Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / af37f0f68f314bcb315ecbf8e51996dff48b050d^! / . / library / ssl_ciphersuites.c
commitaf37f0f68f314bcb315ecbf8e51996dff48b050d[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Tue Feb 20 11:03:40 2018 +0100
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Tue Feb 27 12:39:12 2018 +0100
treeb618af5f644b83afa64e9cfb2e72a67b45f64992
parent9decaf57b74619060a91f457b1e48bce639f5afb [diff] [blame]
Add remaining ARIA suites to priority list

Those suites were defined in ciphersuite_definitions[] but not included in
ciphersuite_preference[] which meant they couldn't be negotiated unless
explicitly added by the user. Add them so that they're usable by default like
any other suite.

diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 9734ec0..2e9a0fd 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c

@@ -47,7 +47,7 @@
  * 1. By key exchange:
  *    Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
  * 2. By key length and cipher:
- *    AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-256 > 3DES
+ *    AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES
  * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
  * 4. By hash function used when relevant
  * 5. By key exchange/auth again: EC > non-EC
@@ -137,6 +137,9 @@
     MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
+    MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
+    MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
 
     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
@@ -148,6 +151,9 @@
     MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
+    MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
+    MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
 
     MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
     MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
@@ -177,6 +183,14 @@
     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
 
+    /* All ARIA-256 suites */
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
+    MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
+    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
+    MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
+
     /* All AES-128 suites */
     MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
     MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
@@ -199,6 +213,14 @@
     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
     MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
 
+    /* All ARIA-128 suites */
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
+    MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
+    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
+    MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
+
     /* All remaining >= 128-bit suites */
     MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
     MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,