Renesas
/
SecureDweet
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
keys.c
00001 /* keys.c 00002 * 00003 * Copyright (C) 2006-2016 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSL. 00006 * 00007 * wolfSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 00020 */ 00021 00022 00023 /* Name change compatibility layer no longer needs to be included here */ 00024 00025 #ifdef HAVE_CONFIG_H 00026 #include <config.h> 00027 #endif 00028 00029 #include <wolfssl/wolfcrypt/settings.h> 00030 00031 #ifndef WOLFCRYPT_ONLY 00032 00033 #include <wolfssl/internal.h> 00034 #include <wolfssl/error-ssl.h> 00035 #if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) 00036 #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) 00037 #if MQX_USE_IO_OLD 00038 #include <fio.h> 00039 #else 00040 #include <nio.h> 00041 #endif 00042 #else 00043 #include <stdio.h> 00044 #endif 00045 #endif 00046 00047 00048 int SetCipherSpecs(WOLFSSL* ssl) 00049 { 00050 #ifndef NO_WOLFSSL_CLIENT 00051 if (ssl->options.side == WOLFSSL_CLIENT_END) { 00052 /* server side verified before SetCipherSpecs call */ 00053 if (VerifyClientSuite(ssl) != 1) { 00054 WOLFSSL_MSG("SetCipherSpecs() client has an unusuable suite"); 00055 return UNSUPPORTED_SUITE; 00056 } 00057 } 00058 #endif /* NO_WOLFSSL_CLIENT */ 00059 00060 /* Chacha extensions, 0xcc */ 00061 if (ssl->options.cipherSuite0 == CHACHA_BYTE) { 00062 00063 switch (ssl->options.cipherSuite) { 00064 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00065 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: 00066 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00067 ssl->specs.cipher_type = aead; 00068 ssl->specs.mac_algorithm = sha256_mac; 00069 ssl->specs.kea = ecc_diffie_hellman_kea; 00070 ssl->specs.sig_algo = rsa_sa_algo; 00071 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00072 ssl->specs.pad_size = PAD_SHA; 00073 ssl->specs.static_ecdh = 0; 00074 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00075 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00076 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00077 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00078 ssl->options.oldPoly = 1; /* use old poly1305 padding */ 00079 00080 break; 00081 #endif 00082 00083 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00084 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256: 00085 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00086 ssl->specs.cipher_type = aead; 00087 ssl->specs.mac_algorithm = sha256_mac; 00088 ssl->specs.kea = ecc_diffie_hellman_kea; 00089 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00090 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00091 ssl->specs.pad_size = PAD_SHA; 00092 ssl->specs.static_ecdh = 0; 00093 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00094 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00095 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00096 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00097 ssl->options.oldPoly = 1; /* use old poly1305 padding */ 00098 00099 break; 00100 #endif 00101 00102 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00103 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: 00104 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00105 ssl->specs.cipher_type = aead; 00106 ssl->specs.mac_algorithm = sha256_mac; 00107 ssl->specs.kea = diffie_hellman_kea; 00108 ssl->specs.sig_algo = rsa_sa_algo; 00109 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00110 ssl->specs.pad_size = PAD_SHA; 00111 ssl->specs.static_ecdh = 0; 00112 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00113 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00114 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00115 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00116 ssl->options.oldPoly = 1; /* use old poly1305 padding */ 00117 00118 break; 00119 #endif 00120 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00121 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 00122 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00123 ssl->specs.cipher_type = aead; 00124 ssl->specs.mac_algorithm = sha256_mac; 00125 ssl->specs.kea = ecc_diffie_hellman_kea; 00126 ssl->specs.sig_algo = rsa_sa_algo; 00127 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00128 ssl->specs.pad_size = PAD_SHA; 00129 ssl->specs.static_ecdh = 0; 00130 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00131 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00132 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00133 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00134 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00135 00136 break; 00137 #endif 00138 00139 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 00140 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: 00141 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00142 ssl->specs.cipher_type = aead; 00143 ssl->specs.mac_algorithm = sha256_mac; 00144 ssl->specs.kea = ecc_diffie_hellman_kea; 00145 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00146 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00147 ssl->specs.pad_size = PAD_SHA; 00148 ssl->specs.static_ecdh = 0; 00149 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00150 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00151 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00152 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00153 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00154 00155 break; 00156 #endif 00157 00158 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00159 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 00160 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00161 ssl->specs.cipher_type = aead; 00162 ssl->specs.mac_algorithm = sha256_mac; 00163 ssl->specs.kea = diffie_hellman_kea; 00164 ssl->specs.sig_algo = rsa_sa_algo; 00165 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00166 ssl->specs.pad_size = PAD_SHA; 00167 ssl->specs.static_ecdh = 0; 00168 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00169 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00170 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00171 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00172 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00173 00174 break; 00175 #endif 00176 00177 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 00178 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: 00179 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00180 ssl->specs.cipher_type = aead; 00181 ssl->specs.mac_algorithm = sha256_mac; 00182 ssl->specs.kea = psk_kea; 00183 ssl->specs.sig_algo = anonymous_sa_algo; 00184 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00185 ssl->specs.pad_size = PAD_SHA; 00186 ssl->specs.static_ecdh = 0; 00187 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00188 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00189 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00190 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00191 00192 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00193 ssl->options.usingPSK_cipher = 1; 00194 break; 00195 #endif 00196 00197 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00198 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: 00199 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00200 ssl->specs.cipher_type = aead; 00201 ssl->specs.mac_algorithm = sha256_mac; 00202 ssl->specs.kea = ecdhe_psk_kea; 00203 ssl->specs.sig_algo = anonymous_sa_algo; 00204 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00205 ssl->specs.pad_size = PAD_SHA; 00206 ssl->specs.static_ecdh = 0; 00207 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00208 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00209 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00210 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00211 00212 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00213 ssl->options.usingPSK_cipher = 1; 00214 break; 00215 #endif 00216 00217 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00218 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: 00219 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00220 ssl->specs.cipher_type = aead; 00221 ssl->specs.mac_algorithm = sha256_mac; 00222 ssl->specs.kea = dhe_psk_kea; 00223 ssl->specs.sig_algo = anonymous_sa_algo; 00224 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00225 ssl->specs.pad_size = PAD_SHA; 00226 ssl->specs.static_ecdh = 0; 00227 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00228 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00229 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00230 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00231 00232 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00233 ssl->options.usingPSK_cipher = 1; 00234 break; 00235 #endif 00236 default: 00237 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha"); 00238 return UNSUPPORTED_SUITE; 00239 } 00240 } 00241 00242 /* ECC extensions, or AES-CCM */ 00243 if (ssl->options.cipherSuite0 == ECC_BYTE) { 00244 00245 switch (ssl->options.cipherSuite) { 00246 00247 #ifdef HAVE_ECC 00248 00249 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00250 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : 00251 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00252 ssl->specs.cipher_type = block; 00253 ssl->specs.mac_algorithm = sha256_mac; 00254 ssl->specs.kea = ecc_diffie_hellman_kea; 00255 ssl->specs.sig_algo = rsa_sa_algo; 00256 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00257 ssl->specs.pad_size = PAD_SHA; 00258 ssl->specs.static_ecdh = 0; 00259 ssl->specs.key_size = AES_128_KEY_SIZE; 00260 ssl->specs.iv_size = AES_IV_SIZE; 00261 ssl->specs.block_size = AES_BLOCK_SIZE; 00262 break; 00263 #endif 00264 00265 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00266 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : 00267 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00268 ssl->specs.cipher_type = block; 00269 ssl->specs.mac_algorithm = sha256_mac; 00270 ssl->specs.kea = ecc_diffie_hellman_kea; 00271 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00272 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00273 ssl->specs.pad_size = PAD_SHA; 00274 ssl->specs.static_ecdh = 0; 00275 ssl->specs.key_size = AES_128_KEY_SIZE; 00276 ssl->specs.iv_size = AES_IV_SIZE; 00277 ssl->specs.block_size = AES_BLOCK_SIZE; 00278 break; 00279 #endif 00280 00281 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00282 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : 00283 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00284 ssl->specs.cipher_type = block; 00285 ssl->specs.mac_algorithm = sha256_mac; 00286 ssl->specs.kea = ecc_diffie_hellman_kea; 00287 ssl->specs.sig_algo = rsa_sa_algo; 00288 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00289 ssl->specs.pad_size = PAD_SHA; 00290 ssl->specs.static_ecdh = 1; 00291 ssl->specs.key_size = AES_128_KEY_SIZE; 00292 ssl->specs.iv_size = AES_IV_SIZE; 00293 ssl->specs.block_size = AES_BLOCK_SIZE; 00294 break; 00295 #endif 00296 00297 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00298 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : 00299 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00300 ssl->specs.cipher_type = block; 00301 ssl->specs.mac_algorithm = sha256_mac; 00302 ssl->specs.kea = ecc_diffie_hellman_kea; 00303 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00304 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00305 ssl->specs.pad_size = PAD_SHA; 00306 ssl->specs.static_ecdh = 1; 00307 ssl->specs.key_size = AES_128_KEY_SIZE; 00308 ssl->specs.iv_size = AES_IV_SIZE; 00309 ssl->specs.block_size = AES_BLOCK_SIZE; 00310 break; 00311 #endif 00312 00313 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00314 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : 00315 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00316 ssl->specs.cipher_type = block; 00317 ssl->specs.mac_algorithm = sha384_mac; 00318 ssl->specs.kea = ecc_diffie_hellman_kea; 00319 ssl->specs.sig_algo = rsa_sa_algo; 00320 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00321 ssl->specs.pad_size = PAD_SHA; 00322 ssl->specs.static_ecdh = 0; 00323 ssl->specs.key_size = AES_256_KEY_SIZE; 00324 ssl->specs.iv_size = AES_IV_SIZE; 00325 ssl->specs.block_size = AES_BLOCK_SIZE; 00326 break; 00327 #endif 00328 00329 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00330 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : 00331 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00332 ssl->specs.cipher_type = block; 00333 ssl->specs.mac_algorithm = sha384_mac; 00334 ssl->specs.kea = ecc_diffie_hellman_kea; 00335 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00336 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00337 ssl->specs.pad_size = PAD_SHA; 00338 ssl->specs.static_ecdh = 0; 00339 ssl->specs.key_size = AES_256_KEY_SIZE; 00340 ssl->specs.iv_size = AES_IV_SIZE; 00341 ssl->specs.block_size = AES_BLOCK_SIZE; 00342 break; 00343 #endif 00344 00345 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00346 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : 00347 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00348 ssl->specs.cipher_type = block; 00349 ssl->specs.mac_algorithm = sha384_mac; 00350 ssl->specs.kea = ecc_diffie_hellman_kea; 00351 ssl->specs.sig_algo = rsa_sa_algo; 00352 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00353 ssl->specs.pad_size = PAD_SHA; 00354 ssl->specs.static_ecdh = 1; 00355 ssl->specs.key_size = AES_256_KEY_SIZE; 00356 ssl->specs.iv_size = AES_IV_SIZE; 00357 ssl->specs.block_size = AES_BLOCK_SIZE; 00358 break; 00359 #endif 00360 00361 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00362 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : 00363 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00364 ssl->specs.cipher_type = block; 00365 ssl->specs.mac_algorithm = sha384_mac; 00366 ssl->specs.kea = ecc_diffie_hellman_kea; 00367 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00368 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00369 ssl->specs.pad_size = PAD_SHA; 00370 ssl->specs.static_ecdh = 1; 00371 ssl->specs.key_size = AES_256_KEY_SIZE; 00372 ssl->specs.iv_size = AES_IV_SIZE; 00373 ssl->specs.block_size = AES_BLOCK_SIZE; 00374 break; 00375 #endif 00376 00377 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00378 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : 00379 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00380 ssl->specs.cipher_type = block; 00381 ssl->specs.mac_algorithm = sha_mac; 00382 ssl->specs.kea = ecc_diffie_hellman_kea; 00383 ssl->specs.sig_algo = rsa_sa_algo; 00384 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00385 ssl->specs.pad_size = PAD_SHA; 00386 ssl->specs.static_ecdh = 0; 00387 ssl->specs.key_size = AES_128_KEY_SIZE; 00388 ssl->specs.block_size = AES_BLOCK_SIZE; 00389 ssl->specs.iv_size = AES_IV_SIZE; 00390 00391 break; 00392 #endif 00393 00394 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00395 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : 00396 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00397 ssl->specs.cipher_type = block; 00398 ssl->specs.mac_algorithm = sha_mac; 00399 ssl->specs.kea = ecc_diffie_hellman_kea; 00400 ssl->specs.sig_algo = rsa_sa_algo; 00401 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00402 ssl->specs.pad_size = PAD_SHA; 00403 ssl->specs.static_ecdh = 1; 00404 ssl->specs.key_size = AES_128_KEY_SIZE; 00405 ssl->specs.block_size = AES_BLOCK_SIZE; 00406 ssl->specs.iv_size = AES_IV_SIZE; 00407 00408 break; 00409 #endif 00410 00411 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00412 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : 00413 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00414 ssl->specs.cipher_type = block; 00415 ssl->specs.mac_algorithm = sha_mac; 00416 ssl->specs.kea = ecc_diffie_hellman_kea; 00417 ssl->specs.sig_algo = rsa_sa_algo; 00418 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00419 ssl->specs.pad_size = PAD_SHA; 00420 ssl->specs.static_ecdh = 0; 00421 ssl->specs.key_size = DES3_KEY_SIZE; 00422 ssl->specs.block_size = DES_BLOCK_SIZE; 00423 ssl->specs.iv_size = DES_IV_SIZE; 00424 00425 break; 00426 #endif 00427 00428 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00429 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : 00430 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00431 ssl->specs.cipher_type = block; 00432 ssl->specs.mac_algorithm = sha_mac; 00433 ssl->specs.kea = ecc_diffie_hellman_kea; 00434 ssl->specs.sig_algo = rsa_sa_algo; 00435 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00436 ssl->specs.pad_size = PAD_SHA; 00437 ssl->specs.static_ecdh = 1; 00438 ssl->specs.key_size = DES3_KEY_SIZE; 00439 ssl->specs.block_size = DES_BLOCK_SIZE; 00440 ssl->specs.iv_size = DES_IV_SIZE; 00441 00442 break; 00443 #endif 00444 00445 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00446 case TLS_ECDHE_RSA_WITH_RC4_128_SHA : 00447 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00448 ssl->specs.cipher_type = stream; 00449 ssl->specs.mac_algorithm = sha_mac; 00450 ssl->specs.kea = ecc_diffie_hellman_kea; 00451 ssl->specs.sig_algo = rsa_sa_algo; 00452 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00453 ssl->specs.pad_size = PAD_SHA; 00454 ssl->specs.static_ecdh = 0; 00455 ssl->specs.key_size = RC4_KEY_SIZE; 00456 ssl->specs.iv_size = 0; 00457 ssl->specs.block_size = 0; 00458 00459 break; 00460 #endif 00461 00462 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA 00463 case TLS_ECDH_RSA_WITH_RC4_128_SHA : 00464 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00465 ssl->specs.cipher_type = stream; 00466 ssl->specs.mac_algorithm = sha_mac; 00467 ssl->specs.kea = ecc_diffie_hellman_kea; 00468 ssl->specs.sig_algo = rsa_sa_algo; 00469 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00470 ssl->specs.pad_size = PAD_SHA; 00471 ssl->specs.static_ecdh = 1; 00472 ssl->specs.key_size = RC4_KEY_SIZE; 00473 ssl->specs.iv_size = 0; 00474 ssl->specs.block_size = 0; 00475 00476 break; 00477 #endif 00478 00479 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00480 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : 00481 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00482 ssl->specs.cipher_type = block; 00483 ssl->specs.mac_algorithm = sha_mac; 00484 ssl->specs.kea = ecc_diffie_hellman_kea; 00485 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00486 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00487 ssl->specs.pad_size = PAD_SHA; 00488 ssl->specs.static_ecdh = 0; 00489 ssl->specs.key_size = DES3_KEY_SIZE; 00490 ssl->specs.block_size = DES_BLOCK_SIZE; 00491 ssl->specs.iv_size = DES_IV_SIZE; 00492 00493 break; 00494 #endif 00495 00496 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00497 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : 00498 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00499 ssl->specs.cipher_type = block; 00500 ssl->specs.mac_algorithm = sha_mac; 00501 ssl->specs.kea = ecc_diffie_hellman_kea; 00502 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00503 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00504 ssl->specs.pad_size = PAD_SHA; 00505 ssl->specs.static_ecdh = 1; 00506 ssl->specs.key_size = DES3_KEY_SIZE; 00507 ssl->specs.block_size = DES_BLOCK_SIZE; 00508 ssl->specs.iv_size = DES_IV_SIZE; 00509 00510 break; 00511 #endif 00512 00513 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00514 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : 00515 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00516 ssl->specs.cipher_type = stream; 00517 ssl->specs.mac_algorithm = sha_mac; 00518 ssl->specs.kea = ecc_diffie_hellman_kea; 00519 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00520 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00521 ssl->specs.pad_size = PAD_SHA; 00522 ssl->specs.static_ecdh = 0; 00523 ssl->specs.key_size = RC4_KEY_SIZE; 00524 ssl->specs.iv_size = 0; 00525 ssl->specs.block_size = 0; 00526 00527 break; 00528 #endif 00529 00530 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00531 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : 00532 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00533 ssl->specs.cipher_type = stream; 00534 ssl->specs.mac_algorithm = sha_mac; 00535 ssl->specs.kea = ecc_diffie_hellman_kea; 00536 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00537 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00538 ssl->specs.pad_size = PAD_SHA; 00539 ssl->specs.static_ecdh = 1; 00540 ssl->specs.key_size = RC4_KEY_SIZE; 00541 ssl->specs.iv_size = 0; 00542 ssl->specs.block_size = 0; 00543 00544 break; 00545 #endif 00546 00547 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00548 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : 00549 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00550 ssl->specs.cipher_type = block; 00551 ssl->specs.mac_algorithm = sha_mac; 00552 ssl->specs.kea = ecc_diffie_hellman_kea; 00553 ssl->specs.sig_algo = rsa_sa_algo; 00554 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00555 ssl->specs.pad_size = PAD_SHA; 00556 ssl->specs.static_ecdh = 0; 00557 ssl->specs.key_size = AES_256_KEY_SIZE; 00558 ssl->specs.block_size = AES_BLOCK_SIZE; 00559 ssl->specs.iv_size = AES_IV_SIZE; 00560 00561 break; 00562 #endif 00563 00564 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00565 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : 00566 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00567 ssl->specs.cipher_type = block; 00568 ssl->specs.mac_algorithm = sha_mac; 00569 ssl->specs.kea = ecc_diffie_hellman_kea; 00570 ssl->specs.sig_algo = rsa_sa_algo; 00571 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00572 ssl->specs.pad_size = PAD_SHA; 00573 ssl->specs.static_ecdh = 1; 00574 ssl->specs.key_size = AES_256_KEY_SIZE; 00575 ssl->specs.block_size = AES_BLOCK_SIZE; 00576 ssl->specs.iv_size = AES_IV_SIZE; 00577 00578 break; 00579 #endif 00580 00581 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00582 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : 00583 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00584 ssl->specs.cipher_type = block; 00585 ssl->specs.mac_algorithm = sha_mac; 00586 ssl->specs.kea = ecc_diffie_hellman_kea; 00587 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00588 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00589 ssl->specs.pad_size = PAD_SHA; 00590 ssl->specs.static_ecdh = 0; 00591 ssl->specs.key_size = AES_128_KEY_SIZE; 00592 ssl->specs.block_size = AES_BLOCK_SIZE; 00593 ssl->specs.iv_size = AES_IV_SIZE; 00594 00595 break; 00596 #endif 00597 00598 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00599 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : 00600 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00601 ssl->specs.cipher_type = block; 00602 ssl->specs.mac_algorithm = sha_mac; 00603 ssl->specs.kea = ecc_diffie_hellman_kea; 00604 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00605 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00606 ssl->specs.pad_size = PAD_SHA; 00607 ssl->specs.static_ecdh = 1; 00608 ssl->specs.key_size = AES_128_KEY_SIZE; 00609 ssl->specs.block_size = AES_BLOCK_SIZE; 00610 ssl->specs.iv_size = AES_IV_SIZE; 00611 00612 break; 00613 #endif 00614 00615 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00616 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : 00617 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00618 ssl->specs.cipher_type = block; 00619 ssl->specs.mac_algorithm = sha_mac; 00620 ssl->specs.kea = ecc_diffie_hellman_kea; 00621 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00622 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00623 ssl->specs.pad_size = PAD_SHA; 00624 ssl->specs.static_ecdh = 0; 00625 ssl->specs.key_size = AES_256_KEY_SIZE; 00626 ssl->specs.block_size = AES_BLOCK_SIZE; 00627 ssl->specs.iv_size = AES_IV_SIZE; 00628 00629 break; 00630 #endif 00631 00632 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00633 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : 00634 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00635 ssl->specs.cipher_type = block; 00636 ssl->specs.mac_algorithm = sha_mac; 00637 ssl->specs.kea = ecc_diffie_hellman_kea; 00638 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00639 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00640 ssl->specs.pad_size = PAD_SHA; 00641 ssl->specs.static_ecdh = 1; 00642 ssl->specs.key_size = AES_256_KEY_SIZE; 00643 ssl->specs.block_size = AES_BLOCK_SIZE; 00644 ssl->specs.iv_size = AES_IV_SIZE; 00645 00646 break; 00647 #endif 00648 00649 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00650 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 00651 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00652 ssl->specs.cipher_type = aead; 00653 ssl->specs.mac_algorithm = sha256_mac; 00654 ssl->specs.kea = ecc_diffie_hellman_kea; 00655 ssl->specs.sig_algo = rsa_sa_algo; 00656 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00657 ssl->specs.pad_size = PAD_SHA; 00658 ssl->specs.static_ecdh = 0; 00659 ssl->specs.key_size = AES_128_KEY_SIZE; 00660 ssl->specs.block_size = AES_BLOCK_SIZE; 00661 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00662 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00663 00664 break; 00665 #endif 00666 00667 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00668 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : 00669 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00670 ssl->specs.cipher_type = aead; 00671 ssl->specs.mac_algorithm = sha384_mac; 00672 ssl->specs.kea = ecc_diffie_hellman_kea; 00673 ssl->specs.sig_algo = rsa_sa_algo; 00674 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00675 ssl->specs.pad_size = PAD_SHA; 00676 ssl->specs.static_ecdh = 0; 00677 ssl->specs.key_size = AES_256_KEY_SIZE; 00678 ssl->specs.block_size = AES_BLOCK_SIZE; 00679 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00680 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00681 00682 break; 00683 #endif 00684 00685 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00686 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : 00687 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00688 ssl->specs.cipher_type = aead; 00689 ssl->specs.mac_algorithm = sha256_mac; 00690 ssl->specs.kea = ecc_diffie_hellman_kea; 00691 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00692 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00693 ssl->specs.pad_size = PAD_SHA; 00694 ssl->specs.static_ecdh = 0; 00695 ssl->specs.key_size = AES_128_KEY_SIZE; 00696 ssl->specs.block_size = AES_BLOCK_SIZE; 00697 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00698 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00699 00700 break; 00701 #endif 00702 00703 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00704 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : 00705 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00706 ssl->specs.cipher_type = aead; 00707 ssl->specs.mac_algorithm = sha384_mac; 00708 ssl->specs.kea = ecc_diffie_hellman_kea; 00709 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00710 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00711 ssl->specs.pad_size = PAD_SHA; 00712 ssl->specs.static_ecdh = 0; 00713 ssl->specs.key_size = AES_256_KEY_SIZE; 00714 ssl->specs.block_size = AES_BLOCK_SIZE; 00715 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00716 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00717 00718 break; 00719 #endif 00720 00721 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00722 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : 00723 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00724 ssl->specs.cipher_type = aead; 00725 ssl->specs.mac_algorithm = sha256_mac; 00726 ssl->specs.kea = ecc_diffie_hellman_kea; 00727 ssl->specs.sig_algo = rsa_sa_algo; 00728 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00729 ssl->specs.pad_size = PAD_SHA; 00730 ssl->specs.static_ecdh = 1; 00731 ssl->specs.key_size = AES_128_KEY_SIZE; 00732 ssl->specs.block_size = AES_BLOCK_SIZE; 00733 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00734 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00735 00736 break; 00737 #endif 00738 00739 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00740 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : 00741 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00742 ssl->specs.cipher_type = aead; 00743 ssl->specs.mac_algorithm = sha384_mac; 00744 ssl->specs.kea = ecc_diffie_hellman_kea; 00745 ssl->specs.sig_algo = rsa_sa_algo; 00746 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00747 ssl->specs.pad_size = PAD_SHA; 00748 ssl->specs.static_ecdh = 1; 00749 ssl->specs.key_size = AES_256_KEY_SIZE; 00750 ssl->specs.block_size = AES_BLOCK_SIZE; 00751 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00752 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00753 00754 break; 00755 #endif 00756 00757 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00758 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : 00759 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00760 ssl->specs.cipher_type = aead; 00761 ssl->specs.mac_algorithm = sha256_mac; 00762 ssl->specs.kea = ecc_diffie_hellman_kea; 00763 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00764 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00765 ssl->specs.pad_size = PAD_SHA; 00766 ssl->specs.static_ecdh = 1; 00767 ssl->specs.key_size = AES_128_KEY_SIZE; 00768 ssl->specs.block_size = AES_BLOCK_SIZE; 00769 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00770 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00771 00772 break; 00773 #endif 00774 00775 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00776 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : 00777 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00778 ssl->specs.cipher_type = aead; 00779 ssl->specs.mac_algorithm = sha384_mac; 00780 ssl->specs.kea = ecc_diffie_hellman_kea; 00781 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00782 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00783 ssl->specs.pad_size = PAD_SHA; 00784 ssl->specs.static_ecdh = 1; 00785 ssl->specs.key_size = AES_256_KEY_SIZE; 00786 ssl->specs.block_size = AES_BLOCK_SIZE; 00787 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00788 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00789 00790 break; 00791 #endif 00792 00793 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 00794 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : 00795 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00796 ssl->specs.cipher_type = aead; 00797 ssl->specs.mac_algorithm = sha256_mac; 00798 ssl->specs.kea = ecc_diffie_hellman_kea; 00799 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00800 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00801 ssl->specs.pad_size = PAD_SHA; 00802 ssl->specs.static_ecdh = 0; 00803 ssl->specs.key_size = AES_128_KEY_SIZE; 00804 ssl->specs.block_size = AES_BLOCK_SIZE; 00805 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00806 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00807 00808 break; 00809 #endif 00810 00811 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 00812 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : 00813 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00814 ssl->specs.cipher_type = aead; 00815 ssl->specs.mac_algorithm = sha256_mac; 00816 ssl->specs.kea = ecc_diffie_hellman_kea; 00817 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00818 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00819 ssl->specs.pad_size = PAD_SHA; 00820 ssl->specs.static_ecdh = 0; 00821 ssl->specs.key_size = AES_256_KEY_SIZE; 00822 ssl->specs.block_size = AES_BLOCK_SIZE; 00823 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00824 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00825 00826 break; 00827 #endif 00828 00829 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00830 case TLS_ECDHE_ECDSA_WITH_NULL_SHA : 00831 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 00832 ssl->specs.cipher_type = stream; 00833 ssl->specs.mac_algorithm = sha_mac; 00834 ssl->specs.kea = ecc_diffie_hellman_kea; 00835 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00836 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00837 ssl->specs.pad_size = PAD_SHA; 00838 ssl->specs.static_ecdh = 0; 00839 ssl->specs.key_size = 0; 00840 ssl->specs.block_size = 0; 00841 ssl->specs.iv_size = 0; 00842 00843 break; 00844 #endif 00845 00846 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 00847 case TLS_ECDHE_PSK_WITH_NULL_SHA256 : 00848 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 00849 ssl->specs.cipher_type = stream; 00850 ssl->specs.mac_algorithm = sha256_mac; 00851 ssl->specs.kea = ecdhe_psk_kea; 00852 ssl->specs.sig_algo = anonymous_sa_algo; 00853 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00854 ssl->specs.pad_size = PAD_SHA; 00855 ssl->specs.static_ecdh = 0; 00856 ssl->specs.key_size = 0; 00857 ssl->specs.block_size = 0; 00858 ssl->specs.iv_size = 0; 00859 00860 ssl->options.usingPSK_cipher = 1; 00861 break; 00862 #endif 00863 00864 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00865 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : 00866 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00867 ssl->specs.cipher_type = block; 00868 ssl->specs.mac_algorithm = sha256_mac; 00869 ssl->specs.kea = ecdhe_psk_kea; 00870 ssl->specs.sig_algo = anonymous_sa_algo; 00871 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00872 ssl->specs.pad_size = PAD_SHA; 00873 ssl->specs.static_ecdh = 0; 00874 ssl->specs.key_size = AES_128_KEY_SIZE; 00875 ssl->specs.block_size = AES_BLOCK_SIZE; 00876 ssl->specs.iv_size = AES_IV_SIZE; 00877 00878 ssl->options.usingPSK_cipher = 1; 00879 break; 00880 #endif 00881 #endif /* HAVE_ECC */ 00882 00883 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 00884 case TLS_RSA_WITH_AES_128_CCM_8 : 00885 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00886 ssl->specs.cipher_type = aead; 00887 ssl->specs.mac_algorithm = sha256_mac; 00888 ssl->specs.kea = rsa_kea; 00889 ssl->specs.sig_algo = rsa_sa_algo; 00890 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00891 ssl->specs.pad_size = PAD_SHA; 00892 ssl->specs.static_ecdh = 0; 00893 ssl->specs.key_size = AES_128_KEY_SIZE; 00894 ssl->specs.block_size = AES_BLOCK_SIZE; 00895 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00896 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00897 00898 break; 00899 #endif 00900 00901 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 00902 case TLS_RSA_WITH_AES_256_CCM_8 : 00903 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00904 ssl->specs.cipher_type = aead; 00905 ssl->specs.mac_algorithm = sha256_mac; 00906 ssl->specs.kea = rsa_kea; 00907 ssl->specs.sig_algo = rsa_sa_algo; 00908 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00909 ssl->specs.pad_size = PAD_SHA; 00910 ssl->specs.static_ecdh = 0; 00911 ssl->specs.key_size = AES_256_KEY_SIZE; 00912 ssl->specs.block_size = AES_BLOCK_SIZE; 00913 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00914 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00915 00916 break; 00917 #endif 00918 00919 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 00920 case TLS_PSK_WITH_AES_128_CCM_8 : 00921 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00922 ssl->specs.cipher_type = aead; 00923 ssl->specs.mac_algorithm = sha256_mac; 00924 ssl->specs.kea = psk_kea; 00925 ssl->specs.sig_algo = anonymous_sa_algo; 00926 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00927 ssl->specs.pad_size = PAD_SHA; 00928 ssl->specs.static_ecdh = 0; 00929 ssl->specs.key_size = AES_128_KEY_SIZE; 00930 ssl->specs.block_size = AES_BLOCK_SIZE; 00931 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00932 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00933 00934 ssl->options.usingPSK_cipher = 1; 00935 break; 00936 #endif 00937 00938 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 00939 case TLS_PSK_WITH_AES_256_CCM_8 : 00940 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00941 ssl->specs.cipher_type = aead; 00942 ssl->specs.mac_algorithm = sha256_mac; 00943 ssl->specs.kea = psk_kea; 00944 ssl->specs.sig_algo = anonymous_sa_algo; 00945 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00946 ssl->specs.pad_size = PAD_SHA; 00947 ssl->specs.static_ecdh = 0; 00948 ssl->specs.key_size = AES_256_KEY_SIZE; 00949 ssl->specs.block_size = AES_BLOCK_SIZE; 00950 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00951 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00952 00953 ssl->options.usingPSK_cipher = 1; 00954 break; 00955 #endif 00956 00957 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM 00958 case TLS_PSK_WITH_AES_128_CCM : 00959 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00960 ssl->specs.cipher_type = aead; 00961 ssl->specs.mac_algorithm = sha256_mac; 00962 ssl->specs.kea = psk_kea; 00963 ssl->specs.sig_algo = anonymous_sa_algo; 00964 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00965 ssl->specs.pad_size = PAD_SHA; 00966 ssl->specs.static_ecdh = 0; 00967 ssl->specs.key_size = AES_128_KEY_SIZE; 00968 ssl->specs.block_size = AES_BLOCK_SIZE; 00969 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00970 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 00971 00972 ssl->options.usingPSK_cipher = 1; 00973 break; 00974 #endif 00975 00976 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM 00977 case TLS_PSK_WITH_AES_256_CCM : 00978 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00979 ssl->specs.cipher_type = aead; 00980 ssl->specs.mac_algorithm = sha256_mac; 00981 ssl->specs.kea = psk_kea; 00982 ssl->specs.sig_algo = anonymous_sa_algo; 00983 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00984 ssl->specs.pad_size = PAD_SHA; 00985 ssl->specs.static_ecdh = 0; 00986 ssl->specs.key_size = AES_256_KEY_SIZE; 00987 ssl->specs.block_size = AES_BLOCK_SIZE; 00988 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00989 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 00990 00991 ssl->options.usingPSK_cipher = 1; 00992 break; 00993 #endif 00994 00995 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM 00996 case TLS_DHE_PSK_WITH_AES_128_CCM : 00997 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00998 ssl->specs.cipher_type = aead; 00999 ssl->specs.mac_algorithm = sha256_mac; 01000 ssl->specs.kea = dhe_psk_kea; 01001 ssl->specs.sig_algo = anonymous_sa_algo; 01002 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01003 ssl->specs.pad_size = PAD_SHA; 01004 ssl->specs.static_ecdh = 0; 01005 ssl->specs.key_size = AES_128_KEY_SIZE; 01006 ssl->specs.block_size = AES_BLOCK_SIZE; 01007 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01008 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 01009 01010 ssl->options.usingPSK_cipher = 1; 01011 break; 01012 #endif 01013 01014 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM 01015 case TLS_DHE_PSK_WITH_AES_256_CCM : 01016 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 01017 ssl->specs.cipher_type = aead; 01018 ssl->specs.mac_algorithm = sha256_mac; 01019 ssl->specs.kea = dhe_psk_kea; 01020 ssl->specs.sig_algo = anonymous_sa_algo; 01021 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01022 ssl->specs.pad_size = PAD_SHA; 01023 ssl->specs.static_ecdh = 0; 01024 ssl->specs.key_size = AES_256_KEY_SIZE; 01025 ssl->specs.block_size = AES_BLOCK_SIZE; 01026 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01027 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 01028 01029 ssl->options.usingPSK_cipher = 1; 01030 break; 01031 #endif 01032 01033 default: 01034 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC"); 01035 return UNSUPPORTED_SUITE; 01036 } /* switch */ 01037 } /* if */ 01038 if (ssl->options.cipherSuite0 != ECC_BYTE && 01039 ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */ 01040 switch (ssl->options.cipherSuite) { 01041 01042 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA 01043 case SSL_RSA_WITH_RC4_128_SHA : 01044 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 01045 ssl->specs.cipher_type = stream; 01046 ssl->specs.mac_algorithm = sha_mac; 01047 ssl->specs.kea = rsa_kea; 01048 ssl->specs.sig_algo = rsa_sa_algo; 01049 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01050 ssl->specs.pad_size = PAD_SHA; 01051 ssl->specs.static_ecdh = 0; 01052 ssl->specs.key_size = RC4_KEY_SIZE; 01053 ssl->specs.iv_size = 0; 01054 ssl->specs.block_size = 0; 01055 01056 break; 01057 #endif 01058 01059 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA 01060 case TLS_NTRU_RSA_WITH_RC4_128_SHA : 01061 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 01062 ssl->specs.cipher_type = stream; 01063 ssl->specs.mac_algorithm = sha_mac; 01064 ssl->specs.kea = ntru_kea; 01065 ssl->specs.sig_algo = rsa_sa_algo; 01066 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01067 ssl->specs.pad_size = PAD_SHA; 01068 ssl->specs.static_ecdh = 0; 01069 ssl->specs.key_size = RC4_KEY_SIZE; 01070 ssl->specs.iv_size = 0; 01071 ssl->specs.block_size = 0; 01072 01073 break; 01074 #endif 01075 01076 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 01077 case SSL_RSA_WITH_RC4_128_MD5 : 01078 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 01079 ssl->specs.cipher_type = stream; 01080 ssl->specs.mac_algorithm = md5_mac; 01081 ssl->specs.kea = rsa_kea; 01082 ssl->specs.sig_algo = rsa_sa_algo; 01083 ssl->specs.hash_size = MD5_DIGEST_SIZE; 01084 ssl->specs.pad_size = PAD_MD5; 01085 ssl->specs.static_ecdh = 0; 01086 ssl->specs.key_size = RC4_KEY_SIZE; 01087 ssl->specs.iv_size = 0; 01088 ssl->specs.block_size = 0; 01089 01090 break; 01091 #endif 01092 01093 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 01094 case SSL_RSA_WITH_3DES_EDE_CBC_SHA : 01095 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 01096 ssl->specs.cipher_type = block; 01097 ssl->specs.mac_algorithm = sha_mac; 01098 ssl->specs.kea = rsa_kea; 01099 ssl->specs.sig_algo = rsa_sa_algo; 01100 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01101 ssl->specs.pad_size = PAD_SHA; 01102 ssl->specs.static_ecdh = 0; 01103 ssl->specs.key_size = DES3_KEY_SIZE; 01104 ssl->specs.block_size = DES_BLOCK_SIZE; 01105 ssl->specs.iv_size = DES_IV_SIZE; 01106 01107 break; 01108 #endif 01109 01110 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA 01111 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : 01112 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 01113 ssl->specs.cipher_type = block; 01114 ssl->specs.mac_algorithm = sha_mac; 01115 ssl->specs.kea = ntru_kea; 01116 ssl->specs.sig_algo = rsa_sa_algo; 01117 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01118 ssl->specs.pad_size = PAD_SHA; 01119 ssl->specs.static_ecdh = 0; 01120 ssl->specs.key_size = DES3_KEY_SIZE; 01121 ssl->specs.block_size = DES_BLOCK_SIZE; 01122 ssl->specs.iv_size = DES_IV_SIZE; 01123 01124 break; 01125 #endif 01126 01127 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 01128 case TLS_RSA_WITH_AES_128_CBC_SHA : 01129 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01130 ssl->specs.cipher_type = block; 01131 ssl->specs.mac_algorithm = sha_mac; 01132 ssl->specs.kea = rsa_kea; 01133 ssl->specs.sig_algo = rsa_sa_algo; 01134 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01135 ssl->specs.pad_size = PAD_SHA; 01136 ssl->specs.static_ecdh = 0; 01137 ssl->specs.key_size = AES_128_KEY_SIZE; 01138 ssl->specs.block_size = AES_BLOCK_SIZE; 01139 ssl->specs.iv_size = AES_IV_SIZE; 01140 01141 break; 01142 #endif 01143 01144 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 01145 case TLS_RSA_WITH_AES_128_CBC_SHA256 : 01146 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01147 ssl->specs.cipher_type = block; 01148 ssl->specs.mac_algorithm = sha256_mac; 01149 ssl->specs.kea = rsa_kea; 01150 ssl->specs.sig_algo = rsa_sa_algo; 01151 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01152 ssl->specs.pad_size = PAD_SHA; 01153 ssl->specs.static_ecdh = 0; 01154 ssl->specs.key_size = AES_128_KEY_SIZE; 01155 ssl->specs.block_size = AES_BLOCK_SIZE; 01156 ssl->specs.iv_size = AES_IV_SIZE; 01157 01158 break; 01159 #endif 01160 01161 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA 01162 case TLS_RSA_WITH_NULL_SHA : 01163 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01164 ssl->specs.cipher_type = stream; 01165 ssl->specs.mac_algorithm = sha_mac; 01166 ssl->specs.kea = rsa_kea; 01167 ssl->specs.sig_algo = rsa_sa_algo; 01168 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01169 ssl->specs.pad_size = PAD_SHA; 01170 ssl->specs.static_ecdh = 0; 01171 ssl->specs.key_size = 0; 01172 ssl->specs.block_size = 0; 01173 ssl->specs.iv_size = 0; 01174 01175 break; 01176 #endif 01177 01178 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 01179 case TLS_RSA_WITH_NULL_SHA256 : 01180 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01181 ssl->specs.cipher_type = stream; 01182 ssl->specs.mac_algorithm = sha256_mac; 01183 ssl->specs.kea = rsa_kea; 01184 ssl->specs.sig_algo = rsa_sa_algo; 01185 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01186 ssl->specs.pad_size = PAD_SHA; 01187 ssl->specs.static_ecdh = 0; 01188 ssl->specs.key_size = 0; 01189 ssl->specs.block_size = 0; 01190 ssl->specs.iv_size = 0; 01191 01192 break; 01193 #endif 01194 01195 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA 01196 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : 01197 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01198 ssl->specs.cipher_type = block; 01199 ssl->specs.mac_algorithm = sha_mac; 01200 ssl->specs.kea = ntru_kea; 01201 ssl->specs.sig_algo = rsa_sa_algo; 01202 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01203 ssl->specs.pad_size = PAD_SHA; 01204 ssl->specs.static_ecdh = 0; 01205 ssl->specs.key_size = AES_128_KEY_SIZE; 01206 ssl->specs.block_size = AES_BLOCK_SIZE; 01207 ssl->specs.iv_size = AES_IV_SIZE; 01208 01209 break; 01210 #endif 01211 01212 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 01213 case TLS_RSA_WITH_AES_256_CBC_SHA : 01214 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01215 ssl->specs.cipher_type = block; 01216 ssl->specs.mac_algorithm = sha_mac; 01217 ssl->specs.kea = rsa_kea; 01218 ssl->specs.sig_algo = rsa_sa_algo; 01219 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01220 ssl->specs.pad_size = PAD_SHA; 01221 ssl->specs.static_ecdh = 0; 01222 ssl->specs.key_size = AES_256_KEY_SIZE; 01223 ssl->specs.block_size = AES_BLOCK_SIZE; 01224 ssl->specs.iv_size = AES_IV_SIZE; 01225 01226 break; 01227 #endif 01228 01229 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 01230 case TLS_RSA_WITH_AES_256_CBC_SHA256 : 01231 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01232 ssl->specs.cipher_type = block; 01233 ssl->specs.mac_algorithm = sha256_mac; 01234 ssl->specs.kea = rsa_kea; 01235 ssl->specs.sig_algo = rsa_sa_algo; 01236 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01237 ssl->specs.pad_size = PAD_SHA; 01238 ssl->specs.static_ecdh = 0; 01239 ssl->specs.key_size = AES_256_KEY_SIZE; 01240 ssl->specs.block_size = AES_BLOCK_SIZE; 01241 ssl->specs.iv_size = AES_IV_SIZE; 01242 01243 break; 01244 #endif 01245 01246 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA 01247 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : 01248 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01249 ssl->specs.cipher_type = block; 01250 ssl->specs.mac_algorithm = sha_mac; 01251 ssl->specs.kea = ntru_kea; 01252 ssl->specs.sig_algo = rsa_sa_algo; 01253 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01254 ssl->specs.pad_size = PAD_SHA; 01255 ssl->specs.static_ecdh = 0; 01256 ssl->specs.key_size = AES_256_KEY_SIZE; 01257 ssl->specs.block_size = AES_BLOCK_SIZE; 01258 ssl->specs.iv_size = AES_IV_SIZE; 01259 01260 break; 01261 #endif 01262 01263 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 01264 case TLS_PSK_WITH_AES_128_GCM_SHA256 : 01265 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01266 ssl->specs.cipher_type = aead; 01267 ssl->specs.mac_algorithm = sha256_mac; 01268 ssl->specs.kea = psk_kea; 01269 ssl->specs.sig_algo = anonymous_sa_algo; 01270 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01271 ssl->specs.pad_size = PAD_SHA; 01272 ssl->specs.static_ecdh = 0; 01273 ssl->specs.key_size = AES_128_KEY_SIZE; 01274 ssl->specs.block_size = AES_BLOCK_SIZE; 01275 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01276 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01277 01278 ssl->options.usingPSK_cipher = 1; 01279 break; 01280 #endif 01281 01282 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 01283 case TLS_PSK_WITH_AES_256_GCM_SHA384 : 01284 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01285 ssl->specs.cipher_type = aead; 01286 ssl->specs.mac_algorithm = sha384_mac; 01287 ssl->specs.kea = psk_kea; 01288 ssl->specs.sig_algo = anonymous_sa_algo; 01289 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01290 ssl->specs.pad_size = PAD_SHA; 01291 ssl->specs.static_ecdh = 0; 01292 ssl->specs.key_size = AES_256_KEY_SIZE; 01293 ssl->specs.block_size = AES_BLOCK_SIZE; 01294 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01295 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01296 01297 ssl->options.usingPSK_cipher = 1; 01298 break; 01299 #endif 01300 01301 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01302 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : 01303 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01304 ssl->specs.cipher_type = aead; 01305 ssl->specs.mac_algorithm = sha256_mac; 01306 ssl->specs.kea = dhe_psk_kea; 01307 ssl->specs.sig_algo = anonymous_sa_algo; 01308 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01309 ssl->specs.pad_size = PAD_SHA; 01310 ssl->specs.static_ecdh = 0; 01311 ssl->specs.key_size = AES_128_KEY_SIZE; 01312 ssl->specs.block_size = AES_BLOCK_SIZE; 01313 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01314 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01315 01316 ssl->options.usingPSK_cipher = 1; 01317 break; 01318 #endif 01319 01320 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01321 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : 01322 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01323 ssl->specs.cipher_type = aead; 01324 ssl->specs.mac_algorithm = sha384_mac; 01325 ssl->specs.kea = dhe_psk_kea; 01326 ssl->specs.sig_algo = anonymous_sa_algo; 01327 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01328 ssl->specs.pad_size = PAD_SHA; 01329 ssl->specs.static_ecdh = 0; 01330 ssl->specs.key_size = AES_256_KEY_SIZE; 01331 ssl->specs.block_size = AES_BLOCK_SIZE; 01332 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01333 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01334 01335 ssl->options.usingPSK_cipher = 1; 01336 break; 01337 #endif 01338 01339 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 01340 case TLS_PSK_WITH_AES_128_CBC_SHA256 : 01341 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01342 ssl->specs.cipher_type = block; 01343 ssl->specs.mac_algorithm = sha256_mac; 01344 ssl->specs.kea = psk_kea; 01345 ssl->specs.sig_algo = anonymous_sa_algo; 01346 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01347 ssl->specs.pad_size = PAD_SHA; 01348 ssl->specs.static_ecdh = 0; 01349 ssl->specs.key_size = AES_128_KEY_SIZE; 01350 ssl->specs.block_size = AES_BLOCK_SIZE; 01351 ssl->specs.iv_size = AES_IV_SIZE; 01352 01353 ssl->options.usingPSK_cipher = 1; 01354 break; 01355 #endif 01356 01357 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 01358 case TLS_PSK_WITH_AES_256_CBC_SHA384 : 01359 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01360 ssl->specs.cipher_type = block; 01361 ssl->specs.mac_algorithm = sha384_mac; 01362 ssl->specs.kea = psk_kea; 01363 ssl->specs.sig_algo = anonymous_sa_algo; 01364 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01365 ssl->specs.pad_size = PAD_SHA; 01366 ssl->specs.static_ecdh = 0; 01367 ssl->specs.key_size = AES_256_KEY_SIZE; 01368 ssl->specs.block_size = AES_BLOCK_SIZE; 01369 ssl->specs.iv_size = AES_IV_SIZE; 01370 01371 ssl->options.usingPSK_cipher = 1; 01372 break; 01373 #endif 01374 01375 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01376 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : 01377 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01378 ssl->specs.cipher_type = block; 01379 ssl->specs.mac_algorithm = sha256_mac; 01380 ssl->specs.kea = dhe_psk_kea; 01381 ssl->specs.sig_algo = anonymous_sa_algo; 01382 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01383 ssl->specs.pad_size = PAD_SHA; 01384 ssl->specs.static_ecdh = 0; 01385 ssl->specs.key_size = AES_128_KEY_SIZE; 01386 ssl->specs.block_size = AES_BLOCK_SIZE; 01387 ssl->specs.iv_size = AES_IV_SIZE; 01388 01389 ssl->options.usingPSK_cipher = 1; 01390 break; 01391 #endif 01392 01393 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01394 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : 01395 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01396 ssl->specs.cipher_type = block; 01397 ssl->specs.mac_algorithm = sha384_mac; 01398 ssl->specs.kea = dhe_psk_kea; 01399 ssl->specs.sig_algo = anonymous_sa_algo; 01400 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01401 ssl->specs.pad_size = PAD_SHA; 01402 ssl->specs.static_ecdh = 0; 01403 ssl->specs.key_size = AES_256_KEY_SIZE; 01404 ssl->specs.block_size = AES_BLOCK_SIZE; 01405 ssl->specs.iv_size = AES_IV_SIZE; 01406 01407 ssl->options.usingPSK_cipher = 1; 01408 break; 01409 #endif 01410 01411 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 01412 case TLS_PSK_WITH_AES_128_CBC_SHA : 01413 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01414 ssl->specs.cipher_type = block; 01415 ssl->specs.mac_algorithm = sha_mac; 01416 ssl->specs.kea = psk_kea; 01417 ssl->specs.sig_algo = anonymous_sa_algo; 01418 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01419 ssl->specs.pad_size = PAD_SHA; 01420 ssl->specs.static_ecdh = 0; 01421 ssl->specs.key_size = AES_128_KEY_SIZE; 01422 ssl->specs.block_size = AES_BLOCK_SIZE; 01423 ssl->specs.iv_size = AES_IV_SIZE; 01424 01425 ssl->options.usingPSK_cipher = 1; 01426 break; 01427 #endif 01428 01429 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 01430 case TLS_PSK_WITH_AES_256_CBC_SHA : 01431 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01432 ssl->specs.cipher_type = block; 01433 ssl->specs.mac_algorithm = sha_mac; 01434 ssl->specs.kea = psk_kea; 01435 ssl->specs.sig_algo = anonymous_sa_algo; 01436 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01437 ssl->specs.pad_size = PAD_SHA; 01438 ssl->specs.static_ecdh = 0; 01439 ssl->specs.key_size = AES_256_KEY_SIZE; 01440 ssl->specs.block_size = AES_BLOCK_SIZE; 01441 ssl->specs.iv_size = AES_IV_SIZE; 01442 01443 ssl->options.usingPSK_cipher = 1; 01444 break; 01445 #endif 01446 01447 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 01448 case TLS_PSK_WITH_NULL_SHA256 : 01449 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01450 ssl->specs.cipher_type = stream; 01451 ssl->specs.mac_algorithm = sha256_mac; 01452 ssl->specs.kea = psk_kea; 01453 ssl->specs.sig_algo = anonymous_sa_algo; 01454 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01455 ssl->specs.pad_size = PAD_SHA; 01456 ssl->specs.static_ecdh = 0; 01457 ssl->specs.key_size = 0; 01458 ssl->specs.block_size = 0; 01459 ssl->specs.iv_size = 0; 01460 01461 ssl->options.usingPSK_cipher = 1; 01462 break; 01463 #endif 01464 01465 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 01466 case TLS_PSK_WITH_NULL_SHA384 : 01467 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01468 ssl->specs.cipher_type = stream; 01469 ssl->specs.mac_algorithm = sha384_mac; 01470 ssl->specs.kea = psk_kea; 01471 ssl->specs.sig_algo = anonymous_sa_algo; 01472 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01473 ssl->specs.pad_size = PAD_SHA; 01474 ssl->specs.static_ecdh = 0; 01475 ssl->specs.key_size = 0; 01476 ssl->specs.block_size = 0; 01477 ssl->specs.iv_size = 0; 01478 01479 ssl->options.usingPSK_cipher = 1; 01480 break; 01481 #endif 01482 01483 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA 01484 case TLS_PSK_WITH_NULL_SHA : 01485 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01486 ssl->specs.cipher_type = stream; 01487 ssl->specs.mac_algorithm = sha_mac; 01488 ssl->specs.kea = psk_kea; 01489 ssl->specs.sig_algo = anonymous_sa_algo; 01490 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01491 ssl->specs.pad_size = PAD_SHA; 01492 ssl->specs.static_ecdh = 0; 01493 ssl->specs.key_size = 0; 01494 ssl->specs.block_size = 0; 01495 ssl->specs.iv_size = 0; 01496 01497 ssl->options.usingPSK_cipher = 1; 01498 break; 01499 #endif 01500 01501 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 01502 case TLS_DHE_PSK_WITH_NULL_SHA256 : 01503 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01504 ssl->specs.cipher_type = stream; 01505 ssl->specs.mac_algorithm = sha256_mac; 01506 ssl->specs.kea = dhe_psk_kea; 01507 ssl->specs.sig_algo = anonymous_sa_algo; 01508 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01509 ssl->specs.pad_size = PAD_SHA; 01510 ssl->specs.static_ecdh = 0; 01511 ssl->specs.key_size = 0; 01512 ssl->specs.block_size = 0; 01513 ssl->specs.iv_size = 0; 01514 01515 ssl->options.usingPSK_cipher = 1; 01516 break; 01517 #endif 01518 01519 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 01520 case TLS_DHE_PSK_WITH_NULL_SHA384 : 01521 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01522 ssl->specs.cipher_type = stream; 01523 ssl->specs.mac_algorithm = sha384_mac; 01524 ssl->specs.kea = dhe_psk_kea; 01525 ssl->specs.sig_algo = anonymous_sa_algo; 01526 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01527 ssl->specs.pad_size = PAD_SHA; 01528 ssl->specs.static_ecdh = 0; 01529 ssl->specs.key_size = 0; 01530 ssl->specs.block_size = 0; 01531 ssl->specs.iv_size = 0; 01532 01533 ssl->options.usingPSK_cipher = 1; 01534 break; 01535 #endif 01536 01537 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01538 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : 01539 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01540 ssl->specs.cipher_type = block; 01541 ssl->specs.mac_algorithm = sha256_mac; 01542 ssl->specs.kea = diffie_hellman_kea; 01543 ssl->specs.sig_algo = rsa_sa_algo; 01544 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01545 ssl->specs.pad_size = PAD_SHA; 01546 ssl->specs.static_ecdh = 0; 01547 ssl->specs.key_size = AES_128_KEY_SIZE; 01548 ssl->specs.block_size = AES_BLOCK_SIZE; 01549 ssl->specs.iv_size = AES_IV_SIZE; 01550 01551 break; 01552 #endif 01553 01554 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01555 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : 01556 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01557 ssl->specs.cipher_type = block; 01558 ssl->specs.mac_algorithm = sha256_mac; 01559 ssl->specs.kea = diffie_hellman_kea; 01560 ssl->specs.sig_algo = rsa_sa_algo; 01561 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01562 ssl->specs.pad_size = PAD_SHA; 01563 ssl->specs.static_ecdh = 0; 01564 ssl->specs.key_size = AES_256_KEY_SIZE; 01565 ssl->specs.block_size = AES_BLOCK_SIZE; 01566 ssl->specs.iv_size = AES_IV_SIZE; 01567 01568 break; 01569 #endif 01570 01571 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01572 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : 01573 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01574 ssl->specs.cipher_type = block; 01575 ssl->specs.mac_algorithm = sha_mac; 01576 ssl->specs.kea = diffie_hellman_kea; 01577 ssl->specs.sig_algo = rsa_sa_algo; 01578 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01579 ssl->specs.pad_size = PAD_SHA; 01580 ssl->specs.static_ecdh = 0; 01581 ssl->specs.key_size = AES_128_KEY_SIZE; 01582 ssl->specs.block_size = AES_BLOCK_SIZE; 01583 ssl->specs.iv_size = AES_IV_SIZE; 01584 01585 break; 01586 #endif 01587 01588 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01589 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : 01590 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01591 ssl->specs.cipher_type = block; 01592 ssl->specs.mac_algorithm = sha_mac; 01593 ssl->specs.kea = diffie_hellman_kea; 01594 ssl->specs.sig_algo = rsa_sa_algo; 01595 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01596 ssl->specs.pad_size = PAD_SHA; 01597 ssl->specs.static_ecdh = 0; 01598 ssl->specs.key_size = AES_256_KEY_SIZE; 01599 ssl->specs.block_size = AES_BLOCK_SIZE; 01600 ssl->specs.iv_size = AES_IV_SIZE; 01601 01602 break; 01603 #endif 01604 01605 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 01606 case TLS_RSA_WITH_HC_128_MD5 : 01607 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; 01608 ssl->specs.cipher_type = stream; 01609 ssl->specs.mac_algorithm = md5_mac; 01610 ssl->specs.kea = rsa_kea; 01611 ssl->specs.sig_algo = rsa_sa_algo; 01612 ssl->specs.hash_size = MD5_DIGEST_SIZE; 01613 ssl->specs.pad_size = PAD_MD5; 01614 ssl->specs.static_ecdh = 0; 01615 ssl->specs.key_size = HC_128_KEY_SIZE; 01616 ssl->specs.block_size = 0; 01617 ssl->specs.iv_size = HC_128_IV_SIZE; 01618 01619 break; 01620 #endif 01621 01622 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA 01623 case TLS_RSA_WITH_HC_128_SHA : 01624 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; 01625 ssl->specs.cipher_type = stream; 01626 ssl->specs.mac_algorithm = sha_mac; 01627 ssl->specs.kea = rsa_kea; 01628 ssl->specs.sig_algo = rsa_sa_algo; 01629 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01630 ssl->specs.pad_size = PAD_SHA; 01631 ssl->specs.static_ecdh = 0; 01632 ssl->specs.key_size = HC_128_KEY_SIZE; 01633 ssl->specs.block_size = 0; 01634 ssl->specs.iv_size = HC_128_IV_SIZE; 01635 01636 break; 01637 #endif 01638 01639 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 01640 case TLS_RSA_WITH_HC_128_B2B256: 01641 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; 01642 ssl->specs.cipher_type = stream; 01643 ssl->specs.mac_algorithm = blake2b_mac; 01644 ssl->specs.kea = rsa_kea; 01645 ssl->specs.sig_algo = rsa_sa_algo; 01646 ssl->specs.hash_size = BLAKE2B_256; 01647 ssl->specs.pad_size = PAD_SHA; 01648 ssl->specs.static_ecdh = 0; 01649 ssl->specs.key_size = HC_128_KEY_SIZE; 01650 ssl->specs.block_size = 0; 01651 ssl->specs.iv_size = HC_128_IV_SIZE; 01652 01653 break; 01654 #endif 01655 01656 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 01657 case TLS_RSA_WITH_AES_128_CBC_B2B256: 01658 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01659 ssl->specs.cipher_type = block; 01660 ssl->specs.mac_algorithm = blake2b_mac; 01661 ssl->specs.kea = rsa_kea; 01662 ssl->specs.sig_algo = rsa_sa_algo; 01663 ssl->specs.hash_size = BLAKE2B_256; 01664 ssl->specs.pad_size = PAD_SHA; 01665 ssl->specs.static_ecdh = 0; 01666 ssl->specs.key_size = AES_128_KEY_SIZE; 01667 ssl->specs.iv_size = AES_IV_SIZE; 01668 ssl->specs.block_size = AES_BLOCK_SIZE; 01669 01670 break; 01671 #endif 01672 01673 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 01674 case TLS_RSA_WITH_AES_256_CBC_B2B256: 01675 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01676 ssl->specs.cipher_type = block; 01677 ssl->specs.mac_algorithm = blake2b_mac; 01678 ssl->specs.kea = rsa_kea; 01679 ssl->specs.sig_algo = rsa_sa_algo; 01680 ssl->specs.hash_size = BLAKE2B_256; 01681 ssl->specs.pad_size = PAD_SHA; 01682 ssl->specs.static_ecdh = 0; 01683 ssl->specs.key_size = AES_256_KEY_SIZE; 01684 ssl->specs.iv_size = AES_IV_SIZE; 01685 ssl->specs.block_size = AES_BLOCK_SIZE; 01686 01687 break; 01688 #endif 01689 01690 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA 01691 case TLS_RSA_WITH_RABBIT_SHA : 01692 ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit; 01693 ssl->specs.cipher_type = stream; 01694 ssl->specs.mac_algorithm = sha_mac; 01695 ssl->specs.kea = rsa_kea; 01696 ssl->specs.sig_algo = rsa_sa_algo; 01697 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01698 ssl->specs.pad_size = PAD_SHA; 01699 ssl->specs.static_ecdh = 0; 01700 ssl->specs.key_size = RABBIT_KEY_SIZE; 01701 ssl->specs.block_size = 0; 01702 ssl->specs.iv_size = RABBIT_IV_SIZE; 01703 01704 break; 01705 #endif 01706 01707 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 01708 case TLS_RSA_WITH_AES_128_GCM_SHA256 : 01709 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01710 ssl->specs.cipher_type = aead; 01711 ssl->specs.mac_algorithm = sha256_mac; 01712 ssl->specs.kea = rsa_kea; 01713 ssl->specs.sig_algo = rsa_sa_algo; 01714 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01715 ssl->specs.pad_size = PAD_SHA; 01716 ssl->specs.static_ecdh = 0; 01717 ssl->specs.key_size = AES_128_KEY_SIZE; 01718 ssl->specs.block_size = AES_BLOCK_SIZE; 01719 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01720 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01721 01722 break; 01723 #endif 01724 01725 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 01726 case TLS_RSA_WITH_AES_256_GCM_SHA384 : 01727 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01728 ssl->specs.cipher_type = aead; 01729 ssl->specs.mac_algorithm = sha384_mac; 01730 ssl->specs.kea = rsa_kea; 01731 ssl->specs.sig_algo = rsa_sa_algo; 01732 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01733 ssl->specs.pad_size = PAD_SHA; 01734 ssl->specs.static_ecdh = 0; 01735 ssl->specs.key_size = AES_256_KEY_SIZE; 01736 ssl->specs.block_size = AES_BLOCK_SIZE; 01737 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01738 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01739 01740 break; 01741 #endif 01742 01743 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01744 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : 01745 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01746 ssl->specs.cipher_type = aead; 01747 ssl->specs.mac_algorithm = sha256_mac; 01748 ssl->specs.kea = diffie_hellman_kea; 01749 ssl->specs.sig_algo = rsa_sa_algo; 01750 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01751 ssl->specs.pad_size = PAD_SHA; 01752 ssl->specs.static_ecdh = 0; 01753 ssl->specs.key_size = AES_128_KEY_SIZE; 01754 ssl->specs.block_size = AES_BLOCK_SIZE; 01755 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01756 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01757 01758 break; 01759 #endif 01760 01761 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01762 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : 01763 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01764 ssl->specs.cipher_type = aead; 01765 ssl->specs.mac_algorithm = sha384_mac; 01766 ssl->specs.kea = diffie_hellman_kea; 01767 ssl->specs.sig_algo = rsa_sa_algo; 01768 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01769 ssl->specs.pad_size = PAD_SHA; 01770 ssl->specs.static_ecdh = 0; 01771 ssl->specs.key_size = AES_256_KEY_SIZE; 01772 ssl->specs.block_size = AES_BLOCK_SIZE; 01773 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01774 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01775 01776 break; 01777 #endif 01778 01779 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01780 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : 01781 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01782 ssl->specs.cipher_type = block; 01783 ssl->specs.mac_algorithm = sha_mac; 01784 ssl->specs.kea = rsa_kea; 01785 ssl->specs.sig_algo = rsa_sa_algo; 01786 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01787 ssl->specs.pad_size = PAD_SHA; 01788 ssl->specs.static_ecdh = 0; 01789 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01790 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01791 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01792 01793 break; 01794 #endif 01795 01796 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01797 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : 01798 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01799 ssl->specs.cipher_type = block; 01800 ssl->specs.mac_algorithm = sha_mac; 01801 ssl->specs.kea = rsa_kea; 01802 ssl->specs.sig_algo = rsa_sa_algo; 01803 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01804 ssl->specs.pad_size = PAD_SHA; 01805 ssl->specs.static_ecdh = 0; 01806 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 01807 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01808 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01809 01810 break; 01811 #endif 01812 01813 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01814 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : 01815 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01816 ssl->specs.cipher_type = block; 01817 ssl->specs.mac_algorithm = sha256_mac; 01818 ssl->specs.kea = rsa_kea; 01819 ssl->specs.sig_algo = rsa_sa_algo; 01820 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01821 ssl->specs.pad_size = PAD_SHA; 01822 ssl->specs.static_ecdh = 0; 01823 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01824 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01825 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01826 01827 break; 01828 #endif 01829 01830 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01831 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : 01832 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01833 ssl->specs.cipher_type = block; 01834 ssl->specs.mac_algorithm = sha256_mac; 01835 ssl->specs.kea = rsa_kea; 01836 ssl->specs.sig_algo = rsa_sa_algo; 01837 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01838 ssl->specs.pad_size = PAD_SHA; 01839 ssl->specs.static_ecdh = 0; 01840 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 01841 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01842 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01843 01844 break; 01845 #endif 01846 01847 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01848 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : 01849 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01850 ssl->specs.cipher_type = block; 01851 ssl->specs.mac_algorithm = sha_mac; 01852 ssl->specs.kea = diffie_hellman_kea; 01853 ssl->specs.sig_algo = rsa_sa_algo; 01854 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01855 ssl->specs.pad_size = PAD_SHA; 01856 ssl->specs.static_ecdh = 0; 01857 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01858 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01859 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01860 01861 break; 01862 #endif 01863 01864 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01865 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : 01866 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01867 ssl->specs.cipher_type = block; 01868 ssl->specs.mac_algorithm = sha_mac; 01869 ssl->specs.kea = diffie_hellman_kea; 01870 ssl->specs.sig_algo = rsa_sa_algo; 01871 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01872 ssl->specs.pad_size = PAD_SHA; 01873 ssl->specs.static_ecdh = 0; 01874 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 01875 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01876 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01877 01878 break; 01879 #endif 01880 01881 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01882 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : 01883 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01884 ssl->specs.cipher_type = block; 01885 ssl->specs.mac_algorithm = sha256_mac; 01886 ssl->specs.kea = diffie_hellman_kea; 01887 ssl->specs.sig_algo = rsa_sa_algo; 01888 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01889 ssl->specs.pad_size = PAD_SHA; 01890 ssl->specs.static_ecdh = 0; 01891 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01892 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01893 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01894 01895 break; 01896 #endif 01897 01898 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01899 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : 01900 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01901 ssl->specs.cipher_type = block; 01902 ssl->specs.mac_algorithm = sha256_mac; 01903 ssl->specs.kea = diffie_hellman_kea; 01904 ssl->specs.sig_algo = rsa_sa_algo; 01905 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01906 ssl->specs.pad_size = PAD_SHA; 01907 ssl->specs.static_ecdh = 0; 01908 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 01909 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01910 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01911 01912 break; 01913 #endif 01914 01915 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA 01916 case TLS_DH_anon_WITH_AES_128_CBC_SHA : 01917 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01918 ssl->specs.cipher_type = block; 01919 ssl->specs.mac_algorithm = sha_mac; 01920 ssl->specs.kea = diffie_hellman_kea; 01921 ssl->specs.sig_algo = anonymous_sa_algo; 01922 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01923 ssl->specs.pad_size = PAD_SHA; 01924 ssl->specs.static_ecdh = 0; 01925 ssl->specs.key_size = AES_128_KEY_SIZE; 01926 ssl->specs.block_size = AES_BLOCK_SIZE; 01927 ssl->specs.iv_size = AES_IV_SIZE; 01928 01929 ssl->options.usingAnon_cipher = 1; 01930 break; 01931 #endif 01932 01933 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA 01934 case SSL_RSA_WITH_IDEA_CBC_SHA : 01935 ssl->specs.bulk_cipher_algorithm = wolfssl_idea; 01936 ssl->specs.cipher_type = block; 01937 ssl->specs.mac_algorithm = sha_mac; 01938 ssl->specs.kea = rsa_kea; 01939 ssl->specs.sig_algo = rsa_sa_algo; 01940 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01941 ssl->specs.pad_size = PAD_SHA; 01942 ssl->specs.static_ecdh = 0; 01943 ssl->specs.key_size = IDEA_KEY_SIZE; 01944 ssl->specs.block_size = IDEA_BLOCK_SIZE; 01945 ssl->specs.iv_size = IDEA_IV_SIZE; 01946 01947 break; 01948 #endif 01949 01950 default: 01951 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs"); 01952 return UNSUPPORTED_SUITE; 01953 } /* switch */ 01954 } /* if ECC / Normal suites else */ 01955 01956 /* set TLS if it hasn't been turned off */ 01957 if (ssl->version.major == 3 && ssl->version.minor >= 1) { 01958 #ifndef NO_TLS 01959 ssl->options.tls = 1; 01960 ssl->hmac = TLS_hmac; 01961 if (ssl->version.minor >= 2) 01962 ssl->options.tls1_1 = 1; 01963 #endif 01964 } 01965 01966 #ifdef WOLFSSL_DTLS 01967 if (ssl->options.dtls) 01968 ssl->hmac = TLS_hmac; 01969 #endif 01970 01971 return 0; 01972 } 01973 01974 01975 enum KeyStuff { 01976 MASTER_ROUNDS = 3, 01977 PREFIX = 3, /* up to three letters for master prefix */ 01978 KEY_PREFIX = 9 /* up to 9 prefix letters for key rounds */ 01979 01980 01981 }; 01982 01983 #ifndef NO_OLD_TLS 01984 /* true or false, zero for error */ 01985 static int SetPrefix(byte* sha_input, int idx) 01986 { 01987 switch (idx) { 01988 case 0: 01989 XMEMCPY(sha_input, "A", 1); 01990 break; 01991 case 1: 01992 XMEMCPY(sha_input, "BB", 2); 01993 break; 01994 case 2: 01995 XMEMCPY(sha_input, "CCC", 3); 01996 break; 01997 case 3: 01998 XMEMCPY(sha_input, "DDDD", 4); 01999 break; 02000 case 4: 02001 XMEMCPY(sha_input, "EEEEE", 5); 02002 break; 02003 case 5: 02004 XMEMCPY(sha_input, "FFFFFF", 6); 02005 break; 02006 case 6: 02007 XMEMCPY(sha_input, "GGGGGGG", 7); 02008 break; 02009 case 7: 02010 XMEMCPY(sha_input, "HHHHHHHH", 8); 02011 break; 02012 case 8: 02013 XMEMCPY(sha_input, "IIIIIIIII", 9); 02014 break; 02015 default: 02016 WOLFSSL_MSG("Set Prefix error, bad input"); 02017 return 0; 02018 } 02019 return 1; 02020 } 02021 #endif 02022 02023 02024 static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, 02025 int side, void* heap, int devId) 02026 { 02027 #ifdef BUILD_ARC4 02028 word32 sz = specs->key_size; 02029 if (specs->bulk_cipher_algorithm == wolfssl_rc4) { 02030 if (enc && enc->arc4 == NULL) 02031 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); 02032 if (enc && enc->arc4 == NULL) 02033 return MEMORY_E; 02034 if (dec && dec->arc4 == NULL) 02035 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); 02036 if (dec && dec->arc4 == NULL) 02037 return MEMORY_E; 02038 #ifdef HAVE_CAVIUM 02039 if (devId != NO_CAVIUM_DEVICE) { 02040 if (enc) { 02041 if (wc_Arc4InitCavium(enc->arc4, devId) != 0) { 02042 WOLFSSL_MSG("Arc4InitCavium failed in SetKeys"); 02043 return CAVIUM_INIT_E; 02044 } 02045 } 02046 if (dec) { 02047 if (wc_Arc4InitCavium(dec->arc4, devId) != 0) { 02048 WOLFSSL_MSG("Arc4InitCavium failed in SetKeys"); 02049 return CAVIUM_INIT_E; 02050 } 02051 } 02052 } 02053 #endif 02054 if (side == WOLFSSL_CLIENT_END) { 02055 if (enc) 02056 wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz); 02057 if (dec) 02058 wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz); 02059 } 02060 else { 02061 if (enc) 02062 wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz); 02063 if (dec) 02064 wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz); 02065 } 02066 if (enc) 02067 enc->setup = 1; 02068 if (dec) 02069 dec->setup = 1; 02070 } 02071 #endif 02072 02073 02074 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) 02075 /* Check that the max implicit iv size is suffecient */ 02076 #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */ 02077 #error AEAD_MAX_IMP_SZ is too small for ChaCha20 02078 #endif 02079 #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */ 02080 #error MAX_WRITE_IV_SZ is too small for ChaCha20 02081 #endif 02082 02083 if (specs->bulk_cipher_algorithm == wolfssl_chacha) { 02084 int chachaRet; 02085 if (enc && enc->chacha == NULL) 02086 enc->chacha = 02087 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER); 02088 if (enc && enc->chacha == NULL) 02089 return MEMORY_E; 02090 if (dec && dec->chacha == NULL) 02091 dec->chacha = 02092 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER); 02093 if (dec && dec->chacha == NULL) 02094 return MEMORY_E; 02095 if (side == WOLFSSL_CLIENT_END) { 02096 if (enc) { 02097 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key, 02098 specs->key_size); 02099 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, 02100 CHACHA20_IMP_IV_SZ); 02101 if (chachaRet != 0) return chachaRet; 02102 } 02103 if (dec) { 02104 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key, 02105 specs->key_size); 02106 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, 02107 CHACHA20_IMP_IV_SZ); 02108 if (chachaRet != 0) return chachaRet; 02109 } 02110 } 02111 else { 02112 if (enc) { 02113 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key, 02114 specs->key_size); 02115 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, 02116 CHACHA20_IMP_IV_SZ); 02117 if (chachaRet != 0) return chachaRet; 02118 } 02119 if (dec) { 02120 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key, 02121 specs->key_size); 02122 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, 02123 CHACHA20_IMP_IV_SZ); 02124 if (chachaRet != 0) return chachaRet; 02125 } 02126 } 02127 02128 if (enc) 02129 enc->setup = 1; 02130 if (dec) 02131 dec->setup = 1; 02132 } 02133 #endif 02134 02135 #ifdef HAVE_HC128 02136 /* check that buffer sizes are sufficient */ 02137 #if (MAX_WRITE_IV_SZ < 16) /* HC_128_IV_SIZE */ 02138 #error MAX_WRITE_IV_SZ too small for HC128 02139 #endif 02140 02141 if (specs->bulk_cipher_algorithm == wolfssl_hc128) { 02142 int hcRet; 02143 if (enc && enc->hc128 == NULL) 02144 enc->hc128 = 02145 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER); 02146 if (enc && enc->hc128 == NULL) 02147 return MEMORY_E; 02148 if (dec && dec->hc128 == NULL) 02149 dec->hc128 = 02150 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER); 02151 if (dec && dec->hc128 == NULL) 02152 return MEMORY_E; 02153 if (side == WOLFSSL_CLIENT_END) { 02154 if (enc) { 02155 hcRet = wc_Hc128_SetKey(enc->hc128, keys->client_write_key, 02156 keys->client_write_IV); 02157 if (hcRet != 0) return hcRet; 02158 } 02159 if (dec) { 02160 hcRet = wc_Hc128_SetKey(dec->hc128, keys->server_write_key, 02161 keys->server_write_IV); 02162 if (hcRet != 0) return hcRet; 02163 } 02164 } 02165 else { 02166 if (enc) { 02167 hcRet = wc_Hc128_SetKey(enc->hc128, keys->server_write_key, 02168 keys->server_write_IV); 02169 if (hcRet != 0) return hcRet; 02170 } 02171 if (dec) { 02172 hcRet = wc_Hc128_SetKey(dec->hc128, keys->client_write_key, 02173 keys->client_write_IV); 02174 if (hcRet != 0) return hcRet; 02175 } 02176 } 02177 if (enc) 02178 enc->setup = 1; 02179 if (dec) 02180 dec->setup = 1; 02181 } 02182 #endif 02183 02184 #ifdef BUILD_RABBIT 02185 /* check that buffer sizes are sufficient */ 02186 #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */ 02187 #error MAX_WRITE_IV_SZ too small for RABBIT 02188 #endif 02189 02190 if (specs->bulk_cipher_algorithm == wolfssl_rabbit) { 02191 int rabRet; 02192 if (enc && enc->rabbit == NULL) 02193 enc->rabbit = 02194 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER); 02195 if (enc && enc->rabbit == NULL) 02196 return MEMORY_E; 02197 if (dec && dec->rabbit == NULL) 02198 dec->rabbit = 02199 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER); 02200 if (dec && dec->rabbit == NULL) 02201 return MEMORY_E; 02202 if (side == WOLFSSL_CLIENT_END) { 02203 if (enc) { 02204 rabRet = wc_RabbitSetKey(enc->rabbit, keys->client_write_key, 02205 keys->client_write_IV); 02206 if (rabRet != 0) return rabRet; 02207 } 02208 if (dec) { 02209 rabRet = wc_RabbitSetKey(dec->rabbit, keys->server_write_key, 02210 keys->server_write_IV); 02211 if (rabRet != 0) return rabRet; 02212 } 02213 } 02214 else { 02215 if (enc) { 02216 rabRet = wc_RabbitSetKey(enc->rabbit, keys->server_write_key, 02217 keys->server_write_IV); 02218 if (rabRet != 0) return rabRet; 02219 } 02220 if (dec) { 02221 rabRet = wc_RabbitSetKey(dec->rabbit, keys->client_write_key, 02222 keys->client_write_IV); 02223 if (rabRet != 0) return rabRet; 02224 } 02225 } 02226 if (enc) 02227 enc->setup = 1; 02228 if (dec) 02229 dec->setup = 1; 02230 } 02231 #endif 02232 02233 #ifdef BUILD_DES3 02234 /* check that buffer sizes are sufficient */ 02235 #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */ 02236 #error MAX_WRITE_IV_SZ too small for 3DES 02237 #endif 02238 02239 if (specs->bulk_cipher_algorithm == wolfssl_triple_des) { 02240 int desRet = 0; 02241 02242 if (enc && enc->des3 == NULL) 02243 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); 02244 if (enc && enc->des3 == NULL) 02245 return MEMORY_E; 02246 if (dec && dec->des3 == NULL) 02247 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); 02248 if (dec && dec->des3 == NULL) 02249 return MEMORY_E; 02250 #ifdef HAVE_CAVIUM 02251 if (devId != NO_CAVIUM_DEVICE) { 02252 if (enc) { 02253 if (wc_Des3_InitCavium(enc->des3, devId) != 0) { 02254 WOLFSSL_MSG("Des3_InitCavium failed in SetKeys"); 02255 return CAVIUM_INIT_E; 02256 } 02257 } 02258 if (dec) { 02259 if (wc_Des3_InitCavium(dec->des3, devId) != 0) { 02260 WOLFSSL_MSG("Des3_InitCavium failed in SetKeys"); 02261 return CAVIUM_INIT_E; 02262 } 02263 } 02264 } 02265 #endif 02266 if (side == WOLFSSL_CLIENT_END) { 02267 if (enc) { 02268 desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key, 02269 keys->client_write_IV, DES_ENCRYPTION); 02270 if (desRet != 0) return desRet; 02271 } 02272 if (dec) { 02273 desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key, 02274 keys->server_write_IV, DES_DECRYPTION); 02275 if (desRet != 0) return desRet; 02276 } 02277 } 02278 else { 02279 if (enc) { 02280 desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key, 02281 keys->server_write_IV, DES_ENCRYPTION); 02282 if (desRet != 0) return desRet; 02283 } 02284 if (dec) { 02285 desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key, 02286 keys->client_write_IV, DES_DECRYPTION); 02287 if (desRet != 0) return desRet; 02288 } 02289 } 02290 if (enc) 02291 enc->setup = 1; 02292 if (dec) 02293 dec->setup = 1; 02294 } 02295 #endif 02296 02297 #ifdef BUILD_AES 02298 /* check that buffer sizes are sufficient */ 02299 #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */ 02300 #error MAX_WRITE_IV_SZ too small for AES 02301 #endif 02302 02303 if (specs->bulk_cipher_algorithm == wolfssl_aes) { 02304 int aesRet = 0; 02305 02306 if (enc && enc->aes == NULL) 02307 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02308 if (enc && enc->aes == NULL) 02309 return MEMORY_E; 02310 if (dec && dec->aes == NULL) 02311 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02312 if (dec && dec->aes == NULL) 02313 return MEMORY_E; 02314 #ifdef HAVE_CAVIUM 02315 if (devId != NO_CAVIUM_DEVICE) { 02316 if (enc) { 02317 if (wc_AesInitCavium(enc->aes, devId) != 0) { 02318 WOLFSSL_MSG("AesInitCavium failed in SetKeys"); 02319 return CAVIUM_INIT_E; 02320 } 02321 } 02322 if (dec) { 02323 if (wc_AesInitCavium(dec->aes, devId) != 0) { 02324 WOLFSSL_MSG("AesInitCavium failed in SetKeys"); 02325 return CAVIUM_INIT_E; 02326 } 02327 } 02328 } 02329 #endif 02330 if (side == WOLFSSL_CLIENT_END) { 02331 if (enc) { 02332 aesRet = wc_AesSetKey(enc->aes, keys->client_write_key, 02333 specs->key_size, keys->client_write_IV, 02334 AES_ENCRYPTION); 02335 if (aesRet != 0) return aesRet; 02336 } 02337 if (dec) { 02338 aesRet = wc_AesSetKey(dec->aes, keys->server_write_key, 02339 specs->key_size, keys->server_write_IV, 02340 AES_DECRYPTION); 02341 if (aesRet != 0) return aesRet; 02342 } 02343 } 02344 else { 02345 if (enc) { 02346 aesRet = wc_AesSetKey(enc->aes, keys->server_write_key, 02347 specs->key_size, keys->server_write_IV, 02348 AES_ENCRYPTION); 02349 if (aesRet != 0) return aesRet; 02350 } 02351 if (dec) { 02352 aesRet = wc_AesSetKey(dec->aes, keys->client_write_key, 02353 specs->key_size, keys->client_write_IV, 02354 AES_DECRYPTION); 02355 if (aesRet != 0) return aesRet; 02356 } 02357 } 02358 if (enc) 02359 enc->setup = 1; 02360 if (dec) 02361 dec->setup = 1; 02362 } 02363 #endif 02364 02365 #ifdef BUILD_AESGCM 02366 /* check that buffer sizes are sufficient */ 02367 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02368 #error AEAD_MAX_IMP_SZ too small for AESGCM 02369 #endif 02370 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */ 02371 #error AEAD_MAX_EXP_SZ too small for AESGCM 02372 #endif 02373 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02374 #error MAX_WRITE_IV_SZ too small for AESGCM 02375 #endif 02376 02377 if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) { 02378 int gcmRet; 02379 02380 if (enc && enc->aes == NULL) 02381 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02382 if (enc && enc->aes == NULL) 02383 return MEMORY_E; 02384 if (dec && dec->aes == NULL) 02385 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02386 if (dec && dec->aes == NULL) 02387 return MEMORY_E; 02388 02389 if (side == WOLFSSL_CLIENT_END) { 02390 if (enc) { 02391 gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key, 02392 specs->key_size); 02393 if (gcmRet != 0) return gcmRet; 02394 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, 02395 AESGCM_IMP_IV_SZ); 02396 } 02397 if (dec) { 02398 gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key, 02399 specs->key_size); 02400 if (gcmRet != 0) return gcmRet; 02401 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, 02402 AESGCM_IMP_IV_SZ); 02403 } 02404 } 02405 else { 02406 if (enc) { 02407 gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key, 02408 specs->key_size); 02409 if (gcmRet != 0) return gcmRet; 02410 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, 02411 AESGCM_IMP_IV_SZ); 02412 } 02413 if (dec) { 02414 gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key, 02415 specs->key_size); 02416 if (gcmRet != 0) return gcmRet; 02417 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, 02418 AESGCM_IMP_IV_SZ); 02419 } 02420 } 02421 if (enc) 02422 enc->setup = 1; 02423 if (dec) 02424 dec->setup = 1; 02425 } 02426 #endif 02427 02428 #ifdef HAVE_AESCCM 02429 /* check that buffer sizes are sufficient (CCM is same size as GCM) */ 02430 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02431 #error AEAD_MAX_IMP_SZ too small for AESCCM 02432 #endif 02433 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */ 02434 #error AEAD_MAX_EXP_SZ too small for AESCCM 02435 #endif 02436 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02437 #error MAX_WRITE_IV_SZ too small for AESCCM 02438 #endif 02439 02440 if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) { 02441 if (enc && enc->aes == NULL) 02442 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02443 if (enc && enc->aes == NULL) 02444 return MEMORY_E; 02445 if (dec && dec->aes == NULL) 02446 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02447 if (dec && dec->aes == NULL) 02448 return MEMORY_E; 02449 02450 if (side == WOLFSSL_CLIENT_END) { 02451 if (enc) { 02452 wc_AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size); 02453 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, 02454 AESGCM_IMP_IV_SZ); 02455 } 02456 if (dec) { 02457 wc_AesCcmSetKey(dec->aes, keys->server_write_key, specs->key_size); 02458 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, 02459 AESGCM_IMP_IV_SZ); 02460 } 02461 } 02462 else { 02463 if (enc) { 02464 wc_AesCcmSetKey(enc->aes, keys->server_write_key, specs->key_size); 02465 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, 02466 AESGCM_IMP_IV_SZ); 02467 } 02468 if (dec) { 02469 wc_AesCcmSetKey(dec->aes, keys->client_write_key, specs->key_size); 02470 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, 02471 AESGCM_IMP_IV_SZ); 02472 } 02473 } 02474 if (enc) 02475 enc->setup = 1; 02476 if (dec) 02477 dec->setup = 1; 02478 } 02479 #endif 02480 02481 #ifdef HAVE_CAMELLIA 02482 /* check that buffer sizes are sufficient */ 02483 #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */ 02484 #error MAX_WRITE_IV_SZ too small for CAMELLIA 02485 #endif 02486 02487 if (specs->bulk_cipher_algorithm == wolfssl_camellia) { 02488 int camRet; 02489 02490 if (enc && enc->cam == NULL) 02491 enc->cam = 02492 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); 02493 if (enc && enc->cam == NULL) 02494 return MEMORY_E; 02495 02496 if (dec && dec->cam == NULL) 02497 dec->cam = 02498 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); 02499 if (dec && dec->cam == NULL) 02500 return MEMORY_E; 02501 02502 if (side == WOLFSSL_CLIENT_END) { 02503 if (enc) { 02504 camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key, 02505 specs->key_size, keys->client_write_IV); 02506 if (camRet != 0) return camRet; 02507 } 02508 if (dec) { 02509 camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key, 02510 specs->key_size, keys->server_write_IV); 02511 if (camRet != 0) return camRet; 02512 } 02513 } 02514 else { 02515 if (enc) { 02516 camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key, 02517 specs->key_size, keys->server_write_IV); 02518 if (camRet != 0) return camRet; 02519 } 02520 if (dec) { 02521 camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key, 02522 specs->key_size, keys->client_write_IV); 02523 if (camRet != 0) return camRet; 02524 } 02525 } 02526 if (enc) 02527 enc->setup = 1; 02528 if (dec) 02529 dec->setup = 1; 02530 } 02531 #endif 02532 02533 #ifdef HAVE_IDEA 02534 /* check that buffer sizes are sufficient */ 02535 #if (MAX_WRITE_IV_SZ < 8) /* IDEA_IV_SIZE */ 02536 #error MAX_WRITE_IV_SZ too small for IDEA 02537 #endif 02538 02539 if (specs->bulk_cipher_algorithm == wolfssl_idea) { 02540 int ideaRet; 02541 02542 if (enc && enc->idea == NULL) 02543 enc->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER); 02544 if (enc && enc->idea == NULL) 02545 return MEMORY_E; 02546 02547 if (dec && dec->idea == NULL) 02548 dec->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER); 02549 if (dec && dec->idea == NULL) 02550 return MEMORY_E; 02551 02552 if (side == WOLFSSL_CLIENT_END) { 02553 if (enc) { 02554 ideaRet = wc_IdeaSetKey(enc->idea, keys->client_write_key, 02555 specs->key_size, keys->client_write_IV, 02556 IDEA_ENCRYPTION); 02557 if (ideaRet != 0) return ideaRet; 02558 } 02559 if (dec) { 02560 ideaRet = wc_IdeaSetKey(dec->idea, keys->server_write_key, 02561 specs->key_size, keys->server_write_IV, 02562 IDEA_DECRYPTION); 02563 if (ideaRet != 0) return ideaRet; 02564 } 02565 } 02566 else { 02567 if (enc) { 02568 ideaRet = wc_IdeaSetKey(enc->idea, keys->server_write_key, 02569 specs->key_size, keys->server_write_IV, 02570 IDEA_ENCRYPTION); 02571 if (ideaRet != 0) return ideaRet; 02572 } 02573 if (dec) { 02574 ideaRet = wc_IdeaSetKey(dec->idea, keys->client_write_key, 02575 specs->key_size, keys->client_write_IV, 02576 IDEA_DECRYPTION); 02577 if (ideaRet != 0) return ideaRet; 02578 } 02579 } 02580 if (enc) 02581 enc->setup = 1; 02582 if (dec) 02583 dec->setup = 1; 02584 } 02585 #endif 02586 02587 #ifdef HAVE_NULL_CIPHER 02588 if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) { 02589 if (enc) 02590 enc->setup = 1; 02591 if (dec) 02592 dec->setup = 1; 02593 } 02594 #endif 02595 02596 if (enc) 02597 keys->sequence_number = 0; 02598 if (dec) 02599 keys->peer_sequence_number = 0; 02600 (void)side; 02601 (void)heap; 02602 (void)enc; 02603 (void)dec; 02604 (void)specs; 02605 (void)devId; 02606 02607 return 0; 02608 } 02609 02610 02611 #ifdef HAVE_ONE_TIME_AUTH 02612 /* set one time authentication keys */ 02613 static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys, 02614 CipherSpecs* specs, void* heap, int devId) 02615 { 02616 02617 #ifdef HAVE_POLY1305 02618 /* set up memory space for poly1305 */ 02619 if (authentication && authentication->poly1305 == NULL) 02620 authentication->poly1305 = 02621 (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER); 02622 if (authentication && authentication->poly1305 == NULL) 02623 return MEMORY_E; 02624 if (authentication) 02625 authentication->setup = 1; 02626 #endif 02627 (void)heap; 02628 (void)keys; 02629 (void)specs; 02630 (void)devId; 02631 02632 return 0; 02633 } 02634 #endif /* HAVE_ONE_TIME_AUTH */ 02635 02636 02637 /* Set wc_encrypt/wc_decrypt or both sides of key setup 02638 * note: use wc_encrypt to avoid shadowing global encrypt 02639 * declared in unistd.h 02640 */ 02641 int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) 02642 { 02643 int devId = NO_CAVIUM_DEVICE, ret, copy = 0; 02644 Ciphers* wc_encrypt = NULL; 02645 Ciphers* wc_decrypt = NULL; 02646 Keys* keys = &ssl->keys; 02647 02648 (void)copy; 02649 02650 #ifdef HAVE_CAVIUM 02651 devId = ssl->devId; 02652 #endif 02653 02654 #ifdef HAVE_SECURE_RENEGOTIATION 02655 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) { 02656 keys = &ssl->secure_renegotiation->tmp_keys; 02657 copy = 1; 02658 } 02659 #endif /* HAVE_SECURE_RENEGOTIATION */ 02660 02661 switch (side) { 02662 case ENCRYPT_SIDE_ONLY: 02663 wc_encrypt = &ssl->encrypt; 02664 break; 02665 02666 case DECRYPT_SIDE_ONLY: 02667 wc_decrypt = &ssl->decrypt; 02668 break; 02669 02670 case ENCRYPT_AND_DECRYPT_SIDE: 02671 wc_encrypt = &ssl->encrypt; 02672 wc_decrypt = &ssl->decrypt; 02673 break; 02674 02675 default: 02676 return BAD_FUNC_ARG; 02677 } 02678 02679 #ifdef HAVE_ONE_TIME_AUTH 02680 if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){ 02681 ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, devId); 02682 if (ret != 0) 02683 return ret; 02684 } 02685 #endif 02686 02687 ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side, 02688 ssl->heap, devId); 02689 02690 #ifdef HAVE_SECURE_RENEGOTIATION 02691 if (copy) { 02692 int clientCopy = 0; 02693 02694 if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt) 02695 clientCopy = 1; 02696 else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt) 02697 clientCopy = 1; 02698 02699 if (clientCopy) { 02700 XMEMCPY(ssl->keys.client_write_MAC_secret, 02701 keys->client_write_MAC_secret, MAX_DIGEST_SIZE); 02702 XMEMCPY(ssl->keys.client_write_key, 02703 keys->client_write_key, AES_256_KEY_SIZE); 02704 XMEMCPY(ssl->keys.client_write_IV, 02705 keys->client_write_IV, MAX_WRITE_IV_SZ); 02706 } else { 02707 XMEMCPY(ssl->keys.server_write_MAC_secret, 02708 keys->server_write_MAC_secret, MAX_DIGEST_SIZE); 02709 XMEMCPY(ssl->keys.server_write_key, 02710 keys->server_write_key, AES_256_KEY_SIZE); 02711 XMEMCPY(ssl->keys.server_write_IV, 02712 keys->server_write_IV, MAX_WRITE_IV_SZ); 02713 } 02714 if (wc_encrypt) { 02715 ssl->keys.sequence_number = keys->sequence_number; 02716 #ifdef HAVE_AEAD 02717 if (ssl->specs.cipher_type == aead) { 02718 /* Initialize the AES-GCM/CCM explicit IV to a zero. */ 02719 XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV, 02720 AEAD_MAX_EXP_SZ); 02721 02722 /* Initialize encrypt implicit IV by encrypt side */ 02723 if (ssl->options.side == WOLFSSL_CLIENT_END) { 02724 XMEMCPY(ssl->keys.aead_enc_imp_IV, 02725 keys->client_write_IV, AEAD_MAX_IMP_SZ); 02726 } else { 02727 XMEMCPY(ssl->keys.aead_enc_imp_IV, 02728 keys->server_write_IV, AEAD_MAX_IMP_SZ); 02729 } 02730 } 02731 #endif 02732 } 02733 if (wc_decrypt) { 02734 ssl->keys.peer_sequence_number = keys->peer_sequence_number; 02735 #ifdef HAVE_AEAD 02736 if (ssl->specs.cipher_type == aead) { 02737 /* Initialize decrypt implicit IV by decrypt side */ 02738 if (ssl->options.side == WOLFSSL_SERVER_END) { 02739 XMEMCPY(ssl->keys.aead_dec_imp_IV, 02740 keys->client_write_IV, AEAD_MAX_IMP_SZ); 02741 } else { 02742 XMEMCPY(ssl->keys.aead_dec_imp_IV, 02743 keys->server_write_IV, AEAD_MAX_IMP_SZ); 02744 } 02745 } 02746 #endif 02747 } 02748 ssl->secure_renegotiation->cache_status++; 02749 } 02750 #endif /* HAVE_SECURE_RENEGOTIATION */ 02751 02752 return ret; 02753 } 02754 02755 02756 /* TLS can call too */ 02757 int StoreKeys(WOLFSSL* ssl, const byte* keyData) 02758 { 02759 int sz, i = 0; 02760 Keys* keys = &ssl->keys; 02761 02762 #ifdef HAVE_SECURE_RENEGOTIATION 02763 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status == 02764 SCR_CACHE_NEEDED) { 02765 keys = &ssl->secure_renegotiation->tmp_keys; 02766 ssl->secure_renegotiation->cache_status++; 02767 } 02768 #endif /* HAVE_SECURE_RENEGOTIATION */ 02769 02770 if (ssl->specs.cipher_type != aead) { 02771 sz = ssl->specs.hash_size; 02772 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz); 02773 i += sz; 02774 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz); 02775 i += sz; 02776 } 02777 sz = ssl->specs.key_size; 02778 XMEMCPY(keys->client_write_key, &keyData[i], sz); 02779 i += sz; 02780 XMEMCPY(keys->server_write_key, &keyData[i], sz); 02781 i += sz; 02782 02783 sz = ssl->specs.iv_size; 02784 XMEMCPY(keys->client_write_IV, &keyData[i], sz); 02785 i += sz; 02786 XMEMCPY(keys->server_write_IV, &keyData[i], sz); 02787 02788 #ifdef HAVE_AEAD 02789 if (ssl->specs.cipher_type == aead) { 02790 /* Initialize the AES-GCM/CCM explicit IV to a zero. */ 02791 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ); 02792 } 02793 #endif 02794 02795 return 0; 02796 } 02797 02798 #ifndef NO_OLD_TLS 02799 int DeriveKeys(WOLFSSL* ssl) 02800 { 02801 int length = 2 * ssl->specs.hash_size + 02802 2 * ssl->specs.key_size + 02803 2 * ssl->specs.iv_size; 02804 int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i; 02805 int ret = 0; 02806 02807 #ifdef WOLFSSL_SMALL_STACK 02808 byte* shaOutput; 02809 byte* md5Input; 02810 byte* shaInput; 02811 byte* keyData; 02812 Md5* md5; 02813 Sha* sha; 02814 #else 02815 byte shaOutput[SHA_DIGEST_SIZE]; 02816 byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE]; 02817 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN]; 02818 byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE]; 02819 Md5 md5[1]; 02820 Sha sha[1]; 02821 #endif 02822 02823 #ifdef WOLFSSL_SMALL_STACK 02824 shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE, 02825 NULL, DYNAMIC_TYPE_TMP_BUFFER); 02826 md5Input = (byte*)XMALLOC(SECRET_LEN + SHA_DIGEST_SIZE, 02827 NULL, DYNAMIC_TYPE_TMP_BUFFER); 02828 shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN, 02829 NULL, DYNAMIC_TYPE_TMP_BUFFER); 02830 keyData = (byte*)XMALLOC(KEY_PREFIX * MD5_DIGEST_SIZE, 02831 NULL, DYNAMIC_TYPE_TMP_BUFFER); 02832 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); 02833 sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); 02834 02835 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || 02836 keyData == NULL || md5 == NULL || sha == NULL) { 02837 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02838 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02839 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02840 if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02841 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02842 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02843 02844 return MEMORY_E; 02845 } 02846 #endif 02847 02848 wc_InitMd5(md5); 02849 02850 ret = wc_InitSha(sha); 02851 02852 if (ret == 0) { 02853 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN); 02854 02855 for (i = 0; i < rounds; ++i) { 02856 int j = i + 1; 02857 int idx = j; 02858 02859 if (!SetPrefix(shaInput, i)) { 02860 ret = PREFIX_ERROR; 02861 break; 02862 } 02863 02864 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN); 02865 idx += SECRET_LEN; 02866 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); 02867 idx += RAN_LEN; 02868 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); 02869 02870 wc_ShaUpdate(sha, shaInput, (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) 02871 - KEY_PREFIX + j); 02872 wc_ShaFinal(sha, shaOutput); 02873 02874 XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE); 02875 wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE); 02876 wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE); 02877 } 02878 02879 if (ret == 0) 02880 ret = StoreKeys(ssl, keyData); 02881 } 02882 02883 #ifdef WOLFSSL_SMALL_STACK 02884 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02885 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02886 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02887 XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02888 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02889 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02890 #endif 02891 02892 return ret; 02893 } 02894 02895 02896 static int CleanPreMaster(WOLFSSL* ssl) 02897 { 02898 int i, ret, sz = ssl->arrays->preMasterSz; 02899 02900 for (i = 0; i < sz; i++) 02901 ssl->arrays->preMasterSecret[i] = 0; 02902 02903 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz); 02904 if (ret != 0) 02905 return ret; 02906 02907 for (i = 0; i < sz; i++) 02908 ssl->arrays->preMasterSecret[i] = 0; 02909 02910 return 0; 02911 } 02912 02913 02914 /* Create and store the master secret see page 32, 6.1 */ 02915 static int MakeSslMasterSecret(WOLFSSL* ssl) 02916 { 02917 int i, ret; 02918 word32 idx; 02919 word32 pmsSz = ssl->arrays->preMasterSz; 02920 02921 #ifdef WOLFSSL_SMALL_STACK 02922 byte* shaOutput; 02923 byte* md5Input; 02924 byte* shaInput; 02925 Md5* md5; 02926 Sha* sha; 02927 #else 02928 byte shaOutput[SHA_DIGEST_SIZE]; 02929 byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE]; 02930 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN]; 02931 Md5 md5[1]; 02932 Sha sha[1]; 02933 #endif 02934 02935 #ifdef SHOW_SECRETS 02936 { 02937 word32 j; 02938 printf("pre master secret: "); 02939 for (j = 0; j < pmsSz; j++) 02940 printf("%02x", ssl->arrays->preMasterSecret[j]); 02941 printf("\n"); 02942 } 02943 #endif 02944 02945 #ifdef WOLFSSL_SMALL_STACK 02946 shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE, 02947 NULL, DYNAMIC_TYPE_TMP_BUFFER); 02948 md5Input = (byte*)XMALLOC(ENCRYPT_LEN + SHA_DIGEST_SIZE, 02949 NULL, DYNAMIC_TYPE_TMP_BUFFER); 02950 shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN, 02951 NULL, DYNAMIC_TYPE_TMP_BUFFER); 02952 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); 02953 sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); 02954 02955 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || 02956 md5 == NULL || sha == NULL) { 02957 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02958 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02959 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02960 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02961 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 02962 02963 return MEMORY_E; 02964 } 02965 #endif 02966 02967 wc_InitMd5(md5); 02968 02969 ret = wc_InitSha(sha); 02970 02971 if (ret == 0) { 02972 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz); 02973 02974 for (i = 0; i < MASTER_ROUNDS; ++i) { 02975 byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */ 02976 if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */ 02977 ret = PREFIX_ERROR; 02978 break; 02979 } 02980 02981 idx = 0; 02982 XMEMCPY(shaInput, prefix, i + 1); 02983 idx += i + 1; 02984 02985 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz); 02986 idx += pmsSz; 02987 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); 02988 idx += RAN_LEN; 02989 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); 02990 idx += RAN_LEN; 02991 wc_ShaUpdate(sha, shaInput, idx); 02992 wc_ShaFinal(sha, shaOutput); 02993 02994 idx = pmsSz; /* preSz */ 02995 XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE); 02996 idx += SHA_DIGEST_SIZE; 02997 wc_Md5Update(md5, md5Input, idx); 02998 wc_Md5Final(md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]); 02999 } 03000 03001 #ifdef SHOW_SECRETS 03002 { 03003 word32 j; 03004 printf("master secret: "); 03005 for (j = 0; j < SECRET_LEN; j++) 03006 printf("%02x", ssl->arrays->masterSecret[j]); 03007 printf("\n"); 03008 } 03009 #endif 03010 03011 if (ret == 0) 03012 ret = DeriveKeys(ssl); 03013 } 03014 03015 #ifdef WOLFSSL_SMALL_STACK 03016 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03017 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03018 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03019 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03020 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03021 #endif 03022 03023 if (ret == 0) 03024 ret = CleanPreMaster(ssl); 03025 else 03026 CleanPreMaster(ssl); 03027 03028 return ret; 03029 } 03030 #endif 03031 03032 03033 /* Master wrapper, doesn't use SSL stack space in TLS mode */ 03034 int MakeMasterSecret(WOLFSSL* ssl) 03035 { 03036 /* append secret to premaster : premaster | SerSi | CliSi */ 03037 #ifdef HAVE_QSH 03038 word32 offset = 0; 03039 03040 if (ssl->peerQSHKeyPresent) { 03041 offset += ssl->arrays->preMasterSz; 03042 ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length + 03043 ssl->QSH_secret->SerSi->length; 03044 /* test and set flag if QSH has been used */ 03045 if (ssl->QSH_secret->CliSi->length > 0 || 03046 ssl->QSH_secret->SerSi->length > 0) 03047 ssl->isQSH = 1; 03048 03049 /* append secrets to the premaster */ 03050 if (ssl->QSH_secret->SerSi != NULL) { 03051 XMEMCPY(ssl->arrays->preMasterSecret + offset, 03052 ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length); 03053 } 03054 offset += ssl->QSH_secret->SerSi->length; 03055 if (ssl->QSH_secret->CliSi != NULL) { 03056 XMEMCPY(ssl->arrays->preMasterSecret + offset, 03057 ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length); 03058 } 03059 03060 /* show secret SerSi and CliSi */ 03061 #ifdef SHOW_SECRETS 03062 { 03063 word32 j; 03064 printf("QSH generated secret material\n"); 03065 printf("SerSi : "); 03066 for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) { 03067 printf("%02x", ssl->QSH_secret->SerSi->buffer[j]); 03068 } 03069 printf("\n"); 03070 printf("CliSi : "); 03071 for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) { 03072 printf("%02x", ssl->QSH_secret->CliSi->buffer[j]); 03073 } 03074 printf("\n"); 03075 } 03076 #endif 03077 } 03078 #endif 03079 03080 #ifdef NO_OLD_TLS 03081 return MakeTlsMasterSecret(ssl); 03082 #elif !defined(NO_TLS) 03083 if (ssl->options.tls) return MakeTlsMasterSecret(ssl); 03084 #endif 03085 03086 #ifndef NO_OLD_TLS 03087 return MakeSslMasterSecret(ssl); 03088 #endif 03089 } 03090 03091 #endif /* WOLFCRYPT_ONLY */ 03092 03093
Generated on Tue Jul 12 2022 15:55:20 by
1.7.2