Merge branch 'ccm'

This commit is contained in:
John Safranek 2013-03-22 17:29:30 -07:00
commit 436a51a0d7
9 changed files with 280 additions and 110 deletions

View File

@ -174,8 +174,8 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
#endif
#if defined (HAVE_AESCCM)
#define BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
#define BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
#endif
#endif
@ -209,6 +209,10 @@ void c32to24(word32 in, word24 out);
#endif
#ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
#ifdef HAVE_AESCCM
#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
#endif
#endif
#endif
@ -309,8 +313,8 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
#endif
#if defined (HAVE_AESCCM)
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
#endif
#endif
#if !defined(NO_RC4)
@ -475,10 +479,14 @@ enum {
* also, in some of the other AES-CCM suites
* there will be second byte number conflicts
* with non-ECC AES-GCM */
TLS_RSA_WITH_AES_128_CCM_8_SHA256 = 0xa0,
TLS_RSA_WITH_AES_256_CCM_8_SHA384 = 0xa1,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 = 0xac, /* Still TBD, made up */
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 = 0xad, /* Still TBD, made up */
TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xc6, /* Still TBD, made up */
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xc7, /* Still TBD, made up */
TLS_PSK_WITH_AES_128_CCM = 0xa4,
TLS_PSK_WITH_AES_256_CCM = 0xa5,
TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
@ -592,7 +600,7 @@ enum Misc {
MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
MAX_PRF_HALF = 128, /* Maximum half secret len */
MAX_PRF_LABSEED = 80, /* Maximum label + seed len */
MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
MAX_PRF_DIG = 224, /* Maximum digest len */
MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
@ -611,12 +619,15 @@ enum Misc {
AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
AEAD_AUTH_TAG_SZ = 16, /* Size of the authentication tag */
AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */
AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */
AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ,
AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
@ -1149,6 +1160,7 @@ typedef struct CipherSpecs {
word16 key_size;
word16 iv_size;
word16 block_size;
word16 aead_mac_size;
} CipherSpecs;

View File

@ -95,8 +95,10 @@ typedef struct CYASSL_EVP_MD_CTX {
typedef union {
Aes aes;
#ifndef NO_DES3
Des des;
Des3 des3;
#endif
Arc4 arc4;
} CYASSL_Cipher;

View File

@ -758,6 +758,11 @@ CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen,
unsigned char** sr, unsigned int* srLen,
unsigned char** cr, unsigned int* crLen);
/* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */
CYASSL_API int CyaSSL_make_eap_keys(CYASSL*, void* key, unsigned int len,
const char* label);
#ifndef _WIN32
#ifndef NO_WRITEV
#ifdef __PPU

View File

@ -695,14 +695,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
if (tls1_2 && haveStaticECC) {
if (tls1_2 && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
if (tls && haveStaticECC) {
if (tls && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
}
@ -723,14 +723,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
if (tls1_2 && haveStaticECC) {
if (tls1_2 && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
if (tls && haveStaticECC) {
if (tls && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
}
@ -751,7 +751,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
if (tls && haveStaticECC) {
if (tls && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
}
@ -765,7 +765,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
if (tls && haveStaticECC) {
if (tls && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
}
@ -869,31 +869,31 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
if (tls1_2 && haveECDSAsig && haveDH) {
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
if (tls1_2 && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
if (tls1_2 && haveECDSAsig && haveDH) {
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
if (tls1_2 && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
if (tls1_2 && haveRSA) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8_SHA256;
suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
if (tls1_2 && haveRSA) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8_SHA384;
suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8;
}
#endif
@ -1009,6 +1009,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
}
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
if (tls && havePSK) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
if (tls && havePSK) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
if (tls && havePSK) {
suites->suites[idx++] = 0;
@ -3098,7 +3112,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff)
}
}
else {
idx += (finishedSz + AEAD_AUTH_TAG_SZ);
idx += (finishedSz + ssl->specs.aead_mac_size);
}
if (ssl->options.side == CLIENT_END) {
@ -3449,7 +3463,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
/* Store the length of the plain text minus the explicit
* IV length minus the authentication tag size. */
c16toa(sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
additional + AEAD_LEN_OFFSET);
XMEMCPY(nonce,
ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
@ -3457,10 +3471,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
AesGcmEncrypt(ssl->encrypt.aes,
out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
nonce, AEAD_NONCE_SZ,
out + sz - AEAD_AUTH_TAG_SZ, AEAD_AUTH_TAG_SZ,
additional, AEAD_AUTH_DATA_SZ);
out + sz - ssl->specs.aead_mac_size,
ssl->specs.aead_mac_size, additional,
AEAD_AUTH_DATA_SZ);
AeadIncrementExpIV(ssl);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
}
@ -3490,7 +3505,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
/* Store the length of the plain text minus the explicit
* IV length minus the authentication tag size. */
c16toa(sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
additional + AEAD_LEN_OFFSET);
XMEMCPY(nonce,
ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
@ -3498,9 +3513,10 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
AesCcmEncrypt(ssl->encrypt.aes,
out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
nonce, AEAD_NONCE_SZ,
out + sz - AEAD_AUTH_TAG_SZ, AEAD_AUTH_TAG_SZ,
out + sz - ssl->specs.aead_mac_size,
ssl->specs.aead_mac_size,
additional, AEAD_AUTH_DATA_SZ);
AeadIncrementExpIV(ssl);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
@ -3613,16 +3629,17 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
c16toa(sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
additional + AEAD_LEN_OFFSET);
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
if (AesGcmDecrypt(ssl->decrypt.aes,
plain + AEAD_EXP_IV_SZ,
input + AEAD_EXP_IV_SZ,
sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
nonce, AEAD_NONCE_SZ,
input + sz - AEAD_AUTH_TAG_SZ, AEAD_AUTH_TAG_SZ,
input + sz - ssl->specs.aead_mac_size,
ssl->specs.aead_mac_size,
additional, AEAD_AUTH_DATA_SZ) < 0) {
SendAlert(ssl, alert_fatal, bad_record_mac);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
@ -3648,16 +3665,17 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
c16toa(sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
additional + AEAD_LEN_OFFSET);
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
if (AesCcmDecrypt(ssl->decrypt.aes,
plain + AEAD_EXP_IV_SZ,
input + AEAD_EXP_IV_SZ,
sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
nonce, AEAD_NONCE_SZ,
input + sz - AEAD_AUTH_TAG_SZ, AEAD_AUTH_TAG_SZ,
input + sz - ssl->specs.aead_mac_size,
ssl->specs.aead_mac_size,
additional, AEAD_AUTH_DATA_SZ) < 0) {
SendAlert(ssl, alert_fatal, bad_record_mac);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
@ -3723,7 +3741,7 @@ static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
minLength = ssl->specs.hash_size;
}
else if (ssl->specs.cipher_type == aead) {
minLength = ssl->specs.block_size; /* explicit IV + implicit IV + CTR*/
minLength = ssl->specs.block_size; /* explicit IV + implicit IV + CTR */
}
if (encryptSz < minLength) {
@ -4072,7 +4090,7 @@ int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx)
}
else if (ssl->specs.cipher_type == aead) {
ivExtra = AEAD_EXP_IV_SZ;
digestSz = AEAD_AUTH_TAG_SZ;
digestSz = ssl->specs.aead_mac_size;
}
dataSz = msgSz - ivExtra - digestSz - pad - padByte;
@ -4160,7 +4178,7 @@ static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
}
}
else {
*inOutIdx += AEAD_AUTH_TAG_SZ;
*inOutIdx += ssl->specs.aead_mac_size;
}
}
@ -4762,7 +4780,7 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
#ifdef HAVE_AEAD
if (ssl->specs.cipher_type == aead) {
ivSz = AEAD_EXP_IV_SZ;
sz += (ivSz + 16 - digestSz);
sz += (ivSz + ssl->specs.aead_mac_size - digestSz);
XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
}
#endif
@ -5663,6 +5681,14 @@ const char* const cipher_names[] =
"PSK-AES256-CBC-SHA",
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
"PSK-AES128-CCM-8",
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
"PSK-AES256-CCM-8",
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
"PSK-NULL-SHA256",
#endif
@ -5699,20 +5725,20 @@ const char* const cipher_names[] =
"NTRU-AES256-SHA",
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
"AES128-CCM-8-SHA256",
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
"AES128-CCM-8",
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
"AES256-CCM-8-SHA384",
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
"AES256-CCM-8",
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
"ECDHE-ECDSA-AES128-CCM-8-SHA256",
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
"ECDHE-ECDSA-AES128-CCM-8",
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
"ECDHE-ECDSA-AES256-CCM-8-SHA384",
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
"ECDHE-ECDSA-AES256-CCM-8",
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
@ -5963,6 +5989,14 @@ int cipher_name_idx[] =
TLS_PSK_WITH_AES_256_CBC_SHA,
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
TLS_PSK_WITH_AES_128_CCM_8,
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
TLS_PSK_WITH_AES_256_CCM_8,
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
TLS_PSK_WITH_NULL_SHA256,
#endif
@ -5999,20 +6033,20 @@ int cipher_name_idx[] =
TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
TLS_RSA_WITH_AES_128_CCM_8_SHA256,
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
TLS_RSA_WITH_AES_128_CCM_8,
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
TLS_RSA_WITH_AES_256_CCM_8_SHA384,
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
TLS_RSA_WITH_AES_256_CCM_8,
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256,
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384,
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
@ -8413,16 +8447,16 @@ int SetCipherList(Suites* s, const char* list)
return 1;
break;
case TLS_RSA_WITH_AES_128_CCM_8_SHA256 :
case TLS_RSA_WITH_AES_256_CCM_8_SHA384 :
case TLS_RSA_WITH_AES_128_CCM_8 :
case TLS_RSA_WITH_AES_256_CCM_8 :
if (requirement == REQUIRES_RSA)
return 1;
if (requirement == REQUIRES_RSA_SIG)
return 1;
break;
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 :
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 :
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
if (requirement == REQUIRES_ECC_DSA)
return 1;
break;

View File

@ -457,6 +457,7 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
@ -474,6 +475,7 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
@ -491,6 +493,7 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
@ -508,6 +511,7 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
@ -525,6 +529,7 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
@ -542,6 +547,7 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
@ -559,6 +565,7 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
@ -576,12 +583,13 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 :
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
@ -589,32 +597,36 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 :
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
break;
#endif
#endif /* HAVE_ECC */
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
case TLS_RSA_WITH_AES_128_CCM_8_SHA256 :
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
case TLS_RSA_WITH_AES_128_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
@ -626,22 +638,64 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
case TLS_RSA_WITH_AES_256_CCM_8_SHA384 :
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
case TLS_RSA_WITH_AES_256_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
case TLS_PSK_WITH_AES_128_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
case TLS_PSK_WITH_AES_256_CCM_8 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
@ -1096,6 +1150,7 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
@ -1113,6 +1168,7 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
@ -1130,6 +1186,7 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif
@ -1147,6 +1204,7 @@ int SetCipherSpecs(CYASSL* ssl)
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
break;
#endif

View File

@ -5686,15 +5686,15 @@ int CyaSSL_set_compression(CYASSL* ssl)
#ifdef HAVE_AESCCM
#ifndef NO_RSA
case TLS_RSA_WITH_AES_128_CCM_8_SHA256 :
return "TLS_RSA_WITH_AES_128_CCM_8_SHA256";
case TLS_RSA_WITH_AES_256_CCM_8_SHA384 :
return "TLS_RSA_WITH_AES_256_CCM_8_SHA384";
case TLS_RSA_WITH_AES_128_CCM_8 :
return "TLS_RSA_WITH_AES_128_CCM_8";
case TLS_RSA_WITH_AES_256_CCM_8 :
return "TLS_RSA_WITH_AES_256_CCM_8";
#endif
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256";
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384";
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
#endif
default:
@ -5746,8 +5746,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
case TLS_PSK_WITH_AES_256_CBC_SHA :
return "TLS_PSK_WITH_AES_256_CBC_SHA";
#endif
#ifndef NO_SHA256
#ifdef HAVE_AESCCM
case TLS_PSK_WITH_AES_128_CCM_8 :
return "TLS_PSK_WITH_AES_128_CCM_8";
case TLS_PSK_WITH_AES_256_CCM_8 :
return "TLS_PSK_WITH_AES_256_CCM_8";
#endif
case TLS_PSK_WITH_NULL_SHA256 :
return "TLS_PSK_WITH_NULL_SHA256";
#endif
#ifndef NO_SHA
case TLS_PSK_WITH_NULL_SHA :
return "TLS_PSK_WITH_NULL_SHA";

View File

@ -333,6 +333,29 @@ int MakeTlsMasterSecret(CYASSL* ssl)
}
/* Used by EAP-TLS and EAP-TTLS to derive keying material from
* the master_secret. */
int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len,
const char* label)
{
byte seed[SEED_LEN];
/*
* As per RFC-5281, the order of the client and server randoms is reversed
* from that used by the TLS protocol to derive keys.
*/
XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
PRF(msk, len,
ssl->arrays->masterSecret, SECRET_LEN,
(const byte *)label, (word32)strlen(label),
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
return 0;
}
/*** next for static INLINE s copied from cyassl_int.c ***/
/* convert 16 bit integer to opaque */
@ -613,5 +636,13 @@ int MakeTlsMasterSecret(CYASSL* ssl)
return NOT_COMPILED_IN;
}
int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len,
const char* label)
{
return -1;
}
#endif /* NO_TLS */

View File

@ -754,29 +754,29 @@
-v 3
-l ECDH-RSA-AES256-GCM-SHA384
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-l ECDHE-ECDSA-AES128-CCM-8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-u
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-l ECDHE-ECDSA-AES128-CCM-8
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-l ECDHE-ECDSA-AES256-CCM-8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8
-u
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/server-ecc.pem

View File

@ -1532,41 +1532,61 @@
-v 3
-l DHE-RSA-AES256-GCM-SHA384
# server TLSv1.2 AES128-CCM-8-SHA256
# server TLSv1.2 AES128-CCM-8
-v 3
-l AES128-CCM-8-SHA256
-l AES128-CCM-8
# client TLSv1.2 AES128-CCM-8-SHA256
# client TLSv1.2 AES128-CCM-8
-v 3
-l AES128-CCM-8-SHA256
-l AES128-CCM-8
# server TLSv1.2 AES256-CCM-8-SHA384
# server TLSv1.2 AES256-CCM-8
-v 3
-l AES256-CCM-8-SHA384
-l AES256-CCM-8
# client TLSv1.2 AES256-CCM-8-SHA384
# client TLSv1.2 AES256-CCM-8
-v 3
-l AES256-CCM-8-SHA384
-l AES256-CCM-8
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-l ECDHE-ECDSA-AES128-CCM-8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-l ECDHE-ECDSA-AES128-CCM-8
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-l ECDHE-ECDSA-AES256-CCM-8
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-l ECDHE-ECDSA-AES256-CCM-8
-A ./certs/server-ecc.pem
# server TLSv1.2 PSK-AES128-CCM-8
-s
-v 3
-l PSK-AES128-CCM-8
# client TLSv1.2 AES128-CCM-8
-s
-v 3
-l PSK-AES128-CCM-8
# server TLSv1.2 PSK-AES256-CCM-8
-s
-v 3
-l PSK-AES256-CCM-8
# client TLSv1.2 AES256-CCM-8
-s
-v 3
-l PSK-AES256-CCM-8