TLS suites

1. Suites added:
   TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D
   TLS_RSA_WITH_AES_128_GCM_SHA256          0x009C
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024
   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_256   0xC027
2. Removed:
   TLS_RSA_WITH_AES_256_CBC_SHA             0x35
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009
3. SSL code refactored
4. Added unit tests for new cipher suites
5. CAsslGenerateOwnerPsk modified to support all suites

Change-Id: If22925d175751a08121c66b90cc2907dd27ebee5
Signed-off-by: Oleksii Beketov <ol.beketov@samsung.com>
Signed-off-by: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>
Signed-off-by: Oleksii Beketov <ol.beketov@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/15443Reviewed-by: Jongsung Lee <js126.lee@samsung.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Greg Zaverucha <gregz@microsoft.com>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/16523Tested-by: jenkins-iotivity <jenkins@iotivity.org>

java/common/src/main/java/org/iotivity/ca/OicCipher.java

-/* ****************************************************************
- *
- * Copyright 2016 Samsung Electronics All Rights Reserved.
- *
- *
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-package org.iotivity.ca;
-
-public enum OicCipher {
-    TLS_ECDH_anon_WITH_AES_128_CBC_SHA(0xC018),
-    TLS_PSK_WITH_AES_128_CCM_8(0xC0A8),
-    TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8(0xC0AE),
-    TLS_RSA_WITH_AES_256_CBC_SHA(0x35);
-
-    private int cipher;
-
-    private OicCipher(int cipher) {
-        this.cipher = cipher;
-    }
-
-    public int getValue(){
-        return cipher;
-    }
-}
+/* ****************************************************************
+ *
+ * Copyright 2016 Samsung Electronics All Rights Reserved.
+ *
+ *
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ ******************************************************************/
+
+package org.iotivity.ca;
+
+public enum OicCipher {
+    TLS_RSA_WITH_AES_256_CBC_SHA256(0x3D),
+    TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C),
+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B),
+    TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8(0xC0AE),
+    TLS_ECDHE_ECDSA_WITH_AES_128_CCM(0xC0AC),
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024),
+    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C),
+    TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256(0xC037),
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
+    TLS_ECDH_anon_WITH_AES_128_CBC_SHA(0xC018);
+
+    private int cipher;
+
+    private OicCipher(int cipher) {
+        this.cipher = cipher;
+    }
+
+    public int getValue(){
+        return cipher;
+    }
+}

resource/csdk/connectivity/api/casecurityinterface.h

@@ -144,9 +144,17 @@ CAResult_t CAregisterPkixInfoHandler(CAgetPkixInfoHandler getPkixInfoHandler);
  * Select the cipher suite for dtls handshake.
  *
  * @param[in] cipher  cipher suite (Note : Make sure endianness).
- *                    0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA
- *                    0xC0A8 : TLS_PSK_WITH_AES_128_CCM_8
- *                    0xC0AE : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+ *                        TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D
+ *                        TLS_RSA_WITH_AES_128_GCM_SHA256          0x009C
+ *                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B
+ *                        TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8       0xC0AE
+ *                        TLS_ECDHE_ECDSA_WITH_AES_128_CCM         0xC0AC
+ *                        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023
+ *                        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024
+ *                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C
+ *                        TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037
+ *                        TLS_ECDH_anon_WITH_AES_128_CBC_SHA       0xC018
+ * @param[in] adapter  transport adapter (TCP/IP/BLE)
  *
  * @retval  ::CA_STATUS_OK    Successful.
  * @retval  ::CA_STATUS_INVALID_PARAM  Invalid input arguments.

resource/csdk/connectivity/inc/ca_adapter_net_ssl.h

@@ -42,9 +42,16 @@ typedef ssize_t (*CAPacketSendCallback)(CAEndpoint_t *endpoint,
  * Select the cipher suite for dtls handshake
  *
  * @param[in] cipher    cipher suite
- *                             0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256
- *                             0xC0A8 : TLS_PSK_WITH_AES_128_CCM_8
- *                             0xC0AE : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+ *                        TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D
+ *                        TLS_RSA_WITH_AES_128_GCM_SHA256          0x009C
+ *                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B
+ *                        TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8       0xC0AE
+ *                        TLS_ECDHE_ECDSA_WITH_AES_128_CCM         0xC0AC
+ *                        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023
+ *                        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024
+ *                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C
+ *                        TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037
+ *                        TLS_ECDH_anon_WITH_AES_128_CBC_SHA       0xC018
  *
  * @retval  ::CA_STATUS_OK for success, otherwise some error value
  */

resource/csdk/connectivity/src/caconnectivitymanager.c

@@ -499,8 +499,7 @@ CAResult_t CAEnableAnonECDHCipherSuite(const bool enable)
     CAResult_t res = CA_STATUS_FAILED;
 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
     // TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256    0xFF00 replaces 0xC018
-    // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037
-    res = CAsetTlsCipherSuite(enable ? 0xFF00 : 0xC037);
+    res = CAsetTlsCipherSuite(enable ? 0xFF00 : 0x00);
     if (CA_STATUS_OK != res)
     {
         OIC_LOG_V(ERROR, TAG, "Failed to CAsetTlsCipherSuite : %d", res);

resource/csdk/connectivity/test/ssladapter_test.cpp

@@ -182,7 +182,7 @@ unsigned char caCert[] = {
 };
 int caCertLen = sizeof(caCert);
 
-unsigned char control_server_message_ccm[] = {
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM[] = {
     0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
     0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
     0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
@@ -194,9 +194,9 @@ unsigned char control_server_message_ccm[] = {
     0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
     0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x43, 0x4d, 0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
 };
-int control_server_message_ccm_len = sizeof(control_server_message_ccm);
+int control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM);
 
-unsigned char control_server_message_ccm8[] = {
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8[] = {
     0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
     0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
     0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
@@ -209,9 +209,9 @@ unsigned char control_server_message_ccm8[] = {
     0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x43, 0x4d, 0x2d, 0x38, 0x3c, 0x2f, 0x70, 0x3e, 0x0d,
     0x0a
 };
-int control_server_message_ccm8_len = sizeof(control_server_message_ccm8);
+int control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8);
 
-unsigned char control_server_message_cbc[] = {
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256[] = {
     0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
     0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
     0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
@@ -222,9 +222,39 @@ unsigned char control_server_message_cbc[] = {
     0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
     0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
     0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x42, 0x43, 0x2d, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
-	0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
+    0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
 };
-int control_server_message_cbc_len = sizeof(control_server_message_cbc);
+int control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
+
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256[] = {
+    0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
+    0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
+    0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
+    0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
+    0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
+    0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
+    0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+    0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
+    0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
+    0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x47, 0x43, 0x4D, 0x2d, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
+    0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
+};
+int control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA[] = {
+    0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
+    0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
+    0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
+    0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
+    0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
+    0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
+    0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+    0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
+    0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
+    0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x42, 0x43, 0x2d, 0x53, 0x48, 0x41, 0x3c, 0x2f, 0x70,
+    0x3e, 0x0d, 0x0a
+};
+int control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
 
 unsigned char control_client_message[] = {
     0x47, 0x45, 0x54, 0x20, 0x2f, 0x20, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x0d, 0x0a,
@@ -232,6 +262,36 @@ unsigned char control_client_message[] = {
 };
 int control_client_message_len = sizeof(control_client_message);
 
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384[] = {
+    0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
+    0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
+    0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
+    0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
+    0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
+    0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
+    0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+    0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
+    0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
+    0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, 0x43, 0x42, 0x43, 0x2d, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34,
+    0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
+};
+int control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384[] = {
+    0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
+    0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
+    0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
+    0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
+    0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
+    0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
+    0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+    0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
+    0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
+    0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, 0x47, 0x43, 0x4D, 0x2d, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34,
+    0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
+};
+int control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
+
 static void error(const char *msg)
 {
     perror(msg);
@@ -1334,10 +1394,10 @@ static void * test0CAinitiateSslHandshake(void * arg)
 
     // CAsetTlsCipherSuite
     mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
-                                         tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
+                                         tlsCipher[SSL_ECDHE_ECDSA_WITH_AES_128_CCM]);
     mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
-                                         tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
-    g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
+                                         tlsCipher[SSL_ECDHE_ECDSA_WITH_AES_128_CCM]);
+    g_caSslContext->cipher = SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
 
     CAsetPskCredentialsCallback(GetDtlsPskCredentials);
 
@@ -1495,7 +1555,7 @@ static void * testCAencryptSsl(void * arg)
     {
         CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
     }
-    if (*((int*)arg) == 1)
+    else if (*((int*)arg) == 1)
     {
         CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
     }
@@ -1503,6 +1563,19 @@ static void * testCAencryptSsl(void * arg)
     {
         CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
     }
+    else if (*((int*)arg) == 3)
+    {
+        CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+    }
+    else if (*((int*)arg) == 4)
+    {
+        CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+    }
+    else if (*((int*)arg) == 5)
+    {
+        CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
+    }
+
     CAsetPskCredentialsCallback(GetDtlsPskCredentials);
 
     socketConnect();
@@ -1551,7 +1624,9 @@ static void * testCAencryptSsl(void * arg)
 
     if (*((int*)arg) == 0)
     {
-        if (control_server_message_ccm_len == msglen && memcmp(msg, control_server_message_ccm, control_server_message_ccm_len) == 0)
+        if (control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_len == msglen &&
+            memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM,
+            control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_len) == 0)
         {
             ret = 0;
         }
@@ -1562,7 +1637,9 @@ static void * testCAencryptSsl(void * arg)
     }
     if (*((int*)arg) == 1)
     {
-        if (control_server_message_ccm8_len == msglen && memcmp(msg, control_server_message_ccm8, control_server_message_ccm8_len) == 0)
+        if (control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8_len == msglen &&
+            memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+            control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8_len) == 0)
         {
             ret = 0;
         }
@@ -1573,7 +1650,48 @@ static void * testCAencryptSsl(void * arg)
     }
     else if (*((int*)arg) == 2)
     {
-        if (control_server_message_cbc_len == msglen && memcmp(msg, control_server_message_cbc, control_server_message_cbc_len) == 0)
+        if (control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_len == msglen &&
+            memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+            control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_len) == 0)
+        {
+            ret = 0;
+        }
+        else
+        {
+            ret = 1;
+        }
+    }
+    else if (*((int*)arg) == 3)
+    {
+        if (control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_len == msglen &&
+            memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+            control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_len) == 0)
+        {
+            ret = 0;
+        }
+        else
+        {
+            ret = 1;
+        }
+    }
+    else if (*((int*)arg) == 4)
+    {
+        if (control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_len == msglen &&
+            memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+                   control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_len) == 0)
+        {
+            ret = 0;
+        }
+        else
+        {
+            ret = 1;
+        }
+    }
+    else if (*((int*)arg) == 5)
+    {
+        if (control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_len == msglen &&
+            memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+                   control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_len) == 0)
         {
             ret = 0;
         }
@@ -1679,6 +1797,89 @@ TEST(TLSAdaper, Test_4_2)
     EXPECT_EQ(0, arg);
 }
 
+// CAencryptSsl()
+TEST(TLSAdaper, Test_4_3)
+{
+    pthread_t thread1, thread2;
+    int ret = 0;
+    int arg = 3;
+
+    ret = pthread_create( &thread1, NULL, server, (void*) NULL);
+    if(ret)
+    {
+        fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+        exit(EXIT_FAILURE);
+    }
+
+    sleep(5);
+
+    ret = pthread_create( &thread2, NULL, testCAencryptSsl, &arg);
+    if(ret)
+    {
+        fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+        exit(EXIT_FAILURE);
+    }
+
+    sleep(5);
+
+    EXPECT_EQ(0, arg);
+}
+
+// CAencryptSsl()
+TEST(TLSAdaper, Test_4_4)
+{
+    pthread_t thread1, thread2;
+    int ret = 0;
+    int arg = 4;
+
+    ret = pthread_create( &thread1, NULL, server, (void*) NULL);
+    if(ret)
+    {
+        fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+        exit(EXIT_FAILURE);
+    }
+
+    sleep(5);
+
+    ret = pthread_create( &thread2, NULL, testCAencryptSsl, &arg);
+    if(ret)
+    {
+        fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+        exit(EXIT_FAILURE);
+    }
+
+    sleep(5);
+
+    EXPECT_EQ(0, arg);
+}
+
+TEST(TLSAdaper, Test_4_5)
+{
+    pthread_t thread1, thread2;
+    int ret = 0;
+    int arg = 5;
+
+    ret = pthread_create( &thread1, NULL, server, (void*) NULL);
+    if(ret)
+    {
+        fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+        exit(EXIT_FAILURE);
+    }
+
+    sleep(5);
+
+    ret = pthread_create( &thread2, NULL, testCAencryptSsl, &arg);
+    if(ret)
+    {
+        fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+        exit(EXIT_FAILURE);
+    }
+
+    sleep(5);
+
+    EXPECT_EQ(0, arg);
+}
+
 /* **************************
  *
  *
@@ -1784,8 +1985,9 @@ static void * testCAdecryptSsl(void * arg)
 
     socketClose();
 
-    if (control_server_message_ccm_len == msglen && memcmp(msg, control_server_message_ccm,
-                                                                 control_server_message_ccm_len) == 0)
+    if (control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_len == msglen &&
+            memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM,
+            control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_len) == 0)
     {
         *((int*)arg) = 0;
         return NULL;
@@ -1880,10 +2082,10 @@ static int testCAdeinitSslAdapter()
 
     // CAsetTlsCipherSuite
     mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
-                                         tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
+                                         tlsCipher[SSL_ECDHE_ECDSA_WITH_AES_128_CCM]);
     mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
-                                         tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
-    g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
+                                         tlsCipher[SSL_ECDHE_ECDSA_WITH_AES_128_CCM]);
+    g_caSslContext->cipher = SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
 
     CAdeinitSslAdapter();
 
@@ -2105,32 +2307,55 @@ static int testCAsetTlsCipherSuite()
     // CAsetCredentialTypesCallback
     g_getCredentialTypesCallback = clutch;
 
-    status = CAsetTlsCipherSuite(MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA);
-    if (ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA != g_caSslContext->cipher || status != CA_STATUS_OK)
+    status = CAsetTlsCipherSuite(MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256);
+    if (SSL_RSA_WITH_AES_256_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+    {
+        ret += 1;
+    }
+
+    status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+    if (SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+    {
+        ret += 1;
+    }
+    status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
+    if (SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8 != g_caSslContext->cipher || status != CA_STATUS_OK)
     {
         ret += 1;
     }
 
     status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
-    if (ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM != g_caSslContext->cipher || status != CA_STATUS_OK)
+    if (SSL_ECDHE_ECDSA_WITH_AES_128_CCM != g_caSslContext->cipher || status != CA_STATUS_OK)
     {
         ret += 1;
     }
 
     status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
-    if (ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+    if (SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
     {
         ret += 1;
     }
 
-    status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256);
-    if (ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+    status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+    if (SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 != g_caSslContext->cipher || status != CA_STATUS_OK)
+    {
+        ret += 1;
+    }
+
+    status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
+    if (SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 != g_caSslContext->cipher || status != CA_STATUS_OK)
     {
         ret += 1;
     }
 
     status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
-    if (ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+    if (SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+    {
+        ret += 1;
+    }
+
+    status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256);
+    if (SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
     {
         ret += 1;
     }
@@ -2238,7 +2463,7 @@ static void * testCAsslGenerateOwnerPsk(void * arg)
     // CAsetCredentialTypesCallback
     g_getCredentialTypesCallback = clutch;
 
-    CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
+    CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
 
     CAsetPskCredentialsCallback(GetDtlsPskCredentials);
 

resource/csdk/security/provisioning/sample/cloud/cloudCommon.c

@@ -542,7 +542,7 @@ static void userRequests(void *data)
         {
             int tmp = 0;
             readInteger(&tmp, "Select Cipher Suite", "0 - ECDSA, other - RSA");
-            uint16_t cipher = tmp? MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA:
+            uint16_t cipher = tmp? MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256:
                                    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
             if (CA_STATUS_OK != CASelectCipherSuite(cipher, CA_ADAPTER_TCP))
             {

resource/csdk/security/provisioning/src/ownershiptransfermanager.c

@@ -1133,7 +1133,6 @@ static OCStackApplicationResult OwnerCredentialHandler(void *ctx, OCDoHandle UNU
              */
             // TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256 = 0xC037, /**< see RFC 5489 */
             caResult = CASelectCipherSuite(0xC037, endpoint->adapter);
-
             if(CA_STATUS_OK != caResult)
             {
                 OIC_LOG(ERROR, TAG, "Failed to select TLS_NULL_WITH_NULL_NULL");

resource/csdk/security/provisioning/src/oxmmanufacturercert.c

@@ -129,14 +129,14 @@ OCStackResult CreateSecureSessionMCertificateCallback(OTMContext_t* otmCtx)
     }
     OIC_LOG(INFO, TAG, "Anonymous cipher suite disabled.");
 
-    caresult  = CASelectCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+    caresult  = CASelectCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
                                     otmCtx->selectedDeviceInfo->endpoint.adapter);
     if (CA_STATUS_OK != caresult)
     {
-        OIC_LOG_V(ERROR, TAG, "Failed to select TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
+        OIC_LOG_V(ERROR, TAG, "Failed to select MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8");
         return OC_STACK_ERROR;
     }
-    OIC_LOG(INFO, TAG, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite selected.");
+    OIC_LOG(INFO, TAG, "MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 cipher suite selected.");
 
     OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
     CAEndpoint_t *endpoint = (CAEndpoint_t *)OICCalloc(1, sizeof (CAEndpoint_t));

resource/csdk/security/src/credresource.c

@@ -1874,13 +1874,6 @@ static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehReques
                         {
                             OIC_LOG(INFO, TAG, "Anonymous cipher suite is DISABLED");
                         }
-
-                        if(CA_STATUS_OK !=
-                           CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256, ehRequest->devAddr