Merge branch 'ccm'
This commit is contained in:
commit
436a51a0d7
@ -174,8 +174,8 @@ void c32to24(word32 in, word24 out);
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
#endif
|
||||
#if defined (HAVE_AESCCM)
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
|
||||
#define BUILD_TLS_RSA_WITH_AES_128_CCM_8
|
||||
#define BUILD_TLS_RSA_WITH_AES_256_CCM_8
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@ -209,6 +209,10 @@ void c32to24(word32 in, word24 out);
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
|
||||
#ifdef HAVE_AESCCM
|
||||
#define BUILD_TLS_PSK_WITH_AES_128_CCM_8
|
||||
#define BUILD_TLS_PSK_WITH_AES_256_CCM_8
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@ -309,8 +313,8 @@ void c32to24(word32 in, word24 out);
|
||||
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
#endif
|
||||
#if defined (HAVE_AESCCM)
|
||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
|
||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
|
||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
|
||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(NO_RC4)
|
||||
@ -475,10 +479,14 @@ enum {
|
||||
* also, in some of the other AES-CCM suites
|
||||
* there will be second byte number conflicts
|
||||
* with non-ECC AES-GCM */
|
||||
TLS_RSA_WITH_AES_128_CCM_8_SHA256 = 0xa0,
|
||||
TLS_RSA_WITH_AES_256_CCM_8_SHA384 = 0xa1,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 = 0xac, /* Still TBD, made up */
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 = 0xad, /* Still TBD, made up */
|
||||
TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
|
||||
TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xc6, /* Still TBD, made up */
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xc7, /* Still TBD, made up */
|
||||
TLS_PSK_WITH_AES_128_CCM = 0xa4,
|
||||
TLS_PSK_WITH_AES_256_CCM = 0xa5,
|
||||
TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
|
||||
TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
|
||||
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
|
||||
@ -592,7 +600,7 @@ enum Misc {
|
||||
MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
|
||||
KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
|
||||
MAX_PRF_HALF = 128, /* Maximum half secret len */
|
||||
MAX_PRF_LABSEED = 80, /* Maximum label + seed len */
|
||||
MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
|
||||
MAX_PRF_DIG = 224, /* Maximum digest len */
|
||||
MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
|
||||
SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
|
||||
@ -611,12 +619,15 @@ enum Misc {
|
||||
AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
|
||||
AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
|
||||
AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
|
||||
AEAD_AUTH_TAG_SZ = 16, /* Size of the authentication tag */
|
||||
AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
|
||||
AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */
|
||||
AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */
|
||||
AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ,
|
||||
|
||||
AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
|
||||
AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
|
||||
AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
|
||||
|
||||
CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
|
||||
CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
|
||||
CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
|
||||
@ -1149,6 +1160,7 @@ typedef struct CipherSpecs {
|
||||
word16 key_size;
|
||||
word16 iv_size;
|
||||
word16 block_size;
|
||||
word16 aead_mac_size;
|
||||
} CipherSpecs;
|
||||
|
||||
|
||||
|
@ -95,8 +95,10 @@ typedef struct CYASSL_EVP_MD_CTX {
|
||||
|
||||
typedef union {
|
||||
Aes aes;
|
||||
#ifndef NO_DES3
|
||||
Des des;
|
||||
Des3 des3;
|
||||
#endif
|
||||
Arc4 arc4;
|
||||
} CYASSL_Cipher;
|
||||
|
||||
|
@ -758,6 +758,11 @@ CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen,
|
||||
unsigned char** sr, unsigned int* srLen,
|
||||
unsigned char** cr, unsigned int* crLen);
|
||||
|
||||
/* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */
|
||||
CYASSL_API int CyaSSL_make_eap_keys(CYASSL*, void* key, unsigned int len,
|
||||
const char* label);
|
||||
|
||||
|
||||
#ifndef _WIN32
|
||||
#ifndef NO_WRITEV
|
||||
#ifdef __PPU
|
||||
|
142
src/internal.c
142
src/internal.c
@ -695,14 +695,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
if (tls1_2 && haveStaticECC) {
|
||||
if (tls1_2 && haveECDSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
||||
if (tls && haveStaticECC) {
|
||||
if (tls && haveECDSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
|
||||
}
|
||||
@ -723,14 +723,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
if (tls1_2 && haveStaticECC) {
|
||||
if (tls1_2 && haveECDSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||
if (tls && haveStaticECC) {
|
||||
if (tls && haveECDSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
|
||||
}
|
||||
@ -751,7 +751,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
|
||||
if (tls && haveStaticECC) {
|
||||
if (tls && haveECDSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
|
||||
}
|
||||
@ -765,7 +765,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
if (tls && haveStaticECC) {
|
||||
if (tls && haveECDSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
|
||||
}
|
||||
@ -869,31 +869,31 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
|
||||
if (tls1_2 && haveECDSAsig && haveDH) {
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
|
||||
if (tls1_2 && haveECDSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
|
||||
if (tls1_2 && haveECDSAsig && haveDH) {
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
|
||||
if (tls1_2 && haveECDSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
|
||||
if (tls1_2 && haveRSA) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8_SHA256;
|
||||
suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
|
||||
if (tls1_2 && haveRSA) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8_SHA384;
|
||||
suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -1009,6 +1009,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
|
||||
if (tls && havePSK) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
|
||||
if (tls && havePSK) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
|
||||
if (tls && havePSK) {
|
||||
suites->suites[idx++] = 0;
|
||||
@ -3098,7 +3112,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff)
|
||||
}
|
||||
}
|
||||
else {
|
||||
idx += (finishedSz + AEAD_AUTH_TAG_SZ);
|
||||
idx += (finishedSz + ssl->specs.aead_mac_size);
|
||||
}
|
||||
|
||||
if (ssl->options.side == CLIENT_END) {
|
||||
@ -3449,7 +3463,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
||||
|
||||
/* Store the length of the plain text minus the explicit
|
||||
* IV length minus the authentication tag size. */
|
||||
c16toa(sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||
additional + AEAD_LEN_OFFSET);
|
||||
XMEMCPY(nonce,
|
||||
ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
|
||||
@ -3457,10 +3471,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
||||
ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
|
||||
AesGcmEncrypt(ssl->encrypt.aes,
|
||||
out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
|
||||
sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||
nonce, AEAD_NONCE_SZ,
|
||||
out + sz - AEAD_AUTH_TAG_SZ, AEAD_AUTH_TAG_SZ,
|
||||
additional, AEAD_AUTH_DATA_SZ);
|
||||
out + sz - ssl->specs.aead_mac_size,
|
||||
ssl->specs.aead_mac_size, additional,
|
||||
AEAD_AUTH_DATA_SZ);
|
||||
AeadIncrementExpIV(ssl);
|
||||
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
||||
}
|
||||
@ -3490,7 +3505,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
||||
|
||||
/* Store the length of the plain text minus the explicit
|
||||
* IV length minus the authentication tag size. */
|
||||
c16toa(sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||
additional + AEAD_LEN_OFFSET);
|
||||
XMEMCPY(nonce,
|
||||
ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
|
||||
@ -3498,9 +3513,10 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
||||
ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
|
||||
AesCcmEncrypt(ssl->encrypt.aes,
|
||||
out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
|
||||
sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||
nonce, AEAD_NONCE_SZ,
|
||||
out + sz - AEAD_AUTH_TAG_SZ, AEAD_AUTH_TAG_SZ,
|
||||
out + sz - ssl->specs.aead_mac_size,
|
||||
ssl->specs.aead_mac_size,
|
||||
additional, AEAD_AUTH_DATA_SZ);
|
||||
AeadIncrementExpIV(ssl);
|
||||
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
||||
@ -3613,16 +3629,17 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
||||
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
|
||||
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
|
||||
|
||||
c16toa(sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||
additional + AEAD_LEN_OFFSET);
|
||||
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
|
||||
XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
|
||||
if (AesGcmDecrypt(ssl->decrypt.aes,
|
||||
plain + AEAD_EXP_IV_SZ,
|
||||
input + AEAD_EXP_IV_SZ,
|
||||
sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||
nonce, AEAD_NONCE_SZ,
|
||||
input + sz - AEAD_AUTH_TAG_SZ, AEAD_AUTH_TAG_SZ,
|
||||
input + sz - ssl->specs.aead_mac_size,
|
||||
ssl->specs.aead_mac_size,
|
||||
additional, AEAD_AUTH_DATA_SZ) < 0) {
|
||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
||||
@ -3648,16 +3665,17 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
||||
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
|
||||
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
|
||||
|
||||
c16toa(sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||
additional + AEAD_LEN_OFFSET);
|
||||
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
|
||||
XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
|
||||
if (AesCcmDecrypt(ssl->decrypt.aes,
|
||||
plain + AEAD_EXP_IV_SZ,
|
||||
input + AEAD_EXP_IV_SZ,
|
||||
sz - AEAD_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||
nonce, AEAD_NONCE_SZ,
|
||||
input + sz - AEAD_AUTH_TAG_SZ, AEAD_AUTH_TAG_SZ,
|
||||
input + sz - ssl->specs.aead_mac_size,
|
||||
ssl->specs.aead_mac_size,
|
||||
additional, AEAD_AUTH_DATA_SZ) < 0) {
|
||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
||||
@ -3723,7 +3741,7 @@ static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
|
||||
minLength = ssl->specs.hash_size;
|
||||
}
|
||||
else if (ssl->specs.cipher_type == aead) {
|
||||
minLength = ssl->specs.block_size; /* explicit IV + implicit IV + CTR*/
|
||||
minLength = ssl->specs.block_size; /* explicit IV + implicit IV + CTR */
|
||||
}
|
||||
|
||||
if (encryptSz < minLength) {
|
||||
@ -4072,7 +4090,7 @@ int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||
}
|
||||
else if (ssl->specs.cipher_type == aead) {
|
||||
ivExtra = AEAD_EXP_IV_SZ;
|
||||
digestSz = AEAD_AUTH_TAG_SZ;
|
||||
digestSz = ssl->specs.aead_mac_size;
|
||||
}
|
||||
|
||||
dataSz = msgSz - ivExtra - digestSz - pad - padByte;
|
||||
@ -4160,7 +4178,7 @@ static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
|
||||
}
|
||||
}
|
||||
else {
|
||||
*inOutIdx += AEAD_AUTH_TAG_SZ;
|
||||
*inOutIdx += ssl->specs.aead_mac_size;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4762,7 +4780,7 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
|
||||
#ifdef HAVE_AEAD
|
||||
if (ssl->specs.cipher_type == aead) {
|
||||
ivSz = AEAD_EXP_IV_SZ;
|
||||
sz += (ivSz + 16 - digestSz);
|
||||
sz += (ivSz + ssl->specs.aead_mac_size - digestSz);
|
||||
XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
|
||||
}
|
||||
#endif
|
||||
@ -5663,6 +5681,14 @@ const char* const cipher_names[] =
|
||||
"PSK-AES256-CBC-SHA",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
|
||||
"PSK-AES128-CCM-8",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
|
||||
"PSK-AES256-CCM-8",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
|
||||
"PSK-NULL-SHA256",
|
||||
#endif
|
||||
@ -5699,20 +5725,20 @@ const char* const cipher_names[] =
|
||||
"NTRU-AES256-SHA",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
|
||||
"AES128-CCM-8-SHA256",
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
|
||||
"AES128-CCM-8",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
|
||||
"AES256-CCM-8-SHA384",
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
|
||||
"AES256-CCM-8",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
|
||||
"ECDHE-ECDSA-AES128-CCM-8-SHA256",
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
|
||||
"ECDHE-ECDSA-AES128-CCM-8",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
|
||||
"ECDHE-ECDSA-AES256-CCM-8-SHA384",
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
|
||||
"ECDHE-ECDSA-AES256-CCM-8",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
||||
@ -5963,6 +5989,14 @@ int cipher_name_idx[] =
|
||||
TLS_PSK_WITH_AES_256_CBC_SHA,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
|
||||
TLS_PSK_WITH_AES_128_CCM_8,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
|
||||
TLS_PSK_WITH_AES_256_CCM_8,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
|
||||
TLS_PSK_WITH_NULL_SHA256,
|
||||
#endif
|
||||
@ -5999,20 +6033,20 @@ int cipher_name_idx[] =
|
||||
TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
|
||||
TLS_RSA_WITH_AES_128_CCM_8_SHA256,
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
|
||||
TLS_RSA_WITH_AES_128_CCM_8,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
|
||||
TLS_RSA_WITH_AES_256_CCM_8_SHA384,
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
|
||||
TLS_RSA_WITH_AES_256_CCM_8,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256,
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384,
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
||||
@ -8413,16 +8447,16 @@ int SetCipherList(Suites* s, const char* list)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_RSA_WITH_AES_128_CCM_8_SHA256 :
|
||||
case TLS_RSA_WITH_AES_256_CCM_8_SHA384 :
|
||||
case TLS_RSA_WITH_AES_128_CCM_8 :
|
||||
case TLS_RSA_WITH_AES_256_CCM_8 :
|
||||
if (requirement == REQUIRES_RSA)
|
||||
return 1;
|
||||
if (requirement == REQUIRES_RSA_SIG)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 :
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 :
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
|
||||
if (requirement == REQUIRES_ECC_DSA)
|
||||
return 1;
|
||||
break;
|
||||
|
86
src/keys.c
86
src/keys.c
@ -457,6 +457,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
@ -474,6 +475,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
@ -491,6 +493,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
@ -508,6 +511,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
@ -525,6 +529,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
@ -542,6 +547,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
@ -559,6 +565,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
@ -576,12 +583,13 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 :
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes_ccm;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
@ -589,32 +597,36 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 1;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 :
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes_ccm;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha384_mac;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = ecc_diffie_hellman_kea;
|
||||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 1;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
|
||||
case TLS_RSA_WITH_AES_128_CCM_8_SHA256 :
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
|
||||
case TLS_RSA_WITH_AES_128_CCM_8 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes_ccm;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
@ -626,22 +638,64 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
|
||||
case TLS_RSA_WITH_AES_256_CCM_8_SHA384 :
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
|
||||
case TLS_RSA_WITH_AES_256_CCM_8 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes_ccm;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha384_mac;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = rsa_kea;
|
||||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
|
||||
case TLS_PSK_WITH_AES_128_CCM_8 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes_ccm;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = psk_kea;
|
||||
ssl->specs.sig_algo = anonymous_sa_algo;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
|
||||
|
||||
ssl->options.usingPSK_cipher = 1;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
|
||||
case TLS_PSK_WITH_AES_256_CCM_8 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes_ccm;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = psk_kea;
|
||||
ssl->specs.sig_algo = anonymous_sa_algo;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
|
||||
|
||||
ssl->options.usingPSK_cipher = 1;
|
||||
break;
|
||||
#endif
|
||||
|
||||
@ -1096,6 +1150,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
@ -1113,6 +1168,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
@ -1130,6 +1186,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
@ -1147,6 +1204,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
break;
|
||||
#endif
|
||||
|
24
src/ssl.c
24
src/ssl.c
@ -5686,15 +5686,15 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||
|
||||
#ifdef HAVE_AESCCM
|
||||
#ifndef NO_RSA
|
||||
case TLS_RSA_WITH_AES_128_CCM_8_SHA256 :
|
||||
return "TLS_RSA_WITH_AES_128_CCM_8_SHA256";
|
||||
case TLS_RSA_WITH_AES_256_CCM_8_SHA384 :
|
||||
return "TLS_RSA_WITH_AES_256_CCM_8_SHA384";
|
||||
case TLS_RSA_WITH_AES_128_CCM_8 :
|
||||
return "TLS_RSA_WITH_AES_128_CCM_8";
|
||||
case TLS_RSA_WITH_AES_256_CCM_8 :
|
||||
return "TLS_RSA_WITH_AES_256_CCM_8";
|
||||
#endif
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
|
||||
#endif
|
||||
|
||||
default:
|
||||
@ -5746,8 +5746,16 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
||||
case TLS_PSK_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_PSK_WITH_AES_256_CBC_SHA";
|
||||
#endif
|
||||
#ifndef NO_SHA256
|
||||
#ifdef HAVE_AESCCM
|
||||
case TLS_PSK_WITH_AES_128_CCM_8 :
|
||||
return "TLS_PSK_WITH_AES_128_CCM_8";
|
||||
case TLS_PSK_WITH_AES_256_CCM_8 :
|
||||
return "TLS_PSK_WITH_AES_256_CCM_8";
|
||||
#endif
|
||||
case TLS_PSK_WITH_NULL_SHA256 :
|
||||
return "TLS_PSK_WITH_NULL_SHA256";
|
||||
#endif
|
||||
#ifndef NO_SHA
|
||||
case TLS_PSK_WITH_NULL_SHA :
|
||||
return "TLS_PSK_WITH_NULL_SHA";
|
||||
|
31
src/tls.c
31
src/tls.c
@ -333,6 +333,29 @@ int MakeTlsMasterSecret(CYASSL* ssl)
|
||||
}
|
||||
|
||||
|
||||
/* Used by EAP-TLS and EAP-TTLS to derive keying material from
|
||||
* the master_secret. */
|
||||
int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len,
|
||||
const char* label)
|
||||
{
|
||||
byte seed[SEED_LEN];
|
||||
|
||||
/*
|
||||
* As per RFC-5281, the order of the client and server randoms is reversed
|
||||
* from that used by the TLS protocol to derive keys.
|
||||
*/
|
||||
XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
|
||||
XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
|
||||
|
||||
PRF(msk, len,
|
||||
ssl->arrays->masterSecret, SECRET_LEN,
|
||||
(const byte *)label, (word32)strlen(label),
|
||||
seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/*** next for static INLINE s copied from cyassl_int.c ***/
|
||||
|
||||
/* convert 16 bit integer to opaque */
|
||||
@ -613,5 +636,13 @@ int MakeTlsMasterSecret(CYASSL* ssl)
|
||||
return NOT_COMPILED_IN;
|
||||
}
|
||||
|
||||
|
||||
int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len,
|
||||
const char* label)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
#endif /* NO_TLS */
|
||||
|
||||
|
@ -754,29 +754,29 @@
|
||||
-v 3
|
||||
-l ECDH-RSA-AES256-GCM-SHA384
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
|
||||
-l ECDHE-ECDSA-AES128-CCM-8
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
|
||||
# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
|
||||
-l ECDHE-ECDSA-AES128-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
|
||||
# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
|
||||
-l ECDHE-ECDSA-AES256-CCM-8
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
|
||||
# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
|
||||
-l ECDHE-ECDSA-AES256-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
|
@ -1532,41 +1532,61 @@
|
||||
-v 3
|
||||
-l DHE-RSA-AES256-GCM-SHA384
|
||||
|
||||
# server TLSv1.2 AES128-CCM-8-SHA256
|
||||
# server TLSv1.2 AES128-CCM-8
|
||||
-v 3
|
||||
-l AES128-CCM-8-SHA256
|
||||
-l AES128-CCM-8
|
||||
|
||||
# client TLSv1.2 AES128-CCM-8-SHA256
|
||||
# client TLSv1.2 AES128-CCM-8
|
||||
-v 3
|
||||
-l AES128-CCM-8-SHA256
|
||||
-l AES128-CCM-8
|
||||
|
||||
# server TLSv1.2 AES256-CCM-8-SHA384
|
||||
# server TLSv1.2 AES256-CCM-8
|
||||
-v 3
|
||||
-l AES256-CCM-8-SHA384
|
||||
-l AES256-CCM-8
|
||||
|
||||
# client TLSv1.2 AES256-CCM-8-SHA384
|
||||
# client TLSv1.2 AES256-CCM-8
|
||||
-v 3
|
||||
-l AES256-CCM-8-SHA384
|
||||
-l AES256-CCM-8
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
|
||||
-l ECDHE-ECDSA-AES128-CCM-8
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
|
||||
-l ECDHE-ECDSA-AES128-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
|
||||
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
|
||||
-l ECDHE-ECDSA-AES256-CCM-8
|
||||
-c ./certs/server-ecc.pem
|
||||
-k ./certs/ecc-key.pem
|
||||
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
|
||||
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
|
||||
-v 3
|
||||
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
|
||||
-l ECDHE-ECDSA-AES256-CCM-8
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1.2 PSK-AES128-CCM-8
|
||||
-s
|
||||
-v 3
|
||||
-l PSK-AES128-CCM-8
|
||||
|
||||
# client TLSv1.2 AES128-CCM-8
|
||||
-s
|
||||
-v 3
|
||||
-l PSK-AES128-CCM-8
|
||||
|
||||
# server TLSv1.2 PSK-AES256-CCM-8
|
||||
-s
|
||||
-v 3
|
||||
-l PSK-AES256-CCM-8
|
||||
|
||||
# client TLSv1.2 AES256-CCM-8
|
||||
-s
|
||||
-v 3
|
||||
-l PSK-AES256-CCM-8
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user