTLS_PK_ECDSA;
1205
1206 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1207 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1208 return MBEDTLS_PK_ECKEY;
1209
1210 default:
1211 return MBEDTLS_PK_NONE;
1212 }
1213 }
1214
mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t * info)1215 psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
1216 {
1217 switch (info->key_exchange) {
1218 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1219 return PSA_ALG_RSA_PKCS1V15_SIGN(
1220 mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
1221
1222 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1223 return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
1224
1225 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1226 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1227 return PSA_ALG_ECDH;
1228
1229 default:
1230 return PSA_ALG_NONE;
1231 }
1232 }
1233
mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t * info)1234 psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
1235 {
1236 switch (info->key_exchange) {
1237 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1238 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1239 return PSA_KEY_USAGE_SIGN_HASH;
1240
1241 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1242 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1243 return PSA_KEY_USAGE_DERIVE;
1244
1245 default:
1246 return 0;
1247 }
1248 }
1249
mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t * info)1250 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
1251 {
1252 switch (info->key_exchange) {
1253 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1254 return MBEDTLS_PK_RSA;
1255
1256 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1257 return MBEDTLS_PK_ECDSA;
1258
1259 default:
1260 return MBEDTLS_PK_NONE;
1261 }
1262 }
1263
1264 #endif /* MBEDTLS_PK_C */
1265
1266 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
1267 defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
1268 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t * info)1269 int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
1270 {
1271 switch (info->key_exchange) {
1272 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
1273 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
1274 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1275 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
1276 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
1277 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
1278 return 1;
1279
1280 default:
1281 return 0;
1282 }
1283 }
1284 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
1285 * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
1286 * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
1287
1288 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t * info)1289 int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
1290 {
1291 switch (info->key_exchange) {
1292 case MBEDTLS_KEY_EXCHANGE_PSK:
1293 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
1294 return 1;
1295
1296 default:
1297 return 0;
1298 }
1299 }
1300 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
1301
1302 #endif /* MBEDTLS_SSL_TLS_C */
1303