ARIA ciphersuites for TLS 1.2

include/mbedtls/cipher.h

@@ -84,6 +84,7 @@ typedef enum {
     MBEDTLS_CIPHER_ID_CAMELLIA,
     MBEDTLS_CIPHER_ID_BLOWFISH,
     MBEDTLS_CIPHER_ID_ARC4,
+    MBEDTLS_CIPHER_ID_ARIA,
 } mbedtls_cipher_id_t;
 
 /**
@@ -143,6 +144,24 @@ typedef enum {
     MBEDTLS_CIPHER_CAMELLIA_128_CCM,
     MBEDTLS_CIPHER_CAMELLIA_192_CCM,
     MBEDTLS_CIPHER_CAMELLIA_256_CCM,
+    MBEDTLS_CIPHER_ARIA_128_ECB,
+    MBEDTLS_CIPHER_ARIA_192_ECB,
+    MBEDTLS_CIPHER_ARIA_256_ECB,
+    MBEDTLS_CIPHER_ARIA_128_CBC,
+    MBEDTLS_CIPHER_ARIA_192_CBC,
+    MBEDTLS_CIPHER_ARIA_256_CBC,
+    MBEDTLS_CIPHER_ARIA_128_CFB128,
+    MBEDTLS_CIPHER_ARIA_192_CFB128,
+    MBEDTLS_CIPHER_ARIA_256_CFB128,
+    MBEDTLS_CIPHER_ARIA_128_CTR,
+    MBEDTLS_CIPHER_ARIA_192_CTR,
+    MBEDTLS_CIPHER_ARIA_256_CTR,
+    MBEDTLS_CIPHER_ARIA_128_GCM,
+    MBEDTLS_CIPHER_ARIA_192_GCM,
+    MBEDTLS_CIPHER_ARIA_256_GCM,
+    MBEDTLS_CIPHER_ARIA_128_CCM,
+    MBEDTLS_CIPHER_ARIA_192_CCM,
+    MBEDTLS_CIPHER_ARIA_256_CCM,
 } mbedtls_cipher_type_t;
 
 /** Supported cipher modes. */

include/mbedtls/ssl_ciphersuites.h

@@ -169,6 +169,61 @@ extern "C" {
 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A /**< Weak! No SSL3! */
 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B /**< Weak! No SSL3! */
 
+#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256          0xC03C
+#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384          0xC03D
+#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256       0xC03E
+#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384       0xC03F
+#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256       0xC040
+#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384       0xC041
+#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256      0xC042
+#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384      0xC043
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256      0xC044
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384      0xC045
+#define MBEDTLS_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256      0xC046
+#define MBEDTLS_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384      0xC047
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256  0xC048
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384  0xC049
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256   0xC04A
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384   0xC04B
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256    0xC04C
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384    0xC04D
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256     0xC04E
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384     0xC04F
+#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256          0xC050
+#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384          0xC051
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256      0xC052
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384      0xC053
+#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256       0xC054
+#define MBEDTLS_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384       0xC055
+#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256      0xC056
+#define MBEDTLS_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384      0xC057
+#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256       0xC058
+#define MBEDTLS_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384       0xC059
+#define MBEDTLS_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256      0xC05A
+#define MBEDTLS_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384      0xC05B
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256  0xC05C
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384  0xC05D
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256   0xC05E
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384   0xC05F
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256    0xC060
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384    0xC061
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256     0xC062
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384     0xC063
+#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256          0xC064
+#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384          0xC065
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256      0xC066
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384      0xC067
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256      0xC068
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384      0xC069
+#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256          0xC06A
+#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384          0xC06B
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256      0xC06C
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384      0xC06D
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256      0xC06E
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384      0xC06F
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256    0xC070
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384    0xC071
+
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0xC074 /**< Not in SSL3! */

library/cipher_wrap.c

@@ -45,6 +45,10 @@
 #include "mbedtls/camellia.h"
 #endif
 
+#if defined(MBEDTLS_ARIA_C)
+#include "mbedtls/aria.h"
+#endif
+
 #if defined(MBEDTLS_DES_C)
 #include "mbedtls/des.h"
 #endif
@@ -822,6 +826,363 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = {
 
 #endif /* MBEDTLS_CAMELLIA_C */
 
+#if defined(MBEDTLS_ARIA_C)
+
+static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, operation, input,
+                               output );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
+        size_t length, unsigned char *iv,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv,
+                               input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+static int aria_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
+        size_t length, size_t *iv_off, unsigned char *iv,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_aria_crypt_cfb128( (mbedtls_aria_context *) ctx, operation, length,
+                                  iv_off, iv, input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+static int aria_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
+        unsigned char *nonce_counter, unsigned char *stream_block,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_aria_crypt_ctr( (mbedtls_aria_context *) ctx, length, nc_off,
+                               nonce_counter, stream_block, input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+static int aria_setkey_dec_wrap( void *ctx, const unsigned char *key,
+                                     unsigned int key_bitlen )
+{
+    return mbedtls_aria_setkey_dec( (mbedtls_aria_context *) ctx, key, key_bitlen );
+}
+
+static int aria_setkey_enc_wrap( void *ctx, const unsigned char *key,
+                                     unsigned int key_bitlen )
+{
+    return mbedtls_aria_setkey_enc( (mbedtls_aria_context *) ctx, key, key_bitlen );
+}
+
+static void * aria_ctx_alloc( void )
+{
+    mbedtls_aria_context *ctx;
+    ctx = mbedtls_calloc( 1, sizeof( mbedtls_aria_context ) );
+
+    if( ctx == NULL )
+        return( NULL );
+
+    mbedtls_aria_init( ctx );
+
+    return( ctx );
+}
+
+static void aria_ctx_free( void *ctx )
+{
+    mbedtls_aria_free( (mbedtls_aria_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static const mbedtls_cipher_base_t aria_info = {
+    MBEDTLS_CIPHER_ID_ARIA,
+    aria_crypt_ecb_wrap,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    aria_crypt_cbc_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    aria_crypt_cfb128_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    aria_crypt_ctr_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    aria_setkey_enc_wrap,
+    aria_setkey_dec_wrap,
+    aria_ctx_alloc,
+    aria_ctx_free
+};
+
+static const mbedtls_cipher_info_t aria_128_ecb_info = {
+    MBEDTLS_CIPHER_ARIA_128_ECB,
+    MBEDTLS_MODE_ECB,
+    128,
+    "ARIA-128-ECB",
+    16,
+    0,
+    16,
+    &aria_info
+};
+
+static const mbedtls_cipher_info_t aria_192_ecb_info = {
+    MBEDTLS_CIPHER_ARIA_192_ECB,
+    MBEDTLS_MODE_ECB,
+    192,
+    "ARIA-192-ECB",
+    16,
+    0,
+    16,
+    &aria_info
+};
+
+static const mbedtls_cipher_info_t aria_256_ecb_info = {
+    MBEDTLS_CIPHER_ARIA_256_ECB,
+    MBEDTLS_MODE_ECB,
+    256,
+    "ARIA-256-ECB",
+    16,
+    0,
+    16,
+    &aria_info
+};
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static const mbedtls_cipher_info_t aria_128_cbc_info = {
+    MBEDTLS_CIPHER_ARIA_128_CBC,
+    MBEDTLS_MODE_CBC,
+    128,
+    "ARIA-128-CBC",
+    16,
+    0,
+    16,
+    &aria_info
+};
+
+static const mbedtls_cipher_info_t aria_192_cbc_info = {
+    MBEDTLS_CIPHER_ARIA_192_CBC,
+    MBEDTLS_MODE_CBC,
+    192,
+    "ARIA-192-CBC",
+    16,
+    0,
+    16,
+    &aria_info
+};
+
+static const mbedtls_cipher_info_t aria_256_cbc_info = {
+    MBEDTLS_CIPHER_ARIA_256_CBC,
+    MBEDTLS_MODE_CBC,
+    256,
+    "ARIA-256-CBC",
+    16,
+    0,
+    16,
+    &aria_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+static const mbedtls_cipher_info_t aria_128_cfb128_info = {
+    MBEDTLS_CIPHER_ARIA_128_CFB128,
+    MBEDTLS_MODE_CFB,
+    128,
+    "ARIA-128-CFB128",
+    16,
+    0,
+    16,
+    &aria_info
+};
+
+static const mbedtls_cipher_info_t aria_192_cfb128_info = {
+    MBEDTLS_CIPHER_ARIA_192_CFB128,
+    MBEDTLS_MODE_CFB,
+    192,
+    "ARIA-192-CFB128",
+    16,
+    0,
+    16,
+    &aria_info
+};
+
+static const mbedtls_cipher_info_t aria_256_cfb128_info = {
+    MBEDTLS_CIPHER_ARIA_256_CFB128,
+    MBEDTLS_MODE_CFB,
+    256,
+    "ARIA-256-CFB128",
+    16,
+    0,
+    16,
+    &aria_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+static const mbedtls_cipher_info_t aria_128_ctr_info = {
+    MBEDTLS_CIPHER_ARIA_128_CTR,
+    MBEDTLS_MODE_CTR,
+    128,
+    "ARIA-128-CTR",
+    16,
+    0,
+    16,
+    &aria_info
+};
+
+static const mbedtls_cipher_info_t aria_192_ctr_info = {
+    MBEDTLS_CIPHER_ARIA_192_CTR,
+    MBEDTLS_MODE_CTR,
+    192,
+    "ARIA-192-CTR",
+    16,
+    0,
+    16,
+    &aria_info
+};
+
+static const mbedtls_cipher_info_t aria_256_ctr_info = {
+    MBEDTLS_CIPHER_ARIA_256_CTR,
+    MBEDTLS_MODE_CTR,
+    256,
+    "ARIA-256-CTR",
+    16,
+    0,
+    16,
+    &aria_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#if defined(MBEDTLS_GCM_C)
+static int gcm_aria_setkey_wrap( void *ctx, const unsigned char *key,
+                                     unsigned int key_bitlen )
+{
+    return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
+                     key, key_bitlen );
+}
+
+static const mbedtls_cipher_base_t gcm_aria_info = {
+    MBEDTLS_CIPHER_ID_ARIA,
+    NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    gcm_aria_setkey_wrap,
+    gcm_aria_setkey_wrap,
+    gcm_ctx_alloc,
+    gcm_ctx_free,
+};
+
+static const mbedtls_cipher_info_t aria_128_gcm_info = {
+    MBEDTLS_CIPHER_ARIA_128_GCM,
+    MBEDTLS_MODE_GCM,
+    128,
+    "ARIA-128-GCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &gcm_aria_info
+};
+
+static const mbedtls_cipher_info_t aria_192_gcm_info = {
+    MBEDTLS_CIPHER_ARIA_192_GCM,
+    MBEDTLS_MODE_GCM,
+    192,
+    "ARIA-192-GCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &gcm_aria_info
+};
+
+static const mbedtls_cipher_info_t aria_256_gcm_info = {
+    MBEDTLS_CIPHER_ARIA_256_GCM,
+    MBEDTLS_MODE_GCM,
+    256,
+    "ARIA-256-GCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &gcm_aria_info
+};
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_CCM_C)
+static int ccm_aria_setkey_wrap( void *ctx, const unsigned char *key,
+                                     unsigned int key_bitlen )
+{
+    return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
+                     key, key_bitlen );
+}
+
+static const mbedtls_cipher_base_t ccm_aria_info = {
+    MBEDTLS_CIPHER_ID_ARIA,
+    NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    ccm_aria_setkey_wrap,
+    ccm_aria_setkey_wrap,
+    ccm_ctx_alloc,
+    ccm_ctx_free,
+};
+
+static const mbedtls_cipher_info_t aria_128_ccm_info = {
+    MBEDTLS_CIPHER_ARIA_128_CCM,
+    MBEDTLS_MODE_CCM,
+    128,
+    "ARIA-128-CCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aria_info
+};
+
+static const mbedtls_cipher_info_t aria_192_ccm_info = {
+    MBEDTLS_CIPHER_ARIA_192_CCM,
+    MBEDTLS_MODE_CCM,
+    192,
+    "ARIA-192-CCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aria_info
+};
+
+static const mbedtls_cipher_info_t aria_256_ccm_info = {
+    MBEDTLS_CIPHER_ARIA_256_CCM,
+    MBEDTLS_MODE_CCM,
+    256,
+    "ARIA-256-CCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aria_info
+};
+#endif /* MBEDTLS_CCM_C */
+
+#endif /* MBEDTLS_ARIA_C */
+
 #if defined(MBEDTLS_DES_C)
 
 static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
@@ -1427,6 +1788,37 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
 #endif
 #endif /* MBEDTLS_CAMELLIA_C */
 
+#if defined(MBEDTLS_ARIA_C)
+    { MBEDTLS_CIPHER_ARIA_128_ECB,     &aria_128_ecb_info },
+    { MBEDTLS_CIPHER_ARIA_192_ECB,     &aria_192_ecb_info },
+    { MBEDTLS_CIPHER_ARIA_256_ECB,     &aria_256_ecb_info },
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_CIPHER_ARIA_128_CBC,     &aria_128_cbc_info },
+    { MBEDTLS_CIPHER_ARIA_192_CBC,     &aria_192_cbc_info },
+    { MBEDTLS_CIPHER_ARIA_256_CBC,     &aria_256_cbc_info },
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    { MBEDTLS_CIPHER_ARIA_128_CFB128,  &aria_128_cfb128_info },
+    { MBEDTLS_CIPHER_ARIA_192_CFB128,  &aria_192_cfb128_info },
+    { MBEDTLS_CIPHER_ARIA_256_CFB128,  &aria_256_cfb128_info },
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    { MBEDTLS_CIPHER_ARIA_128_CTR,     &aria_128_ctr_info },
+    { MBEDTLS_CIPHER_ARIA_192_CTR,     &aria_192_ctr_info },
+    { MBEDTLS_CIPHER_ARIA_256_CTR,     &aria_256_ctr_info },
+#endif
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_CIPHER_ARIA_128_GCM,     &aria_128_gcm_info },
+    { MBEDTLS_CIPHER_ARIA_192_GCM,     &aria_192_gcm_info },
+    { MBEDTLS_CIPHER_ARIA_256_GCM,     &aria_256_gcm_info },
+#endif
+#if defined(MBEDTLS_CCM_C)
+    { MBEDTLS_CIPHER_ARIA_128_CCM,     &aria_128_ccm_info },
+    { MBEDTLS_CIPHER_ARIA_192_CCM,     &aria_192_ccm_info },
+    { MBEDTLS_CIPHER_ARIA_256_CCM,     &aria_256_ccm_info },
+#endif
+#endif /* MBEDTLS_ARIA_C */
+
 #if defined(MBEDTLS_DES_C)
     { MBEDTLS_CIPHER_DES_ECB,              &des_ecb_info },
     { MBEDTLS_CIPHER_DES_EDE_ECB,          &des_ede_ecb_info },

library/ssl_ciphersuites.c

@@ -47,7 +47,7 @@
  * 1. By key exchange:
  *    Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
  * 2. By key length and cipher:
- *    AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
+ *    AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-256 > 3DES
  * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
  * 4. By hash function used when relevant
  * 5. By key exchange/auth again: EC > non-EC
@@ -81,6 +81,14 @@ static const int ciphersuite_preference[] =
     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
 
+    /* All ARIA-256 ephemeral suites */
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+    MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
+    MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
+
     /* All AES-128 ephemeral suites */
     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -105,6 +113,14 @@ static const int ciphersuite_preference[] =
     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
     MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
 
+    /* All ARIA-128 ephemeral suites */
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+    MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
+    MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
+
     /* All remaining >= 128-bit ephemeral suites */
     MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
     MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
@@ -194,12 +210,16 @@ static const int ciphersuite_preference[] =
     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+    MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+    MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
 
     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
     MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
     MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+    MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+    MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
 
     MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
 
@@ -211,6 +231,8 @@ static const int ciphersuite_preference[] =
     MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
     MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
     MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
+    MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
+    MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
 
     MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
     MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
@@ -219,6 +241,8 @@ static const int ciphersuite_preference[] =
     MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
     MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
     MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
+    MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
+    MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
 
     MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
 
@@ -1688,6 +1712,365 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
 #endif /* MBEDTLS_DES_C */
 #endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
 
+#if defined(MBEDTLS_ARIA_C)
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
+             "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
+             "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
+             "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
+             "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+             "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
+             "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+             "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
+             "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
+             "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
+             "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
+             "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
+             "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
+
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
+             "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
+             "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
+             "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
+             "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+             "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
+             "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+             "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
+             "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
+             "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
+             "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+             "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
+             "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+             "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
+             "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
+             "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
+             "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
+             "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
+             "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+             "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
+             "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+             "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
+             "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+             "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+    { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
+             "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+             "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
+    { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
+             "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#endif /* MBEDTLS_ARIA_C */
+
+
     { 0, "",
       MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
       0, 0, 0, 0, 0 }

library/ssl_tls.c

@@ -1269,7 +1269,7 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx,
 
 #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) ||     \
     ( defined(MBEDTLS_CIPHER_MODE_CBC) &&                                  \
-      ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) )
+      ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C)) )
 #define SSL_SOME_MODES_USE_MAC
 #endif
 
@@ -1470,7 +1470,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
     else
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
 #if defined(MBEDTLS_CIPHER_MODE_CBC) &&                                    \
-    ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
+    ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
     if( mode == MBEDTLS_MODE_CBC )
     {
         int ret;
@@ -1586,7 +1586,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
+          ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -1730,7 +1730,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
     else
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
 #if defined(MBEDTLS_CIPHER_MODE_CBC) &&                                    \
-    ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
+    ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) )
     if( mode == MBEDTLS_MODE_CBC )
     {
         /*
@@ -1942,7 +1942,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
+          ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C || MBEDTLS_ARIA_C ) */
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );