From e4bd1422f5499342fe7c6d37569ca533659c3217 Mon Sep 17 00:00:00 2001
From: Jozef Kralik <jozef.kralik@plgd.dev>
Date: Wed, 29 Sep 2021 12:24:37 +0000
Subject: [PATCH] tls: extend ciphers for OTM and D2D when CLOUD=1

MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
---
 security/oc_tls.c | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/security/oc_tls.c b/security/oc_tls.c
index b3b86ee2cd..6f6c0fb1d6 100644
--- a/security/oc_tls.c
+++ b/security/oc_tls.c
@@ -199,11 +199,22 @@ static const int pin_otm_priority[2] = {
 };
 
 #ifdef OC_PKI
+#ifdef OC_CLOUD
+static const int cert_otm_priority[9] = {
+#else  /* OC_CLOUD */
 static const int cert_otm_priority[5] = {
+#endif /* !OC_CLOUD */
   MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
   MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
   MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
-  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, 0
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
+#ifdef OC_CLOUD
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+#endif /* OC_CLOUD */
+  0
 };
 #endif /* OC_PKI */
 
@@ -221,11 +232,22 @@ static const int cloud_priority[7] = {
 };
 #endif /* OC_CLOUD */
 
+#ifdef OC_CLOUD
+static const int cert_priority[9] = {
+#else  /* OC_CLOUD */
 static const int cert_priority[5] = {
+#endif /* !OC_CLOUD */
   MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
   MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
   MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
-  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, 0
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
+#ifdef OC_CLOUD
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+  MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+#endif /* OC_CLOUD */
+  0
 };
 #endif /* OC_PKI */
 #endif /* OC_CLIENT */