mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-05-10 00:49:04 +08:00
ssl_ciphersuites: remove references/usages of DHE-PSK
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
parent
48659a1f9c
commit
6348b46c0b
@ -28,7 +28,6 @@ extern "C" {
|
||||
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
|
||||
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
|
||||
@ -51,9 +50,6 @@ extern "C" {
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
|
||||
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */
|
||||
@ -61,19 +57,12 @@ extern "C" {
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
|
||||
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */
|
||||
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */
|
||||
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
|
||||
|
||||
@ -148,12 +137,8 @@ extern "C" {
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */
|
||||
|
||||
@ -181,13 +166,9 @@ extern "C" {
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
|
||||
#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
|
||||
|
||||
@ -201,12 +182,8 @@ extern "C" {
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */
|
||||
/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
|
||||
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */
|
||||
@ -222,7 +199,6 @@ extern "C" {
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */
|
||||
|
||||
/* RFC 8446, Appendix B.4 */
|
||||
#define MBEDTLS_TLS1_3_AES_128_GCM_SHA256 0x1301 /**< TLS 1.3 */
|
||||
@ -241,7 +217,6 @@ typedef enum {
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
@ -318,7 +293,6 @@ typedef enum {
|
||||
|
||||
/* Key exchanges that involve ephemeral keys */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
@ -328,14 +302,12 @@ typedef enum {
|
||||
|
||||
/* Key exchanges using a PSK */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges using DHE */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
|
||||
#endif
|
||||
|
||||
|
||||
@ -119,34 +119,15 @@ static const int ciphersuite_preference[] =
|
||||
|
||||
/* The PSK ephemeral suites */
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
|
||||
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
|
||||
|
||||
/* The ECJPAKE suite */
|
||||
MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
|
||||
@ -239,9 +220,6 @@ static const int ciphersuite_preference[] =
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
|
||||
|
||||
MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_NULL_SHA,
|
||||
@ -342,14 +320,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
"TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
|
||||
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 &&
|
||||
PSA_WANT_ALG_SHA_256 &&
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
@ -1051,107 +1021,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
#if defined(PSA_WANT_KEY_TYPE_AES)
|
||||
#if defined(PSA_WANT_ALG_GCM)
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_256 */
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_384)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_384 */
|
||||
#endif /* PSA_WANT_ALG_GCM */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_256 */
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_384)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_384 */
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_1 */
|
||||
#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
|
||||
#if defined(PSA_WANT_ALG_CCM)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
|
||||
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
|
||||
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
|
||||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
|
||||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_CCM */
|
||||
#endif /* PSA_WANT_KEY_TYPE_AES */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
|
||||
#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_256 */
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_384)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_384 */
|
||||
#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
|
||||
|
||||
#if defined(PSA_WANT_ALG_GCM)
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_256 */
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_384)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_384 */
|
||||
#endif /* PSA_WANT_ALG_GCM */
|
||||
#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#if defined(PSA_WANT_KEY_TYPE_AES)
|
||||
|
||||
@ -1264,29 +1133,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
#endif /* PSA_WANT_ALG_SHA_384 */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_CIPHERSUITE_WEAK,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_1 */
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_CIPHERSUITE_WEAK,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_384)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_CIPHERSUITE_WEAK,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_384 */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
|
||||
@ -1579,41 +1425,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
|
||||
#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
|
||||
"TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
|
||||
defined(PSA_WANT_ALG_SHA_384))
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
|
||||
"TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
|
||||
defined(PSA_WANT_ALG_SHA_256))
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||
|
||||
#endif /* PSA_WANT_KEY_TYPE_ARIA */
|
||||
|
||||
|
||||
@ -1863,7 +1674,6 @@ int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
|
||||
{
|
||||
switch (info->key_exchange) {
|
||||
case MBEDTLS_KEY_EXCHANGE_PSK:
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
|
||||
return 1;
|
||||
|
||||
|
||||
@ -29,7 +29,6 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_
|
||||
{
|
||||
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||
@ -109,7 +108,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite
|
||||
{
|
||||
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
|
||||
return 1;
|
||||
|
||||
default:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user