summaryrefslogtreecommitdiff
path: root/FreeRTOS-Plus/Source/WolfSSL/src/keys.c
diff options
context:
space:
mode:
Diffstat (limited to 'FreeRTOS-Plus/Source/WolfSSL/src/keys.c')
-rw-r--r--FreeRTOS-Plus/Source/WolfSSL/src/keys.c2084
1 files changed, 1478 insertions, 606 deletions
diff --git a/FreeRTOS-Plus/Source/WolfSSL/src/keys.c b/FreeRTOS-Plus/Source/WolfSSL/src/keys.c
index b06debb28..55b2d9bed 100644
--- a/FreeRTOS-Plus/Source/WolfSSL/src/keys.c
+++ b/FreeRTOS-Plus/Source/WolfSSL/src/keys.c
@@ -1,8 +1,8 @@
/* keys.c
*
- * Copyright (C) 2006-2015 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
*
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -16,9 +16,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
+
/* Name change compatibility layer no longer needs to be included here */
#ifdef HAVE_CONFIG_H
@@ -27,24 +28,27 @@
#include <wolfssl/wolfcrypt/settings.h>
+#ifndef WOLFCRYPT_ONLY
+
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
- #ifdef FREESCALE_MQX
- #include <fio.h>
- #else
+ #ifndef NO_STDIO_FILESYSTEM
#include <stdio.h>
#endif
#endif
-
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
+ !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
+ int tsip_useable(const WOLFSSL *ssl);
+#endif
int SetCipherSpecs(WOLFSSL* ssl)
{
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_CLIENT_END) {
/* server side verified before SetCipherSpecs call */
if (VerifyClientSuite(ssl) != 1) {
- WOLFSSL_MSG("SetCipherSpecs() client has an unusuable suite");
+ WOLFSSL_MSG("SetCipherSpecs() client has an unusable suite");
return UNSUPPORTED_SUITE;
}
}
@@ -52,8 +56,64 @@ int SetCipherSpecs(WOLFSSL* ssl)
/* Chacha extensions, 0xcc */
if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
-
+
switch (ssl->options.cipherSuite) {
+#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
+ case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
+ ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = ecc_diffie_hellman_kea;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
+ ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
+ ssl->specs.iv_size = CHACHA20_IV_SIZE;
+ ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
+ ssl->options.oldPoly = 1; /* use old poly1305 padding */
+
+ break;
+#endif
+
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
+ case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
+ ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = ecc_diffie_hellman_kea;
+ ssl->specs.sig_algo = ecc_dsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
+ ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
+ ssl->specs.iv_size = CHACHA20_IV_SIZE;
+ ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
+ ssl->options.oldPoly = 1; /* use old poly1305 padding */
+
+ break;
+#endif
+
+#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
+ case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
+ ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = diffie_hellman_kea;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
+ ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
+ ssl->specs.iv_size = CHACHA20_IV_SIZE;
+ ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
+ ssl->options.oldPoly = 1; /* use old poly1305 padding */
+
+ break;
+#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
@@ -61,13 +121,14 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
ssl->specs.iv_size = CHACHA20_IV_SIZE;
ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
+ ssl->options.oldPoly = 0; /* use recent padding RFC */
break;
#endif
@@ -79,13 +140,14 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
ssl->specs.iv_size = CHACHA20_IV_SIZE;
ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
+ ssl->options.oldPoly = 0; /* use recent padding RFC */
break;
#endif
@@ -97,28 +159,89 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
ssl->specs.iv_size = CHACHA20_IV_SIZE;
ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
+ ssl->options.oldPoly = 0; /* use recent padding RFC */
break;
#endif
+
+#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
+ case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256:
+ ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = psk_kea;
+ ssl->specs.sig_algo = anonymous_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
+ ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
+ ssl->specs.iv_size = CHACHA20_IV_SIZE;
+ ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
+
+ ssl->options.oldPoly = 0; /* use recent padding RFC */
+ ssl->options.usingPSK_cipher = 1;
+ break;
+#endif
+
+#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+ case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
+ ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = ecdhe_psk_kea;
+ ssl->specs.sig_algo = anonymous_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
+ ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
+ ssl->specs.iv_size = CHACHA20_IV_SIZE;
+ ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
+
+ ssl->options.oldPoly = 0; /* use recent padding RFC */
+ ssl->options.usingPSK_cipher = 1;
+ break;
+#endif
+
+#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+ case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
+ ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = dhe_psk_kea;
+ ssl->specs.sig_algo = anonymous_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
+ ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
+ ssl->specs.iv_size = CHACHA20_IV_SIZE;
+ ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
+
+ ssl->options.oldPoly = 0; /* use recent padding RFC */
+ ssl->options.usingPSK_cipher = 1;
+ break;
+#endif
default:
WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
return UNSUPPORTED_SUITE;
}
}
- /* ECC extensions, or AES-CCM */
+ /* ECC extensions, AES-CCM or TLS 1.3 Integrity-only */
if (ssl->options.cipherSuite0 == ECC_BYTE) {
-
+
switch (ssl->options.cipherSuite) {
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
@@ -127,188 +250,222 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
+
+ break;
#endif
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
+#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
+ ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
+
+ break;
#endif
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
+#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
+ ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
+ ssl->specs.iv_size = AES_IV_SIZE;
+
+ break;
#endif
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
+#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = DES3_KEY_SIZE;
+ ssl->specs.block_size = DES_BLOCK_SIZE;
+ ssl->specs.iv_size = DES_IV_SIZE;
+
+ break;
#endif
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha384_mac;
+#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
+ ssl->specs.cipher_type = stream;
+ ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
+ ssl->specs.key_size = RC4_KEY_SIZE;
+ ssl->specs.iv_size = 0;
+ ssl->specs.block_size = 0;
+
+ break;
#endif
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
+#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha384_mac;
+ ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
+ ssl->specs.iv_size = AES_IV_SIZE;
+
+ break;
#endif
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha384_mac;
+#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
+ ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
+
+ break;
#endif
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
+#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
+ ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
+ ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- break;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
+ ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
+
+ break;
#endif
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
+#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
+ ssl->specs.cipher_type = stream;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = ecdhe_psk_kea;
+ ssl->specs.sig_algo = anonymous_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = 0;
+ ssl->specs.block_size = 0;
+ ssl->specs.iv_size = 0;
+
+ ssl->options.usingPSK_cipher = 1;
+ break;
+#endif
+
+#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = ecdhe_psk_kea;
+ ssl->specs.sig_algo = anonymous_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
+ ssl->options.usingPSK_cipher = 1;
break;
#endif
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
+#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
+
+#if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \
+ || (defined(HAVE_CURVE448) && defined(HAVE_ED448))
+
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
+ ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.sig_algo = ecc_dsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
+ ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
+ ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.sig_algo = ecc_dsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = DES3_KEY_SIZE;
- ssl->specs.block_size = DES_BLOCK_SIZE;
- ssl->specs.iv_size = DES_IV_SIZE;
+ ssl->specs.key_size = AES_256_KEY_SIZE;
+ ssl->specs.iv_size = AES_IV_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
-#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.sig_algo = ecc_dsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
+ ssl->specs.static_ecdh = 0;
ssl->specs.key_size = DES3_KEY_SIZE;
ssl->specs.block_size = DES_BLOCK_SIZE;
ssl->specs.iv_size = DES_IV_SIZE;
@@ -316,14 +473,14 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.sig_algo = ecc_dsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = RC4_KEY_SIZE;
@@ -333,150 +490,227 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
-#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
- case TLS_ECDH_RSA_WITH_RC4_128_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
- ssl->specs.cipher_type = stream;
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
+ ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.sig_algo = ecc_dsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = RC4_KEY_SIZE;
- ssl->specs.iv_size = 0;
- ssl->specs.block_size = 0;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = AES_128_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AES_IV_SIZE;
break;
#endif
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = DES3_KEY_SIZE;
- ssl->specs.block_size = DES_BLOCK_SIZE;
- ssl->specs.iv_size = DES_IV_SIZE;
+ ssl->specs.key_size = AES_256_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AES_IV_SIZE;
break;
#endif
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = DES3_KEY_SIZE;
- ssl->specs.block_size = DES_BLOCK_SIZE;
- ssl->specs.iv_size = DES_IV_SIZE;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = AES_128_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
+ ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = sha_mac;
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = RC4_KEY_SIZE;
- ssl->specs.iv_size = 0;
- ssl->specs.block_size = 0;
+ ssl->specs.key_size = AES_256_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
+ ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
+ case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = ecc_diffie_hellman_kea;
+ ssl->specs.sig_algo = ecc_dsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = AES_128_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
+ ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
+
+ break;
+#endif
+
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+ case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = ecc_diffie_hellman_kea;
+ ssl->specs.sig_algo = ecc_dsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = AES_128_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
+ ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
+
+ break;
+#endif
+
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
+ case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = ecc_diffie_hellman_kea;
+ ssl->specs.sig_algo = ecc_dsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = AES_256_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
+ ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
+
+ break;
+#endif
+
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = RC4_KEY_SIZE;
- ssl->specs.iv_size = 0;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
+ ssl->specs.iv_size = 0;
- break;
+ break;
#endif
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
+#endif /* HAVE_ECC || (CURVE25519 && ED25519) || (CURVE448 && ED448) */
+
+#if defined(HAVE_ECC)
+
+#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
+ ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
+ ssl->specs.static_ecdh = 1;
+ ssl->specs.key_size = AES_128_KEY_SIZE;
+ ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
+
+ break;
+#endif
+
+#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
+ ssl->specs.cipher_type = block;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = ecc_diffie_hellman_kea;
+ ssl->specs.sig_algo = ecc_dsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 1;
+ ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
-#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
+#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
+ ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
+#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = sha_mac;
+ ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.static_ecdh = 1;
+ ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
+#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_128_KEY_SIZE;
@@ -486,108 +720,121 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
+#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
+ ssl->specs.static_ecdh = 1;
+ ssl->specs.key_size = DES3_KEY_SIZE;
+ ssl->specs.block_size = DES_BLOCK_SIZE;
+ ssl->specs.iv_size = DES_IV_SIZE;
break;
#endif
-#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
+#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ case TLS_ECDH_RSA_WITH_RC4_128_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
+ ssl->specs.cipher_type = stream;
+ ssl->specs.mac_algorithm = sha_mac;
+ ssl->specs.kea = ecc_diffie_hellman_kea;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 1;
+ ssl->specs.key_size = RC4_KEY_SIZE;
+ ssl->specs.iv_size = 0;
+ ssl->specs.block_size = 0;
+
+ break;
+#endif
+
+#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
+ ssl->specs.key_size = DES3_KEY_SIZE;
+ ssl->specs.block_size = DES_BLOCK_SIZE;
+ ssl->specs.iv_size = DES_IV_SIZE;
break;
#endif
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
+#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
+ ssl->specs.cipher_type = stream;
+ ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.sig_algo = ecc_dsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
+ ssl->specs.static_ecdh = 1;
+ ssl->specs.key_size = RC4_KEY_SIZE;
+ ssl->specs.iv_size = 0;
+ ssl->specs.block_size = 0;
break;
#endif
-#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha384_mac;
+#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
+ ssl->specs.cipher_type = block;
+ ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
+ ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
+ ssl->specs.iv_size = AES_IV_SIZE;
break;
#endif
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
+#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
+ ssl->specs.cipher_type = block;
+ ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
+ ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
+ ssl->specs.iv_size = AES_IV_SIZE;
break;
#endif
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha384_mac;
+#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
+ ssl->specs.cipher_type = block;
+ ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
+ ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
+ ssl->specs.iv_size = AES_IV_SIZE;
break;
#endif
@@ -599,12 +846,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
@@ -617,12 +864,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
@@ -635,12 +882,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
@@ -653,52 +900,17 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
- case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
- ssl->specs.cipher_type = aead;
- ssl->specs.mac_algorithm = sha256_mac;
- ssl->specs.kea = ecc_diffie_hellman_kea;
- ssl->specs.sig_algo = ecc_dsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
- ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
-
- break;
-#endif
#endif /* HAVE_ECC */
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
@@ -708,12 +920,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
break;
@@ -726,12 +938,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
break;
@@ -744,12 +956,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
@@ -763,12 +975,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
@@ -782,12 +994,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
@@ -801,12 +1013,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
@@ -820,12 +1032,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
@@ -839,25 +1051,164 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
+ #ifdef BUILD_TLS_SHA256_SHA256
+ case TLS_SHA256_SHA256 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = 0;
+ ssl->specs.sig_algo = 0;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = WC_SHA256_DIGEST_SIZE / 2;
+ ssl->specs.block_size = 0;
+ ssl->specs.iv_size = HMAC_NONCE_SZ;
+ ssl->specs.aead_mac_size = WC_SHA256_DIGEST_SIZE;
+
+ break;
+ #endif
+
+ #ifdef BUILD_TLS_SHA384_SHA384
+ case TLS_SHA384_SHA384 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha384_mac;
+ ssl->specs.kea = 0;
+ ssl->specs.sig_algo = 0;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = WC_SHA384_DIGEST_SIZE / 2;
+ ssl->specs.block_size = 0;
+ ssl->specs.iv_size = HMAC_NONCE_SZ;
+ ssl->specs.aead_mac_size = WC_SHA384_DIGEST_SIZE;
+
+ break;
+ #endif
+#endif
+
default:
WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
return UNSUPPORTED_SUITE;
} /* switch */
} /* if */
- if (ssl->options.cipherSuite0 != ECC_BYTE &&
- ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */
+
+ /* TLSi v1.3 cipher suites, 0x13 */
+ if (ssl->options.cipherSuite0 == TLS13_BYTE) {
+ switch (ssl->options.cipherSuite) {
+
+#ifdef WOLFSSL_TLS13
+ #ifdef BUILD_TLS_AES_128_GCM_SHA256
+ case TLS_AES_128_GCM_SHA256 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = 0;
+ ssl->specs.sig_algo = 0;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = AES_128_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AESGCM_NONCE_SZ;
+ ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
+
+ break;
+ #endif
+
+ #ifdef BUILD_TLS_AES_256_GCM_SHA384
+ case TLS_AES_256_GCM_SHA384 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha384_mac;
+ ssl->specs.kea = 0;
+ ssl->specs.sig_algo = 0;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = AES_256_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AESGCM_NONCE_SZ;
+ ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
+
+ break;
+ #endif
+
+ #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
+ case TLS_CHACHA20_POLY1305_SHA256 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = 0;
+ ssl->specs.sig_algo = 0;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
+ ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
+ ssl->specs.iv_size = CHACHA20_IV_SIZE;
+ ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
+ ssl->options.oldPoly = 0; /* use recent padding RFC */
+
+ break;
+ #endif
+
+ #ifdef BUILD_TLS_AES_128_CCM_SHA256
+ case TLS_AES_128_CCM_SHA256 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = 0;
+ ssl->specs.sig_algo = 0;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = AES_128_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AESGCM_NONCE_SZ;
+ ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
+
+ break;
+ #endif
+
+ #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
+ case TLS_AES_128_CCM_8_SHA256 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = 0;
+ ssl->specs.sig_algo = 0;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = AES_128_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AESGCM_NONCE_SZ;
+ ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
+
+ break;
+ #endif
+#endif /* WOLFSSL_TLS13 */
+ }
+ }
+
+ if (ssl->options.cipherSuite0 != ECC_BYTE &&
+ ssl->options.cipherSuite0 != CHACHA_BYTE &&
+ ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */
switch (ssl->options.cipherSuite) {
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
@@ -867,7 +1218,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = RC4_KEY_SIZE;
@@ -884,7 +1235,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = RC4_KEY_SIZE;
@@ -901,7 +1252,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = md5_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = MD5_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
ssl->specs.pad_size = PAD_MD5;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = RC4_KEY_SIZE;
@@ -918,7 +1269,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = DES3_KEY_SIZE;
@@ -935,7 +1286,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = DES3_KEY_SIZE;
@@ -952,7 +1303,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
@@ -969,7 +1320,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
@@ -979,6 +1330,23 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
+#ifdef BUILD_TLS_RSA_WITH_NULL_MD5
+ case TLS_RSA_WITH_NULL_MD5 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
+ ssl->specs.cipher_type = stream;
+ ssl->specs.mac_algorithm = md5_mac;
+ ssl->specs.kea = rsa_kea;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_MD5;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = 0;
+ ssl->specs.block_size = 0;
+ ssl->specs.iv_size = 0;
+
+ break;
+#endif
+
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
case TLS_RSA_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
@@ -986,7 +1354,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
@@ -1003,7 +1371,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
@@ -1020,7 +1388,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
@@ -1037,7 +1405,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
@@ -1054,7 +1422,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
@@ -1071,7 +1439,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ntru_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
@@ -1088,12 +1456,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
@@ -1107,18 +1475,37 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
+#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
+ case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
+ ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
+ ssl->specs.cipher_type = aead;
+ ssl->specs.mac_algorithm = sha384_mac;
+ ssl->specs.kea = diffie_hellman_kea;
+ ssl->specs.sig_algo = anonymous_sa_algo;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = AES_256_KEY_SIZE;
+ ssl->specs.block_size = AES_BLOCK_SIZE;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
+ ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
+
+ ssl->options.usingAnon_cipher = 1;
+ break;
+#endif
+
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
@@ -1126,12 +1513,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
@@ -1145,12 +1532,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
@@ -1164,7 +1551,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
@@ -1182,7 +1569,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
@@ -1200,7 +1587,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
@@ -1218,7 +1605,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
@@ -1236,7 +1623,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
@@ -1254,7 +1641,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
@@ -1272,7 +1659,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
@@ -1290,7 +1677,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
@@ -1308,7 +1695,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
@@ -1326,7 +1713,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
@@ -1344,7 +1731,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = dhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
@@ -1362,7 +1749,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
@@ -1372,6 +1759,23 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
+#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
+ ssl->specs.cipher_type = block;
+ ssl->specs.mac_algorithm = sha_mac;
+ ssl->specs.kea = diffie_hellman_kea;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = DES3_KEY_SIZE;
+ ssl->specs.block_size = DES_BLOCK_SIZE;
+ ssl->specs.iv_size = DES_IV_SIZE;
+
+ break;
+#endif
+
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
@@ -1379,7 +1783,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
@@ -1396,7 +1800,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
@@ -1413,7 +1817,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
@@ -1430,7 +1834,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = md5_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = MD5_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
ssl->specs.pad_size = PAD_MD5;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = HC_128_KEY_SIZE;
@@ -1439,7 +1843,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
-
+
#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
case TLS_RSA_WITH_HC_128_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
@@ -1447,64 +1851,13 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = HC_128_KEY_SIZE;
ssl->specs.block_size = 0;
ssl->specs.iv_size = HC_128_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
- case TLS_RSA_WITH_HC_128_B2B256:
- ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
- ssl->specs.cipher_type = stream;
- ssl->specs.mac_algorithm = blake2b_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = BLAKE2B_256;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = HC_128_KEY_SIZE;
- ssl->specs.block_size = 0;
- ssl->specs.iv_size = HC_128_IV_SIZE;
-
- break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
- case TLS_RSA_WITH_AES_128_CBC_B2B256:
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = blake2b_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = BLAKE2B_256;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_128_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
-
- break;
-#endif
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
- case TLS_RSA_WITH_AES_256_CBC_B2B256:
- ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
- ssl->specs.cipher_type = block;
- ssl->specs.mac_algorithm = blake2b_mac;
- ssl->specs.kea = rsa_kea;
- ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = BLAKE2B_256;
- ssl->specs.pad_size = PAD_SHA;
- ssl->specs.static_ecdh = 0;
- ssl->specs.key_size = AES_256_KEY_SIZE;
- ssl->specs.iv_size = AES_IV_SIZE;
- ssl->specs.block_size = AES_BLOCK_SIZE;
-
break;
#endif
@@ -1515,7 +1868,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = RABBIT_KEY_SIZE;
@@ -1532,12 +1885,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
@@ -1550,12 +1903,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
@@ -1568,12 +1921,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
@@ -1586,12 +1939,12 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA384_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
- ssl->specs.iv_size = AEAD_IMP_IV_SZ;
+ ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
@@ -1604,7 +1957,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
@@ -1613,7 +1966,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
-
+
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
@@ -1621,7 +1974,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
@@ -1638,7 +1991,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
@@ -1655,7 +2008,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
@@ -1672,7 +2025,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
@@ -1689,7 +2042,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
@@ -1706,7 +2059,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
@@ -1723,7 +2076,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
- ssl->specs.hash_size = SHA256_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
@@ -1740,7 +2093,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
- ssl->specs.hash_size = SHA_DIGEST_SIZE;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
@@ -1751,6 +2104,36 @@ int SetCipherSpecs(WOLFSSL* ssl)
break;
#endif
+#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
+ case SSL_RSA_WITH_IDEA_CBC_SHA :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_idea;
+ ssl->specs.cipher_type = block;
+ ssl->specs.mac_algorithm = sha_mac;
+ ssl->specs.kea = rsa_kea;
+ ssl->specs.sig_algo = rsa_sa_algo;
+ ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+ ssl->specs.static_ecdh = 0;
+ ssl->specs.key_size = IDEA_KEY_SIZE;
+ ssl->specs.block_size = IDEA_BLOCK_SIZE;
+ ssl->specs.iv_size = IDEA_IV_SIZE;
+
+ break;
+#endif
+
+#ifdef BUILD_WDM_WITH_NULL_SHA256
+ case WDM_WITH_NULL_SHA256 :
+ ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
+ ssl->specs.cipher_type = stream;
+ ssl->specs.mac_algorithm = sha256_mac;
+ ssl->specs.kea = no_kea;
+ ssl->specs.sig_algo = anonymous_sa_algo;
+ ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
+ ssl->specs.pad_size = PAD_SHA;
+
+ break;
+#endif
+
default:
WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
return UNSUPPORTED_SUITE;
@@ -1761,13 +2144,23 @@ int SetCipherSpecs(WOLFSSL* ssl)
if (ssl->version.major == 3 && ssl->version.minor >= 1) {
#ifndef NO_TLS
ssl->options.tls = 1;
+ #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
ssl->hmac = TLS_hmac;
- if (ssl->version.minor >= 2)
+ #endif
+ if (ssl->version.minor >= 2) {
ssl->options.tls1_1 = 1;
+ if (ssl->version.minor >= 4)
+ ssl->options.tls1_3 = 1;
+ }
#endif
}
-#ifdef WOLFSSL_DTLS
+#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
+ if (IsAtLeastTLSv1_3(ssl->version) || ssl->specs.cipher_type != block)
+ ssl->options.encThenMac = 0;
+#endif
+
+#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_AEAD_ONLY)
if (ssl->options.dtls)
ssl->hmac = TLS_hmac;
#endif
@@ -1779,7 +2172,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
enum KeyStuff {
MASTER_ROUNDS = 3,
PREFIX = 3, /* up to three letters for master prefix */
- KEY_PREFIX = 7 /* up to 7 prefix letters for key rounds */
+ KEY_PREFIX = 9 /* up to 9 prefix letters for key rounds */
};
@@ -1810,9 +2203,15 @@ static int SetPrefix(byte* sha_input, int idx)
case 6:
XMEMCPY(sha_input, "GGGGGGG", 7);
break;
+ case 7:
+ XMEMCPY(sha_input, "HHHHHHHH", 8);
+ break;
+ case 8:
+ XMEMCPY(sha_input, "IIIIIIIII", 9);
+ break;
default:
WOLFSSL_MSG("Set Prefix error, bad input");
- return 0;
+ return 0;
}
return 1;
}
@@ -1820,35 +2219,38 @@ static int SetPrefix(byte* sha_input, int idx)
static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
- int side, void* heap, int devId)
+ int side, void* heap, int devId, WC_RNG* rng, int tls13)
{
+ (void)rng;
+ (void)tls13;
+
#ifdef BUILD_ARC4
- word32 sz = specs->key_size;
if (specs->bulk_cipher_algorithm == wolfssl_rc4) {
- if (enc && enc->arc4 == NULL)
+ word32 sz = specs->key_size;
+ if (enc && enc->arc4 == NULL) {
enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->arc4 == NULL)
- return MEMORY_E;
- if (dec && dec->arc4 == NULL)
+ if (enc->arc4 == NULL)
+ return MEMORY_E;
+ }
+ if (dec && dec->arc4 == NULL) {
dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->arc4 == NULL)
- return MEMORY_E;
-#ifdef HAVE_CAVIUM
- if (devId != NO_CAVIUM_DEVICE) {
- if (enc) {
- if (Arc4InitCavium(enc->arc4, devId) != 0) {
- WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
+ if (dec->arc4 == NULL)
+ return MEMORY_E;
+ }
+
+ if (enc) {
+ if (wc_Arc4Init(enc->arc4, heap, devId) != 0) {
+ WOLFSSL_MSG("Arc4Init failed in SetKeys");
+ return ASYNC_INIT_E;
}
- if (dec) {
- if (Arc4InitCavium(dec->arc4, devId) != 0) {
- WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
+ }
+ if (dec) {
+ if (wc_Arc4Init(dec->arc4, heap, devId) != 0) {
+ WOLFSSL_MSG("Arc4Init failed in SetKeys");
+ return ASYNC_INIT_E;
}
}
-#endif
+
if (side == WOLFSSL_CLIENT_END) {
if (enc)
wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
@@ -1866,10 +2268,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec)
dec->setup = 1;
}
-#endif
+#endif /* BUILD_ARC4 */
+
-
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+ /* Check that the max implicit iv size is suffecient */
+ #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */
+ #error AEAD_MAX_IMP_SZ is too small for ChaCha20
+ #endif
+ #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */
+ #error MAX_WRITE_IV_SZ is too small for ChaCha20
+ #endif
+
if (specs->bulk_cipher_algorithm == wolfssl_chacha) {
int chachaRet;
if (enc && enc->chacha == NULL)
@@ -1887,14 +2297,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key,
specs->key_size);
XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
+ CHACHA20_IMP_IV_SZ);
if (chachaRet != 0) return chachaRet;
}
if (dec) {
chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key,
specs->key_size);
XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
+ CHACHA20_IMP_IV_SZ);
if (chachaRet != 0) return chachaRet;
}
}
@@ -1903,14 +2313,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key,
specs->key_size);
XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
+ CHACHA20_IMP_IV_SZ);
if (chachaRet != 0) return chachaRet;
}
if (dec) {
chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key,
specs->key_size);
XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
+ CHACHA20_IMP_IV_SZ);
if (chachaRet != 0) return chachaRet;
}
}
@@ -1920,9 +2330,15 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec)
dec->setup = 1;
}
-#endif
+#endif /* HAVE_CHACHA && HAVE_POLY1305 */
+
#ifdef HAVE_HC128
+ /* check that buffer sizes are sufficient */
+ #if (MAX_WRITE_IV_SZ < 16) /* HC_128_IV_SIZE */
+ #error MAX_WRITE_IV_SZ too small for HC128
+ #endif
+
if (specs->bulk_cipher_algorithm == wolfssl_hc128) {
int hcRet;
if (enc && enc->hc128 == NULL)
@@ -1964,9 +2380,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec)
dec->setup = 1;
}
-#endif
-
+#endif /* HAVE_HC128 */
+
#ifdef BUILD_RABBIT
+ /* check that buffer sizes are sufficient */
+ #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */
+ #error MAX_WRITE_IV_SZ too small for RABBIT
+ #endif
+
if (specs->bulk_cipher_algorithm == wolfssl_rabbit) {
int rabRet;
if (enc && enc->rabbit == NULL)
@@ -2008,36 +2429,45 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec)
dec->setup = 1;
}
-#endif
-
+#endif /* BUILD_RABBIT */
+
#ifdef BUILD_DES3
+ /* check that buffer sizes are sufficient */
+ #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */
+ #error MAX_WRITE_IV_SZ too small for 3DES
+ #endif
+
if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
int desRet = 0;
- if (enc && enc->des3 == NULL)
- enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->des3 == NULL)
- return MEMORY_E;
- if (dec && dec->des3 == NULL)
- dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->des3 == NULL)
- return MEMORY_E;
-#ifdef HAVE_CAVIUM
- if (devId != NO_CAVIUM_DEVICE) {
- if (enc) {
- if (Des3_InitCavium(enc->des3, devId) != 0) {
- WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
+ if (enc) {
+ if (enc->des3 == NULL)
+ enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
+ if (enc->des3 == NULL)
+ return MEMORY_E;
+ XMEMSET(enc->des3, 0, sizeof(Des3));
+ }
+ if (dec) {
+ if (dec->des3 == NULL)
+ dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
+ if (dec->des3 == NULL)
+ return MEMORY_E;
+ XMEMSET(dec->des3, 0, sizeof(Des3));
+ }
+
+ if (enc) {
+ if (wc_Des3Init(enc->des3, heap, devId) != 0) {
+ WOLFSSL_MSG("Des3Init failed in SetKeys");
+ return ASYNC_INIT_E;
}
- if (dec) {
- if (Des3_InitCavium(dec->des3, devId) != 0) {
- WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
+ }
+ if (dec) {
+ if (wc_Des3Init(dec->des3, heap, devId) != 0) {
+ WOLFSSL_MSG("Des3Init failed in SetKeys");
+ return ASYNC_INIT_E;
}
}
-#endif
+
if (side == WOLFSSL_CLIENT_END) {
if (enc) {
desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
@@ -2067,36 +2497,44 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec)
dec->setup = 1;
}
-#endif
+#endif /* BUILD_DES3 */
#ifdef BUILD_AES
+ /* check that buffer sizes are sufficient */
+ #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */
+ #error MAX_WRITE_IV_SZ too small for AES
+ #endif
+
if (specs->bulk_cipher_algorithm == wolfssl_aes) {
int aesRet = 0;
- if (enc && enc->aes == NULL)
- enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->aes == NULL)
- return MEMORY_E;
- if (dec && dec->aes == NULL)
- dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->aes == NULL)
- return MEMORY_E;
-#ifdef HAVE_CAVIUM
- if (devId != NO_CAVIUM_DEVICE) {
- if (enc) {
- if (wc_AesInitCavium(enc->aes, devId) != 0) {
- WOLFSSL_MSG("AesInitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
+ if (enc) {
+ if (enc->aes == NULL)
+ enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+ if (enc->aes == NULL)
+ return MEMORY_E;
+ XMEMSET(enc->aes, 0, sizeof(Aes));
+ }
+ if (dec) {
+ if (dec->aes == NULL)
+ dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+ if (dec->aes == NULL)
+ return MEMORY_E;
+ XMEMSET(dec->aes, 0, sizeof(Aes));
+ }
+ if (enc) {
+ if (wc_AesInit(enc->aes, heap, devId) != 0) {
+ WOLFSSL_MSG("AesInit failed in SetKeys");
+ return ASYNC_INIT_E;
}
- if (dec) {
- if (wc_AesInitCavium(dec->aes, devId) != 0) {
- WOLFSSL_MSG("AesInitCavium failed in SetKeys");
- return CAVIUM_INIT_E;
- }
+ }
+ if (dec) {
+ if (wc_AesInit(dec->aes, heap, devId) != 0) {
+ WOLFSSL_MSG("AesInit failed in SetKeys");
+ return ASYNC_INIT_E;
}
}
-#endif
+
if (side == WOLFSSL_CLIENT_END) {
if (enc) {
aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
@@ -2130,20 +2568,50 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec)
dec->setup = 1;
}
-#endif
+#endif /* BUILD_AES */
#ifdef BUILD_AESGCM
+ /* check that buffer sizes are sufficient */
+ #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
+ #error AEAD_MAX_IMP_SZ too small for AESGCM
+ #endif
+ #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
+ #error AEAD_MAX_EXP_SZ too small for AESGCM
+ #endif
+ #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
+ #error MAX_WRITE_IV_SZ too small for AESGCM
+ #endif
+
if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
int gcmRet;
- if (enc && enc->aes == NULL)
- enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->aes == NULL)
- return MEMORY_E;
- if (dec && dec->aes == NULL)
- dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->aes == NULL)
- return MEMORY_E;
+ if (enc) {
+ if (enc->aes == NULL)
+ enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+ if (enc->aes == NULL)
+ return MEMORY_E;
+ XMEMSET(enc->aes, 0, sizeof(Aes));
+ }
+ if (dec) {
+ if (dec->aes == NULL)
+ dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+ if (dec->aes == NULL)
+ return MEMORY_E;
+ XMEMSET(dec->aes, 0, sizeof(Aes));
+ }
+
+ if (enc) {
+ if (wc_AesInit(enc->aes, heap, devId) != 0) {
+ WOLFSSL_MSG("AesInit failed in SetKeys");
+ return ASYNC_INIT_E;
+ }
+ }
+ if (dec) {
+ if (wc_AesInit(dec->aes, heap, devId) != 0) {
+ WOLFSSL_MSG("AesInit failed in SetKeys");
+ return ASYNC_INIT_E;
+ }
+ }
if (side == WOLFSSL_CLIENT_END) {
if (enc) {
@@ -2151,14 +2619,23 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
specs->key_size);
if (gcmRet != 0) return gcmRet;
XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
+ AEAD_MAX_IMP_SZ);
+#if !defined(NO_PUBLIC_GCM_SET_IV) && \
+ ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
+ if (!tls13) {
+ gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ,
+ keys->client_write_IV, AESGCM_IMP_IV_SZ, rng);
+ if (gcmRet != 0) return gcmRet;
+ }
+#endif
}
if (dec) {
gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
specs->key_size);
if (gcmRet != 0) return gcmRet;
XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
+ AEAD_MAX_IMP_SZ);
}
}
else {
@@ -2167,14 +2644,23 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
specs->key_size);
if (gcmRet != 0) return gcmRet;
XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
+ AEAD_MAX_IMP_SZ);
+#if !defined(NO_PUBLIC_GCM_SET_IV) && \
+ ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
+ if (!tls13) {
+ gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ,
+ keys->server_write_IV, AESGCM_IMP_IV_SZ, rng);
+ if (gcmRet != 0) return gcmRet;
+ }
+#endif
}
if (dec) {
gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
specs->key_size);
if (gcmRet != 0) return gcmRet;
XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
+ AEAD_MAX_IMP_SZ);
}
}
if (enc)
@@ -2182,41 +2668,107 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec)
dec->setup = 1;
}
-#endif
+#endif /* BUILD_AESGCM */
#ifdef HAVE_AESCCM
+ /* check that buffer sizes are sufficient (CCM is same size as GCM) */
+ #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
+ #error AEAD_MAX_IMP_SZ too small for AESCCM
+ #endif
+ #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
+ #error AEAD_MAX_EXP_SZ too small for AESCCM
+ #endif
+ #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
+ #error MAX_WRITE_IV_SZ too small for AESCCM
+ #endif
+
if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
- if (enc && enc->aes == NULL)
- enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (enc && enc->aes == NULL)
- return MEMORY_E;
- if (dec && dec->aes == NULL)
- dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
- if (dec && dec->aes == NULL)
- return MEMORY_E;
+ int CcmRet;
+
+ if (enc) {
+ if (enc->aes == NULL)
+ enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+ if (enc->aes == NULL)
+ return MEMORY_E;
+ XMEMSET(enc->aes, 0, sizeof(Aes));
+ }
+ if (dec) {
+ if (dec->aes == NULL)
+ dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+ if (dec->aes == NULL)
+ return MEMORY_E;
+ XMEMSET(dec->aes, 0, sizeof(Aes));
+ }
+
+ if (enc) {
+ if (wc_AesInit(enc->aes, heap, devId) != 0) {
+ WOLFSSL_MSG("AesInit failed in SetKeys");
+ return ASYNC_INIT_E;
+ }
+ }
+ if (dec) {
+ if (wc_AesInit(dec->aes, heap, devId) != 0) {
+ WOLFSSL_MSG("AesInit failed in SetKeys");
+ return ASYNC_INIT_E;
+ }
+ }
if (side == WOLFSSL_CLIENT_END) {
if (enc) {
- wc_AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
+ CcmRet = wc_AesCcmSetKey(enc->aes, keys->client_write_key,
+ specs->key_size);
+ if (CcmRet != 0) {
+ return CcmRet;
+ }
XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
+ AEAD_MAX_IMP_SZ);
+#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \
+ ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
+ if (!tls13) {
+ CcmRet = wc_AesCcmSetNonce(enc->aes, keys->client_write_IV,
+ AEAD_MAX_IMP_SZ);
+ if (CcmRet != 0) return CcmRet;
+ }
+#endif
}
if (dec) {
- wc_AesCcmSetKey(dec->aes, keys->server_write_key, specs->key_size);
+ CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key,
+ specs->key_size);
+ if (CcmRet != 0) {
+ return CcmRet;
+ }
XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
+ AEAD_MAX_IMP_SZ);
}
}
else {
if (enc) {
- wc_AesCcmSetKey(enc->aes, keys->server_write_key, specs->key_size);
+ CcmRet = wc_AesCcmSetKey(enc->aes, keys->server_write_key,
+ specs->key_size);
+ if (CcmRet != 0) {
+ return CcmRet;
+ }
XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
- AEAD_IMP_IV_SZ);
+ AEAD_MAX_IMP_SZ);
+#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \
+ ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
+ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
+ if (!tls13) {
+ CcmRet = wc_AesCcmSetNonce(enc->aes, keys->server_write_IV,
+ AEAD_MAX_IMP_SZ);
+ if (CcmRet != 0) return CcmRet;
+ }
+#endif
}
if (dec) {
- wc_AesCcmSetKey(dec->aes, keys->client_write_key, specs->key_size);
+ CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key,
+ specs->key_size);
+ if (CcmRet != 0) {
+ return CcmRet;
+ }
XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
- AEAD_IMP_IV_SZ);
+ AEAD_MAX_IMP_SZ);
}
}
if (enc)
@@ -2224,9 +2776,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec)
dec->setup = 1;
}
-#endif
+#endif /* HAVE_AESCCM */
#ifdef HAVE_CAMELLIA
+ /* check that buffer sizes are sufficient */
+ #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */
+ #error MAX_WRITE_IV_SZ too small for CAMELLIA
+ #endif
+
if (specs->bulk_cipher_algorithm == wolfssl_camellia) {
int camRet;
@@ -2271,10 +2828,133 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
if (dec)
dec->setup = 1;
}
-#endif
+#endif /* HAVE_CAMELLIA */
+
+#ifdef HAVE_IDEA
+ /* check that buffer sizes are sufficient */
+ #if (MAX_WRITE_IV_SZ < 8) /* IDEA_IV_SIZE */
+ #error MAX_WRITE_IV_SZ too small for IDEA
+ #endif
+
+ if (specs->bulk_cipher_algorithm == wolfssl_idea) {
+ int ideaRet;
+
+ if (enc && enc->idea == NULL)
+ enc->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
+ if (enc && enc->idea == NULL)
+ return MEMORY_E;
+
+ if (dec && dec->idea == NULL)
+ dec->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
+ if (dec && dec->idea == NULL)
+ return MEMORY_E;
+
+ if (side == WOLFSSL_CLIENT_END) {
+ if (enc) {
+ ideaRet = wc_IdeaSetKey(enc->idea, keys->client_write_key,
+ specs->key_size, keys->client_write_IV,
+ IDEA_ENCRYPTION);
+ if (ideaRet != 0) return ideaRet;
+ }
+ if (dec) {
+ ideaRet = wc_IdeaSetKey(dec->idea, keys->server_write_key,
+ specs->key_size, keys->server_write_IV,
+ IDEA_DECRYPTION);
+ if (ideaRet != 0) return ideaRet;
+ }
+ }
+ else {
+ if (enc) {
+ ideaRet = wc_IdeaSetKey(enc->idea, keys->server_write_key,
+ specs->key_size, keys->server_write_IV,
+ IDEA_ENCRYPTION);
+ if (ideaRet != 0) return ideaRet;
+ }
+ if (dec) {
+ ideaRet = wc_IdeaSetKey(dec->idea, keys->client_write_key,
+ specs->key_size, keys->client_write_IV,
+ IDEA_DECRYPTION);
+ if (ideaRet != 0) return ideaRet;
+ }
+ }
+ if (enc)
+ enc->setup = 1;
+ if (dec)
+ dec->setup = 1;
+ }
+#endif /* HAVE_IDEA */
#ifdef HAVE_NULL_CIPHER
if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
+ #ifdef WOLFSSL_TLS13
+ if (tls13) {
+ int hmacRet;
+ int hashType = WC_HASH_TYPE_NONE;
+
+ switch (specs->mac_algorithm) {
+ case sha256_mac:
+ hashType = WC_SHA256;
+ break;
+ case sha384_mac:
+ hashType = WC_SHA384;
+ break;
+ default:
+ break;
+ }
+
+ if (enc && enc->hmac == NULL) {
+ enc->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap,
+ DYNAMIC_TYPE_CIPHER);
+ if (enc->hmac == NULL)
+ return MEMORY_E;
+ }
+
+ if (dec && dec->hmac == NULL) {
+ dec->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap,
+ DYNAMIC_TYPE_CIPHER);
+ if (dec->hmac == NULL)
+ return MEMORY_E;
+ }
+
+ if (enc) {
+ if (wc_HmacInit(enc->hmac, heap, devId) != 0) {
+ WOLFSSL_MSG("HmacInit failed in SetKeys");
+ return ASYNC_INIT_E;
+ }
+ }
+ if (dec) {
+ if (wc_HmacInit(dec->hmac, heap, devId) != 0) {
+ WOLFSSL_MSG("HmacInit failed in SetKeys");
+ return ASYNC_INIT_E;
+ }
+ }
+
+ if (side == WOLFSSL_CLIENT_END) {
+ if (enc) {
+ hmacRet = wc_HmacSetKey(enc->hmac, hashType,
+ keys->client_write_key, specs->key_size);
+ if (hmacRet != 0) return hmacRet;
+ }
+ if (dec) {
+ hmacRet = wc_HmacSetKey(dec->hmac, hashType,
+ keys->server_write_key, specs->key_size);
+ if (hmacRet != 0) return hmacRet;
+ }
+ }
+ else {
+ if (enc) {
+ hmacRet = wc_HmacSetKey(enc->hmac, hashType,
+ keys->server_write_key, specs->key_size);
+ if (hmacRet != 0) return hmacRet;
+ }
+ if (dec) {
+ hmacRet = wc_HmacSetKey(dec->hmac, hashType,
+ keys->client_write_key, specs->key_size);
+ if (hmacRet != 0) return hmacRet;
+ }
+ }
+ }
+ #endif
if (enc)
enc->setup = 1;
if (dec)
@@ -2282,10 +2962,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
#endif
- if (enc)
- keys->sequence_number = 0;
- if (dec)
- keys->peer_sequence_number = 0;
+ if (enc) {
+ keys->sequence_number_hi = 0;
+ keys->sequence_number_lo = 0;
+ }
+ if (dec) {
+ keys->peer_sequence_number_hi = 0;
+ keys->peer_sequence_number_lo = 0;
+ }
(void)side;
(void)heap;
(void)enc;
@@ -2313,6 +2997,7 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
if (authentication)
authentication->setup = 1;
#endif
+ (void)authentication;
(void)heap;
(void)keys;
(void)specs;
@@ -2322,6 +3007,40 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
}
#endif /* HAVE_ONE_TIME_AUTH */
+#ifdef HAVE_SECURE_RENEGOTIATION
+/* function name is for cache_status++
+ * This function was added because of error incrementing enum type when
+ * compiling with a C++ compiler.
+ */
+static void CacheStatusPP(SecureRenegotiation* cache)
+{
+ switch (cache->cache_status) {
+ case SCR_CACHE_NULL:
+ cache->cache_status = SCR_CACHE_NEEDED;
+ break;
+
+ case SCR_CACHE_NEEDED:
+ cache->cache_status = SCR_CACHE_COPY;
+ break;
+
+ case SCR_CACHE_COPY:
+ cache->cache_status = SCR_CACHE_PARTIAL;
+ break;
+
+ case SCR_CACHE_PARTIAL:
+ cache->cache_status = SCR_CACHE_COMPLETE;
+ break;
+
+ case SCR_CACHE_COMPLETE:
+ WOLFSSL_MSG("SCR Cache state Complete");
+ break;
+
+ default:
+ WOLFSSL_MSG("Unknown cache state!!");
+ }
+}
+#endif /* HAVE_SECURE_RENEGOTIATION */
+
/* Set wc_encrypt/wc_decrypt or both sides of key setup
* note: use wc_encrypt to avoid shadowing global encrypt
@@ -2329,17 +3048,13 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
*/
int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
{
- int devId = NO_CAVIUM_DEVICE, ret, copy = 0;
+ int ret, copy = 0;
Ciphers* wc_encrypt = NULL;
Ciphers* wc_decrypt = NULL;
Keys* keys = &ssl->keys;
(void)copy;
-#ifdef HAVE_CAVIUM
- devId = ssl->devId;
-#endif
-
#ifdef HAVE_SECURE_RENEGOTIATION
if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) {
keys = &ssl->secure_renegotiation->tmp_keys;
@@ -2349,14 +3064,48 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
switch (side) {
case ENCRYPT_SIDE_ONLY:
+#ifdef WOLFSSL_DEBUG_TLS
+ WOLFSSL_MSG("Provisioning ENCRYPT key");
+ if (ssl->options.side == WOLFSSL_CLIENT_END) {
+ WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
+ }
+ else {
+ WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
+ }
+#endif
wc_encrypt = &ssl->encrypt;
break;
case DECRYPT_SIDE_ONLY:
+#ifdef WOLFSSL_DEBUG_TLS
+ WOLFSSL_MSG("Provisioning DECRYPT key");
+ if (ssl->options.side == WOLFSSL_CLIENT_END) {
+ WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
+ }
+ else {
+ WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
+ }
+#endif
wc_decrypt = &ssl->decrypt;
break;
case ENCRYPT_AND_DECRYPT_SIDE:
+#ifdef WOLFSSL_DEBUG_TLS
+ WOLFSSL_MSG("Provisioning ENCRYPT key");
+ if (ssl->options.side == WOLFSSL_CLIENT_END) {
+ WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
+ }
+ else {
+ WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
+ }
+ WOLFSSL_MSG("Provisioning DECRYPT key");
+ if (ssl->options.side == WOLFSSL_CLIENT_END) {
+ WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
+ }
+ else {
+ WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
+ }
+#endif
wc_encrypt = &ssl->encrypt;
wc_decrypt = &ssl->decrypt;
break;
@@ -2367,14 +3116,21 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
#ifdef HAVE_ONE_TIME_AUTH
if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){
- ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, devId);
+ ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
}
#endif
+#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
+ !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
+ /* check if keys for TSIP has been created */
+ if (tsip_useable(ssl) == 1)
+ ret = 0;
+ else
+#endif
ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
- ssl->heap, devId);
+ ssl->heap, ssl->devId, ssl->rng, ssl->options.tls1_3);
#ifdef HAVE_SECURE_RENEGOTIATION
if (copy) {
@@ -2386,55 +3142,61 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
clientCopy = 1;
if (clientCopy) {
+ #ifndef WOLFSSL_AEAD_ONLY
XMEMCPY(ssl->keys.client_write_MAC_secret,
- keys->client_write_MAC_secret, MAX_DIGEST_SIZE);
+ keys->client_write_MAC_secret, WC_MAX_DIGEST_SIZE);
+ #endif
XMEMCPY(ssl->keys.client_write_key,
keys->client_write_key, AES_256_KEY_SIZE);
XMEMCPY(ssl->keys.client_write_IV,
- keys->client_write_IV, AES_IV_SIZE);
+ keys->client_write_IV, MAX_WRITE_IV_SZ);
} else {
+ #ifndef WOLFSSL_AEAD_ONLY
XMEMCPY(ssl->keys.server_write_MAC_secret,
- keys->server_write_MAC_secret, MAX_DIGEST_SIZE);
+ keys->server_write_MAC_secret, WC_MAX_DIGEST_SIZE);
+ #endif
XMEMCPY(ssl->keys.server_write_key,
keys->server_write_key, AES_256_KEY_SIZE);
XMEMCPY(ssl->keys.server_write_IV,
- keys->server_write_IV, AES_IV_SIZE);
+ keys->server_write_IV, MAX_WRITE_IV_SZ);
}
if (wc_encrypt) {
- ssl->keys.sequence_number = keys->sequence_number;
+ ssl->keys.sequence_number_hi = keys->sequence_number_hi;
+ ssl->keys.sequence_number_lo = keys->sequence_number_lo;
#ifdef HAVE_AEAD
if (ssl->specs.cipher_type == aead) {
/* Initialize the AES-GCM/CCM explicit IV to a zero. */
XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
- AEAD_EXP_IV_SZ);
+ AEAD_MAX_EXP_SZ);
/* Initialize encrypt implicit IV by encrypt side */
if (ssl->options.side == WOLFSSL_CLIENT_END) {
XMEMCPY(ssl->keys.aead_enc_imp_IV,
- keys->client_write_IV, AEAD_IMP_IV_SZ);
+ keys->client_write_IV, AEAD_MAX_IMP_SZ);
} else {
XMEMCPY(ssl->keys.aead_enc_imp_IV,
- keys->server_write_IV, AEAD_IMP_IV_SZ);
+ keys->server_write_IV, AEAD_MAX_IMP_SZ);
}
}
#endif
}
if (wc_decrypt) {
- ssl->keys.peer_sequence_number = keys->peer_sequence_number;
+ ssl->keys.peer_sequence_number_hi = keys->peer_sequence_number_hi;
+ ssl->keys.peer_sequence_number_lo = keys->peer_sequence_number_lo;
#ifdef HAVE_AEAD
if (ssl->specs.cipher_type == aead) {
/* Initialize decrypt implicit IV by decrypt side */
if (ssl->options.side == WOLFSSL_SERVER_END) {
XMEMCPY(ssl->keys.aead_dec_imp_IV,
- keys->client_write_IV, AEAD_IMP_IV_SZ);
+ keys->client_write_IV, AEAD_MAX_IMP_SZ);
} else {
XMEMCPY(ssl->keys.aead_dec_imp_IV,
- keys->server_write_IV, AEAD_IMP_IV_SZ);
+ keys->server_write_IV, AEAD_MAX_IMP_SZ);
}
}
#endif
}
- ssl->secure_renegotiation->cache_status++;
+ CacheStatusPP(ssl->secure_renegotiation);
}
#endif /* HAVE_SECURE_RENEGOTIATION */
@@ -2443,7 +3205,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
/* TLS can call too */
-int StoreKeys(WOLFSSL* ssl, const byte* keyData)
+int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
{
int sz, i = 0;
Keys* keys = &ssl->keys;
@@ -2452,32 +3214,78 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData)
if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status ==
SCR_CACHE_NEEDED) {
keys = &ssl->secure_renegotiation->tmp_keys;
- ssl->secure_renegotiation->cache_status++;
+ CacheStatusPP(ssl->secure_renegotiation);
}
#endif /* HAVE_SECURE_RENEGOTIATION */
+#ifdef WOLFSSL_MULTICAST
+ if (ssl->options.haveMcast) {
+ /* Use the same keys for encrypt and decrypt. */
+ if (ssl->specs.cipher_type != aead) {
+ sz = ssl->specs.hash_size;
+ #ifndef WOLFSSL_AEAD_ONLY
+ XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
+ XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
+ #endif
+ i += sz;
+ }
+ sz = ssl->specs.key_size;
+ XMEMCPY(keys->client_write_key, &keyData[i], sz);
+ XMEMCPY(keys->server_write_key, &keyData[i], sz);
+ i += sz;
+
+ sz = ssl->specs.iv_size;
+ XMEMCPY(keys->client_write_IV, &keyData[i], sz);
+ XMEMCPY(keys->server_write_IV, &keyData[i], sz);
+
+#ifdef HAVE_AEAD
+ if (ssl->specs.cipher_type == aead) {
+ /* Initialize the AES-GCM/CCM explicit IV to a zero. */
+ XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
+ }
+#endif /* HAVE_AEAD */
+
+ return 0;
+ }
+#endif /* WOLFSSL_MULTICAST */
+
if (ssl->specs.cipher_type != aead) {
sz = ssl->specs.hash_size;
- XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
+ if (side & PROVISION_CLIENT) {
+ #ifndef WOLFSSL_AEAD_ONLY
+ XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
+ #endif
+ i += sz;
+ }
+ if (side & PROVISION_SERVER) {
+ #ifndef WOLFSSL_AEAD_ONLY
+ XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
+ #endif
+ i += sz;
+ }
+ }
+ sz = ssl->specs.key_size;
+ if (side & PROVISION_CLIENT) {
+ XMEMCPY(keys->client_write_key, &keyData[i], sz);
i += sz;
- XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
+ }
+ if (side & PROVISION_SERVER) {
+ XMEMCPY(keys->server_write_key, &keyData[i], sz);
i += sz;
}
- sz = ssl->specs.key_size;
- XMEMCPY(keys->client_write_key, &keyData[i], sz);
- i += sz;
- XMEMCPY(keys->server_write_key, &keyData[i], sz);
- i += sz;
sz = ssl->specs.iv_size;
- XMEMCPY(keys->client_write_IV, &keyData[i], sz);
- i += sz;
- XMEMCPY(keys->server_write_IV, &keyData[i], sz);
+ if (side & PROVISION_CLIENT) {
+ XMEMCPY(keys->client_write_IV, &keyData[i], sz);
+ i += sz;
+ }
+ if (side & PROVISION_SERVER)
+ XMEMCPY(keys->server_write_IV, &keyData[i], sz);
#ifdef HAVE_AEAD
if (ssl->specs.cipher_type == aead) {
/* Initialize the AES-GCM/CCM explicit IV to a zero. */
- XMEMSET(keys->aead_exp_IV, 0, AEAD_EXP_IV_SZ);
+ XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
}
#endif
@@ -2487,40 +3295,40 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData)
#ifndef NO_OLD_TLS
int DeriveKeys(WOLFSSL* ssl)
{
- int length = 2 * ssl->specs.hash_size +
+ int length = 2 * ssl->specs.hash_size +
2 * ssl->specs.key_size +
2 * ssl->specs.iv_size;
- int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
+ int rounds = (length + WC_MD5_DIGEST_SIZE - 1 ) / WC_MD5_DIGEST_SIZE, i;
int ret = 0;
-
+
#ifdef WOLFSSL_SMALL_STACK
byte* shaOutput;
byte* md5Input;
byte* shaInput;
byte* keyData;
- Md5* md5;
- Sha* sha;
+ wc_Md5* md5;
+ wc_Sha* sha;
#else
- byte shaOutput[SHA_DIGEST_SIZE];
- byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE];
+ byte shaOutput[WC_SHA_DIGEST_SIZE];
+ byte md5Input[SECRET_LEN + WC_SHA_DIGEST_SIZE];
byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
- byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE];
- Md5 md5[1];
- Sha sha[1];
+ byte keyData[KEY_PREFIX * WC_MD5_DIGEST_SIZE];
+ wc_Md5 md5[1];
+ wc_Sha sha[1];
#endif
-
+
#ifdef WOLFSSL_SMALL_STACK
- shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
+ shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
- md5Input = (byte*)XMALLOC(SECRET_LEN + SHA_DIGEST_SIZE,
+ md5Input = (byte*)XMALLOC(SECRET_LEN + WC_SHA_DIGEST_SIZE,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
- keyData = (byte*)XMALLOC(KEY_PREFIX * MD5_DIGEST_SIZE,
+ keyData = (byte*)XMALLOC(KEY_PREFIX * WC_MD5_DIGEST_SIZE,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
+ md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
keyData == NULL || md5 == NULL || sha == NULL) {
if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2529,15 +3337,15 @@ int DeriveKeys(WOLFSSL* ssl)
if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
+
return MEMORY_E;
}
#endif
- wc_InitMd5(md5);
-
- ret = wc_InitSha(sha);
-
+ ret = wc_InitMd5(md5);
+ if (ret == 0) {
+ ret = wc_InitSha(sha);
+ }
if (ret == 0) {
XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
@@ -2555,18 +3363,25 @@ int DeriveKeys(WOLFSSL* ssl)
XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
idx += RAN_LEN;
XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
+ if (ret == 0) {
+ ret = wc_ShaUpdate(sha, shaInput,
+ (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j);
+ }
+ if (ret == 0) {
+ ret = wc_ShaFinal(sha, shaOutput);
+ }
- wc_ShaUpdate(sha, shaInput, (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN)
- - KEY_PREFIX + j);
- wc_ShaFinal(sha, shaOutput);
-
- XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE);
- wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE);
- wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE);
+ XMEMCPY(md5Input + SECRET_LEN, shaOutput, WC_SHA_DIGEST_SIZE);
+ if (ret == 0) {
+ ret = wc_Md5Update(md5, md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE);
+ }
+ if (ret == 0) {
+ ret = wc_Md5Final(md5, keyData + i * WC_MD5_DIGEST_SIZE);
+ }
}
if (ret == 0)
- ret = StoreKeys(ssl, keyData);
+ ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER);
}
#ifdef WOLFSSL_SMALL_STACK
@@ -2596,6 +3411,10 @@ static int CleanPreMaster(WOLFSSL* ssl)
for (i = 0; i < sz; i++)
ssl->arrays->preMasterSecret[i] = 0;
+ XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
+ ssl->arrays->preMasterSecret = NULL;
+ ssl->arrays->preMasterSz = 0;
+
return 0;
}
@@ -2611,14 +3430,14 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
byte* shaOutput;
byte* md5Input;
byte* shaInput;
- Md5* md5;
- Sha* sha;
+ wc_Md5* md5;
+ wc_Sha* sha;
#else
- byte shaOutput[SHA_DIGEST_SIZE];
- byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
+ byte shaOutput[WC_SHA_DIGEST_SIZE];
+ byte md5Input[ENCRYPT_LEN + WC_SHA_DIGEST_SIZE];
byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
- Md5 md5[1];
- Sha sha[1];
+ wc_Md5 md5[1];
+ wc_Sha sha[1];
#endif
#ifdef SHOW_SECRETS
@@ -2630,17 +3449,17 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
printf("\n");
}
#endif
-
+
#ifdef WOLFSSL_SMALL_STACK
- shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
+ shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
- md5Input = (byte*)XMALLOC(ENCRYPT_LEN + SHA_DIGEST_SIZE,
+ md5Input = (byte*)XMALLOC(ENCRYPT_LEN + WC_SHA_DIGEST_SIZE,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
- md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
- sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
+ md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
md5 == NULL || sha == NULL) {
if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2648,15 +3467,15 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
+
return MEMORY_E;
}
#endif
- wc_InitMd5(md5);
-
- ret = wc_InitSha(sha);
-
+ ret = wc_InitMd5(md5);
+ if (ret == 0) {
+ ret = wc_InitSha(sha);
+ }
if (ret == 0) {
XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
@@ -2677,14 +3496,22 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
idx += RAN_LEN;
XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
idx += RAN_LEN;
- wc_ShaUpdate(sha, shaInput, idx);
- wc_ShaFinal(sha, shaOutput);
-
+ if (ret == 0) {
+ ret = wc_ShaUpdate(sha, shaInput, idx);
+ }
+ if (ret == 0) {
+ ret = wc_ShaFinal(sha, shaOutput);
+ }
idx = pmsSz; /* preSz */
- XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
- idx += SHA_DIGEST_SIZE;
- wc_Md5Update(md5, md5Input, idx);
- wc_Md5Final(md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]);
+ XMEMCPY(md5Input + idx, shaOutput, WC_SHA_DIGEST_SIZE);
+ idx += WC_SHA_DIGEST_SIZE;
+ if (ret == 0) {
+ ret = wc_Md5Update(md5, md5Input, idx);
+ }
+ if (ret == 0) {
+ ret = wc_Md5Final(md5,
+ &ssl->arrays->masterSecret[i * WC_MD5_DIGEST_SIZE]);
+ }
}
#ifdef SHOW_SECRETS
@@ -2708,7 +3535,7 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
-
+
if (ret == 0)
ret = CleanPreMaster(ssl);
else
@@ -2722,14 +3549,59 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
/* Master wrapper, doesn't use SSL stack space in TLS mode */
int MakeMasterSecret(WOLFSSL* ssl)
{
-#ifdef NO_OLD_TLS
- return MakeTlsMasterSecret(ssl);
-#elif !defined(NO_TLS)
- if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
+ /* append secret to premaster : premaster | SerSi | CliSi */
+#ifdef HAVE_QSH
+ word32 offset = 0;
+
+ if (ssl->peerQSHKeyPresent) {
+ offset += ssl->arrays->preMasterSz;
+ ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length +
+ ssl->QSH_secret->SerSi->length;
+ /* test and set flag if QSH has been used */
+ if (ssl->QSH_secret->CliSi->length > 0 ||
+ ssl->QSH_secret->SerSi->length > 0)
+ ssl->isQSH = 1;
+
+ /* append secrets to the premaster */
+ if (ssl->QSH_secret->SerSi != NULL) {
+ XMEMCPY(ssl->arrays->preMasterSecret + offset,
+ ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length);
+ }
+ offset += ssl->QSH_secret->SerSi->length;
+ if (ssl->QSH_secret->CliSi != NULL) {
+ XMEMCPY(ssl->arrays->preMasterSecret + offset,
+ ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length);
+ }
+
+ /* show secret SerSi and CliSi */
+ #ifdef SHOW_SECRETS
+ {
+ word32 j;
+ printf("QSH generated secret material\n");
+ printf("SerSi : ");
+ for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) {
+ printf("%02x", ssl->QSH_secret->SerSi->buffer[j]);
+ }
+ printf("\n");
+ printf("CliSi : ");
+ for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) {
+ printf("%02x", ssl->QSH_secret->CliSi->buffer[j]);
+ }
+ printf("\n");
+ }
+ #endif
+ }
#endif
#ifndef NO_OLD_TLS
+ if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
return MakeSslMasterSecret(ssl);
+#elif !defined(WOLFSSL_NO_TLS12)
+ return MakeTlsMasterSecret(ssl);
+#else
+ (void)ssl;
+ return 0;
#endif
}
+#endif /* WOLFCRYPT_ONLY */
View Lorry Controller Status