mirror of https://github.com/wolfSSL/wolfssl
added AES-CBC-SHA256 and SHA384 cipher suites.
This commit is contained in:
parent
b4584e0a93
commit
d52fe96063
|
@ -244,6 +244,20 @@ void c32to24(word32 in, word24 out);
|
|||
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
||||
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
|
||||
#ifndef NO_SHA256
|
||||
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
#define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
||||
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
#endif
|
||||
|
||||
#ifdef CYASSL_SHA384
|
||||
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
#endif
|
||||
|
||||
#if defined (HAVE_AESGCM)
|
||||
#define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
|
@ -342,6 +356,10 @@ enum {
|
|||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
|
||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
|
||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
|
||||
|
||||
/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
|
||||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
|
||||
|
@ -352,6 +370,10 @@ enum {
|
|||
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
|
||||
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
|
||||
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
|
||||
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
|
||||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
|
||||
|
||||
/* CyaSSL extension - eSTREAM */
|
||||
TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB,
|
||||
|
@ -408,6 +430,17 @@ enum {
|
|||
};
|
||||
|
||||
|
||||
#if defined(CYASSL_SHA384)
|
||||
#define MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
|
||||
#elif !defined(NO_SHA256)
|
||||
#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
|
||||
#elif !defined(NO_MD5) && !defined(NO_SHA)
|
||||
#define MAX_DIGEST_SIZE (SHA_DIGEST_SIZE + MD5_DIGEST_SIZE)
|
||||
#else
|
||||
#error "You have configured the build so there isn't any hashing."
|
||||
#endif
|
||||
|
||||
|
||||
enum Misc {
|
||||
SERVER_END = 0,
|
||||
CLIENT_END,
|
||||
|
@ -431,14 +464,11 @@ enum Misc {
|
|||
SECRET_LEN = 48, /* pre RSA and all master */
|
||||
ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
|
||||
SIZEOF_SENDER = 4, /* clnt or srvr */
|
||||
#ifndef NO_MD5
|
||||
FINISHED_SZ = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE,
|
||||
#else
|
||||
FINISHED_SZ = 36,
|
||||
#endif
|
||||
FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
|
||||
MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
|
||||
MAX_MSG_EXTRA = 70, /* max added to msg, mac + pad from */
|
||||
/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + SHA_256
|
||||
MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
|
||||
/* max added to msg, mac + pad from */
|
||||
/* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
|
||||
digest sz + BLOC_SZ (iv) + pad byte (1) */
|
||||
MAX_COMP_EXTRA = 1024, /* max compression extra */
|
||||
MAX_MTU = 1500, /* max expected MTU */
|
||||
|
@ -1110,8 +1140,8 @@ enum CipherType { stream, block, aead };
|
|||
|
||||
/* keys and secrets */
|
||||
typedef struct Keys {
|
||||
byte client_write_MAC_secret[SHA256_DIGEST_SIZE]; /* max sizes */
|
||||
byte server_write_MAC_secret[SHA256_DIGEST_SIZE];
|
||||
byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
|
||||
byte server_write_MAC_secret[MAX_DIGEST_SIZE];
|
||||
byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
|
||||
byte server_write_key[AES_256_KEY_SIZE];
|
||||
byte client_write_IV[AES_IV_SIZE]; /* max sizes */
|
||||
|
|
165
src/internal.c
165
src/internal.c
|
@ -623,6 +623,62 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
if (tls1_2 && haveRSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
if (tls1_2 && haveECDSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
||||
if (tls1_2 && haveRSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
if (tls1_2 && haveECDSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
||||
if (tls1_2 && haveRSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
if (tls1_2 && haveECDSAsig) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
if (tls1_2 && haveRSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
if (tls1_2 && haveECDSAsig && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
if (tls1_2 && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
|
@ -2934,7 +2990,6 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx)
|
|||
|
||||
int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff)
|
||||
{
|
||||
byte verifyMAC[SHA256_DIGEST_SIZE];
|
||||
int finishedSz = ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ;
|
||||
int headerSz = HANDSHAKE_HEADER_SZ;
|
||||
word32 macSz = finishedSz + HANDSHAKE_HEADER_SZ,
|
||||
|
@ -2963,6 +3018,7 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff)
|
|||
}
|
||||
|
||||
if (ssl->specs.cipher_type != aead) {
|
||||
byte verifyMAC[MAX_DIGEST_SIZE];
|
||||
ssl->hmac(ssl, verifyMAC, input + idx - headerSz, macSz,
|
||||
handshake, 1);
|
||||
idx += finishedSz;
|
||||
|
@ -3857,7 +3913,7 @@ static INLINE int GetRounds(int pLen, int padLen, int t)
|
|||
static int TimingPadVerify(CYASSL* ssl, const byte* input, int padLen, int t,
|
||||
int pLen)
|
||||
{
|
||||
byte verify[SHA256_DIGEST_SIZE];
|
||||
byte verify[MAX_DIGEST_SIZE];
|
||||
byte dummy[MAX_PAD_SIZE];
|
||||
|
||||
XMEMSET(dummy, 1, sizeof(dummy));
|
||||
|
@ -3907,7 +3963,7 @@ int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx)
|
|||
#ifdef HAVE_LIBZ
|
||||
byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
|
||||
#endif
|
||||
byte verify[SHA256_DIGEST_SIZE];
|
||||
byte verify[MAX_DIGEST_SIZE];
|
||||
|
||||
if (ssl->options.handShakeState != HANDSHAKE_DONE) {
|
||||
CYASSL_MSG("Received App data before handshake complete");
|
||||
|
@ -4011,7 +4067,7 @@ static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
|
|||
if (ssl->specs.cipher_type != aead) {
|
||||
int aSz = ALERT_SIZE;
|
||||
const byte* mac;
|
||||
byte verify[SHA256_DIGEST_SIZE];
|
||||
byte verify[MAX_DIGEST_SIZE];
|
||||
int padSz = ssl->keys.encryptSz - aSz - ssl->specs.hash_size;
|
||||
|
||||
ssl->hmac(ssl, verify, input + *inOutIdx - aSz, aSz, alert, 1);
|
||||
|
@ -4441,7 +4497,7 @@ static INLINE const byte* GetMacSecret(CYASSL* ssl, int verify)
|
|||
static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
|
||||
int content, int verify)
|
||||
{
|
||||
byte result[SHA256_DIGEST_SIZE]; /* max possible sizes */
|
||||
byte result[MAX_DIGEST_SIZE];
|
||||
word32 digestSz = ssl->specs.hash_size; /* actual sizes */
|
||||
word32 padSz = ssl->specs.pad_size;
|
||||
|
||||
|
@ -5722,7 +5778,39 @@ const char* const cipher_names[] =
|
|||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
"DHE-RSA-CAMELLIA256-SHA256"
|
||||
"DHE-RSA-CAMELLIA256-SHA256",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
"ECDHE-RSA-AES128-SHA256",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
"ECDHE-ECDSA-AES128-SHA256",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
||||
"ECDH-RSA-AES128-SHA256",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
"ECDH-ECDSA-AES128-SHA256",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
||||
"ECDHE-RSA-AES256-SHA384",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
"ECDHE-ECDSA-AES256-SHA384",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
"ECDH-RSA-AES256-SHA384",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
"ECDH-ECDSA-AES256-SHA384",
|
||||
#endif
|
||||
|
||||
};
|
||||
|
@ -5990,9 +6078,40 @@ int cipher_name_idx[] =
|
|||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
||||
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
|
@ -8073,6 +8192,38 @@ int SetCipherList(Suites* s, const char* list)
|
|||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
|
||||
if (requirement == REQUIRES_RSA)
|
||||
return 1;
|
||||
if (requirement == REQUIRES_RSA_SIG)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
|
||||
if (requirement == REQUIRES_ECC_DSA)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
|
||||
if (requirement == REQUIRES_RSA)
|
||||
return 1;
|
||||
if (requirement == REQUIRES_RSA_SIG)
|
||||
return 1;
|
||||
if (requirement == REQUIRES_ECC_STATIC)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
|
||||
if (requirement == REQUIRES_ECC_DSA)
|
||||
return 1;
|
||||
if (requirement == REQUIRES_ECC_STATIC)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
default:
|
||||
CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC");
|
||||
return 0;
|
||||
|
|
136
src/keys.c
136
src/keys.c
|
@ -44,6 +44,134 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
|
||||
#ifdef HAVE_ECC
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes;
|
||||
ssl->specs.cipher_type = block;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = ecc_diffie_hellman_kea;
|
||||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes;
|
||||
ssl->specs.cipher_type = block;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = ecc_diffie_hellman_kea;
|
||||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
||||
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes;
|
||||
ssl->specs.cipher_type = block;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = ecc_diffie_hellman_kea;
|
||||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 1;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes;
|
||||
ssl->specs.cipher_type = block;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = ecc_diffie_hellman_kea;
|
||||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 1;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes;
|
||||
ssl->specs.cipher_type = block;
|
||||
ssl->specs.mac_algorithm = sha384_mac;
|
||||
ssl->specs.kea = ecc_diffie_hellman_kea;
|
||||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes;
|
||||
ssl->specs.cipher_type = block;
|
||||
ssl->specs.mac_algorithm = sha384_mac;
|
||||
ssl->specs.kea = ecc_diffie_hellman_kea;
|
||||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes;
|
||||
ssl->specs.cipher_type = block;
|
||||
ssl->specs.mac_algorithm = sha384_mac;
|
||||
ssl->specs.kea = ecc_diffie_hellman_kea;
|
||||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 1;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes;
|
||||
ssl->specs.cipher_type = block;
|
||||
ssl->specs.mac_algorithm = sha384_mac;
|
||||
ssl->specs.kea = ecc_diffie_hellman_kea;
|
||||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 1;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
|
||||
ssl->specs.bulk_cipher_algorithm = aes;
|
||||
|
@ -1617,7 +1745,7 @@ static int MakeSslMasterSecret(CYASSL* ssl)
|
|||
|
||||
#ifdef SHOW_SECRETS
|
||||
{
|
||||
int j;
|
||||
word32 j;
|
||||
printf("pre master secret: ");
|
||||
for (j = 0; j < pmsSz; j++)
|
||||
printf("%02x", ssl->arrays->preMasterSecret[j]);
|
||||
|
@ -1658,10 +1786,10 @@ static int MakeSslMasterSecret(CYASSL* ssl)
|
|||
|
||||
#ifdef SHOW_SECRETS
|
||||
{
|
||||
int i;
|
||||
word32 j;
|
||||
printf("master secret: ");
|
||||
for (i = 0; i < SECRET_LEN; i++)
|
||||
printf("%02x", ssl->arrays->masterSecret[i]);
|
||||
for (j = 0; j < SECRET_LEN; j++)
|
||||
printf("%02x", ssl->arrays->masterSecret[j]);
|
||||
printf("\n");
|
||||
}
|
||||
#endif
|
||||
|
|
16
src/ssl.c
16
src/ssl.c
|
@ -5439,6 +5439,22 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
|
||||
/* ECC suites */
|
||||
switch (cipher->ssl->options.cipherSuite) {
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
|
||||
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
|
||||
|
|
Loading…
Reference in New Issue