diff options
Diffstat (limited to 'FreeRTOS-Plus/Source/WolfSSL/src/keys.c')
-rw-r--r-- | FreeRTOS-Plus/Source/WolfSSL/src/keys.c | 2084 |
1 files changed, 1478 insertions, 606 deletions
diff --git a/FreeRTOS-Plus/Source/WolfSSL/src/keys.c b/FreeRTOS-Plus/Source/WolfSSL/src/keys.c index b06debb28..55b2d9bed 100644 --- a/FreeRTOS-Plus/Source/WolfSSL/src/keys.c +++ b/FreeRTOS-Plus/Source/WolfSSL/src/keys.c @@ -1,8 +1,8 @@ /* keys.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + /* Name change compatibility layer no longer needs to be included here */ #ifdef HAVE_CONFIG_H @@ -27,24 +28,27 @@ #include <wolfssl/wolfcrypt/settings.h> +#ifndef WOLFCRYPT_ONLY + #include <wolfssl/internal.h> #include <wolfssl/error-ssl.h> #if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) - #ifdef FREESCALE_MQX - #include <fio.h> - #else + #ifndef NO_STDIO_FILESYSTEM #include <stdio.h> #endif #endif - +#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) + int tsip_useable(const WOLFSSL *ssl); +#endif int SetCipherSpecs(WOLFSSL* ssl) { #ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_CLIENT_END) { /* server side verified before SetCipherSpecs call */ if (VerifyClientSuite(ssl) != 1) { - WOLFSSL_MSG("SetCipherSpecs() client has an unusuable suite"); + WOLFSSL_MSG("SetCipherSpecs() client has an unusable suite"); return UNSUPPORTED_SUITE; } } @@ -52,8 +56,64 @@ int SetCipherSpecs(WOLFSSL* ssl) /* Chacha extensions, 0xcc */ if (ssl->options.cipherSuite0 == CHACHA_BYTE) { - + switch (ssl->options.cipherSuite) { +#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 + case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + ssl->options.oldPoly = 1; /* use old poly1305 padding */ + + break; +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 + case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + ssl->options.oldPoly = 1; /* use old poly1305 padding */ + + break; +#endif + +#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 + case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + ssl->options.oldPoly = 1; /* use old poly1305 padding */ + + break; +#endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; @@ -61,13 +121,14 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = CHACHA20_256_KEY_SIZE; ssl->specs.block_size = CHACHA20_BLOCK_SIZE; ssl->specs.iv_size = CHACHA20_IV_SIZE; ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + ssl->options.oldPoly = 0; /* use recent padding RFC */ break; #endif @@ -79,13 +140,14 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = CHACHA20_256_KEY_SIZE; ssl->specs.block_size = CHACHA20_BLOCK_SIZE; ssl->specs.iv_size = CHACHA20_IV_SIZE; ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + ssl->options.oldPoly = 0; /* use recent padding RFC */ break; #endif @@ -97,28 +159,89 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = CHACHA20_256_KEY_SIZE; ssl->specs.block_size = CHACHA20_BLOCK_SIZE; ssl->specs.iv_size = CHACHA20_IV_SIZE; ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + ssl->options.oldPoly = 0; /* use recent padding RFC */ break; #endif + +#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 + case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + + ssl->options.oldPoly = 0; /* use recent padding RFC */ + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecdhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + + ssl->options.oldPoly = 0; /* use recent padding RFC */ + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + + ssl->options.oldPoly = 0; /* use recent padding RFC */ + ssl->options.usingPSK_cipher = 1; + break; +#endif default: WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha"); return UNSUPPORTED_SUITE; } } - /* ECC extensions, or AES-CCM */ + /* ECC extensions, AES-CCM or TLS 1.3 Integrity-only */ if (ssl->options.cipherSuite0 == ECC_BYTE) { - + switch (ssl->options.cipherSuite) { -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : @@ -127,188 +250,222 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.iv_size = AES_IV_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - break; + + break; #endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : +#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.iv_size = AES_IV_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - break; + + break; #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : +#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; + ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - break; + ssl->specs.iv_size = AES_IV_SIZE; + + break; #endif -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; +#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - break; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = DES3_KEY_SIZE; + ssl->specs.block_size = DES_BLOCK_SIZE; + ssl->specs.iv_size = DES_IV_SIZE; + + break; #endif -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; +#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA + case TLS_ECDHE_RSA_WITH_RC4_128_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - break; + ssl->specs.key_size = RC4_KEY_SIZE; + ssl->specs.iv_size = 0; + ssl->specs.block_size = 0; + + break; #endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : +#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - break; + ssl->specs.iv_size = AES_IV_SIZE; + + break; #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; +#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - break; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + break; #endif -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; +#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; + ssl->specs.cipher_type = aead; ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; + ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - break; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + break; #endif -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : +#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 + case TLS_ECDHE_PSK_WITH_NULL_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecdhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = 0; + ssl->specs.block_size = 0; + ssl->specs.iv_size = 0; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 + case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecdhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; ssl->specs.iv_size = AES_IV_SIZE; + ssl->options.usingPSK_cipher = 1; break; #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : +#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */ + +#if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \ + || (defined(HAVE_CURVE448) && defined(HAVE_ED448)) + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; + ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; + ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; break; #endif -#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; + ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; - ssl->specs.iv_size = DES_IV_SIZE; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; break; #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; + ssl->specs.static_ecdh = 0; ssl->specs.key_size = DES3_KEY_SIZE; ssl->specs.block_size = DES_BLOCK_SIZE; ssl->specs.iv_size = DES_IV_SIZE; @@ -316,14 +473,14 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif -#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - case TLS_ECDHE_RSA_WITH_RC4_128_SHA : +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = RC4_KEY_SIZE; @@ -333,150 +490,227 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA - case TLS_ECDH_RSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; - ssl->specs.cipher_type = stream; +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; - ssl->specs.block_size = 0; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; break; #endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; - ssl->specs.iv_size = DES_IV_SIZE; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; break; #endif -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; - ssl->specs.iv_size = DES_IV_SIZE; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; break; #endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; - ssl->specs.block_size = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; break; #endif -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + + break; +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; + + break; +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 + case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; + + break; +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA + case TLS_ECDHE_ECDSA_WITH_NULL_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; ssl->specs.cipher_type = stream; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = 0; ssl->specs.block_size = 0; + ssl->specs.iv_size = 0; - break; + break; #endif -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : +#endif /* HAVE_ECC || (CURVE25519 && ED25519) || (CURVE448 && ED448) */ + +#if defined(HAVE_ECC) + +#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; + ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; break; #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : +#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; + ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 1; ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; break; #endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; + ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; break; #endif -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : +#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 1; ssl->specs.key_size = AES_128_KEY_SIZE; @@ -486,108 +720,121 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; +#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA + case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = DES3_KEY_SIZE; + ssl->specs.block_size = DES_BLOCK_SIZE; + ssl->specs.iv_size = DES_IV_SIZE; break; #endif -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; +#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA + case TLS_ECDH_RSA_WITH_RC4_128_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = RC4_KEY_SIZE; + ssl->specs.iv_size = 0; + ssl->specs.block_size = 0; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA + case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.key_size = DES3_KEY_SIZE; + ssl->specs.block_size = DES_BLOCK_SIZE; + ssl->specs.iv_size = DES_IV_SIZE; break; #endif -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA + case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = RC4_KEY_SIZE; + ssl->specs.iv_size = 0; + ssl->specs.block_size = 0; break; #endif -#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; +#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; + ssl->specs.static_ecdh = 1; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + ssl->specs.iv_size = AES_IV_SIZE; break; #endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; + ssl->specs.static_ecdh = 1; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + ssl->specs.iv_size = AES_IV_SIZE; break; #endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; + ssl->specs.static_ecdh = 1; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + ssl->specs.iv_size = AES_IV_SIZE; break; #endif @@ -599,12 +846,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 1; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; break; @@ -617,12 +864,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 1; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; break; @@ -635,12 +882,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 1; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; break; @@ -653,52 +900,17 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = ecc_diffie_hellman_kea; ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 1; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; break; #endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; - - break; -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 - case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; - - break; -#endif #endif /* HAVE_ECC */ #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 @@ -708,12 +920,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -726,12 +938,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; break; @@ -744,12 +956,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; ssl->options.usingPSK_cipher = 1; @@ -763,12 +975,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; ssl->options.usingPSK_cipher = 1; @@ -782,12 +994,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; ssl->options.usingPSK_cipher = 1; @@ -801,12 +1013,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; ssl->options.usingPSK_cipher = 1; @@ -820,12 +1032,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = dhe_psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; ssl->options.usingPSK_cipher = 1; @@ -839,25 +1051,164 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = dhe_psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; ssl->options.usingPSK_cipher = 1; break; #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) + #ifdef BUILD_TLS_SHA256_SHA256 + case TLS_SHA256_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = 0; + ssl->specs.sig_algo = 0; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = WC_SHA256_DIGEST_SIZE / 2; + ssl->specs.block_size = 0; + ssl->specs.iv_size = HMAC_NONCE_SZ; + ssl->specs.aead_mac_size = WC_SHA256_DIGEST_SIZE; + + break; + #endif + + #ifdef BUILD_TLS_SHA384_SHA384 + case TLS_SHA384_SHA384 : + ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = 0; + ssl->specs.sig_algo = 0; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = WC_SHA384_DIGEST_SIZE / 2; + ssl->specs.block_size = 0; + ssl->specs.iv_size = HMAC_NONCE_SZ; + ssl->specs.aead_mac_size = WC_SHA384_DIGEST_SIZE; + + break; + #endif +#endif + default: WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC"); return UNSUPPORTED_SUITE; } /* switch */ } /* if */ - if (ssl->options.cipherSuite0 != ECC_BYTE && - ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */ + + /* TLSi v1.3 cipher suites, 0x13 */ + if (ssl->options.cipherSuite0 == TLS13_BYTE) { + switch (ssl->options.cipherSuite) { + +#ifdef WOLFSSL_TLS13 + #ifdef BUILD_TLS_AES_128_GCM_SHA256 + case TLS_AES_128_GCM_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = 0; + ssl->specs.sig_algo = 0; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_NONCE_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + break; + #endif + + #ifdef BUILD_TLS_AES_256_GCM_SHA384 + case TLS_AES_256_GCM_SHA384 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = 0; + ssl->specs.sig_algo = 0; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_NONCE_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + break; + #endif + + #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 + case TLS_CHACHA20_POLY1305_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = 0; + ssl->specs.sig_algo = 0; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + ssl->options.oldPoly = 0; /* use recent padding RFC */ + + break; + #endif + + #ifdef BUILD_TLS_AES_128_CCM_SHA256 + case TLS_AES_128_CCM_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = 0; + ssl->specs.sig_algo = 0; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_NONCE_SZ; + ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + + break; + #endif + + #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 + case TLS_AES_128_CCM_8_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = 0; + ssl->specs.sig_algo = 0; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_NONCE_SZ; + ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; + + break; + #endif +#endif /* WOLFSSL_TLS13 */ + } + } + + if (ssl->options.cipherSuite0 != ECC_BYTE && + ssl->options.cipherSuite0 != CHACHA_BYTE && + ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */ switch (ssl->options.cipherSuite) { #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA @@ -867,7 +1218,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = RC4_KEY_SIZE; @@ -884,7 +1235,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = RC4_KEY_SIZE; @@ -901,7 +1252,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = md5_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = MD5_DIGEST_SIZE; + ssl->specs.hash_size = WC_MD5_DIGEST_SIZE; ssl->specs.pad_size = PAD_MD5; ssl->specs.static_ecdh = 0; ssl->specs.key_size = RC4_KEY_SIZE; @@ -918,7 +1269,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = DES3_KEY_SIZE; @@ -935,7 +1286,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = DES3_KEY_SIZE; @@ -952,7 +1303,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; @@ -969,7 +1320,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; @@ -979,6 +1330,23 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif +#ifdef BUILD_TLS_RSA_WITH_NULL_MD5 + case TLS_RSA_WITH_NULL_MD5 : + ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = md5_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_MD5_DIGEST_SIZE; + ssl->specs.pad_size = PAD_MD5; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = 0; + ssl->specs.block_size = 0; + ssl->specs.iv_size = 0; + + break; +#endif + #ifdef BUILD_TLS_RSA_WITH_NULL_SHA case TLS_RSA_WITH_NULL_SHA : ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; @@ -986,7 +1354,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = 0; @@ -1003,7 +1371,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = 0; @@ -1020,7 +1388,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; @@ -1037,7 +1405,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; @@ -1054,7 +1422,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; @@ -1071,7 +1439,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = ntru_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; @@ -1088,12 +1456,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; ssl->options.usingPSK_cipher = 1; @@ -1107,18 +1475,37 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; ssl->options.usingPSK_cipher = 1; break; #endif +#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 + case TLS_DH_anon_WITH_AES_256_GCM_SHA384: + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + ssl->options.usingAnon_cipher = 1; + break; +#endif + #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; @@ -1126,12 +1513,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = dhe_psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; ssl->options.usingPSK_cipher = 1; @@ -1145,12 +1532,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = dhe_psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; ssl->options.usingPSK_cipher = 1; @@ -1164,7 +1551,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; @@ -1182,7 +1569,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; @@ -1200,7 +1587,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = dhe_psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; @@ -1218,7 +1605,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = dhe_psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; @@ -1236,7 +1623,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; @@ -1254,7 +1641,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; @@ -1272,7 +1659,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = 0; @@ -1290,7 +1677,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = 0; @@ -1308,7 +1695,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = 0; @@ -1326,7 +1713,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = dhe_psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = 0; @@ -1344,7 +1731,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = dhe_psk_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = 0; @@ -1362,7 +1749,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; @@ -1372,6 +1759,23 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif +#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA + case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = DES3_KEY_SIZE; + ssl->specs.block_size = DES_BLOCK_SIZE; + ssl->specs.iv_size = DES_IV_SIZE; + + break; +#endif + #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; @@ -1379,7 +1783,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; @@ -1396,7 +1800,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; @@ -1413,7 +1817,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; @@ -1430,7 +1834,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = md5_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = MD5_DIGEST_SIZE; + ssl->specs.hash_size = WC_MD5_DIGEST_SIZE; ssl->specs.pad_size = PAD_MD5; ssl->specs.static_ecdh = 0; ssl->specs.key_size = HC_128_KEY_SIZE; @@ -1439,7 +1843,7 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif - + #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA case TLS_RSA_WITH_HC_128_SHA : ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; @@ -1447,64 +1851,13 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = HC_128_KEY_SIZE; ssl->specs.block_size = 0; ssl->specs.iv_size = HC_128_IV_SIZE; - - break; -#endif - -#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 - case TLS_RSA_WITH_HC_128_B2B256: - ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = blake2b_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = BLAKE2B_256; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = HC_128_KEY_SIZE; - ssl->specs.block_size = 0; - ssl->specs.iv_size = HC_128_IV_SIZE; - - break; -#endif - -#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - case TLS_RSA_WITH_AES_128_CBC_B2B256: - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = blake2b_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = BLAKE2B_256; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - - break; -#endif -#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 - case TLS_RSA_WITH_AES_256_CBC_B2B256: - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = blake2b_mac; - ssl->specs.kea = rsa_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = BLAKE2B_256; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - break; #endif @@ -1515,7 +1868,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = RABBIT_KEY_SIZE; @@ -1532,12 +1885,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; break; @@ -1550,12 +1903,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; break; @@ -1568,12 +1921,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; break; @@ -1586,12 +1939,12 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha384_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; break; @@ -1604,7 +1957,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; @@ -1613,7 +1966,7 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif - + #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; @@ -1621,7 +1974,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; @@ -1638,7 +1991,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; @@ -1655,7 +2008,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = rsa_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; @@ -1672,7 +2025,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; @@ -1689,7 +2042,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; @@ -1706,7 +2059,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; @@ -1723,7 +2076,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha256_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; @@ -1740,7 +2093,7 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.mac_algorithm = sha_mac; ssl->specs.kea = diffie_hellman_kea; ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = SHA_DIGEST_SIZE; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; ssl->specs.static_ecdh = 0; ssl->specs.key_size = AES_128_KEY_SIZE; @@ -1751,6 +2104,36 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif +#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA + case SSL_RSA_WITH_IDEA_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_idea; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = IDEA_KEY_SIZE; + ssl->specs.block_size = IDEA_BLOCK_SIZE; + ssl->specs.iv_size = IDEA_IV_SIZE; + + break; +#endif + +#ifdef BUILD_WDM_WITH_NULL_SHA256 + case WDM_WITH_NULL_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = no_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + + break; +#endif + default: WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs"); return UNSUPPORTED_SUITE; @@ -1761,13 +2144,23 @@ int SetCipherSpecs(WOLFSSL* ssl) if (ssl->version.major == 3 && ssl->version.minor >= 1) { #ifndef NO_TLS ssl->options.tls = 1; + #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) ssl->hmac = TLS_hmac; - if (ssl->version.minor >= 2) + #endif + if (ssl->version.minor >= 2) { ssl->options.tls1_1 = 1; + if (ssl->version.minor >= 4) + ssl->options.tls1_3 = 1; + } #endif } -#ifdef WOLFSSL_DTLS +#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) + if (IsAtLeastTLSv1_3(ssl->version) || ssl->specs.cipher_type != block) + ssl->options.encThenMac = 0; +#endif + +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_AEAD_ONLY) if (ssl->options.dtls) ssl->hmac = TLS_hmac; #endif @@ -1779,7 +2172,7 @@ int SetCipherSpecs(WOLFSSL* ssl) enum KeyStuff { MASTER_ROUNDS = 3, PREFIX = 3, /* up to three letters for master prefix */ - KEY_PREFIX = 7 /* up to 7 prefix letters for key rounds */ + KEY_PREFIX = 9 /* up to 9 prefix letters for key rounds */ }; @@ -1810,9 +2203,15 @@ static int SetPrefix(byte* sha_input, int idx) case 6: XMEMCPY(sha_input, "GGGGGGG", 7); break; + case 7: + XMEMCPY(sha_input, "HHHHHHHH", 8); + break; + case 8: + XMEMCPY(sha_input, "IIIIIIIII", 9); + break; default: WOLFSSL_MSG("Set Prefix error, bad input"); - return 0; + return 0; } return 1; } @@ -1820,35 +2219,38 @@ static int SetPrefix(byte* sha_input, int idx) static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, - int side, void* heap, int devId) + int side, void* heap, int devId, WC_RNG* rng, int tls13) { + (void)rng; + (void)tls13; + #ifdef BUILD_ARC4 - word32 sz = specs->key_size; if (specs->bulk_cipher_algorithm == wolfssl_rc4) { - if (enc && enc->arc4 == NULL) + word32 sz = specs->key_size; + if (enc && enc->arc4 == NULL) { enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); - if (enc && enc->arc4 == NULL) - return MEMORY_E; - if (dec && dec->arc4 == NULL) + if (enc->arc4 == NULL) + return MEMORY_E; + } + if (dec && dec->arc4 == NULL) { dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); - if (dec && dec->arc4 == NULL) - return MEMORY_E; -#ifdef HAVE_CAVIUM - if (devId != NO_CAVIUM_DEVICE) { - if (enc) { - if (Arc4InitCavium(enc->arc4, devId) != 0) { - WOLFSSL_MSG("Arc4InitCavium failed in SetKeys"); - return CAVIUM_INIT_E; - } + if (dec->arc4 == NULL) + return MEMORY_E; + } + + if (enc) { + if (wc_Arc4Init(enc->arc4, heap, devId) != 0) { + WOLFSSL_MSG("Arc4Init failed in SetKeys"); + return ASYNC_INIT_E; } - if (dec) { - if (Arc4InitCavium(dec->arc4, devId) != 0) { - WOLFSSL_MSG("Arc4InitCavium failed in SetKeys"); - return CAVIUM_INIT_E; - } + } + if (dec) { + if (wc_Arc4Init(dec->arc4, heap, devId) != 0) { + WOLFSSL_MSG("Arc4Init failed in SetKeys"); + return ASYNC_INIT_E; } } -#endif + if (side == WOLFSSL_CLIENT_END) { if (enc) wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz); @@ -1866,10 +2268,18 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (dec) dec->setup = 1; } -#endif +#endif /* BUILD_ARC4 */ + - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + /* Check that the max implicit iv size is suffecient */ + #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */ + #error AEAD_MAX_IMP_SZ is too small for ChaCha20 + #endif + #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */ + #error MAX_WRITE_IV_SZ is too small for ChaCha20 + #endif + if (specs->bulk_cipher_algorithm == wolfssl_chacha) { int chachaRet; if (enc && enc->chacha == NULL) @@ -1887,14 +2297,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key, specs->key_size); XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, - AEAD_IMP_IV_SZ); + CHACHA20_IMP_IV_SZ); if (chachaRet != 0) return chachaRet; } if (dec) { chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key, specs->key_size); XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, - AEAD_IMP_IV_SZ); + CHACHA20_IMP_IV_SZ); if (chachaRet != 0) return chachaRet; } } @@ -1903,14 +2313,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key, specs->key_size); XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, - AEAD_IMP_IV_SZ); + CHACHA20_IMP_IV_SZ); if (chachaRet != 0) return chachaRet; } if (dec) { chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key, specs->key_size); XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, - AEAD_IMP_IV_SZ); + CHACHA20_IMP_IV_SZ); if (chachaRet != 0) return chachaRet; } } @@ -1920,9 +2330,15 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (dec) dec->setup = 1; } -#endif +#endif /* HAVE_CHACHA && HAVE_POLY1305 */ + #ifdef HAVE_HC128 + /* check that buffer sizes are sufficient */ + #if (MAX_WRITE_IV_SZ < 16) /* HC_128_IV_SIZE */ + #error MAX_WRITE_IV_SZ too small for HC128 + #endif + if (specs->bulk_cipher_algorithm == wolfssl_hc128) { int hcRet; if (enc && enc->hc128 == NULL) @@ -1964,9 +2380,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (dec) dec->setup = 1; } -#endif - +#endif /* HAVE_HC128 */ + #ifdef BUILD_RABBIT + /* check that buffer sizes are sufficient */ + #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */ + #error MAX_WRITE_IV_SZ too small for RABBIT + #endif + if (specs->bulk_cipher_algorithm == wolfssl_rabbit) { int rabRet; if (enc && enc->rabbit == NULL) @@ -2008,36 +2429,45 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (dec) dec->setup = 1; } -#endif - +#endif /* BUILD_RABBIT */ + #ifdef BUILD_DES3 + /* check that buffer sizes are sufficient */ + #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */ + #error MAX_WRITE_IV_SZ too small for 3DES + #endif + if (specs->bulk_cipher_algorithm == wolfssl_triple_des) { int desRet = 0; - if (enc && enc->des3 == NULL) - enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); - if (enc && enc->des3 == NULL) - return MEMORY_E; - if (dec && dec->des3 == NULL) - dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); - if (dec && dec->des3 == NULL) - return MEMORY_E; -#ifdef HAVE_CAVIUM - if (devId != NO_CAVIUM_DEVICE) { - if (enc) { - if (Des3_InitCavium(enc->des3, devId) != 0) { - WOLFSSL_MSG("Des3_InitCavium failed in SetKeys"); - return CAVIUM_INIT_E; - } + if (enc) { + if (enc->des3 == NULL) + enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); + if (enc->des3 == NULL) + return MEMORY_E; + XMEMSET(enc->des3, 0, sizeof(Des3)); + } + if (dec) { + if (dec->des3 == NULL) + dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); + if (dec->des3 == NULL) + return MEMORY_E; + XMEMSET(dec->des3, 0, sizeof(Des3)); + } + + if (enc) { + if (wc_Des3Init(enc->des3, heap, devId) != 0) { + WOLFSSL_MSG("Des3Init failed in SetKeys"); + return ASYNC_INIT_E; } - if (dec) { - if (Des3_InitCavium(dec->des3, devId) != 0) { - WOLFSSL_MSG("Des3_InitCavium failed in SetKeys"); - return CAVIUM_INIT_E; - } + } + if (dec) { + if (wc_Des3Init(dec->des3, heap, devId) != 0) { + WOLFSSL_MSG("Des3Init failed in SetKeys"); + return ASYNC_INIT_E; } } -#endif + if (side == WOLFSSL_CLIENT_END) { if (enc) { desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key, @@ -2067,36 +2497,44 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (dec) dec->setup = 1; } -#endif +#endif /* BUILD_DES3 */ #ifdef BUILD_AES + /* check that buffer sizes are sufficient */ + #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */ + #error MAX_WRITE_IV_SZ too small for AES + #endif + if (specs->bulk_cipher_algorithm == wolfssl_aes) { int aesRet = 0; - if (enc && enc->aes == NULL) - enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); - if (enc && enc->aes == NULL) - return MEMORY_E; - if (dec && dec->aes == NULL) - dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); - if (dec && dec->aes == NULL) - return MEMORY_E; -#ifdef HAVE_CAVIUM - if (devId != NO_CAVIUM_DEVICE) { - if (enc) { - if (wc_AesInitCavium(enc->aes, devId) != 0) { - WOLFSSL_MSG("AesInitCavium failed in SetKeys"); - return CAVIUM_INIT_E; - } + if (enc) { + if (enc->aes == NULL) + enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); + if (enc->aes == NULL) + return MEMORY_E; + XMEMSET(enc->aes, 0, sizeof(Aes)); + } + if (dec) { + if (dec->aes == NULL) + dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); + if (dec->aes == NULL) + return MEMORY_E; + XMEMSET(dec->aes, 0, sizeof(Aes)); + } + if (enc) { + if (wc_AesInit(enc->aes, heap, devId) != 0) { + WOLFSSL_MSG("AesInit failed in SetKeys"); + return ASYNC_INIT_E; } - if (dec) { - if (wc_AesInitCavium(dec->aes, devId) != 0) { - WOLFSSL_MSG("AesInitCavium failed in SetKeys"); - return CAVIUM_INIT_E; - } + } + if (dec) { + if (wc_AesInit(dec->aes, heap, devId) != 0) { + WOLFSSL_MSG("AesInit failed in SetKeys"); + return ASYNC_INIT_E; } } -#endif + if (side == WOLFSSL_CLIENT_END) { if (enc) { aesRet = wc_AesSetKey(enc->aes, keys->client_write_key, @@ -2130,20 +2568,50 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (dec) dec->setup = 1; } -#endif +#endif /* BUILD_AES */ #ifdef BUILD_AESGCM + /* check that buffer sizes are sufficient */ + #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */ + #error AEAD_MAX_IMP_SZ too small for AESGCM + #endif + #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */ + #error AEAD_MAX_EXP_SZ too small for AESGCM + #endif + #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */ + #error MAX_WRITE_IV_SZ too small for AESGCM + #endif + if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) { int gcmRet; - if (enc && enc->aes == NULL) - enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); - if (enc && enc->aes == NULL) - return MEMORY_E; - if (dec && dec->aes == NULL) - dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); - if (dec && dec->aes == NULL) - return MEMORY_E; + if (enc) { + if (enc->aes == NULL) + enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); + if (enc->aes == NULL) + return MEMORY_E; + XMEMSET(enc->aes, 0, sizeof(Aes)); + } + if (dec) { + if (dec->aes == NULL) + dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); + if (dec->aes == NULL) + return MEMORY_E; + XMEMSET(dec->aes, 0, sizeof(Aes)); + } + + if (enc) { + if (wc_AesInit(enc->aes, heap, devId) != 0) { + WOLFSSL_MSG("AesInit failed in SetKeys"); + return ASYNC_INIT_E; + } + } + if (dec) { + if (wc_AesInit(dec->aes, heap, devId) != 0) { + WOLFSSL_MSG("AesInit failed in SetKeys"); + return ASYNC_INIT_E; + } + } if (side == WOLFSSL_CLIENT_END) { if (enc) { @@ -2151,14 +2619,23 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, specs->key_size); if (gcmRet != 0) return gcmRet; XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, - AEAD_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); +#if !defined(NO_PUBLIC_GCM_SET_IV) && \ + ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + if (!tls13) { + gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ, + keys->client_write_IV, AESGCM_IMP_IV_SZ, rng); + if (gcmRet != 0) return gcmRet; + } +#endif } if (dec) { gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key, specs->key_size); if (gcmRet != 0) return gcmRet; XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, - AEAD_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } } else { @@ -2167,14 +2644,23 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, specs->key_size); if (gcmRet != 0) return gcmRet; XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, - AEAD_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); +#if !defined(NO_PUBLIC_GCM_SET_IV) && \ + ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + if (!tls13) { + gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ, + keys->server_write_IV, AESGCM_IMP_IV_SZ, rng); + if (gcmRet != 0) return gcmRet; + } +#endif } if (dec) { gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size); if (gcmRet != 0) return gcmRet; XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, - AEAD_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } } if (enc) @@ -2182,41 +2668,107 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (dec) dec->setup = 1; } -#endif +#endif /* BUILD_AESGCM */ #ifdef HAVE_AESCCM + /* check that buffer sizes are sufficient (CCM is same size as GCM) */ + #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */ + #error AEAD_MAX_IMP_SZ too small for AESCCM + #endif + #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */ + #error AEAD_MAX_EXP_SZ too small for AESCCM + #endif + #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */ + #error MAX_WRITE_IV_SZ too small for AESCCM + #endif + if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) { - if (enc && enc->aes == NULL) - enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); - if (enc && enc->aes == NULL) - return MEMORY_E; - if (dec && dec->aes == NULL) - dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); - if (dec && dec->aes == NULL) - return MEMORY_E; + int CcmRet; + + if (enc) { + if (enc->aes == NULL) + enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); + if (enc->aes == NULL) + return MEMORY_E; + XMEMSET(enc->aes, 0, sizeof(Aes)); + } + if (dec) { + if (dec->aes == NULL) + dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); + if (dec->aes == NULL) + return MEMORY_E; + XMEMSET(dec->aes, 0, sizeof(Aes)); + } + + if (enc) { + if (wc_AesInit(enc->aes, heap, devId) != 0) { + WOLFSSL_MSG("AesInit failed in SetKeys"); + return ASYNC_INIT_E; + } + } + if (dec) { + if (wc_AesInit(dec->aes, heap, devId) != 0) { + WOLFSSL_MSG("AesInit failed in SetKeys"); + return ASYNC_INIT_E; + } + } if (side == WOLFSSL_CLIENT_END) { if (enc) { - wc_AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size); + CcmRet = wc_AesCcmSetKey(enc->aes, keys->client_write_key, + specs->key_size); + if (CcmRet != 0) { + return CcmRet; + } XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, - AEAD_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); +#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \ + ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + if (!tls13) { + CcmRet = wc_AesCcmSetNonce(enc->aes, keys->client_write_IV, + AEAD_MAX_IMP_SZ); + if (CcmRet != 0) return CcmRet; + } +#endif } if (dec) { - wc_AesCcmSetKey(dec->aes, keys->server_write_key, specs->key_size); + CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key, + specs->key_size); + if (CcmRet != 0) { + return CcmRet; + } XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, - AEAD_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } } else { if (enc) { - wc_AesCcmSetKey(enc->aes, keys->server_write_key, specs->key_size); + CcmRet = wc_AesCcmSetKey(enc->aes, keys->server_write_key, + specs->key_size); + if (CcmRet != 0) { + return CcmRet; + } XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, - AEAD_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); +#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \ + ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + if (!tls13) { + CcmRet = wc_AesCcmSetNonce(enc->aes, keys->server_write_IV, + AEAD_MAX_IMP_SZ); + if (CcmRet != 0) return CcmRet; + } +#endif } if (dec) { - wc_AesCcmSetKey(dec->aes, keys->client_write_key, specs->key_size); + CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key, + specs->key_size); + if (CcmRet != 0) { + return CcmRet; + } XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, - AEAD_IMP_IV_SZ); + AEAD_MAX_IMP_SZ); } } if (enc) @@ -2224,9 +2776,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (dec) dec->setup = 1; } -#endif +#endif /* HAVE_AESCCM */ #ifdef HAVE_CAMELLIA + /* check that buffer sizes are sufficient */ + #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */ + #error MAX_WRITE_IV_SZ too small for CAMELLIA + #endif + if (specs->bulk_cipher_algorithm == wolfssl_camellia) { int camRet; @@ -2271,10 +2828,133 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (dec) dec->setup = 1; } -#endif +#endif /* HAVE_CAMELLIA */ + +#ifdef HAVE_IDEA + /* check that buffer sizes are sufficient */ + #if (MAX_WRITE_IV_SZ < 8) /* IDEA_IV_SIZE */ + #error MAX_WRITE_IV_SZ too small for IDEA + #endif + + if (specs->bulk_cipher_algorithm == wolfssl_idea) { + int ideaRet; + + if (enc && enc->idea == NULL) + enc->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER); + if (enc && enc->idea == NULL) + return MEMORY_E; + + if (dec && dec->idea == NULL) + dec->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER); + if (dec && dec->idea == NULL) + return MEMORY_E; + + if (side == WOLFSSL_CLIENT_END) { + if (enc) { + ideaRet = wc_IdeaSetKey(enc->idea, keys->client_write_key, + specs->key_size, keys->client_write_IV, + IDEA_ENCRYPTION); + if (ideaRet != 0) return ideaRet; + } + if (dec) { + ideaRet = wc_IdeaSetKey(dec->idea, keys->server_write_key, + specs->key_size, keys->server_write_IV, + IDEA_DECRYPTION); + if (ideaRet != 0) return ideaRet; + } + } + else { + if (enc) { + ideaRet = wc_IdeaSetKey(enc->idea, keys->server_write_key, + specs->key_size, keys->server_write_IV, + IDEA_ENCRYPTION); + if (ideaRet != 0) return ideaRet; + } + if (dec) { + ideaRet = wc_IdeaSetKey(dec->idea, keys->client_write_key, + specs->key_size, keys->client_write_IV, + IDEA_DECRYPTION); + if (ideaRet != 0) return ideaRet; + } + } + if (enc) + enc->setup = 1; + if (dec) + dec->setup = 1; + } +#endif /* HAVE_IDEA */ #ifdef HAVE_NULL_CIPHER if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) { + #ifdef WOLFSSL_TLS13 + if (tls13) { + int hmacRet; + int hashType = WC_HASH_TYPE_NONE; + + switch (specs->mac_algorithm) { + case sha256_mac: + hashType = WC_SHA256; + break; + case sha384_mac: + hashType = WC_SHA384; + break; + default: + break; + } + + if (enc && enc->hmac == NULL) { + enc->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, + DYNAMIC_TYPE_CIPHER); + if (enc->hmac == NULL) + return MEMORY_E; + } + + if (dec && dec->hmac == NULL) { + dec->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, + DYNAMIC_TYPE_CIPHER); + if (dec->hmac == NULL) + return MEMORY_E; + } + + if (enc) { + if (wc_HmacInit(enc->hmac, heap, devId) != 0) { + WOLFSSL_MSG("HmacInit failed in SetKeys"); + return ASYNC_INIT_E; + } + } + if (dec) { + if (wc_HmacInit(dec->hmac, heap, devId) != 0) { + WOLFSSL_MSG("HmacInit failed in SetKeys"); + return ASYNC_INIT_E; + } + } + + if (side == WOLFSSL_CLIENT_END) { + if (enc) { + hmacRet = wc_HmacSetKey(enc->hmac, hashType, + keys->client_write_key, specs->key_size); + if (hmacRet != 0) return hmacRet; + } + if (dec) { + hmacRet = wc_HmacSetKey(dec->hmac, hashType, + keys->server_write_key, specs->key_size); + if (hmacRet != 0) return hmacRet; + } + } + else { + if (enc) { + hmacRet = wc_HmacSetKey(enc->hmac, hashType, + keys->server_write_key, specs->key_size); + if (hmacRet != 0) return hmacRet; + } + if (dec) { + hmacRet = wc_HmacSetKey(dec->hmac, hashType, + keys->client_write_key, specs->key_size); + if (hmacRet != 0) return hmacRet; + } + } + } + #endif if (enc) enc->setup = 1; if (dec) @@ -2282,10 +2962,14 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, } #endif - if (enc) - keys->sequence_number = 0; - if (dec) - keys->peer_sequence_number = 0; + if (enc) { + keys->sequence_number_hi = 0; + keys->sequence_number_lo = 0; + } + if (dec) { + keys->peer_sequence_number_hi = 0; + keys->peer_sequence_number_lo = 0; + } (void)side; (void)heap; (void)enc; @@ -2313,6 +2997,7 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys, if (authentication) authentication->setup = 1; #endif + (void)authentication; (void)heap; (void)keys; (void)specs; @@ -2322,6 +3007,40 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys, } #endif /* HAVE_ONE_TIME_AUTH */ +#ifdef HAVE_SECURE_RENEGOTIATION +/* function name is for cache_status++ + * This function was added because of error incrementing enum type when + * compiling with a C++ compiler. + */ +static void CacheStatusPP(SecureRenegotiation* cache) +{ + switch (cache->cache_status) { + case SCR_CACHE_NULL: + cache->cache_status = SCR_CACHE_NEEDED; + break; + + case SCR_CACHE_NEEDED: + cache->cache_status = SCR_CACHE_COPY; + break; + + case SCR_CACHE_COPY: + cache->cache_status = SCR_CACHE_PARTIAL; + break; + + case SCR_CACHE_PARTIAL: + cache->cache_status = SCR_CACHE_COMPLETE; + break; + + case SCR_CACHE_COMPLETE: + WOLFSSL_MSG("SCR Cache state Complete"); + break; + + default: + WOLFSSL_MSG("Unknown cache state!!"); + } +} +#endif /* HAVE_SECURE_RENEGOTIATION */ + /* Set wc_encrypt/wc_decrypt or both sides of key setup * note: use wc_encrypt to avoid shadowing global encrypt @@ -2329,17 +3048,13 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys, */ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) { - int devId = NO_CAVIUM_DEVICE, ret, copy = 0; + int ret, copy = 0; Ciphers* wc_encrypt = NULL; Ciphers* wc_decrypt = NULL; Keys* keys = &ssl->keys; (void)copy; -#ifdef HAVE_CAVIUM - devId = ssl->devId; -#endif - #ifdef HAVE_SECURE_RENEGOTIATION if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) { keys = &ssl->secure_renegotiation->tmp_keys; @@ -2349,14 +3064,48 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) switch (side) { case ENCRYPT_SIDE_ONLY: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Provisioning ENCRYPT key"); + if (ssl->options.side == WOLFSSL_CLIENT_END) { + WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size); + } + else { + WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size); + } +#endif wc_encrypt = &ssl->encrypt; break; case DECRYPT_SIDE_ONLY: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Provisioning DECRYPT key"); + if (ssl->options.side == WOLFSSL_CLIENT_END) { + WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size); + } + else { + WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size); + } +#endif wc_decrypt = &ssl->decrypt; break; case ENCRYPT_AND_DECRYPT_SIDE: +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Provisioning ENCRYPT key"); + if (ssl->options.side == WOLFSSL_CLIENT_END) { + WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size); + } + else { + WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size); + } + WOLFSSL_MSG("Provisioning DECRYPT key"); + if (ssl->options.side == WOLFSSL_CLIENT_END) { + WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size); + } + else { + WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size); + } +#endif wc_encrypt = &ssl->encrypt; wc_decrypt = &ssl->decrypt; break; @@ -2367,14 +3116,21 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) #ifdef HAVE_ONE_TIME_AUTH if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){ - ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, devId); + ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, ssl->devId); if (ret != 0) return ret; } #endif +#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ + !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) + /* check if keys for TSIP has been created */ + if (tsip_useable(ssl) == 1) + ret = 0; + else +#endif ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side, - ssl->heap, devId); + ssl->heap, ssl->devId, ssl->rng, ssl->options.tls1_3); #ifdef HAVE_SECURE_RENEGOTIATION if (copy) { @@ -2386,55 +3142,61 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) clientCopy = 1; if (clientCopy) { + #ifndef WOLFSSL_AEAD_ONLY XMEMCPY(ssl->keys.client_write_MAC_secret, - keys->client_write_MAC_secret, MAX_DIGEST_SIZE); + keys->client_write_MAC_secret, WC_MAX_DIGEST_SIZE); + #endif XMEMCPY(ssl->keys.client_write_key, keys->client_write_key, AES_256_KEY_SIZE); XMEMCPY(ssl->keys.client_write_IV, - keys->client_write_IV, AES_IV_SIZE); + keys->client_write_IV, MAX_WRITE_IV_SZ); } else { + #ifndef WOLFSSL_AEAD_ONLY XMEMCPY(ssl->keys.server_write_MAC_secret, - keys->server_write_MAC_secret, MAX_DIGEST_SIZE); + keys->server_write_MAC_secret, WC_MAX_DIGEST_SIZE); + #endif XMEMCPY(ssl->keys.server_write_key, keys->server_write_key, AES_256_KEY_SIZE); XMEMCPY(ssl->keys.server_write_IV, - keys->server_write_IV, AES_IV_SIZE); + keys->server_write_IV, MAX_WRITE_IV_SZ); } if (wc_encrypt) { - ssl->keys.sequence_number = keys->sequence_number; + ssl->keys.sequence_number_hi = keys->sequence_number_hi; + ssl->keys.sequence_number_lo = keys->sequence_number_lo; #ifdef HAVE_AEAD if (ssl->specs.cipher_type == aead) { /* Initialize the AES-GCM/CCM explicit IV to a zero. */ XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV, - AEAD_EXP_IV_SZ); + AEAD_MAX_EXP_SZ); /* Initialize encrypt implicit IV by encrypt side */ if (ssl->options.side == WOLFSSL_CLIENT_END) { XMEMCPY(ssl->keys.aead_enc_imp_IV, - keys->client_write_IV, AEAD_IMP_IV_SZ); + keys->client_write_IV, AEAD_MAX_IMP_SZ); } else { XMEMCPY(ssl->keys.aead_enc_imp_IV, - keys->server_write_IV, AEAD_IMP_IV_SZ); + keys->server_write_IV, AEAD_MAX_IMP_SZ); } } #endif } if (wc_decrypt) { - ssl->keys.peer_sequence_number = keys->peer_sequence_number; + ssl->keys.peer_sequence_number_hi = keys->peer_sequence_number_hi; + ssl->keys.peer_sequence_number_lo = keys->peer_sequence_number_lo; #ifdef HAVE_AEAD if (ssl->specs.cipher_type == aead) { /* Initialize decrypt implicit IV by decrypt side */ if (ssl->options.side == WOLFSSL_SERVER_END) { XMEMCPY(ssl->keys.aead_dec_imp_IV, - keys->client_write_IV, AEAD_IMP_IV_SZ); + keys->client_write_IV, AEAD_MAX_IMP_SZ); } else { XMEMCPY(ssl->keys.aead_dec_imp_IV, - keys->server_write_IV, AEAD_IMP_IV_SZ); + keys->server_write_IV, AEAD_MAX_IMP_SZ); } } #endif } - ssl->secure_renegotiation->cache_status++; + CacheStatusPP(ssl->secure_renegotiation); } #endif /* HAVE_SECURE_RENEGOTIATION */ @@ -2443,7 +3205,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) /* TLS can call too */ -int StoreKeys(WOLFSSL* ssl, const byte* keyData) +int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side) { int sz, i = 0; Keys* keys = &ssl->keys; @@ -2452,32 +3214,78 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData) if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status == SCR_CACHE_NEEDED) { keys = &ssl->secure_renegotiation->tmp_keys; - ssl->secure_renegotiation->cache_status++; + CacheStatusPP(ssl->secure_renegotiation); } #endif /* HAVE_SECURE_RENEGOTIATION */ +#ifdef WOLFSSL_MULTICAST + if (ssl->options.haveMcast) { + /* Use the same keys for encrypt and decrypt. */ + if (ssl->specs.cipher_type != aead) { + sz = ssl->specs.hash_size; + #ifndef WOLFSSL_AEAD_ONLY + XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz); + XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz); + #endif + i += sz; + } + sz = ssl->specs.key_size; + XMEMCPY(keys->client_write_key, &keyData[i], sz); + XMEMCPY(keys->server_write_key, &keyData[i], sz); + i += sz; + + sz = ssl->specs.iv_size; + XMEMCPY(keys->client_write_IV, &keyData[i], sz); + XMEMCPY(keys->server_write_IV, &keyData[i], sz); + +#ifdef HAVE_AEAD + if (ssl->specs.cipher_type == aead) { + /* Initialize the AES-GCM/CCM explicit IV to a zero. */ + XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ); + } +#endif /* HAVE_AEAD */ + + return 0; + } +#endif /* WOLFSSL_MULTICAST */ + if (ssl->specs.cipher_type != aead) { sz = ssl->specs.hash_size; - XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz); + if (side & PROVISION_CLIENT) { + #ifndef WOLFSSL_AEAD_ONLY + XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz); + #endif + i += sz; + } + if (side & PROVISION_SERVER) { + #ifndef WOLFSSL_AEAD_ONLY + XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz); + #endif + i += sz; + } + } + sz = ssl->specs.key_size; + if (side & PROVISION_CLIENT) { + XMEMCPY(keys->client_write_key, &keyData[i], sz); i += sz; - XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz); + } + if (side & PROVISION_SERVER) { + XMEMCPY(keys->server_write_key, &keyData[i], sz); i += sz; } - sz = ssl->specs.key_size; - XMEMCPY(keys->client_write_key, &keyData[i], sz); - i += sz; - XMEMCPY(keys->server_write_key, &keyData[i], sz); - i += sz; sz = ssl->specs.iv_size; - XMEMCPY(keys->client_write_IV, &keyData[i], sz); - i += sz; - XMEMCPY(keys->server_write_IV, &keyData[i], sz); + if (side & PROVISION_CLIENT) { + XMEMCPY(keys->client_write_IV, &keyData[i], sz); + i += sz; + } + if (side & PROVISION_SERVER) + XMEMCPY(keys->server_write_IV, &keyData[i], sz); #ifdef HAVE_AEAD if (ssl->specs.cipher_type == aead) { /* Initialize the AES-GCM/CCM explicit IV to a zero. */ - XMEMSET(keys->aead_exp_IV, 0, AEAD_EXP_IV_SZ); + XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ); } #endif @@ -2487,40 +3295,40 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData) #ifndef NO_OLD_TLS int DeriveKeys(WOLFSSL* ssl) { - int length = 2 * ssl->specs.hash_size + + int length = 2 * ssl->specs.hash_size + 2 * ssl->specs.key_size + 2 * ssl->specs.iv_size; - int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i; + int rounds = (length + WC_MD5_DIGEST_SIZE - 1 ) / WC_MD5_DIGEST_SIZE, i; int ret = 0; - + #ifdef WOLFSSL_SMALL_STACK byte* shaOutput; byte* md5Input; byte* shaInput; byte* keyData; - Md5* md5; - Sha* sha; + wc_Md5* md5; + wc_Sha* sha; #else - byte shaOutput[SHA_DIGEST_SIZE]; - byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE]; + byte shaOutput[WC_SHA_DIGEST_SIZE]; + byte md5Input[SECRET_LEN + WC_SHA_DIGEST_SIZE]; byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN]; - byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE]; - Md5 md5[1]; - Sha sha[1]; + byte keyData[KEY_PREFIX * WC_MD5_DIGEST_SIZE]; + wc_Md5 md5[1]; + wc_Sha sha[1]; #endif - + #ifdef WOLFSSL_SMALL_STACK - shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE, + shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - md5Input = (byte*)XMALLOC(SECRET_LEN + SHA_DIGEST_SIZE, + md5Input = (byte*)XMALLOC(SECRET_LEN + WC_SHA_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); - keyData = (byte*)XMALLOC(KEY_PREFIX * MD5_DIGEST_SIZE, + keyData = (byte*)XMALLOC(KEY_PREFIX * WC_MD5_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); - sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); - + md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); + sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || keyData == NULL || md5 == NULL || sha == NULL) { if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2529,15 +3337,15 @@ int DeriveKeys(WOLFSSL* ssl) if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); - + return MEMORY_E; } #endif - wc_InitMd5(md5); - - ret = wc_InitSha(sha); - + ret = wc_InitMd5(md5); + if (ret == 0) { + ret = wc_InitSha(sha); + } if (ret == 0) { XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN); @@ -2555,18 +3363,25 @@ int DeriveKeys(WOLFSSL* ssl) XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); idx += RAN_LEN; XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); + if (ret == 0) { + ret = wc_ShaUpdate(sha, shaInput, + (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j); + } + if (ret == 0) { + ret = wc_ShaFinal(sha, shaOutput); + } - wc_ShaUpdate(sha, shaInput, (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - - KEY_PREFIX + j); - wc_ShaFinal(sha, shaOutput); - - XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE); - wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE); - wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE); + XMEMCPY(md5Input + SECRET_LEN, shaOutput, WC_SHA_DIGEST_SIZE); + if (ret == 0) { + ret = wc_Md5Update(md5, md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE); + } + if (ret == 0) { + ret = wc_Md5Final(md5, keyData + i * WC_MD5_DIGEST_SIZE); + } } if (ret == 0) - ret = StoreKeys(ssl, keyData); + ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER); } #ifdef WOLFSSL_SMALL_STACK @@ -2596,6 +3411,10 @@ static int CleanPreMaster(WOLFSSL* ssl) for (i = 0; i < sz; i++) ssl->arrays->preMasterSecret[i] = 0; + XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET); + ssl->arrays->preMasterSecret = NULL; + ssl->arrays->preMasterSz = 0; + return 0; } @@ -2611,14 +3430,14 @@ static int MakeSslMasterSecret(WOLFSSL* ssl) byte* shaOutput; byte* md5Input; byte* shaInput; - Md5* md5; - Sha* sha; + wc_Md5* md5; + wc_Sha* sha; #else - byte shaOutput[SHA_DIGEST_SIZE]; - byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE]; + byte shaOutput[WC_SHA_DIGEST_SIZE]; + byte md5Input[ENCRYPT_LEN + WC_SHA_DIGEST_SIZE]; byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN]; - Md5 md5[1]; - Sha sha[1]; + wc_Md5 md5[1]; + wc_Sha sha[1]; #endif #ifdef SHOW_SECRETS @@ -2630,17 +3449,17 @@ static int MakeSslMasterSecret(WOLFSSL* ssl) printf("\n"); } #endif - + #ifdef WOLFSSL_SMALL_STACK - shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE, + shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - md5Input = (byte*)XMALLOC(ENCRYPT_LEN + SHA_DIGEST_SIZE, + md5Input = (byte*)XMALLOC(ENCRYPT_LEN + WC_SHA_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); - md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); - sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); - + md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); + sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || md5 == NULL || sha == NULL) { if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2648,15 +3467,15 @@ static int MakeSslMasterSecret(WOLFSSL* ssl) if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); - + return MEMORY_E; } #endif - wc_InitMd5(md5); - - ret = wc_InitSha(sha); - + ret = wc_InitMd5(md5); + if (ret == 0) { + ret = wc_InitSha(sha); + } if (ret == 0) { XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz); @@ -2677,14 +3496,22 @@ static int MakeSslMasterSecret(WOLFSSL* ssl) idx += RAN_LEN; XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); idx += RAN_LEN; - wc_ShaUpdate(sha, shaInput, idx); - wc_ShaFinal(sha, shaOutput); - + if (ret == 0) { + ret = wc_ShaUpdate(sha, shaInput, idx); + } + if (ret == 0) { + ret = wc_ShaFinal(sha, shaOutput); + } idx = pmsSz; /* preSz */ - XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE); - idx += SHA_DIGEST_SIZE; - wc_Md5Update(md5, md5Input, idx); - wc_Md5Final(md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]); + XMEMCPY(md5Input + idx, shaOutput, WC_SHA_DIGEST_SIZE); + idx += WC_SHA_DIGEST_SIZE; + if (ret == 0) { + ret = wc_Md5Update(md5, md5Input, idx); + } + if (ret == 0) { + ret = wc_Md5Final(md5, + &ssl->arrays->masterSecret[i * WC_MD5_DIGEST_SIZE]); + } } #ifdef SHOW_SECRETS @@ -2708,7 +3535,7 @@ static int MakeSslMasterSecret(WOLFSSL* ssl) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - + if (ret == 0) ret = CleanPreMaster(ssl); else @@ -2722,14 +3549,59 @@ static int MakeSslMasterSecret(WOLFSSL* ssl) /* Master wrapper, doesn't use SSL stack space in TLS mode */ int MakeMasterSecret(WOLFSSL* ssl) { -#ifdef NO_OLD_TLS - return MakeTlsMasterSecret(ssl); -#elif !defined(NO_TLS) - if (ssl->options.tls) return MakeTlsMasterSecret(ssl); + /* append secret to premaster : premaster | SerSi | CliSi */ +#ifdef HAVE_QSH + word32 offset = 0; + + if (ssl->peerQSHKeyPresent) { + offset += ssl->arrays->preMasterSz; + ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length + + ssl->QSH_secret->SerSi->length; + /* test and set flag if QSH has been used */ + if (ssl->QSH_secret->CliSi->length > 0 || + ssl->QSH_secret->SerSi->length > 0) + ssl->isQSH = 1; + + /* append secrets to the premaster */ + if (ssl->QSH_secret->SerSi != NULL) { + XMEMCPY(ssl->arrays->preMasterSecret + offset, + ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length); + } + offset += ssl->QSH_secret->SerSi->length; + if (ssl->QSH_secret->CliSi != NULL) { + XMEMCPY(ssl->arrays->preMasterSecret + offset, + ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length); + } + + /* show secret SerSi and CliSi */ + #ifdef SHOW_SECRETS + { + word32 j; + printf("QSH generated secret material\n"); + printf("SerSi : "); + for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) { + printf("%02x", ssl->QSH_secret->SerSi->buffer[j]); + } + printf("\n"); + printf("CliSi : "); + for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) { + printf("%02x", ssl->QSH_secret->CliSi->buffer[j]); + } + printf("\n"); + } + #endif + } #endif #ifndef NO_OLD_TLS + if (ssl->options.tls) return MakeTlsMasterSecret(ssl); return MakeSslMasterSecret(ssl); +#elif !defined(WOLFSSL_NO_TLS12) + return MakeTlsMasterSecret(ssl); +#else + (void)ssl; + return 0; #endif } +#endif /* WOLFCRYPT_ONLY */ |