Ashley Mills / Encrypted

cyassl re-port with cellular comms, PSK test

Dependencies:   VodafoneUSBModem_bleedingedge2 mbed-rtos mbed-src

cyassllib/keys.c@1:b211d97b0068, 2013-04-26 (annotated)

Committer:
ashleymills
Date:
Fri Apr 26 16:59:36 2013 +0000
Revision:
1:b211d97b0068
Parent:
0:e979170e02e7 
nothing

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ashleymills 0:e979170e02e7 1 /* keys.c
ashleymills 0:e979170e02e7 2 *
ashleymills 0:e979170e02e7 3 * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
ashleymills 0:e979170e02e7 4 *
ashleymills 0:e979170e02e7 5 * This file is part of CyaSSL.
ashleymills 0:e979170e02e7 6 *
ashleymills 0:e979170e02e7 7 * CyaSSL is free software; you can redistribute it and/or modify
ashleymills 0:e979170e02e7 8 * it under the terms of the GNU General Public License as published by
ashleymills 0:e979170e02e7 9 * the Free Software Foundation; either version 2 of the License, or
ashleymills 0:e979170e02e7 10 * (at your option) any later version.
ashleymills 0:e979170e02e7 11 *
ashleymills 0:e979170e02e7 12 * CyaSSL is distributed in the hope that it will be useful,
ashleymills 0:e979170e02e7 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
ashleymills 0:e979170e02e7 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
ashleymills 0:e979170e02e7 15 * GNU General Public License for more details.
ashleymills 0:e979170e02e7 16 *
ashleymills 0:e979170e02e7 17 * You should have received a copy of the GNU General Public License
ashleymills 0:e979170e02e7 18 * along with this program; if not, write to the Free Software
ashleymills 0:e979170e02e7 19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
ashleymills 0:e979170e02e7 20 */
ashleymills 0:e979170e02e7 21
ashleymills 0:e979170e02e7 22
ashleymills 0:e979170e02e7 23 #ifdef HAVE_CONFIG_H
ashleymills 0:e979170e02e7 24 #include <config.h>
ashleymills 0:e979170e02e7 25 #endif
ashleymills 0:e979170e02e7 26
ashleymills 0:e979170e02e7 27 #include <cyassl/internal.h>
ashleymills 0:e979170e02e7 28 #include <cyassl/error.h>
ashleymills 0:e979170e02e7 29 #ifdef SHOW_SECRETS
ashleymills 0:e979170e02e7 30 #ifdef FREESCALE_MQX
ashleymills 0:e979170e02e7 31 #include <fio.h>
ashleymills 0:e979170e02e7 32 #else
ashleymills 0:e979170e02e7 33 #include <stdio.h>
ashleymills 0:e979170e02e7 34 #endif
ashleymills 0:e979170e02e7 35 #endif
ashleymills 0:e979170e02e7 36
ashleymills 0:e979170e02e7 37
ashleymills 0:e979170e02e7 38 int SetCipherSpecs(CYASSL* ssl)
ashleymills 0:e979170e02e7 39 {
ashleymills 0:e979170e02e7 40 /* ECC extensions, or AES-CCM */
ashleymills 0:e979170e02e7 41 if (ssl->options.cipherSuite0 == ECC_BYTE) {
ashleymills 0:e979170e02e7 42
ashleymills 0:e979170e02e7 43 switch (ssl->options.cipherSuite) {
ashleymills 0:e979170e02e7 44
ashleymills 0:e979170e02e7 45 #ifdef HAVE_ECC
ashleymills 0:e979170e02e7 46
ashleymills 0:e979170e02e7 47 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 48 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:e979170e02e7 49 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 50 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 51 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 52 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 53 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 54 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 55 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 56 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 57 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 58 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 59 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 60
ashleymills 0:e979170e02e7 61 break;
ashleymills 0:e979170e02e7 62 #endif
ashleymills 0:e979170e02e7 63
ashleymills 0:e979170e02e7 64 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 65 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:e979170e02e7 66 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 67 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 68 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 69 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 70 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 71 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 72 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 73 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 74 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 75 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 76 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 77
ashleymills 0:e979170e02e7 78 break;
ashleymills 0:e979170e02e7 79 #endif
ashleymills 0:e979170e02e7 80
ashleymills 0:e979170e02e7 81 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 82 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:e979170e02e7 83 ssl->specs.bulk_cipher_algorithm = triple_des;
ashleymills 0:e979170e02e7 84 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 85 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 86 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 87 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 88 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 89 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 90 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 91 ssl->specs.key_size = DES3_KEY_SIZE;
ashleymills 0:e979170e02e7 92 ssl->specs.block_size = DES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 93 ssl->specs.iv_size = DES_IV_SIZE;
ashleymills 0:e979170e02e7 94
ashleymills 0:e979170e02e7 95 break;
ashleymills 0:e979170e02e7 96 #endif
ashleymills 0:e979170e02e7 97
ashleymills 0:e979170e02e7 98 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 99 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:e979170e02e7 100 ssl->specs.bulk_cipher_algorithm = triple_des;
ashleymills 0:e979170e02e7 101 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 102 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 103 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 104 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 105 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 106 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 107 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 108 ssl->specs.key_size = DES3_KEY_SIZE;
ashleymills 0:e979170e02e7 109 ssl->specs.block_size = DES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 110 ssl->specs.iv_size = DES_IV_SIZE;
ashleymills 0:e979170e02e7 111
ashleymills 0:e979170e02e7 112 break;
ashleymills 0:e979170e02e7 113 #endif
ashleymills 0:e979170e02e7 114
ashleymills 0:e979170e02e7 115 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 116 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
ashleymills 0:e979170e02e7 117 ssl->specs.bulk_cipher_algorithm = rc4;
ashleymills 0:e979170e02e7 118 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 119 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 120 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 121 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 122 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 123 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 124 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 125 ssl->specs.key_size = RC4_KEY_SIZE;
ashleymills 0:e979170e02e7 126 ssl->specs.iv_size = 0;
ashleymills 0:e979170e02e7 127 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 128
ashleymills 0:e979170e02e7 129 break;
ashleymills 0:e979170e02e7 130 #endif
ashleymills 0:e979170e02e7 131
ashleymills 0:e979170e02e7 132 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 133 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
ashleymills 0:e979170e02e7 134 ssl->specs.bulk_cipher_algorithm = rc4;
ashleymills 0:e979170e02e7 135 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 136 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 137 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 138 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 139 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 140 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 141 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 142 ssl->specs.key_size = RC4_KEY_SIZE;
ashleymills 0:e979170e02e7 143 ssl->specs.iv_size = 0;
ashleymills 0:e979170e02e7 144 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 145
ashleymills 0:e979170e02e7 146 break;
ashleymills 0:e979170e02e7 147 #endif
ashleymills 0:e979170e02e7 148
ashleymills 0:e979170e02e7 149 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 150 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:e979170e02e7 151 ssl->specs.bulk_cipher_algorithm = triple_des;
ashleymills 0:e979170e02e7 152 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 153 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 154 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 155 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 156 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 157 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 158 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 159 ssl->specs.key_size = DES3_KEY_SIZE;
ashleymills 0:e979170e02e7 160 ssl->specs.block_size = DES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 161 ssl->specs.iv_size = DES_IV_SIZE;
ashleymills 0:e979170e02e7 162
ashleymills 0:e979170e02e7 163 break;
ashleymills 0:e979170e02e7 164 #endif
ashleymills 0:e979170e02e7 165
ashleymills 0:e979170e02e7 166 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 167 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:e979170e02e7 168 ssl->specs.bulk_cipher_algorithm = triple_des;
ashleymills 0:e979170e02e7 169 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 170 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 171 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 172 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 173 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 174 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 175 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 176 ssl->specs.key_size = DES3_KEY_SIZE;
ashleymills 0:e979170e02e7 177 ssl->specs.block_size = DES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 178 ssl->specs.iv_size = DES_IV_SIZE;
ashleymills 0:e979170e02e7 179
ashleymills 0:e979170e02e7 180 break;
ashleymills 0:e979170e02e7 181 #endif
ashleymills 0:e979170e02e7 182
ashleymills 0:e979170e02e7 183 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 184 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
ashleymills 0:e979170e02e7 185 ssl->specs.bulk_cipher_algorithm = rc4;
ashleymills 0:e979170e02e7 186 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 187 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 188 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 189 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 190 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 191 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 192 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 193 ssl->specs.key_size = RC4_KEY_SIZE;
ashleymills 0:e979170e02e7 194 ssl->specs.iv_size = 0;
ashleymills 0:e979170e02e7 195 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 196
ashleymills 0:e979170e02e7 197 break;
ashleymills 0:e979170e02e7 198 #endif
ashleymills 0:e979170e02e7 199
ashleymills 0:e979170e02e7 200 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 201 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
ashleymills 0:e979170e02e7 202 ssl->specs.bulk_cipher_algorithm = rc4;
ashleymills 0:e979170e02e7 203 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 204 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 205 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 206 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 207 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 208 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 209 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 210 ssl->specs.key_size = RC4_KEY_SIZE;
ashleymills 0:e979170e02e7 211 ssl->specs.iv_size = 0;
ashleymills 0:e979170e02e7 212 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 213
ashleymills 0:e979170e02e7 214 break;
ashleymills 0:e979170e02e7 215 #endif
ashleymills 0:e979170e02e7 216
ashleymills 0:e979170e02e7 217 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 218 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:e979170e02e7 219 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 220 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 221 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 222 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 223 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 224 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 225 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 226 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 227 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 228 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 229 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 230
ashleymills 0:e979170e02e7 231 break;
ashleymills 0:e979170e02e7 232 #endif
ashleymills 0:e979170e02e7 233
ashleymills 0:e979170e02e7 234 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 235 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:e979170e02e7 236 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 237 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 238 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 239 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 240 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 241 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 242 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 243 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 244 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 245 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 246 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 247
ashleymills 0:e979170e02e7 248 break;
ashleymills 0:e979170e02e7 249 #endif
ashleymills 0:e979170e02e7 250
ashleymills 0:e979170e02e7 251 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 252 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
ashleymills 0:e979170e02e7 253 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 254 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 255 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 256 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 257 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 258 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 259 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 260 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 261 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 262 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 263 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 264
ashleymills 0:e979170e02e7 265 break;
ashleymills 0:e979170e02e7 266 #endif
ashleymills 0:e979170e02e7 267
ashleymills 0:e979170e02e7 268 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 269 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
ashleymills 0:e979170e02e7 270 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 271 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 272 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 273 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 274 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 275 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 276 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 277 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 278 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 279 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 280 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 281
ashleymills 0:e979170e02e7 282 break;
ashleymills 0:e979170e02e7 283 #endif
ashleymills 0:e979170e02e7 284
ashleymills 0:e979170e02e7 285 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 286 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
ashleymills 0:e979170e02e7 287 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 288 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 289 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 290 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 291 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 292 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 293 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 294 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 295 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 296 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 297 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 298
ashleymills 0:e979170e02e7 299 break;
ashleymills 0:e979170e02e7 300 #endif
ashleymills 0:e979170e02e7 301
ashleymills 0:e979170e02e7 302 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 303 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
ashleymills 0:e979170e02e7 304 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 305 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 306 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 307 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 308 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 309 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 310 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 311 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 312 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 313 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 314 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 315
ashleymills 0:e979170e02e7 316 break;
ashleymills 0:e979170e02e7 317 #endif
ashleymills 0:e979170e02e7 318
ashleymills 0:e979170e02e7 319 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 320 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:e979170e02e7 321 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 322 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 323 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 324 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 325 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 326 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 327 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 328 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 329 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 330 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 331 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 332
ashleymills 0:e979170e02e7 333 break;
ashleymills 0:e979170e02e7 334 #endif
ashleymills 0:e979170e02e7 335
ashleymills 0:e979170e02e7 336 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 337 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:e979170e02e7 338 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 339 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 340 ssl->specs.mac_algorithm = sha384_mac;
ashleymills 0:e979170e02e7 341 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 342 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 343 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ashleymills 0:e979170e02e7 344 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 345 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 346 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 347 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 348 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 349
ashleymills 0:e979170e02e7 350 break;
ashleymills 0:e979170e02e7 351 #endif
ashleymills 0:e979170e02e7 352
ashleymills 0:e979170e02e7 353 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 354 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:e979170e02e7 355 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 356 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 357 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 358 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 359 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 360 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 361 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 362 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 363 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 364 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 365 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 366
ashleymills 0:e979170e02e7 367 break;
ashleymills 0:e979170e02e7 368 #endif
ashleymills 0:e979170e02e7 369
ashleymills 0:e979170e02e7 370 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 371 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:e979170e02e7 372 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 373 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 374 ssl->specs.mac_algorithm = sha384_mac;
ashleymills 0:e979170e02e7 375 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 376 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 377 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ashleymills 0:e979170e02e7 378 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 379 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 380 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 381 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 382 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 383
ashleymills 0:e979170e02e7 384 break;
ashleymills 0:e979170e02e7 385 #endif
ashleymills 0:e979170e02e7 386
ashleymills 0:e979170e02e7 387 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 388 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:e979170e02e7 389 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 390 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 391 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 392 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 393 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 394 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 395 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 396 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 397 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 398 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 399 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 400
ashleymills 0:e979170e02e7 401 break;
ashleymills 0:e979170e02e7 402 #endif
ashleymills 0:e979170e02e7 403
ashleymills 0:e979170e02e7 404 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 405 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:e979170e02e7 406 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 407 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 408 ssl->specs.mac_algorithm = sha384_mac;
ashleymills 0:e979170e02e7 409 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 410 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 411 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ashleymills 0:e979170e02e7 412 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 413 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 414 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 415 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 416 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 417
ashleymills 0:e979170e02e7 418 break;
ashleymills 0:e979170e02e7 419 #endif
ashleymills 0:e979170e02e7 420
ashleymills 0:e979170e02e7 421 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 422 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:e979170e02e7 423 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 424 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 425 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 426 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 427 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 428 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 429 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 430 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 431 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 432 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 433 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 434
ashleymills 0:e979170e02e7 435 break;
ashleymills 0:e979170e02e7 436 #endif
ashleymills 0:e979170e02e7 437
ashleymills 0:e979170e02e7 438 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 439 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:e979170e02e7 440 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 441 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 442 ssl->specs.mac_algorithm = sha384_mac;
ashleymills 0:e979170e02e7 443 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 444 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 445 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ashleymills 0:e979170e02e7 446 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 447 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 448 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 449 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 450 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 451
ashleymills 0:e979170e02e7 452 break;
ashleymills 0:e979170e02e7 453 #endif
ashleymills 0:e979170e02e7 454
ashleymills 0:e979170e02e7 455 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
ashleymills 0:e979170e02e7 456 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 :
ashleymills 0:e979170e02e7 457 ssl->specs.bulk_cipher_algorithm = aes_ccm;
ashleymills 0:e979170e02e7 458 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 459 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 460 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 461 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 462 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 463 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 464 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 465 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 466 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 467 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 468 break;
ashleymills 0:e979170e02e7 469 #endif
ashleymills 0:e979170e02e7 470
ashleymills 0:e979170e02e7 471 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
ashleymills 0:e979170e02e7 472 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 :
ashleymills 0:e979170e02e7 473 ssl->specs.bulk_cipher_algorithm = aes_ccm;
ashleymills 0:e979170e02e7 474 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 475 ssl->specs.mac_algorithm = sha384_mac;
ashleymills 0:e979170e02e7 476 ssl->specs.kea = ecc_diffie_hellman_kea;
ashleymills 0:e979170e02e7 477 ssl->specs.sig_algo = ecc_dsa_sa_algo;
ashleymills 0:e979170e02e7 478 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ashleymills 0:e979170e02e7 479 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 480 ssl->specs.static_ecdh = 1;
ashleymills 0:e979170e02e7 481 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 482 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 483 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 484 break;
ashleymills 0:e979170e02e7 485 #endif
ashleymills 0:e979170e02e7 486 #endif /* HAVE_ECC */
ashleymills 0:e979170e02e7 487
ashleymills 0:e979170e02e7 488 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
ashleymills 0:e979170e02e7 489 case TLS_RSA_WITH_AES_128_CCM_8_SHA256 :
ashleymills 0:e979170e02e7 490 ssl->specs.bulk_cipher_algorithm = aes_ccm;
ashleymills 0:e979170e02e7 491 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 492 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 493 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 494 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 495 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 496 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 497 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 498 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 499 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 500 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 501 break;
ashleymills 0:e979170e02e7 502 #endif
ashleymills 0:e979170e02e7 503
ashleymills 0:e979170e02e7 504 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
ashleymills 0:e979170e02e7 505 case TLS_RSA_WITH_AES_256_CCM_8_SHA384 :
ashleymills 0:e979170e02e7 506 ssl->specs.bulk_cipher_algorithm = aes_ccm;
ashleymills 0:e979170e02e7 507 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 508 ssl->specs.mac_algorithm = sha384_mac;
ashleymills 0:e979170e02e7 509 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 510 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 511 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ashleymills 0:e979170e02e7 512 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 513 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 514 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 515 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 516 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 517 break;
ashleymills 0:e979170e02e7 518 #endif
ashleymills 0:e979170e02e7 519
ashleymills 0:e979170e02e7 520 default:
ashleymills 0:e979170e02e7 521 CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
ashleymills 0:e979170e02e7 522 return UNSUPPORTED_SUITE;
ashleymills 0:e979170e02e7 523 } /* switch */
ashleymills 0:e979170e02e7 524 } /* if */
ashleymills 0:e979170e02e7 525 if (ssl->options.cipherSuite0 != ECC_BYTE) { /* normal suites */
ashleymills 0:e979170e02e7 526 switch (ssl->options.cipherSuite) {
ashleymills 0:e979170e02e7 527
ashleymills 0:e979170e02e7 528 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 529 case SSL_RSA_WITH_RC4_128_SHA :
ashleymills 0:e979170e02e7 530 ssl->specs.bulk_cipher_algorithm = rc4;
ashleymills 0:e979170e02e7 531 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 532 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 533 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 534 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 535 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 536 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 537 ssl->specs.key_size = RC4_KEY_SIZE;
ashleymills 0:e979170e02e7 538 ssl->specs.iv_size = 0;
ashleymills 0:e979170e02e7 539 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 540
ashleymills 0:e979170e02e7 541 break;
ashleymills 0:e979170e02e7 542 #endif
ashleymills 0:e979170e02e7 543
ashleymills 0:e979170e02e7 544 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 545 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
ashleymills 0:e979170e02e7 546 ssl->specs.bulk_cipher_algorithm = rc4;
ashleymills 0:e979170e02e7 547 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 548 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 549 ssl->specs.kea = ntru_kea;
ashleymills 0:e979170e02e7 550 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 551 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 552 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 553 ssl->specs.key_size = RC4_KEY_SIZE;
ashleymills 0:e979170e02e7 554 ssl->specs.iv_size = 0;
ashleymills 0:e979170e02e7 555 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 556
ashleymills 0:e979170e02e7 557 break;
ashleymills 0:e979170e02e7 558 #endif
ashleymills 0:e979170e02e7 559
ashleymills 0:e979170e02e7 560 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
ashleymills 0:e979170e02e7 561 case SSL_RSA_WITH_RC4_128_MD5 :
ashleymills 0:e979170e02e7 562 ssl->specs.bulk_cipher_algorithm = rc4;
ashleymills 0:e979170e02e7 563 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 564 ssl->specs.mac_algorithm = md5_mac;
ashleymills 0:e979170e02e7 565 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 566 ssl->specs.hash_size = MD5_DIGEST_SIZE;
ashleymills 0:e979170e02e7 567 ssl->specs.pad_size = PAD_MD5;
ashleymills 0:e979170e02e7 568 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 569 ssl->specs.key_size = RC4_KEY_SIZE;
ashleymills 0:e979170e02e7 570 ssl->specs.iv_size = 0;
ashleymills 0:e979170e02e7 571 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 572
ashleymills 0:e979170e02e7 573 break;
ashleymills 0:e979170e02e7 574 #endif
ashleymills 0:e979170e02e7 575
ashleymills 0:e979170e02e7 576 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 577 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:e979170e02e7 578 ssl->specs.bulk_cipher_algorithm = triple_des;
ashleymills 0:e979170e02e7 579 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 580 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 581 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 582 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 583 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 584 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 585 ssl->specs.key_size = DES3_KEY_SIZE;
ashleymills 0:e979170e02e7 586 ssl->specs.block_size = DES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 587 ssl->specs.iv_size = DES_IV_SIZE;
ashleymills 0:e979170e02e7 588
ashleymills 0:e979170e02e7 589 break;
ashleymills 0:e979170e02e7 590 #endif
ashleymills 0:e979170e02e7 591
ashleymills 0:e979170e02e7 592 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 593 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:e979170e02e7 594 ssl->specs.bulk_cipher_algorithm = triple_des;
ashleymills 0:e979170e02e7 595 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 596 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 597 ssl->specs.kea = ntru_kea;
ashleymills 0:e979170e02e7 598 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 599 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 600 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 601 ssl->specs.key_size = DES3_KEY_SIZE;
ashleymills 0:e979170e02e7 602 ssl->specs.block_size = DES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 603 ssl->specs.iv_size = DES_IV_SIZE;
ashleymills 0:e979170e02e7 604
ashleymills 0:e979170e02e7 605 break;
ashleymills 0:e979170e02e7 606 #endif
ashleymills 0:e979170e02e7 607
ashleymills 0:e979170e02e7 608 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 609 case TLS_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:e979170e02e7 610 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 611 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 612 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 613 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 614 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 615 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 616 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 617 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 618 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 619 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 620
ashleymills 0:e979170e02e7 621 break;
ashleymills 0:e979170e02e7 622 #endif
ashleymills 0:e979170e02e7 623
ashleymills 0:e979170e02e7 624 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:e979170e02e7 625 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:e979170e02e7 626 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 627 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 628 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 629 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 630 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 631 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 632 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 633 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 634 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 635 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 636
ashleymills 0:e979170e02e7 637 break;
ashleymills 0:e979170e02e7 638 #endif
ashleymills 0:e979170e02e7 639
ashleymills 0:e979170e02e7 640 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
ashleymills 0:e979170e02e7 641 case TLS_RSA_WITH_NULL_SHA :
ashleymills 0:e979170e02e7 642 ssl->specs.bulk_cipher_algorithm = cipher_null;
ashleymills 0:e979170e02e7 643 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 644 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 645 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 646 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 647 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 648 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 649 ssl->specs.key_size = 0;
ashleymills 0:e979170e02e7 650 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 651 ssl->specs.iv_size = 0;
ashleymills 0:e979170e02e7 652
ashleymills 0:e979170e02e7 653 break;
ashleymills 0:e979170e02e7 654 #endif
ashleymills 0:e979170e02e7 655
ashleymills 0:e979170e02e7 656 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
ashleymills 0:e979170e02e7 657 case TLS_RSA_WITH_NULL_SHA256 :
ashleymills 0:e979170e02e7 658 ssl->specs.bulk_cipher_algorithm = cipher_null;
ashleymills 0:e979170e02e7 659 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 660 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 661 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 662 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 663 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 664 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 665 ssl->specs.key_size = 0;
ashleymills 0:e979170e02e7 666 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 667 ssl->specs.iv_size = 0;
ashleymills 0:e979170e02e7 668
ashleymills 0:e979170e02e7 669 break;
ashleymills 0:e979170e02e7 670 #endif
ashleymills 0:e979170e02e7 671
ashleymills 0:e979170e02e7 672 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 673 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:e979170e02e7 674 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 675 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 676 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 677 ssl->specs.kea = ntru_kea;
ashleymills 0:e979170e02e7 678 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 679 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 680 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 681 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 682 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 683 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 684
ashleymills 0:e979170e02e7 685 break;
ashleymills 0:e979170e02e7 686 #endif
ashleymills 0:e979170e02e7 687
ashleymills 0:e979170e02e7 688 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 689 case TLS_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:e979170e02e7 690 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 691 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 692 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 693 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 694 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 695 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 696 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 697 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 698 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 699 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 700
ashleymills 0:e979170e02e7 701 break;
ashleymills 0:e979170e02e7 702 #endif
ashleymills 0:e979170e02e7 703
ashleymills 0:e979170e02e7 704 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
ashleymills 0:e979170e02e7 705 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
ashleymills 0:e979170e02e7 706 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 707 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 708 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 709 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 710 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 711 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 712 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 713 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 714 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 715 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 716
ashleymills 0:e979170e02e7 717 break;
ashleymills 0:e979170e02e7 718 #endif
ashleymills 0:e979170e02e7 719
ashleymills 0:e979170e02e7 720 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 721 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:e979170e02e7 722 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 723 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 724 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 725 ssl->specs.kea = ntru_kea;
ashleymills 0:e979170e02e7 726 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 727 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 728 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 729 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 730 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 731 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 732
ashleymills 0:e979170e02e7 733 break;
ashleymills 0:e979170e02e7 734 #endif
ashleymills 0:e979170e02e7 735
ashleymills 0:e979170e02e7 736 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
ashleymills 0:e979170e02e7 737 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
ashleymills 0:e979170e02e7 738 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 739 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 740 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 741 ssl->specs.kea = psk_kea;
ashleymills 0:e979170e02e7 742 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 743 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 744 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 745 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 746 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 747 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 748
ashleymills 0:e979170e02e7 749 ssl->options.usingPSK_cipher = 1;
ashleymills 0:e979170e02e7 750 break;
ashleymills 0:e979170e02e7 751 #endif
ashleymills 0:e979170e02e7 752
ashleymills 0:e979170e02e7 753 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 754 case TLS_PSK_WITH_AES_128_CBC_SHA :
ashleymills 0:e979170e02e7 755 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 756 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 757 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 758 ssl->specs.kea = psk_kea;
ashleymills 0:e979170e02e7 759 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 760 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 761 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 762 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 763 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 764 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 765
ashleymills 0:e979170e02e7 766 ssl->options.usingPSK_cipher = 1;
ashleymills 0:e979170e02e7 767 break;
ashleymills 0:e979170e02e7 768 #endif
ashleymills 0:e979170e02e7 769
ashleymills 0:e979170e02e7 770 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 771 case TLS_PSK_WITH_AES_256_CBC_SHA :
ashleymills 0:e979170e02e7 772 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 773 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 774 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 775 ssl->specs.kea = psk_kea;
ashleymills 0:e979170e02e7 776 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 777 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 778 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 779 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 780 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 781 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 782
ashleymills 0:e979170e02e7 783 ssl->options.usingPSK_cipher = 1;
ashleymills 0:e979170e02e7 784 break;
ashleymills 0:e979170e02e7 785 #endif
ashleymills 0:e979170e02e7 786
ashleymills 0:e979170e02e7 787 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
ashleymills 0:e979170e02e7 788 case TLS_PSK_WITH_NULL_SHA256 :
ashleymills 0:e979170e02e7 789 ssl->specs.bulk_cipher_algorithm = cipher_null;
ashleymills 0:e979170e02e7 790 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 791 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 792 ssl->specs.kea = psk_kea;
ashleymills 0:e979170e02e7 793 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 794 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 795 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 796 ssl->specs.key_size = 0;
ashleymills 0:e979170e02e7 797 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 798 ssl->specs.iv_size = 0;
ashleymills 0:e979170e02e7 799
ashleymills 0:e979170e02e7 800 ssl->options.usingPSK_cipher = 1;
ashleymills 0:e979170e02e7 801 break;
ashleymills 0:e979170e02e7 802 #endif
ashleymills 0:e979170e02e7 803
ashleymills 0:e979170e02e7 804 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
ashleymills 0:e979170e02e7 805 case TLS_PSK_WITH_NULL_SHA :
ashleymills 0:e979170e02e7 806 ssl->specs.bulk_cipher_algorithm = cipher_null;
ashleymills 0:e979170e02e7 807 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 808 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 809 ssl->specs.kea = psk_kea;
ashleymills 0:e979170e02e7 810 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 811 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 812 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 813 ssl->specs.key_size = 0;
ashleymills 0:e979170e02e7 814 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 815 ssl->specs.iv_size = 0;
ashleymills 0:e979170e02e7 816
ashleymills 0:e979170e02e7 817 ssl->options.usingPSK_cipher = 1;
ashleymills 0:e979170e02e7 818 break;
ashleymills 0:e979170e02e7 819 #endif
ashleymills 0:e979170e02e7 820
ashleymills 0:e979170e02e7 821 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:e979170e02e7 822 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:e979170e02e7 823 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 824 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 825 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 826 ssl->specs.kea = diffie_hellman_kea;
ashleymills 0:e979170e02e7 827 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 828 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 829 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 830 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 831 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 832 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 833 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 834
ashleymills 0:e979170e02e7 835 break;
ashleymills 0:e979170e02e7 836 #endif
ashleymills 0:e979170e02e7 837
ashleymills 0:e979170e02e7 838 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
ashleymills 0:e979170e02e7 839 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
ashleymills 0:e979170e02e7 840 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 841 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 842 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 843 ssl->specs.kea = diffie_hellman_kea;
ashleymills 0:e979170e02e7 844 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 845 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 846 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 847 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 848 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 849 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 850 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 851
ashleymills 0:e979170e02e7 852 break;
ashleymills 0:e979170e02e7 853 #endif
ashleymills 0:e979170e02e7 854
ashleymills 0:e979170e02e7 855 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 856 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:e979170e02e7 857 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 858 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 859 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 860 ssl->specs.kea = diffie_hellman_kea;
ashleymills 0:e979170e02e7 861 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 862 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 863 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 864 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 865 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 866 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 867 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 868
ashleymills 0:e979170e02e7 869 break;
ashleymills 0:e979170e02e7 870 #endif
ashleymills 0:e979170e02e7 871
ashleymills 0:e979170e02e7 872 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 873 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:e979170e02e7 874 ssl->specs.bulk_cipher_algorithm = aes;
ashleymills 0:e979170e02e7 875 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 876 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 877 ssl->specs.kea = diffie_hellman_kea;
ashleymills 0:e979170e02e7 878 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 879 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 880 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 881 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 882 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 883 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 884 ssl->specs.iv_size = AES_IV_SIZE;
ashleymills 0:e979170e02e7 885
ashleymills 0:e979170e02e7 886 break;
ashleymills 0:e979170e02e7 887 #endif
ashleymills 0:e979170e02e7 888
ashleymills 0:e979170e02e7 889 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
ashleymills 0:e979170e02e7 890 case TLS_RSA_WITH_HC_128_CBC_MD5 :
ashleymills 0:e979170e02e7 891 ssl->specs.bulk_cipher_algorithm = hc128;
ashleymills 0:e979170e02e7 892 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 893 ssl->specs.mac_algorithm = md5_mac;
ashleymills 0:e979170e02e7 894 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 895 ssl->specs.hash_size = MD5_DIGEST_SIZE;
ashleymills 0:e979170e02e7 896 ssl->specs.pad_size = PAD_MD5;
ashleymills 0:e979170e02e7 897 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 898 ssl->specs.key_size = HC_128_KEY_SIZE;
ashleymills 0:e979170e02e7 899 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 900 ssl->specs.iv_size = HC_128_IV_SIZE;
ashleymills 0:e979170e02e7 901
ashleymills 0:e979170e02e7 902 break;
ashleymills 0:e979170e02e7 903 #endif
ashleymills 0:e979170e02e7 904
ashleymills 0:e979170e02e7 905 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
ashleymills 0:e979170e02e7 906 case TLS_RSA_WITH_HC_128_CBC_SHA :
ashleymills 0:e979170e02e7 907 ssl->specs.bulk_cipher_algorithm = hc128;
ashleymills 0:e979170e02e7 908 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 909 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 910 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 911 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 912 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 913 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 914 ssl->specs.key_size = HC_128_KEY_SIZE;
ashleymills 0:e979170e02e7 915 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 916 ssl->specs.iv_size = HC_128_IV_SIZE;
ashleymills 0:e979170e02e7 917
ashleymills 0:e979170e02e7 918 break;
ashleymills 0:e979170e02e7 919 #endif
ashleymills 0:e979170e02e7 920
ashleymills 0:e979170e02e7 921 #ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
ashleymills 0:e979170e02e7 922 case TLS_RSA_WITH_RABBIT_CBC_SHA :
ashleymills 0:e979170e02e7 923 ssl->specs.bulk_cipher_algorithm = rabbit;
ashleymills 0:e979170e02e7 924 ssl->specs.cipher_type = stream;
ashleymills 0:e979170e02e7 925 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 926 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 927 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 928 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 929 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 930 ssl->specs.key_size = RABBIT_KEY_SIZE;
ashleymills 0:e979170e02e7 931 ssl->specs.block_size = 0;
ashleymills 0:e979170e02e7 932 ssl->specs.iv_size = RABBIT_IV_SIZE;
ashleymills 0:e979170e02e7 933
ashleymills 0:e979170e02e7 934 break;
ashleymills 0:e979170e02e7 935 #endif
ashleymills 0:e979170e02e7 936
ashleymills 0:e979170e02e7 937 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 938 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:e979170e02e7 939 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 940 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 941 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 942 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 943 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 944 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 945 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 946 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 947 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 948 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 949 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 950
ashleymills 0:e979170e02e7 951 break;
ashleymills 0:e979170e02e7 952 #endif
ashleymills 0:e979170e02e7 953
ashleymills 0:e979170e02e7 954 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 955 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:e979170e02e7 956 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 957 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 958 ssl->specs.mac_algorithm = sha384_mac;
ashleymills 0:e979170e02e7 959 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 960 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 961 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ashleymills 0:e979170e02e7 962 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 963 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 964 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 965 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 966 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 967
ashleymills 0:e979170e02e7 968 break;
ashleymills 0:e979170e02e7 969 #endif
ashleymills 0:e979170e02e7 970
ashleymills 0:e979170e02e7 971 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 972 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:e979170e02e7 973 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 974 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 975 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 976 ssl->specs.kea = diffie_hellman_kea;
ashleymills 0:e979170e02e7 977 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 978 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 979 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 980 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 981 ssl->specs.key_size = AES_128_KEY_SIZE;
ashleymills 0:e979170e02e7 982 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 983 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 984
ashleymills 0:e979170e02e7 985 break;
ashleymills 0:e979170e02e7 986 #endif
ashleymills 0:e979170e02e7 987
ashleymills 0:e979170e02e7 988 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 989 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:e979170e02e7 990 ssl->specs.bulk_cipher_algorithm = aes_gcm;
ashleymills 0:e979170e02e7 991 ssl->specs.cipher_type = aead;
ashleymills 0:e979170e02e7 992 ssl->specs.mac_algorithm = sha384_mac;
ashleymills 0:e979170e02e7 993 ssl->specs.kea = diffie_hellman_kea;
ashleymills 0:e979170e02e7 994 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 995 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ashleymills 0:e979170e02e7 996 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 997 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 998 ssl->specs.key_size = AES_256_KEY_SIZE;
ashleymills 0:e979170e02e7 999 ssl->specs.block_size = AES_BLOCK_SIZE;
ashleymills 0:e979170e02e7 1000 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ashleymills 0:e979170e02e7 1001
ashleymills 0:e979170e02e7 1002 break;
ashleymills 0:e979170e02e7 1003 #endif
ashleymills 0:e979170e02e7 1004
ashleymills 0:e979170e02e7 1005 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
ashleymills 0:e979170e02e7 1006 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
ashleymills 0:e979170e02e7 1007 ssl->specs.bulk_cipher_algorithm = camellia;
ashleymills 0:e979170e02e7 1008 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 1009 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 1010 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 1011 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 1012 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 1013 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 1014 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
ashleymills 0:e979170e02e7 1015 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
ashleymills 0:e979170e02e7 1016 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
ashleymills 0:e979170e02e7 1017
ashleymills 0:e979170e02e7 1018 break;
ashleymills 0:e979170e02e7 1019 #endif
ashleymills 0:e979170e02e7 1020
ashleymills 0:e979170e02e7 1021 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
ashleymills 0:e979170e02e7 1022 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
ashleymills 0:e979170e02e7 1023 ssl->specs.bulk_cipher_algorithm = camellia;
ashleymills 0:e979170e02e7 1024 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 1025 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 1026 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 1027 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 1028 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 1029 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 1030 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
ashleymills 0:e979170e02e7 1031 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
ashleymills 0:e979170e02e7 1032 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
ashleymills 0:e979170e02e7 1033
ashleymills 0:e979170e02e7 1034 break;
ashleymills 0:e979170e02e7 1035 #endif
ashleymills 0:e979170e02e7 1036
ashleymills 0:e979170e02e7 1037 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
ashleymills 0:e979170e02e7 1038 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
ashleymills 0:e979170e02e7 1039 ssl->specs.bulk_cipher_algorithm = camellia;
ashleymills 0:e979170e02e7 1040 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 1041 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 1042 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 1043 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 1044 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 1045 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 1046 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
ashleymills 0:e979170e02e7 1047 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
ashleymills 0:e979170e02e7 1048 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
ashleymills 0:e979170e02e7 1049
ashleymills 0:e979170e02e7 1050 break;
ashleymills 0:e979170e02e7 1051 #endif
ashleymills 0:e979170e02e7 1052
ashleymills 0:e979170e02e7 1053 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
ashleymills 0:e979170e02e7 1054 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
ashleymills 0:e979170e02e7 1055 ssl->specs.bulk_cipher_algorithm = camellia;
ashleymills 0:e979170e02e7 1056 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 1057 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 1058 ssl->specs.kea = rsa_kea;
ashleymills 0:e979170e02e7 1059 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 1060 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 1061 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 1062 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
ashleymills 0:e979170e02e7 1063 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
ashleymills 0:e979170e02e7 1064 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
ashleymills 0:e979170e02e7 1065
ashleymills 0:e979170e02e7 1066 break;
ashleymills 0:e979170e02e7 1067 #endif
ashleymills 0:e979170e02e7 1068
ashleymills 0:e979170e02e7 1069 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
ashleymills 0:e979170e02e7 1070 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
ashleymills 0:e979170e02e7 1071 ssl->specs.bulk_cipher_algorithm = camellia;
ashleymills 0:e979170e02e7 1072 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 1073 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 1074 ssl->specs.kea = diffie_hellman_kea;
ashleymills 0:e979170e02e7 1075 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 1076 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 1077 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 1078 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 1079 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
ashleymills 0:e979170e02e7 1080 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
ashleymills 0:e979170e02e7 1081 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
ashleymills 0:e979170e02e7 1082
ashleymills 0:e979170e02e7 1083 break;
ashleymills 0:e979170e02e7 1084 #endif
ashleymills 0:e979170e02e7 1085
ashleymills 0:e979170e02e7 1086 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
ashleymills 0:e979170e02e7 1087 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
ashleymills 0:e979170e02e7 1088 ssl->specs.bulk_cipher_algorithm = camellia;
ashleymills 0:e979170e02e7 1089 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 1090 ssl->specs.mac_algorithm = sha_mac;
ashleymills 0:e979170e02e7 1091 ssl->specs.kea = diffie_hellman_kea;
ashleymills 0:e979170e02e7 1092 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 1093 ssl->specs.hash_size = SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 1094 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 1095 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 1096 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
ashleymills 0:e979170e02e7 1097 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
ashleymills 0:e979170e02e7 1098 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
ashleymills 0:e979170e02e7 1099
ashleymills 0:e979170e02e7 1100 break;
ashleymills 0:e979170e02e7 1101 #endif
ashleymills 0:e979170e02e7 1102
ashleymills 0:e979170e02e7 1103 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
ashleymills 0:e979170e02e7 1104 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
ashleymills 0:e979170e02e7 1105 ssl->specs.bulk_cipher_algorithm = camellia;
ashleymills 0:e979170e02e7 1106 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 1107 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 1108 ssl->specs.kea = diffie_hellman_kea;
ashleymills 0:e979170e02e7 1109 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 1110 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 1111 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 1112 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 1113 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
ashleymills 0:e979170e02e7 1114 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
ashleymills 0:e979170e02e7 1115 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
ashleymills 0:e979170e02e7 1116
ashleymills 0:e979170e02e7 1117 break;
ashleymills 0:e979170e02e7 1118 #endif
ashleymills 0:e979170e02e7 1119
ashleymills 0:e979170e02e7 1120 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
ashleymills 0:e979170e02e7 1121 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
ashleymills 0:e979170e02e7 1122 ssl->specs.bulk_cipher_algorithm = camellia;
ashleymills 0:e979170e02e7 1123 ssl->specs.cipher_type = block;
ashleymills 0:e979170e02e7 1124 ssl->specs.mac_algorithm = sha256_mac;
ashleymills 0:e979170e02e7 1125 ssl->specs.kea = diffie_hellman_kea;
ashleymills 0:e979170e02e7 1126 ssl->specs.sig_algo = rsa_sa_algo;
ashleymills 0:e979170e02e7 1127 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ashleymills 0:e979170e02e7 1128 ssl->specs.pad_size = PAD_SHA;
ashleymills 0:e979170e02e7 1129 ssl->specs.static_ecdh = 0;
ashleymills 0:e979170e02e7 1130 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
ashleymills 0:e979170e02e7 1131 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
ashleymills 0:e979170e02e7 1132 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
ashleymills 0:e979170e02e7 1133
ashleymills 0:e979170e02e7 1134 break;
ashleymills 0:e979170e02e7 1135 #endif
ashleymills 0:e979170e02e7 1136
ashleymills 0:e979170e02e7 1137 default:
ashleymills 0:e979170e02e7 1138 CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs");
ashleymills 0:e979170e02e7 1139 return UNSUPPORTED_SUITE;
ashleymills 0:e979170e02e7 1140 } /* switch */
ashleymills 0:e979170e02e7 1141 } /* if ECC / Normal suites else */
ashleymills 0:e979170e02e7 1142
ashleymills 0:e979170e02e7 1143 /* set TLS if it hasn't been turned off */
ashleymills 0:e979170e02e7 1144 if (ssl->version.major == 3 && ssl->version.minor >= 1) {
ashleymills 0:e979170e02e7 1145 #ifndef NO_TLS
ashleymills 0:e979170e02e7 1146 ssl->options.tls = 1;
ashleymills 0:e979170e02e7 1147 ssl->hmac = TLS_hmac;
ashleymills 0:e979170e02e7 1148 if (ssl->version.minor >= 2)
ashleymills 0:e979170e02e7 1149 ssl->options.tls1_1 = 1;
ashleymills 0:e979170e02e7 1150 #endif
ashleymills 0:e979170e02e7 1151 }
ashleymills 0:e979170e02e7 1152
ashleymills 0:e979170e02e7 1153 #ifdef CYASSL_DTLS
ashleymills 0:e979170e02e7 1154 if (ssl->options.dtls)
ashleymills 0:e979170e02e7 1155 ssl->hmac = TLS_hmac;
ashleymills 0:e979170e02e7 1156 #endif
ashleymills 0:e979170e02e7 1157
ashleymills 0:e979170e02e7 1158 return 0;
ashleymills 0:e979170e02e7 1159 }
ashleymills 0:e979170e02e7 1160
ashleymills 0:e979170e02e7 1161
ashleymills 0:e979170e02e7 1162 enum KeyStuff {
ashleymills 0:e979170e02e7 1163 MASTER_ROUNDS = 3,
ashleymills 0:e979170e02e7 1164 PREFIX = 3, /* up to three letters for master prefix */
ashleymills 0:e979170e02e7 1165 KEY_PREFIX = 7 /* up to 7 prefix letters for key rounds */
ashleymills 0:e979170e02e7 1166
ashleymills 0:e979170e02e7 1167
ashleymills 0:e979170e02e7 1168 };
ashleymills 0:e979170e02e7 1169
ashleymills 0:e979170e02e7 1170 #ifndef NO_OLD_TLS
ashleymills 0:e979170e02e7 1171 /* true or false, zero for error */
ashleymills 0:e979170e02e7 1172 static int SetPrefix(byte* sha_input, int idx)
ashleymills 0:e979170e02e7 1173 {
ashleymills 0:e979170e02e7 1174 switch (idx) {
ashleymills 0:e979170e02e7 1175 case 0:
ashleymills 0:e979170e02e7 1176 XMEMCPY(sha_input, "A", 1);
ashleymills 0:e979170e02e7 1177 break;
ashleymills 0:e979170e02e7 1178 case 1:
ashleymills 0:e979170e02e7 1179 XMEMCPY(sha_input, "BB", 2);
ashleymills 0:e979170e02e7 1180 break;
ashleymills 0:e979170e02e7 1181 case 2:
ashleymills 0:e979170e02e7 1182 XMEMCPY(sha_input, "CCC", 3);
ashleymills 0:e979170e02e7 1183 break;
ashleymills 0:e979170e02e7 1184 case 3:
ashleymills 0:e979170e02e7 1185 XMEMCPY(sha_input, "DDDD", 4);
ashleymills 0:e979170e02e7 1186 break;
ashleymills 0:e979170e02e7 1187 case 4:
ashleymills 0:e979170e02e7 1188 XMEMCPY(sha_input, "EEEEE", 5);
ashleymills 0:e979170e02e7 1189 break;
ashleymills 0:e979170e02e7 1190 case 5:
ashleymills 0:e979170e02e7 1191 XMEMCPY(sha_input, "FFFFFF", 6);
ashleymills 0:e979170e02e7 1192 break;
ashleymills 0:e979170e02e7 1193 case 6:
ashleymills 0:e979170e02e7 1194 XMEMCPY(sha_input, "GGGGGGG", 7);
ashleymills 0:e979170e02e7 1195 break;
ashleymills 0:e979170e02e7 1196 default:
ashleymills 0:e979170e02e7 1197 CYASSL_MSG("Set Prefix error, bad input");
ashleymills 0:e979170e02e7 1198 return 0;
ashleymills 0:e979170e02e7 1199 }
ashleymills 0:e979170e02e7 1200 return 1;
ashleymills 0:e979170e02e7 1201 }
ashleymills 0:e979170e02e7 1202 #endif
ashleymills 0:e979170e02e7 1203
ashleymills 0:e979170e02e7 1204
ashleymills 0:e979170e02e7 1205 static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
ashleymills 0:e979170e02e7 1206 byte side, void* heap, int devId)
ashleymills 0:e979170e02e7 1207 {
ashleymills 0:e979170e02e7 1208 #ifdef BUILD_ARC4
ashleymills 0:e979170e02e7 1209 word32 sz = specs->key_size;
ashleymills 0:e979170e02e7 1210 if (specs->bulk_cipher_algorithm == rc4) {
ashleymills 0:e979170e02e7 1211 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1212 if (enc->arc4 == NULL)
ashleymills 0:e979170e02e7 1213 return MEMORY_E;
ashleymills 0:e979170e02e7 1214 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1215 if (dec->arc4 == NULL)
ashleymills 0:e979170e02e7 1216 return MEMORY_E;
ashleymills 0:e979170e02e7 1217 #ifdef HAVE_CAVIUM
ashleymills 0:e979170e02e7 1218 if (devId != NO_CAVIUM_DEVICE) {
ashleymills 0:e979170e02e7 1219 if (Arc4InitCavium(enc->arc4, devId) != 0) {
ashleymills 0:e979170e02e7 1220 CYASSL_MSG("Arc4InitCavium failed in SetKeys");
ashleymills 0:e979170e02e7 1221 return CAVIUM_INIT_E;
ashleymills 0:e979170e02e7 1222 }
ashleymills 0:e979170e02e7 1223 if (Arc4InitCavium(dec->arc4, devId) != 0) {
ashleymills 0:e979170e02e7 1224 CYASSL_MSG("Arc4InitCavium failed in SetKeys");
ashleymills 0:e979170e02e7 1225 return CAVIUM_INIT_E;
ashleymills 0:e979170e02e7 1226 }
ashleymills 0:e979170e02e7 1227 }
ashleymills 0:e979170e02e7 1228 #endif
ashleymills 0:e979170e02e7 1229 if (side == CLIENT_END) {
ashleymills 0:e979170e02e7 1230 Arc4SetKey(enc->arc4, keys->client_write_key, sz);
ashleymills 0:e979170e02e7 1231 Arc4SetKey(dec->arc4, keys->server_write_key, sz);
ashleymills 0:e979170e02e7 1232 }
ashleymills 0:e979170e02e7 1233 else {
ashleymills 0:e979170e02e7 1234 Arc4SetKey(enc->arc4, keys->server_write_key, sz);
ashleymills 0:e979170e02e7 1235 Arc4SetKey(dec->arc4, keys->client_write_key, sz);
ashleymills 0:e979170e02e7 1236 }
ashleymills 0:e979170e02e7 1237 enc->setup = 1;
ashleymills 0:e979170e02e7 1238 dec->setup = 1;
ashleymills 0:e979170e02e7 1239 }
ashleymills 0:e979170e02e7 1240 #endif
ashleymills 0:e979170e02e7 1241
ashleymills 0:e979170e02e7 1242 #ifdef HAVE_HC128
ashleymills 0:e979170e02e7 1243 if (specs->bulk_cipher_algorithm == hc128) {
ashleymills 0:e979170e02e7 1244 enc->hc128 = (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1245 if (enc->hc128 == NULL)
ashleymills 0:e979170e02e7 1246 return MEMORY_E;
ashleymills 0:e979170e02e7 1247 dec->hc128 = (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1248 if (dec->hc128 == NULL)
ashleymills 0:e979170e02e7 1249 return MEMORY_E;
ashleymills 0:e979170e02e7 1250 if (side == CLIENT_END) {
ashleymills 0:e979170e02e7 1251 Hc128_SetKey(enc->hc128, keys->client_write_key,
ashleymills 0:e979170e02e7 1252 keys->client_write_IV);
ashleymills 0:e979170e02e7 1253 Hc128_SetKey(dec->hc128, keys->server_write_key,
ashleymills 0:e979170e02e7 1254 keys->server_write_IV);
ashleymills 0:e979170e02e7 1255 }
ashleymills 0:e979170e02e7 1256 else {
ashleymills 0:e979170e02e7 1257 Hc128_SetKey(enc->hc128, keys->server_write_key,
ashleymills 0:e979170e02e7 1258 keys->server_write_IV);
ashleymills 0:e979170e02e7 1259 Hc128_SetKey(dec->hc128, keys->client_write_key,
ashleymills 0:e979170e02e7 1260 keys->client_write_IV);
ashleymills 0:e979170e02e7 1261 }
ashleymills 0:e979170e02e7 1262 enc->setup = 1;
ashleymills 0:e979170e02e7 1263 dec->setup = 1;
ashleymills 0:e979170e02e7 1264 }
ashleymills 0:e979170e02e7 1265 #endif
ashleymills 0:e979170e02e7 1266
ashleymills 0:e979170e02e7 1267 #ifdef BUILD_RABBIT
ashleymills 0:e979170e02e7 1268 if (specs->bulk_cipher_algorithm == rabbit) {
ashleymills 0:e979170e02e7 1269 enc->rabbit = (Rabbit*)XMALLOC(sizeof(Rabbit),heap,DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1270 if (enc->rabbit == NULL)
ashleymills 0:e979170e02e7 1271 return MEMORY_E;
ashleymills 0:e979170e02e7 1272 dec->rabbit = (Rabbit*)XMALLOC(sizeof(Rabbit),heap,DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1273 if (dec->rabbit == NULL)
ashleymills 0:e979170e02e7 1274 return MEMORY_E;
ashleymills 0:e979170e02e7 1275 if (side == CLIENT_END) {
ashleymills 0:e979170e02e7 1276 RabbitSetKey(enc->rabbit, keys->client_write_key,
ashleymills 0:e979170e02e7 1277 keys->client_write_IV);
ashleymills 0:e979170e02e7 1278 RabbitSetKey(dec->rabbit, keys->server_write_key,
ashleymills 0:e979170e02e7 1279 keys->server_write_IV);
ashleymills 0:e979170e02e7 1280 }
ashleymills 0:e979170e02e7 1281 else {
ashleymills 0:e979170e02e7 1282 RabbitSetKey(enc->rabbit, keys->server_write_key,
ashleymills 0:e979170e02e7 1283 keys->server_write_IV);
ashleymills 0:e979170e02e7 1284 RabbitSetKey(dec->rabbit, keys->client_write_key,
ashleymills 0:e979170e02e7 1285 keys->client_write_IV);
ashleymills 0:e979170e02e7 1286 }
ashleymills 0:e979170e02e7 1287 enc->setup = 1;
ashleymills 0:e979170e02e7 1288 dec->setup = 1;
ashleymills 0:e979170e02e7 1289 }
ashleymills 0:e979170e02e7 1290 #endif
ashleymills 0:e979170e02e7 1291
ashleymills 0:e979170e02e7 1292 #ifdef BUILD_DES3
ashleymills 0:e979170e02e7 1293 if (specs->bulk_cipher_algorithm == triple_des) {
ashleymills 0:e979170e02e7 1294 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1295 if (enc->des3 == NULL)
ashleymills 0:e979170e02e7 1296 return MEMORY_E;
ashleymills 0:e979170e02e7 1297 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1298 if (dec->des3 == NULL)
ashleymills 0:e979170e02e7 1299 return MEMORY_E;
ashleymills 0:e979170e02e7 1300 #ifdef HAVE_CAVIUM
ashleymills 0:e979170e02e7 1301 if (devId != NO_CAVIUM_DEVICE) {
ashleymills 0:e979170e02e7 1302 if (Des3_InitCavium(enc->des3, devId) != 0) {
ashleymills 0:e979170e02e7 1303 CYASSL_MSG("Des3_InitCavium failed in SetKeys");
ashleymills 0:e979170e02e7 1304 return CAVIUM_INIT_E;
ashleymills 0:e979170e02e7 1305 }
ashleymills 0:e979170e02e7 1306 if (Des3_InitCavium(dec->des3, devId) != 0) {
ashleymills 0:e979170e02e7 1307 CYASSL_MSG("Des3_InitCavium failed in SetKeys");
ashleymills 0:e979170e02e7 1308 return CAVIUM_INIT_E;
ashleymills 0:e979170e02e7 1309 }
ashleymills 0:e979170e02e7 1310 }
ashleymills 0:e979170e02e7 1311 #endif
ashleymills 0:e979170e02e7 1312 if (side == CLIENT_END) {
ashleymills 0:e979170e02e7 1313 Des3_SetKey(enc->des3, keys->client_write_key,
ashleymills 0:e979170e02e7 1314 keys->client_write_IV, DES_ENCRYPTION);
ashleymills 0:e979170e02e7 1315 Des3_SetKey(dec->des3, keys->server_write_key,
ashleymills 0:e979170e02e7 1316 keys->server_write_IV, DES_DECRYPTION);
ashleymills 0:e979170e02e7 1317 }
ashleymills 0:e979170e02e7 1318 else {
ashleymills 0:e979170e02e7 1319 Des3_SetKey(enc->des3, keys->server_write_key,
ashleymills 0:e979170e02e7 1320 keys->server_write_IV, DES_ENCRYPTION);
ashleymills 0:e979170e02e7 1321 Des3_SetKey(dec->des3, keys->client_write_key,
ashleymills 0:e979170e02e7 1322 keys->client_write_IV, DES_DECRYPTION);
ashleymills 0:e979170e02e7 1323 }
ashleymills 0:e979170e02e7 1324 enc->setup = 1;
ashleymills 0:e979170e02e7 1325 dec->setup = 1;
ashleymills 0:e979170e02e7 1326 }
ashleymills 0:e979170e02e7 1327 #endif
ashleymills 0:e979170e02e7 1328
ashleymills 0:e979170e02e7 1329 #ifdef BUILD_AES
ashleymills 0:e979170e02e7 1330 if (specs->bulk_cipher_algorithm == aes) {
ashleymills 0:e979170e02e7 1331 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1332 if (enc->aes == NULL)
ashleymills 0:e979170e02e7 1333 return MEMORY_E;
ashleymills 0:e979170e02e7 1334 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1335 if (dec->aes == NULL)
ashleymills 0:e979170e02e7 1336 return MEMORY_E;
ashleymills 0:e979170e02e7 1337 #ifdef HAVE_CAVIUM
ashleymills 0:e979170e02e7 1338 if (devId != NO_CAVIUM_DEVICE) {
ashleymills 0:e979170e02e7 1339 if (AesInitCavium(enc->aes, devId) != 0) {
ashleymills 0:e979170e02e7 1340 CYASSL_MSG("AesInitCavium failed in SetKeys");
ashleymills 0:e979170e02e7 1341 return CAVIUM_INIT_E;
ashleymills 0:e979170e02e7 1342 }
ashleymills 0:e979170e02e7 1343 if (AesInitCavium(dec->aes, devId) != 0) {
ashleymills 0:e979170e02e7 1344 CYASSL_MSG("AesInitCavium failed in SetKeys");
ashleymills 0:e979170e02e7 1345 return CAVIUM_INIT_E;
ashleymills 0:e979170e02e7 1346 }
ashleymills 0:e979170e02e7 1347 }
ashleymills 0:e979170e02e7 1348 #endif
ashleymills 0:e979170e02e7 1349 if (side == CLIENT_END) {
ashleymills 0:e979170e02e7 1350 AesSetKey(enc->aes, keys->client_write_key,
ashleymills 0:e979170e02e7 1351 specs->key_size, keys->client_write_IV,
ashleymills 0:e979170e02e7 1352 AES_ENCRYPTION);
ashleymills 0:e979170e02e7 1353 AesSetKey(dec->aes, keys->server_write_key,
ashleymills 0:e979170e02e7 1354 specs->key_size, keys->server_write_IV,
ashleymills 0:e979170e02e7 1355 AES_DECRYPTION);
ashleymills 0:e979170e02e7 1356 }
ashleymills 0:e979170e02e7 1357 else {
ashleymills 0:e979170e02e7 1358 AesSetKey(enc->aes, keys->server_write_key,
ashleymills 0:e979170e02e7 1359 specs->key_size, keys->server_write_IV,
ashleymills 0:e979170e02e7 1360 AES_ENCRYPTION);
ashleymills 0:e979170e02e7 1361 AesSetKey(dec->aes, keys->client_write_key,
ashleymills 0:e979170e02e7 1362 specs->key_size, keys->client_write_IV,
ashleymills 0:e979170e02e7 1363 AES_DECRYPTION);
ashleymills 0:e979170e02e7 1364 }
ashleymills 0:e979170e02e7 1365 enc->setup = 1;
ashleymills 0:e979170e02e7 1366 dec->setup = 1;
ashleymills 0:e979170e02e7 1367 }
ashleymills 0:e979170e02e7 1368 #endif
ashleymills 0:e979170e02e7 1369
ashleymills 0:e979170e02e7 1370 #ifdef BUILD_AESGCM
ashleymills 0:e979170e02e7 1371 if (specs->bulk_cipher_algorithm == aes_gcm) {
ashleymills 0:e979170e02e7 1372 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1373 if (enc->aes == NULL)
ashleymills 0:e979170e02e7 1374 return MEMORY_E;
ashleymills 0:e979170e02e7 1375 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1376 if (dec->aes == NULL)
ashleymills 0:e979170e02e7 1377 return MEMORY_E;
ashleymills 0:e979170e02e7 1378
ashleymills 0:e979170e02e7 1379 if (side == CLIENT_END) {
ashleymills 0:e979170e02e7 1380 AesGcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
ashleymills 0:e979170e02e7 1381 XMEMCPY(keys->aead_enc_imp_IV,
ashleymills 0:e979170e02e7 1382 keys->client_write_IV, AEAD_IMP_IV_SZ);
ashleymills 0:e979170e02e7 1383 AesGcmSetKey(dec->aes, keys->server_write_key, specs->key_size);
ashleymills 0:e979170e02e7 1384 XMEMCPY(keys->aead_dec_imp_IV,
ashleymills 0:e979170e02e7 1385 keys->server_write_IV, AEAD_IMP_IV_SZ);
ashleymills 0:e979170e02e7 1386 }
ashleymills 0:e979170e02e7 1387 else {
ashleymills 0:e979170e02e7 1388 AesGcmSetKey(enc->aes, keys->server_write_key, specs->key_size);
ashleymills 0:e979170e02e7 1389 XMEMCPY(keys->aead_enc_imp_IV,
ashleymills 0:e979170e02e7 1390 keys->server_write_IV, AEAD_IMP_IV_SZ);
ashleymills 0:e979170e02e7 1391 AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size);
ashleymills 0:e979170e02e7 1392 XMEMCPY(keys->aead_dec_imp_IV,
ashleymills 0:e979170e02e7 1393 keys->client_write_IV, AEAD_IMP_IV_SZ);
ashleymills 0:e979170e02e7 1394 }
ashleymills 0:e979170e02e7 1395 enc->setup = 1;
ashleymills 0:e979170e02e7 1396 dec->setup = 1;
ashleymills 0:e979170e02e7 1397 }
ashleymills 0:e979170e02e7 1398 #endif
ashleymills 0:e979170e02e7 1399
ashleymills 0:e979170e02e7 1400 #ifdef HAVE_AESCCM
ashleymills 0:e979170e02e7 1401 if (specs->bulk_cipher_algorithm == aes_ccm) {
ashleymills 0:e979170e02e7 1402 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1403 if (enc->aes == NULL)
ashleymills 0:e979170e02e7 1404 return MEMORY_E;
ashleymills 0:e979170e02e7 1405 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1406 if (dec->aes == NULL)
ashleymills 0:e979170e02e7 1407 return MEMORY_E;
ashleymills 0:e979170e02e7 1408
ashleymills 0:e979170e02e7 1409 if (side == CLIENT_END) {
ashleymills 0:e979170e02e7 1410 AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
ashleymills 0:e979170e02e7 1411 XMEMCPY(keys->aead_enc_imp_IV,
ashleymills 0:e979170e02e7 1412 keys->client_write_IV, AEAD_IMP_IV_SZ);
ashleymills 0:e979170e02e7 1413 AesCcmSetKey(dec->aes, keys->server_write_key, specs->key_size);
ashleymills 0:e979170e02e7 1414 XMEMCPY(keys->aead_dec_imp_IV,
ashleymills 0:e979170e02e7 1415 keys->server_write_IV, AEAD_IMP_IV_SZ);
ashleymills 0:e979170e02e7 1416 }
ashleymills 0:e979170e02e7 1417 else {
ashleymills 0:e979170e02e7 1418 AesCcmSetKey(enc->aes, keys->server_write_key, specs->key_size);
ashleymills 0:e979170e02e7 1419 XMEMCPY(keys->aead_enc_imp_IV,
ashleymills 0:e979170e02e7 1420 keys->server_write_IV, AEAD_IMP_IV_SZ);
ashleymills 0:e979170e02e7 1421 AesCcmSetKey(dec->aes, keys->client_write_key, specs->key_size);
ashleymills 0:e979170e02e7 1422 XMEMCPY(keys->aead_dec_imp_IV,
ashleymills 0:e979170e02e7 1423 keys->client_write_IV, AEAD_IMP_IV_SZ);
ashleymills 0:e979170e02e7 1424 }
ashleymills 0:e979170e02e7 1425 enc->setup = 1;
ashleymills 0:e979170e02e7 1426 dec->setup = 1;
ashleymills 0:e979170e02e7 1427 }
ashleymills 0:e979170e02e7 1428 #endif
ashleymills 0:e979170e02e7 1429
ashleymills 0:e979170e02e7 1430 #ifdef HAVE_CAMELLIA
ashleymills 0:e979170e02e7 1431 if (specs->bulk_cipher_algorithm == camellia) {
ashleymills 0:e979170e02e7 1432 enc->cam = (Camellia*)XMALLOC(sizeof(Camellia),
ashleymills 0:e979170e02e7 1433 heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1434 if (enc->cam == NULL)
ashleymills 0:e979170e02e7 1435 return MEMORY_E;
ashleymills 0:e979170e02e7 1436 dec->cam = (Camellia*)XMALLOC(sizeof(Camellia),
ashleymills 0:e979170e02e7 1437 heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:e979170e02e7 1438 if (dec->cam == NULL)
ashleymills 0:e979170e02e7 1439 return MEMORY_E;
ashleymills 0:e979170e02e7 1440 if (side == CLIENT_END) {
ashleymills 0:e979170e02e7 1441 CamelliaSetKey(enc->cam, keys->client_write_key,
ashleymills 0:e979170e02e7 1442 specs->key_size, keys->client_write_IV);
ashleymills 0:e979170e02e7 1443 CamelliaSetKey(dec->cam, keys->server_write_key,
ashleymills 0:e979170e02e7 1444 specs->key_size, keys->server_write_IV);
ashleymills 0:e979170e02e7 1445 }
ashleymills 0:e979170e02e7 1446 else {
ashleymills 0:e979170e02e7 1447 CamelliaSetKey(enc->cam, keys->server_write_key,
ashleymills 0:e979170e02e7 1448 specs->key_size, keys->server_write_IV);
ashleymills 0:e979170e02e7 1449 CamelliaSetKey(dec->cam, keys->client_write_key,
ashleymills 0:e979170e02e7 1450 specs->key_size, keys->client_write_IV);
ashleymills 0:e979170e02e7 1451 }
ashleymills 0:e979170e02e7 1452 enc->setup = 1;
ashleymills 0:e979170e02e7 1453 dec->setup = 1;
ashleymills 0:e979170e02e7 1454 }
ashleymills 0:e979170e02e7 1455 #endif
ashleymills 0:e979170e02e7 1456
ashleymills 0:e979170e02e7 1457 #ifdef HAVE_NULL_CIPHER
ashleymills 0:e979170e02e7 1458 if (specs->bulk_cipher_algorithm == cipher_null) {
ashleymills 0:e979170e02e7 1459 enc->setup = 1;
ashleymills 0:e979170e02e7 1460 dec->setup = 1;
ashleymills 0:e979170e02e7 1461 }
ashleymills 0:e979170e02e7 1462 #endif
ashleymills 0:e979170e02e7 1463
ashleymills 0:e979170e02e7 1464 keys->sequence_number = 0;
ashleymills 0:e979170e02e7 1465 keys->peer_sequence_number = 0;
ashleymills 0:e979170e02e7 1466 keys->encryptionOn = 0;
ashleymills 0:e979170e02e7 1467 (void)side;
ashleymills 0:e979170e02e7 1468 (void)heap;
ashleymills 0:e979170e02e7 1469 (void)enc;
ashleymills 0:e979170e02e7 1470 (void)dec;
ashleymills 0:e979170e02e7 1471 (void)specs;
ashleymills 0:e979170e02e7 1472 (void)devId;
ashleymills 0:e979170e02e7 1473
ashleymills 0:e979170e02e7 1474 return 0;
ashleymills 0:e979170e02e7 1475 }
ashleymills 0:e979170e02e7 1476
ashleymills 0:e979170e02e7 1477
ashleymills 0:e979170e02e7 1478 /* TLS can call too */
ashleymills 0:e979170e02e7 1479 int StoreKeys(CYASSL* ssl, const byte* keyData)
ashleymills 0:e979170e02e7 1480 {
ashleymills 0:e979170e02e7 1481 int sz, i = 0;
ashleymills 0:e979170e02e7 1482 int devId = NO_CAVIUM_DEVICE;
ashleymills 0:e979170e02e7 1483
ashleymills 0:e979170e02e7 1484 #ifdef HAVE_CAVIUM
ashleymills 0:e979170e02e7 1485 devId = ssl->devId;
ashleymills 0:e979170e02e7 1486 #endif
ashleymills 0:e979170e02e7 1487
ashleymills 0:e979170e02e7 1488 if (ssl->specs.cipher_type != aead) {
ashleymills 0:e979170e02e7 1489 sz = ssl->specs.hash_size;
ashleymills 0:e979170e02e7 1490 XMEMCPY(ssl->keys.client_write_MAC_secret,&keyData[i], sz);
ashleymills 0:e979170e02e7 1491 i += sz;
ashleymills 0:e979170e02e7 1492 XMEMCPY(ssl->keys.server_write_MAC_secret,&keyData[i], sz);
ashleymills 0:e979170e02e7 1493 i += sz;
ashleymills 0:e979170e02e7 1494 }
ashleymills 0:e979170e02e7 1495 sz = ssl->specs.key_size;
ashleymills 0:e979170e02e7 1496 XMEMCPY(ssl->keys.client_write_key, &keyData[i], sz);
ashleymills 0:e979170e02e7 1497 i += sz;
ashleymills 0:e979170e02e7 1498 XMEMCPY(ssl->keys.server_write_key, &keyData[i], sz);
ashleymills 0:e979170e02e7 1499 i += sz;
ashleymills 0:e979170e02e7 1500
ashleymills 0:e979170e02e7 1501 sz = ssl->specs.iv_size;
ashleymills 0:e979170e02e7 1502 XMEMCPY(ssl->keys.client_write_IV, &keyData[i], sz);
ashleymills 0:e979170e02e7 1503 i += sz;
ashleymills 0:e979170e02e7 1504 XMEMCPY(ssl->keys.server_write_IV, &keyData[i], sz);
ashleymills 0:e979170e02e7 1505
ashleymills 0:e979170e02e7 1506 #ifdef HAVE_AEAD
ashleymills 0:e979170e02e7 1507 if (ssl->specs.cipher_type == aead) {
ashleymills 0:e979170e02e7 1508 /* Initialize the AES-GCM explicit IV to a random number. */
ashleymills 0:e979170e02e7 1509 RNG_GenerateBlock(ssl->rng, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
ashleymills 0:e979170e02e7 1510 }
ashleymills 0:e979170e02e7 1511 #endif
ashleymills 0:e979170e02e7 1512
ashleymills 0:e979170e02e7 1513 return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs,
ashleymills 0:e979170e02e7 1514 ssl->options.side, ssl->heap, devId);
ashleymills 0:e979170e02e7 1515 }
ashleymills 0:e979170e02e7 1516
ashleymills 0:e979170e02e7 1517 #ifndef NO_OLD_TLS
ashleymills 0:e979170e02e7 1518 int DeriveKeys(CYASSL* ssl)
ashleymills 0:e979170e02e7 1519 {
ashleymills 0:e979170e02e7 1520 int length = 2 * ssl->specs.hash_size +
ashleymills 0:e979170e02e7 1521 2 * ssl->specs.key_size +
ashleymills 0:e979170e02e7 1522 2 * ssl->specs.iv_size;
ashleymills 0:e979170e02e7 1523 int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
ashleymills 0:e979170e02e7 1524
ashleymills 0:e979170e02e7 1525 byte shaOutput[SHA_DIGEST_SIZE];
ashleymills 0:e979170e02e7 1526 byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE];
ashleymills 0:e979170e02e7 1527 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
ashleymills 0:e979170e02e7 1528
ashleymills 0:e979170e02e7 1529 Md5 md5;
ashleymills 0:e979170e02e7 1530 Sha sha;
ashleymills 0:e979170e02e7 1531
ashleymills 0:e979170e02e7 1532 byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE]; /* max size */
ashleymills 0:e979170e02e7 1533
ashleymills 0:e979170e02e7 1534 InitMd5(&md5);
ashleymills 0:e979170e02e7 1535 InitSha(&sha);
ashleymills 0:e979170e02e7 1536
ashleymills 0:e979170e02e7 1537 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
ashleymills 0:e979170e02e7 1538
ashleymills 0:e979170e02e7 1539 for (i = 0; i < rounds; ++i) {
ashleymills 0:e979170e02e7 1540 int j = i + 1;
ashleymills 0:e979170e02e7 1541 int idx = j;
ashleymills 0:e979170e02e7 1542
ashleymills 0:e979170e02e7 1543 if (!SetPrefix(shaInput, i)) {
ashleymills 0:e979170e02e7 1544 return PREFIX_ERROR;
ashleymills 0:e979170e02e7 1545 }
ashleymills 0:e979170e02e7 1546
ashleymills 0:e979170e02e7 1547 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
ashleymills 0:e979170e02e7 1548 idx += SECRET_LEN;
ashleymills 0:e979170e02e7 1549 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:e979170e02e7 1550 idx += RAN_LEN;
ashleymills 0:e979170e02e7 1551 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:e979170e02e7 1552
ashleymills 0:e979170e02e7 1553 ShaUpdate(&sha, shaInput, (word32)sizeof(shaInput) - KEY_PREFIX + j);
ashleymills 0:e979170e02e7 1554 ShaFinal(&sha, shaOutput);
ashleymills 0:e979170e02e7 1555
ashleymills 0:e979170e02e7 1556 XMEMCPY(&md5Input[SECRET_LEN], shaOutput, SHA_DIGEST_SIZE);
ashleymills 0:e979170e02e7 1557 Md5Update(&md5, md5Input, sizeof(md5Input));
ashleymills 0:e979170e02e7 1558 Md5Final(&md5, keyData + i * MD5_DIGEST_SIZE);
ashleymills 0:e979170e02e7 1559 }
ashleymills 0:e979170e02e7 1560
ashleymills 0:e979170e02e7 1561 return StoreKeys(ssl, keyData);
ashleymills 0:e979170e02e7 1562 }
ashleymills 0:e979170e02e7 1563
ashleymills 0:e979170e02e7 1564
ashleymills 0:e979170e02e7 1565 static void CleanPreMaster(CYASSL* ssl)
ashleymills 0:e979170e02e7 1566 {
ashleymills 0:e979170e02e7 1567 int i, sz = ssl->arrays->preMasterSz;
ashleymills 0:e979170e02e7 1568
ashleymills 0:e979170e02e7 1569 for (i = 0; i < sz; i++)
ashleymills 0:e979170e02e7 1570 ssl->arrays->preMasterSecret[i] = 0;
ashleymills 0:e979170e02e7 1571
ashleymills 0:e979170e02e7 1572 RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
ashleymills 0:e979170e02e7 1573
ashleymills 0:e979170e02e7 1574 for (i = 0; i < sz; i++)
ashleymills 0:e979170e02e7 1575 ssl->arrays->preMasterSecret[i] = 0;
ashleymills 0:e979170e02e7 1576
ashleymills 0:e979170e02e7 1577 }
ashleymills 0:e979170e02e7 1578
ashleymills 0:e979170e02e7 1579
ashleymills 0:e979170e02e7 1580 /* Create and store the master secret see page 32, 6.1 */
ashleymills 0:e979170e02e7 1581 static int MakeSslMasterSecret(CYASSL* ssl)
ashleymills 0:e979170e02e7 1582 {
ashleymills 0:e979170e02e7 1583 byte shaOutput[SHA_DIGEST_SIZE];
ashleymills 0:e979170e02e7 1584 byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
ashleymills 0:e979170e02e7 1585 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
ashleymills 0:e979170e02e7 1586 int i, ret;
ashleymills 0:e979170e02e7 1587 word32 idx;
ashleymills 0:e979170e02e7 1588 word32 pmsSz = ssl->arrays->preMasterSz;
ashleymills 0:e979170e02e7 1589
ashleymills 0:e979170e02e7 1590 Md5 md5;
ashleymills 0:e979170e02e7 1591 Sha sha;
ashleymills 0:e979170e02e7 1592
ashleymills 0:e979170e02e7 1593 #ifdef SHOW_SECRETS
ashleymills 0:e979170e02e7 1594 {
ashleymills 0:e979170e02e7 1595 int j;
ashleymills 0:e979170e02e7 1596 printf("pre master secret: ");
ashleymills 0:e979170e02e7 1597 for (j = 0; j < pmsSz; j++)
ashleymills 0:e979170e02e7 1598 printf("%02x", ssl->arrays->preMasterSecret[j]);
ashleymills 0:e979170e02e7 1599 printf("\n");
ashleymills 0:e979170e02e7 1600 }
ashleymills 0:e979170e02e7 1601 #endif
ashleymills 0:e979170e02e7 1602
ashleymills 0:e979170e02e7 1603 InitMd5(&md5);
ashleymills 0:e979170e02e7 1604 InitSha(&sha);
ashleymills 0:e979170e02e7 1605
ashleymills 0:e979170e02e7 1606 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
ashleymills 0:e979170e02e7 1607
ashleymills 0:e979170e02e7 1608 for (i = 0; i < MASTER_ROUNDS; ++i) {
ashleymills 0:e979170e02e7 1609 byte prefix[PREFIX];
ashleymills 0:e979170e02e7 1610 if (!SetPrefix(prefix, i)) {
ashleymills 0:e979170e02e7 1611 return PREFIX_ERROR;
ashleymills 0:e979170e02e7 1612 }
ashleymills 0:e979170e02e7 1613
ashleymills 0:e979170e02e7 1614 idx = 0;
ashleymills 0:e979170e02e7 1615 XMEMCPY(shaInput, prefix, i + 1);
ashleymills 0:e979170e02e7 1616 idx += i + 1;
ashleymills 0:e979170e02e7 1617
ashleymills 0:e979170e02e7 1618 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
ashleymills 0:e979170e02e7 1619 idx += pmsSz;
ashleymills 0:e979170e02e7 1620 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:e979170e02e7 1621 idx += RAN_LEN;
ashleymills 0:e979170e02e7 1622 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:e979170e02e7 1623 idx += RAN_LEN;
ashleymills 0:e979170e02e7 1624 ShaUpdate(&sha, shaInput, idx);
ashleymills 0:e979170e02e7 1625 ShaFinal(&sha, shaOutput);
ashleymills 0:e979170e02e7 1626
ashleymills 0:e979170e02e7 1627 idx = pmsSz; /* preSz */
ashleymills 0:e979170e02e7 1628 XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
ashleymills 0:e979170e02e7 1629 idx += SHA_DIGEST_SIZE;
ashleymills 0:e979170e02e7 1630 Md5Update(&md5, md5Input, idx);
ashleymills 0:e979170e02e7 1631 Md5Final(&md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]);
ashleymills 0:e979170e02e7 1632 }
ashleymills 0:e979170e02e7 1633
ashleymills 0:e979170e02e7 1634 #ifdef SHOW_SECRETS
ashleymills 0:e979170e02e7 1635 {
ashleymills 0:e979170e02e7 1636 int i;
ashleymills 0:e979170e02e7 1637 printf("master secret: ");
ashleymills 0:e979170e02e7 1638 for (i = 0; i < SECRET_LEN; i++)
ashleymills 0:e979170e02e7 1639 printf("%02x", ssl->arrays->masterSecret[i]);
ashleymills 0:e979170e02e7 1640 printf("\n");
ashleymills 0:e979170e02e7 1641 }
ashleymills 0:e979170e02e7 1642 #endif
ashleymills 0:e979170e02e7 1643
ashleymills 0:e979170e02e7 1644 ret = DeriveKeys(ssl);
ashleymills 0:e979170e02e7 1645 CleanPreMaster(ssl);
ashleymills 0:e979170e02e7 1646
ashleymills 0:e979170e02e7 1647 return ret;
ashleymills 0:e979170e02e7 1648 }
ashleymills 0:e979170e02e7 1649 #endif
ashleymills 0:e979170e02e7 1650
ashleymills 0:e979170e02e7 1651
ashleymills 0:e979170e02e7 1652 /* Master wrapper, doesn't use SSL stack space in TLS mode */
ashleymills 0:e979170e02e7 1653 int MakeMasterSecret(CYASSL* ssl)
ashleymills 0:e979170e02e7 1654 {
ashleymills 0:e979170e02e7 1655 #ifdef NO_OLD_TLS
ashleymills 0:e979170e02e7 1656 return MakeTlsMasterSecret(ssl);
ashleymills 0:e979170e02e7 1657 #elif !defined(NO_TLS)
ashleymills 0:e979170e02e7 1658 if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
ashleymills 0:e979170e02e7 1659 #endif
ashleymills 0:e979170e02e7 1660
ashleymills 0:e979170e02e7 1661 #ifndef NO_OLD_TLS
ashleymills 0:e979170e02e7 1662 return MakeSslMasterSecret(ssl);
ashleymills 0:e979170e02e7 1663 #endif
ashleymills 0:e979170e02e7 1664 }
ashleymills 0:e979170e02e7 1665