mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added AES-CBC-SHA256 and SHA384 cipher suites.

This commit is contained in:
John Safranek 2013-03-04 13:25:46 -08:00
parent b4584e0a93
commit d52fe96063
5 changed files with 353 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
cyassl/internal.h
View File

@ -244,6 +244,20 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
#ifndef NO_SHA256
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
#endif
#ifdef CYASSL_SHA384
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
#endif
#if defined (HAVE_AESGCM)
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
@ -342,6 +356,10 @@ enum {
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
@ -352,6 +370,10 @@ enum {
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
/* CyaSSL extension - eSTREAM */
TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB,
@ -408,6 +430,17 @@ enum {
};
#if defined(CYASSL_SHA384)
#define MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
#elif !defined(NO_SHA256)
#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
#elif !defined(NO_MD5) && !defined(NO_SHA)
#define MAX_DIGEST_SIZE (SHA_DIGEST_SIZE + MD5_DIGEST_SIZE)
#else
#error "You have configured the build so there isn't any hashing."
#endif
enum Misc {
SERVER_END = 0,
CLIENT_END,
@ -431,14 +464,11 @@ enum Misc {
SECRET_LEN = 48, /* pre RSA and all master */
ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
SIZEOF_SENDER = 4, /* clnt or srvr */
#ifndef NO_MD5
FINISHED_SZ = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE,
#else
FINISHED_SZ = 36,
#endif
FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
MAX_MSG_EXTRA = 70, /* max added to msg, mac + pad from */
/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + SHA_256
MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
/* max added to msg, mac + pad from */
/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
digest sz + BLOC_SZ (iv) + pad byte (1) */
MAX_COMP_EXTRA = 1024, /* max compression extra */
MAX_MTU = 1500, /* max expected MTU */
@ -1110,8 +1140,8 @@ enum CipherType { stream, block, aead };
/* keys and secrets */
typedef struct Keys {
byte client_write_MAC_secret[SHA256_DIGEST_SIZE]; /* max sizes */
byte server_write_MAC_secret[SHA256_DIGEST_SIZE];
byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
byte server_write_MAC_secret[MAX_DIGEST_SIZE];
byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
byte server_write_key[AES_256_KEY_SIZE];
byte client_write_IV[AES_IV_SIZE]; /* max sizes */

165
src/internal.c
View File

@ -623,6 +623,62 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
}
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
if (tls1_2 && haveRSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
if (tls1_2 && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
if (tls1_2 && haveRSAsig && haveStaticECC) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
if (tls1_2 && haveECDSAsig && haveStaticECC) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
if (tls1_2 && haveRSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384;
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
if (tls1_2 && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
}
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
if (tls1_2 && haveRSAsig && haveStaticECC) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384;
}
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
if (tls1_2 && haveECDSAsig && haveStaticECC) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384;
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
if (tls1_2 && haveStaticECC) {
suites->suites[idx++] = ECC_BYTE;
@ -2934,7 +2990,6 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx)
int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff)
{
byte verifyMAC[SHA256_DIGEST_SIZE];
int finishedSz = ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ;
int headerSz = HANDSHAKE_HEADER_SZ;
word32 macSz = finishedSz + HANDSHAKE_HEADER_SZ,
@ -2963,6 +3018,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff)
}
if (ssl->specs.cipher_type != aead) {
byte verifyMAC[MAX_DIGEST_SIZE];
ssl->hmac(ssl, verifyMAC, input + idx - headerSz, macSz,
handshake, 1);
idx += finishedSz;
@ -3857,7 +3913,7 @@ static INLINE int GetRounds(int pLen, int padLen, int t)
static int TimingPadVerify(CYASSL* ssl, const byte* input, int padLen, int t,
int pLen)
{
byte verify[SHA256_DIGEST_SIZE];
byte verify[MAX_DIGEST_SIZE];
byte dummy[MAX_PAD_SIZE];
XMEMSET(dummy, 1, sizeof(dummy));
@ -3907,7 +3963,7 @@ int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx)
#ifdef HAVE_LIBZ
byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
#endif
byte verify[SHA256_DIGEST_SIZE];
byte verify[MAX_DIGEST_SIZE];
if (ssl->options.handShakeState != HANDSHAKE_DONE) {
CYASSL_MSG("Received App data before handshake complete");
@ -4011,7 +4067,7 @@ static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
if (ssl->specs.cipher_type != aead) {
int aSz = ALERT_SIZE;
const byte* mac;
byte verify[SHA256_DIGEST_SIZE];
byte verify[MAX_DIGEST_SIZE];
int padSz = ssl->keys.encryptSz - aSz - ssl->specs.hash_size;
ssl->hmac(ssl, verify, input + *inOutIdx - aSz, aSz, alert, 1);
@ -4441,7 +4497,7 @@ static INLINE const byte* GetMacSecret(CYASSL* ssl, int verify)
static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
int content, int verify)
{
byte result[SHA256_DIGEST_SIZE]; /* max possible sizes */
byte result[MAX_DIGEST_SIZE];
word32 digestSz = ssl->specs.hash_size; /* actual sizes */
word32 padSz = ssl->specs.pad_size;
@ -5722,7 +5778,39 @@ const char* const cipher_names[] =
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
"DHE-RSA-CAMELLIA256-SHA256"
"DHE-RSA-CAMELLIA256-SHA256",
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
"ECDHE-RSA-AES128-SHA256",
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
"ECDHE-ECDSA-AES128-SHA256",
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
"ECDH-RSA-AES128-SHA256",
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
"ECDH-ECDSA-AES128-SHA256",
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
"ECDHE-RSA-AES256-SHA384",
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
"ECDHE-ECDSA-AES256-SHA384",
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
"ECDH-RSA-AES256-SHA384",
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
"ECDH-ECDSA-AES256-SHA384",
#endif
};
@ -5990,9 +6078,40 @@ int cipher_name_idx[] =
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
#endif
};
@ -8073,6 +8192,38 @@ int SetCipherList(Suites* s, const char* list)
return 1;
break;
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
if (requirement == REQUIRES_RSA)
return 1;
if (requirement == REQUIRES_RSA_SIG)
return 1;
break;
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
if (requirement == REQUIRES_ECC_DSA)
return 1;
break;
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
if (requirement == REQUIRES_RSA)
return 1;
if (requirement == REQUIRES_RSA_SIG)
return 1;
if (requirement == REQUIRES_ECC_STATIC)
return 1;
break;
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
if (requirement == REQUIRES_ECC_DSA)
return 1;
if (requirement == REQUIRES_ECC_STATIC)
return 1;
break;
default:
CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC");
return 0;

136
src/keys.c
View File

@ -44,6 +44,134 @@ int SetCipherSpecs(CYASSL* ssl)
#ifdef HAVE_ECC
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
break;
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;
@ -1617,7 +1745,7 @@ static int MakeSslMasterSecret(CYASSL* ssl)
#ifdef SHOW_SECRETS
{
int j;
word32 j;
printf("pre master secret: ");
for (j = 0; j < pmsSz; j++)
printf("%02x", ssl->arrays->preMasterSecret[j]);
@ -1658,10 +1786,10 @@ static int MakeSslMasterSecret(CYASSL* ssl)
#ifdef SHOW_SECRETS
{
int i;
word32 j;
printf("master secret: ");
for (i = 0; i < SECRET_LEN; i++)
printf("%02x", ssl->arrays->masterSecret[i]);
for (j = 0; j < SECRET_LEN; j++)
printf("%02x", ssl->arrays->masterSecret[j]);
printf("\n");
}
#endif

16
src/ssl.c
View File

@ -5439,6 +5439,22 @@ int CyaSSL_set_compression(CYASSL* ssl)
if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
/* ECC suites */
switch (cipher->ssl->options.cipherSuite) {
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :

7
src/tls.c
View File

@ -423,6 +423,13 @@ void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
}
break;
#endif
#ifdef CYASSL_SHA384
case sha384_mac:
{
type = SHA384;
}
break;
#endif
case sha_mac:
default:
{