Ashley Mills
cyassl re-port with cellular comms, PSK test
Dependencies: VodafoneUSBModem_bleedingedge2 mbed-rtos mbed-src
Embed:
(wiki syntax)
Show/hide line numbers
keys.c
00001 /* keys.c 00002 * 00003 * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 00020 */ 00021 00022 00023 #ifdef HAVE_CONFIG_H 00024 #include <config.h> 00025 #endif 00026 00027 #include <cyassl/internal.h> 00028 #include <cyassl/error.h> 00029 #ifdef SHOW_SECRETS 00030 #ifdef FREESCALE_MQX 00031 #include <fio.h> 00032 #else 00033 #include <stdio.h> 00034 #endif 00035 #endif 00036 00037 00038 int SetCipherSpecs(CYASSL* ssl) 00039 { 00040 /* ECC extensions, or AES-CCM */ 00041 if (ssl->options.cipherSuite0 == ECC_BYTE) { 00042 00043 switch (ssl->options.cipherSuite) { 00044 00045 #ifdef HAVE_ECC 00046 00047 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00048 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : 00049 ssl->specs.bulk_cipher_algorithm = aes; 00050 ssl->specs.cipher_type = block; 00051 ssl->specs.mac_algorithm = sha_mac; 00052 ssl->specs.kea = ecc_diffie_hellman_kea; 00053 ssl->specs.sig_algo = rsa_sa_algo; 00054 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00055 ssl->specs.pad_size = PAD_SHA; 00056 ssl->specs.static_ecdh = 0; 00057 ssl->specs.key_size = AES_128_KEY_SIZE; 00058 ssl->specs.block_size = AES_BLOCK_SIZE; 00059 ssl->specs.iv_size = AES_IV_SIZE; 00060 00061 break; 00062 #endif 00063 00064 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00065 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : 00066 ssl->specs.bulk_cipher_algorithm = aes; 00067 ssl->specs.cipher_type = block; 00068 ssl->specs.mac_algorithm = sha_mac; 00069 ssl->specs.kea = ecc_diffie_hellman_kea; 00070 ssl->specs.sig_algo = rsa_sa_algo; 00071 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00072 ssl->specs.pad_size = PAD_SHA; 00073 ssl->specs.static_ecdh = 1; 00074 ssl->specs.key_size = AES_128_KEY_SIZE; 00075 ssl->specs.block_size = AES_BLOCK_SIZE; 00076 ssl->specs.iv_size = AES_IV_SIZE; 00077 00078 break; 00079 #endif 00080 00081 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00082 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : 00083 ssl->specs.bulk_cipher_algorithm = triple_des; 00084 ssl->specs.cipher_type = block; 00085 ssl->specs.mac_algorithm = sha_mac; 00086 ssl->specs.kea = ecc_diffie_hellman_kea; 00087 ssl->specs.sig_algo = rsa_sa_algo; 00088 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00089 ssl->specs.pad_size = PAD_SHA; 00090 ssl->specs.static_ecdh = 0; 00091 ssl->specs.key_size = DES3_KEY_SIZE; 00092 ssl->specs.block_size = DES_BLOCK_SIZE; 00093 ssl->specs.iv_size = DES_IV_SIZE; 00094 00095 break; 00096 #endif 00097 00098 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00099 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : 00100 ssl->specs.bulk_cipher_algorithm = triple_des; 00101 ssl->specs.cipher_type = block; 00102 ssl->specs.mac_algorithm = sha_mac; 00103 ssl->specs.kea = ecc_diffie_hellman_kea; 00104 ssl->specs.sig_algo = rsa_sa_algo; 00105 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00106 ssl->specs.pad_size = PAD_SHA; 00107 ssl->specs.static_ecdh = 1; 00108 ssl->specs.key_size = DES3_KEY_SIZE; 00109 ssl->specs.block_size = DES_BLOCK_SIZE; 00110 ssl->specs.iv_size = DES_IV_SIZE; 00111 00112 break; 00113 #endif 00114 00115 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00116 case TLS_ECDHE_RSA_WITH_RC4_128_SHA : 00117 ssl->specs.bulk_cipher_algorithm = rc4; 00118 ssl->specs.cipher_type = stream; 00119 ssl->specs.mac_algorithm = sha_mac; 00120 ssl->specs.kea = ecc_diffie_hellman_kea; 00121 ssl->specs.sig_algo = rsa_sa_algo; 00122 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00123 ssl->specs.pad_size = PAD_SHA; 00124 ssl->specs.static_ecdh = 0; 00125 ssl->specs.key_size = RC4_KEY_SIZE; 00126 ssl->specs.iv_size = 0; 00127 ssl->specs.block_size = 0; 00128 00129 break; 00130 #endif 00131 00132 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA 00133 case TLS_ECDH_RSA_WITH_RC4_128_SHA : 00134 ssl->specs.bulk_cipher_algorithm = rc4; 00135 ssl->specs.cipher_type = stream; 00136 ssl->specs.mac_algorithm = sha_mac; 00137 ssl->specs.kea = ecc_diffie_hellman_kea; 00138 ssl->specs.sig_algo = rsa_sa_algo; 00139 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00140 ssl->specs.pad_size = PAD_SHA; 00141 ssl->specs.static_ecdh = 1; 00142 ssl->specs.key_size = RC4_KEY_SIZE; 00143 ssl->specs.iv_size = 0; 00144 ssl->specs.block_size = 0; 00145 00146 break; 00147 #endif 00148 00149 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00150 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : 00151 ssl->specs.bulk_cipher_algorithm = triple_des; 00152 ssl->specs.cipher_type = block; 00153 ssl->specs.mac_algorithm = sha_mac; 00154 ssl->specs.kea = ecc_diffie_hellman_kea; 00155 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00156 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00157 ssl->specs.pad_size = PAD_SHA; 00158 ssl->specs.static_ecdh = 0; 00159 ssl->specs.key_size = DES3_KEY_SIZE; 00160 ssl->specs.block_size = DES_BLOCK_SIZE; 00161 ssl->specs.iv_size = DES_IV_SIZE; 00162 00163 break; 00164 #endif 00165 00166 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00167 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : 00168 ssl->specs.bulk_cipher_algorithm = triple_des; 00169 ssl->specs.cipher_type = block; 00170 ssl->specs.mac_algorithm = sha_mac; 00171 ssl->specs.kea = ecc_diffie_hellman_kea; 00172 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00173 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00174 ssl->specs.pad_size = PAD_SHA; 00175 ssl->specs.static_ecdh = 1; 00176 ssl->specs.key_size = DES3_KEY_SIZE; 00177 ssl->specs.block_size = DES_BLOCK_SIZE; 00178 ssl->specs.iv_size = DES_IV_SIZE; 00179 00180 break; 00181 #endif 00182 00183 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00184 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : 00185 ssl->specs.bulk_cipher_algorithm = rc4; 00186 ssl->specs.cipher_type = stream; 00187 ssl->specs.mac_algorithm = sha_mac; 00188 ssl->specs.kea = ecc_diffie_hellman_kea; 00189 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00190 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00191 ssl->specs.pad_size = PAD_SHA; 00192 ssl->specs.static_ecdh = 0; 00193 ssl->specs.key_size = RC4_KEY_SIZE; 00194 ssl->specs.iv_size = 0; 00195 ssl->specs.block_size = 0; 00196 00197 break; 00198 #endif 00199 00200 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00201 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : 00202 ssl->specs.bulk_cipher_algorithm = rc4; 00203 ssl->specs.cipher_type = stream; 00204 ssl->specs.mac_algorithm = sha_mac; 00205 ssl->specs.kea = ecc_diffie_hellman_kea; 00206 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00207 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00208 ssl->specs.pad_size = PAD_SHA; 00209 ssl->specs.static_ecdh = 1; 00210 ssl->specs.key_size = RC4_KEY_SIZE; 00211 ssl->specs.iv_size = 0; 00212 ssl->specs.block_size = 0; 00213 00214 break; 00215 #endif 00216 00217 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00218 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : 00219 ssl->specs.bulk_cipher_algorithm = aes; 00220 ssl->specs.cipher_type = block; 00221 ssl->specs.mac_algorithm = sha_mac; 00222 ssl->specs.kea = ecc_diffie_hellman_kea; 00223 ssl->specs.sig_algo = rsa_sa_algo; 00224 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00225 ssl->specs.pad_size = PAD_SHA; 00226 ssl->specs.static_ecdh = 0; 00227 ssl->specs.key_size = AES_256_KEY_SIZE; 00228 ssl->specs.block_size = AES_BLOCK_SIZE; 00229 ssl->specs.iv_size = AES_IV_SIZE; 00230 00231 break; 00232 #endif 00233 00234 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00235 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : 00236 ssl->specs.bulk_cipher_algorithm = aes; 00237 ssl->specs.cipher_type = block; 00238 ssl->specs.mac_algorithm = sha_mac; 00239 ssl->specs.kea = ecc_diffie_hellman_kea; 00240 ssl->specs.sig_algo = rsa_sa_algo; 00241 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00242 ssl->specs.pad_size = PAD_SHA; 00243 ssl->specs.static_ecdh = 1; 00244 ssl->specs.key_size = AES_256_KEY_SIZE; 00245 ssl->specs.block_size = AES_BLOCK_SIZE; 00246 ssl->specs.iv_size = AES_IV_SIZE; 00247 00248 break; 00249 #endif 00250 00251 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00252 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : 00253 ssl->specs.bulk_cipher_algorithm = aes; 00254 ssl->specs.cipher_type = block; 00255 ssl->specs.mac_algorithm = sha_mac; 00256 ssl->specs.kea = ecc_diffie_hellman_kea; 00257 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00258 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00259 ssl->specs.pad_size = PAD_SHA; 00260 ssl->specs.static_ecdh = 0; 00261 ssl->specs.key_size = AES_128_KEY_SIZE; 00262 ssl->specs.block_size = AES_BLOCK_SIZE; 00263 ssl->specs.iv_size = AES_IV_SIZE; 00264 00265 break; 00266 #endif 00267 00268 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00269 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : 00270 ssl->specs.bulk_cipher_algorithm = aes; 00271 ssl->specs.cipher_type = block; 00272 ssl->specs.mac_algorithm = sha_mac; 00273 ssl->specs.kea = ecc_diffie_hellman_kea; 00274 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00275 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00276 ssl->specs.pad_size = PAD_SHA; 00277 ssl->specs.static_ecdh = 1; 00278 ssl->specs.key_size = AES_128_KEY_SIZE; 00279 ssl->specs.block_size = AES_BLOCK_SIZE; 00280 ssl->specs.iv_size = AES_IV_SIZE; 00281 00282 break; 00283 #endif 00284 00285 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00286 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : 00287 ssl->specs.bulk_cipher_algorithm = aes; 00288 ssl->specs.cipher_type = block; 00289 ssl->specs.mac_algorithm = sha_mac; 00290 ssl->specs.kea = ecc_diffie_hellman_kea; 00291 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00292 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00293 ssl->specs.pad_size = PAD_SHA; 00294 ssl->specs.static_ecdh = 0; 00295 ssl->specs.key_size = AES_256_KEY_SIZE; 00296 ssl->specs.block_size = AES_BLOCK_SIZE; 00297 ssl->specs.iv_size = AES_IV_SIZE; 00298 00299 break; 00300 #endif 00301 00302 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00303 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : 00304 ssl->specs.bulk_cipher_algorithm = aes; 00305 ssl->specs.cipher_type = block; 00306 ssl->specs.mac_algorithm = sha_mac; 00307 ssl->specs.kea = ecc_diffie_hellman_kea; 00308 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00309 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00310 ssl->specs.pad_size = PAD_SHA; 00311 ssl->specs.static_ecdh = 1; 00312 ssl->specs.key_size = AES_256_KEY_SIZE; 00313 ssl->specs.block_size = AES_BLOCK_SIZE; 00314 ssl->specs.iv_size = AES_IV_SIZE; 00315 00316 break; 00317 #endif 00318 00319 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00320 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 00321 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00322 ssl->specs.cipher_type = aead; 00323 ssl->specs.mac_algorithm = sha256_mac; 00324 ssl->specs.kea = ecc_diffie_hellman_kea; 00325 ssl->specs.sig_algo = rsa_sa_algo; 00326 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00327 ssl->specs.pad_size = PAD_SHA; 00328 ssl->specs.static_ecdh = 0; 00329 ssl->specs.key_size = AES_128_KEY_SIZE; 00330 ssl->specs.block_size = AES_BLOCK_SIZE; 00331 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00332 00333 break; 00334 #endif 00335 00336 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00337 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : 00338 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00339 ssl->specs.cipher_type = aead; 00340 ssl->specs.mac_algorithm = sha384_mac; 00341 ssl->specs.kea = ecc_diffie_hellman_kea; 00342 ssl->specs.sig_algo = rsa_sa_algo; 00343 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00344 ssl->specs.pad_size = PAD_SHA; 00345 ssl->specs.static_ecdh = 0; 00346 ssl->specs.key_size = AES_256_KEY_SIZE; 00347 ssl->specs.block_size = AES_BLOCK_SIZE; 00348 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00349 00350 break; 00351 #endif 00352 00353 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00354 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : 00355 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00356 ssl->specs.cipher_type = aead; 00357 ssl->specs.mac_algorithm = sha256_mac; 00358 ssl->specs.kea = ecc_diffie_hellman_kea; 00359 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00360 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00361 ssl->specs.pad_size = PAD_SHA; 00362 ssl->specs.static_ecdh = 0; 00363 ssl->specs.key_size = AES_128_KEY_SIZE; 00364 ssl->specs.block_size = AES_BLOCK_SIZE; 00365 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00366 00367 break; 00368 #endif 00369 00370 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00371 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : 00372 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00373 ssl->specs.cipher_type = aead; 00374 ssl->specs.mac_algorithm = sha384_mac; 00375 ssl->specs.kea = ecc_diffie_hellman_kea; 00376 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00377 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00378 ssl->specs.pad_size = PAD_SHA; 00379 ssl->specs.static_ecdh = 0; 00380 ssl->specs.key_size = AES_256_KEY_SIZE; 00381 ssl->specs.block_size = AES_BLOCK_SIZE; 00382 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00383 00384 break; 00385 #endif 00386 00387 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00388 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : 00389 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00390 ssl->specs.cipher_type = aead; 00391 ssl->specs.mac_algorithm = sha256_mac; 00392 ssl->specs.kea = ecc_diffie_hellman_kea; 00393 ssl->specs.sig_algo = rsa_sa_algo; 00394 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00395 ssl->specs.pad_size = PAD_SHA; 00396 ssl->specs.static_ecdh = 1; 00397 ssl->specs.key_size = AES_128_KEY_SIZE; 00398 ssl->specs.block_size = AES_BLOCK_SIZE; 00399 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00400 00401 break; 00402 #endif 00403 00404 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00405 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : 00406 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00407 ssl->specs.cipher_type = aead; 00408 ssl->specs.mac_algorithm = sha384_mac; 00409 ssl->specs.kea = ecc_diffie_hellman_kea; 00410 ssl->specs.sig_algo = rsa_sa_algo; 00411 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00412 ssl->specs.pad_size = PAD_SHA; 00413 ssl->specs.static_ecdh = 1; 00414 ssl->specs.key_size = AES_256_KEY_SIZE; 00415 ssl->specs.block_size = AES_BLOCK_SIZE; 00416 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00417 00418 break; 00419 #endif 00420 00421 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00422 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : 00423 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00424 ssl->specs.cipher_type = aead; 00425 ssl->specs.mac_algorithm = sha256_mac; 00426 ssl->specs.kea = ecc_diffie_hellman_kea; 00427 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00428 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00429 ssl->specs.pad_size = PAD_SHA; 00430 ssl->specs.static_ecdh = 1; 00431 ssl->specs.key_size = AES_128_KEY_SIZE; 00432 ssl->specs.block_size = AES_BLOCK_SIZE; 00433 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00434 00435 break; 00436 #endif 00437 00438 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00439 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : 00440 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00441 ssl->specs.cipher_type = aead; 00442 ssl->specs.mac_algorithm = sha384_mac; 00443 ssl->specs.kea = ecc_diffie_hellman_kea; 00444 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00445 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00446 ssl->specs.pad_size = PAD_SHA; 00447 ssl->specs.static_ecdh = 1; 00448 ssl->specs.key_size = AES_256_KEY_SIZE; 00449 ssl->specs.block_size = AES_BLOCK_SIZE; 00450 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00451 00452 break; 00453 #endif 00454 00455 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 00456 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 : 00457 ssl->specs.bulk_cipher_algorithm = aes_ccm; 00458 ssl->specs.cipher_type = aead; 00459 ssl->specs.mac_algorithm = sha256_mac; 00460 ssl->specs.kea = ecc_diffie_hellman_kea; 00461 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00462 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00463 ssl->specs.pad_size = PAD_SHA; 00464 ssl->specs.static_ecdh = 1; 00465 ssl->specs.key_size = AES_128_KEY_SIZE; 00466 ssl->specs.block_size = AES_BLOCK_SIZE; 00467 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00468 break; 00469 #endif 00470 00471 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 00472 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 : 00473 ssl->specs.bulk_cipher_algorithm = aes_ccm; 00474 ssl->specs.cipher_type = aead; 00475 ssl->specs.mac_algorithm = sha384_mac; 00476 ssl->specs.kea = ecc_diffie_hellman_kea; 00477 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00478 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00479 ssl->specs.pad_size = PAD_SHA; 00480 ssl->specs.static_ecdh = 1; 00481 ssl->specs.key_size = AES_256_KEY_SIZE; 00482 ssl->specs.block_size = AES_BLOCK_SIZE; 00483 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00484 break; 00485 #endif 00486 #endif /* HAVE_ECC */ 00487 00488 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256 00489 case TLS_RSA_WITH_AES_128_CCM_8_SHA256 : 00490 ssl->specs.bulk_cipher_algorithm = aes_ccm; 00491 ssl->specs.cipher_type = aead; 00492 ssl->specs.mac_algorithm = sha256_mac; 00493 ssl->specs.kea = rsa_kea; 00494 ssl->specs.sig_algo = rsa_sa_algo; 00495 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00496 ssl->specs.pad_size = PAD_SHA; 00497 ssl->specs.static_ecdh = 0; 00498 ssl->specs.key_size = AES_128_KEY_SIZE; 00499 ssl->specs.block_size = AES_BLOCK_SIZE; 00500 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00501 break; 00502 #endif 00503 00504 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384 00505 case TLS_RSA_WITH_AES_256_CCM_8_SHA384 : 00506 ssl->specs.bulk_cipher_algorithm = aes_ccm; 00507 ssl->specs.cipher_type = aead; 00508 ssl->specs.mac_algorithm = sha384_mac; 00509 ssl->specs.kea = rsa_kea; 00510 ssl->specs.sig_algo = rsa_sa_algo; 00511 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00512 ssl->specs.pad_size = PAD_SHA; 00513 ssl->specs.static_ecdh = 0; 00514 ssl->specs.key_size = AES_256_KEY_SIZE; 00515 ssl->specs.block_size = AES_BLOCK_SIZE; 00516 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00517 break; 00518 #endif 00519 00520 default: 00521 CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC"); 00522 return UNSUPPORTED_SUITE; 00523 } /* switch */ 00524 } /* if */ 00525 if (ssl->options.cipherSuite0 != ECC_BYTE) { /* normal suites */ 00526 switch (ssl->options.cipherSuite) { 00527 00528 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA 00529 case SSL_RSA_WITH_RC4_128_SHA : 00530 ssl->specs.bulk_cipher_algorithm = rc4; 00531 ssl->specs.cipher_type = stream; 00532 ssl->specs.mac_algorithm = sha_mac; 00533 ssl->specs.kea = rsa_kea; 00534 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00535 ssl->specs.pad_size = PAD_SHA; 00536 ssl->specs.static_ecdh = 0; 00537 ssl->specs.key_size = RC4_KEY_SIZE; 00538 ssl->specs.iv_size = 0; 00539 ssl->specs.block_size = 0; 00540 00541 break; 00542 #endif 00543 00544 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA 00545 case TLS_NTRU_RSA_WITH_RC4_128_SHA : 00546 ssl->specs.bulk_cipher_algorithm = rc4; 00547 ssl->specs.cipher_type = stream; 00548 ssl->specs.mac_algorithm = sha_mac; 00549 ssl->specs.kea = ntru_kea; 00550 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00551 ssl->specs.pad_size = PAD_SHA; 00552 ssl->specs.static_ecdh = 0; 00553 ssl->specs.key_size = RC4_KEY_SIZE; 00554 ssl->specs.iv_size = 0; 00555 ssl->specs.block_size = 0; 00556 00557 break; 00558 #endif 00559 00560 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 00561 case SSL_RSA_WITH_RC4_128_MD5 : 00562 ssl->specs.bulk_cipher_algorithm = rc4; 00563 ssl->specs.cipher_type = stream; 00564 ssl->specs.mac_algorithm = md5_mac; 00565 ssl->specs.kea = rsa_kea; 00566 ssl->specs.hash_size = MD5_DIGEST_SIZE; 00567 ssl->specs.pad_size = PAD_MD5; 00568 ssl->specs.static_ecdh = 0; 00569 ssl->specs.key_size = RC4_KEY_SIZE; 00570 ssl->specs.iv_size = 0; 00571 ssl->specs.block_size = 0; 00572 00573 break; 00574 #endif 00575 00576 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 00577 case SSL_RSA_WITH_3DES_EDE_CBC_SHA : 00578 ssl->specs.bulk_cipher_algorithm = triple_des; 00579 ssl->specs.cipher_type = block; 00580 ssl->specs.mac_algorithm = sha_mac; 00581 ssl->specs.kea = rsa_kea; 00582 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00583 ssl->specs.pad_size = PAD_SHA; 00584 ssl->specs.static_ecdh = 0; 00585 ssl->specs.key_size = DES3_KEY_SIZE; 00586 ssl->specs.block_size = DES_BLOCK_SIZE; 00587 ssl->specs.iv_size = DES_IV_SIZE; 00588 00589 break; 00590 #endif 00591 00592 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA 00593 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : 00594 ssl->specs.bulk_cipher_algorithm = triple_des; 00595 ssl->specs.cipher_type = block; 00596 ssl->specs.mac_algorithm = sha_mac; 00597 ssl->specs.kea = ntru_kea; 00598 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00599 ssl->specs.pad_size = PAD_SHA; 00600 ssl->specs.static_ecdh = 0; 00601 ssl->specs.key_size = DES3_KEY_SIZE; 00602 ssl->specs.block_size = DES_BLOCK_SIZE; 00603 ssl->specs.iv_size = DES_IV_SIZE; 00604 00605 break; 00606 #endif 00607 00608 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 00609 case TLS_RSA_WITH_AES_128_CBC_SHA : 00610 ssl->specs.bulk_cipher_algorithm = aes; 00611 ssl->specs.cipher_type = block; 00612 ssl->specs.mac_algorithm = sha_mac; 00613 ssl->specs.kea = rsa_kea; 00614 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00615 ssl->specs.pad_size = PAD_SHA; 00616 ssl->specs.static_ecdh = 0; 00617 ssl->specs.key_size = AES_128_KEY_SIZE; 00618 ssl->specs.block_size = AES_BLOCK_SIZE; 00619 ssl->specs.iv_size = AES_IV_SIZE; 00620 00621 break; 00622 #endif 00623 00624 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 00625 case TLS_RSA_WITH_AES_128_CBC_SHA256 : 00626 ssl->specs.bulk_cipher_algorithm = aes; 00627 ssl->specs.cipher_type = block; 00628 ssl->specs.mac_algorithm = sha256_mac; 00629 ssl->specs.kea = rsa_kea; 00630 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00631 ssl->specs.pad_size = PAD_SHA; 00632 ssl->specs.static_ecdh = 0; 00633 ssl->specs.key_size = AES_128_KEY_SIZE; 00634 ssl->specs.block_size = AES_BLOCK_SIZE; 00635 ssl->specs.iv_size = AES_IV_SIZE; 00636 00637 break; 00638 #endif 00639 00640 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA 00641 case TLS_RSA_WITH_NULL_SHA : 00642 ssl->specs.bulk_cipher_algorithm = cipher_null; 00643 ssl->specs.cipher_type = stream; 00644 ssl->specs.mac_algorithm = sha_mac; 00645 ssl->specs.kea = rsa_kea; 00646 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00647 ssl->specs.pad_size = PAD_SHA; 00648 ssl->specs.static_ecdh = 0; 00649 ssl->specs.key_size = 0; 00650 ssl->specs.block_size = 0; 00651 ssl->specs.iv_size = 0; 00652 00653 break; 00654 #endif 00655 00656 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 00657 case TLS_RSA_WITH_NULL_SHA256 : 00658 ssl->specs.bulk_cipher_algorithm = cipher_null; 00659 ssl->specs.cipher_type = stream; 00660 ssl->specs.mac_algorithm = sha256_mac; 00661 ssl->specs.kea = rsa_kea; 00662 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00663 ssl->specs.pad_size = PAD_SHA; 00664 ssl->specs.static_ecdh = 0; 00665 ssl->specs.key_size = 0; 00666 ssl->specs.block_size = 0; 00667 ssl->specs.iv_size = 0; 00668 00669 break; 00670 #endif 00671 00672 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA 00673 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : 00674 ssl->specs.bulk_cipher_algorithm = aes; 00675 ssl->specs.cipher_type = block; 00676 ssl->specs.mac_algorithm = sha_mac; 00677 ssl->specs.kea = ntru_kea; 00678 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00679 ssl->specs.pad_size = PAD_SHA; 00680 ssl->specs.static_ecdh = 0; 00681 ssl->specs.key_size = AES_128_KEY_SIZE; 00682 ssl->specs.block_size = AES_BLOCK_SIZE; 00683 ssl->specs.iv_size = AES_IV_SIZE; 00684 00685 break; 00686 #endif 00687 00688 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 00689 case TLS_RSA_WITH_AES_256_CBC_SHA : 00690 ssl->specs.bulk_cipher_algorithm = aes; 00691 ssl->specs.cipher_type = block; 00692 ssl->specs.mac_algorithm = sha_mac; 00693 ssl->specs.kea = rsa_kea; 00694 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00695 ssl->specs.pad_size = PAD_SHA; 00696 ssl->specs.static_ecdh = 0; 00697 ssl->specs.key_size = AES_256_KEY_SIZE; 00698 ssl->specs.block_size = AES_BLOCK_SIZE; 00699 ssl->specs.iv_size = AES_IV_SIZE; 00700 00701 break; 00702 #endif 00703 00704 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 00705 case TLS_RSA_WITH_AES_256_CBC_SHA256 : 00706 ssl->specs.bulk_cipher_algorithm = aes; 00707 ssl->specs.cipher_type = block; 00708 ssl->specs.mac_algorithm = sha256_mac; 00709 ssl->specs.kea = rsa_kea; 00710 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00711 ssl->specs.pad_size = PAD_SHA; 00712 ssl->specs.static_ecdh = 0; 00713 ssl->specs.key_size = AES_256_KEY_SIZE; 00714 ssl->specs.block_size = AES_BLOCK_SIZE; 00715 ssl->specs.iv_size = AES_IV_SIZE; 00716 00717 break; 00718 #endif 00719 00720 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA 00721 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : 00722 ssl->specs.bulk_cipher_algorithm = aes; 00723 ssl->specs.cipher_type = block; 00724 ssl->specs.mac_algorithm = sha_mac; 00725 ssl->specs.kea = ntru_kea; 00726 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00727 ssl->specs.pad_size = PAD_SHA; 00728 ssl->specs.static_ecdh = 0; 00729 ssl->specs.key_size = AES_256_KEY_SIZE; 00730 ssl->specs.block_size = AES_BLOCK_SIZE; 00731 ssl->specs.iv_size = AES_IV_SIZE; 00732 00733 break; 00734 #endif 00735 00736 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 00737 case TLS_PSK_WITH_AES_128_CBC_SHA256 : 00738 ssl->specs.bulk_cipher_algorithm = aes; 00739 ssl->specs.cipher_type = block; 00740 ssl->specs.mac_algorithm = sha256_mac; 00741 ssl->specs.kea = psk_kea; 00742 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00743 ssl->specs.pad_size = PAD_SHA; 00744 ssl->specs.static_ecdh = 0; 00745 ssl->specs.key_size = AES_128_KEY_SIZE; 00746 ssl->specs.block_size = AES_BLOCK_SIZE; 00747 ssl->specs.iv_size = AES_IV_SIZE; 00748 00749 ssl->options.usingPSK_cipher = 1; 00750 break; 00751 #endif 00752 00753 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 00754 case TLS_PSK_WITH_AES_128_CBC_SHA : 00755 ssl->specs.bulk_cipher_algorithm = aes; 00756 ssl->specs.cipher_type = block; 00757 ssl->specs.mac_algorithm = sha_mac; 00758 ssl->specs.kea = psk_kea; 00759 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00760 ssl->specs.pad_size = PAD_SHA; 00761 ssl->specs.static_ecdh = 0; 00762 ssl->specs.key_size = AES_128_KEY_SIZE; 00763 ssl->specs.block_size = AES_BLOCK_SIZE; 00764 ssl->specs.iv_size = AES_IV_SIZE; 00765 00766 ssl->options.usingPSK_cipher = 1; 00767 break; 00768 #endif 00769 00770 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 00771 case TLS_PSK_WITH_AES_256_CBC_SHA : 00772 ssl->specs.bulk_cipher_algorithm = aes; 00773 ssl->specs.cipher_type = block; 00774 ssl->specs.mac_algorithm = sha_mac; 00775 ssl->specs.kea = psk_kea; 00776 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00777 ssl->specs.pad_size = PAD_SHA; 00778 ssl->specs.static_ecdh = 0; 00779 ssl->specs.key_size = AES_256_KEY_SIZE; 00780 ssl->specs.block_size = AES_BLOCK_SIZE; 00781 ssl->specs.iv_size = AES_IV_SIZE; 00782 00783 ssl->options.usingPSK_cipher = 1; 00784 break; 00785 #endif 00786 00787 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 00788 case TLS_PSK_WITH_NULL_SHA256 : 00789 ssl->specs.bulk_cipher_algorithm = cipher_null; 00790 ssl->specs.cipher_type = stream; 00791 ssl->specs.mac_algorithm = sha256_mac; 00792 ssl->specs.kea = psk_kea; 00793 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00794 ssl->specs.pad_size = PAD_SHA; 00795 ssl->specs.static_ecdh = 0; 00796 ssl->specs.key_size = 0; 00797 ssl->specs.block_size = 0; 00798 ssl->specs.iv_size = 0; 00799 00800 ssl->options.usingPSK_cipher = 1; 00801 break; 00802 #endif 00803 00804 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA 00805 case TLS_PSK_WITH_NULL_SHA : 00806 ssl->specs.bulk_cipher_algorithm = cipher_null; 00807 ssl->specs.cipher_type = stream; 00808 ssl->specs.mac_algorithm = sha_mac; 00809 ssl->specs.kea = psk_kea; 00810 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00811 ssl->specs.pad_size = PAD_SHA; 00812 ssl->specs.static_ecdh = 0; 00813 ssl->specs.key_size = 0; 00814 ssl->specs.block_size = 0; 00815 ssl->specs.iv_size = 0; 00816 00817 ssl->options.usingPSK_cipher = 1; 00818 break; 00819 #endif 00820 00821 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 00822 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : 00823 ssl->specs.bulk_cipher_algorithm = aes; 00824 ssl->specs.cipher_type = block; 00825 ssl->specs.mac_algorithm = sha256_mac; 00826 ssl->specs.kea = diffie_hellman_kea; 00827 ssl->specs.sig_algo = rsa_sa_algo; 00828 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00829 ssl->specs.pad_size = PAD_SHA; 00830 ssl->specs.static_ecdh = 0; 00831 ssl->specs.key_size = AES_128_KEY_SIZE; 00832 ssl->specs.block_size = AES_BLOCK_SIZE; 00833 ssl->specs.iv_size = AES_IV_SIZE; 00834 00835 break; 00836 #endif 00837 00838 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 00839 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : 00840 ssl->specs.bulk_cipher_algorithm = aes; 00841 ssl->specs.cipher_type = block; 00842 ssl->specs.mac_algorithm = sha256_mac; 00843 ssl->specs.kea = diffie_hellman_kea; 00844 ssl->specs.sig_algo = rsa_sa_algo; 00845 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00846 ssl->specs.pad_size = PAD_SHA; 00847 ssl->specs.static_ecdh = 0; 00848 ssl->specs.key_size = AES_256_KEY_SIZE; 00849 ssl->specs.block_size = AES_BLOCK_SIZE; 00850 ssl->specs.iv_size = AES_IV_SIZE; 00851 00852 break; 00853 #endif 00854 00855 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00856 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : 00857 ssl->specs.bulk_cipher_algorithm = aes; 00858 ssl->specs.cipher_type = block; 00859 ssl->specs.mac_algorithm = sha_mac; 00860 ssl->specs.kea = diffie_hellman_kea; 00861 ssl->specs.sig_algo = rsa_sa_algo; 00862 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00863 ssl->specs.pad_size = PAD_SHA; 00864 ssl->specs.static_ecdh = 0; 00865 ssl->specs.key_size = AES_128_KEY_SIZE; 00866 ssl->specs.block_size = AES_BLOCK_SIZE; 00867 ssl->specs.iv_size = AES_IV_SIZE; 00868 00869 break; 00870 #endif 00871 00872 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00873 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : 00874 ssl->specs.bulk_cipher_algorithm = aes; 00875 ssl->specs.cipher_type = block; 00876 ssl->specs.mac_algorithm = sha_mac; 00877 ssl->specs.kea = diffie_hellman_kea; 00878 ssl->specs.sig_algo = rsa_sa_algo; 00879 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00880 ssl->specs.pad_size = PAD_SHA; 00881 ssl->specs.static_ecdh = 0; 00882 ssl->specs.key_size = AES_256_KEY_SIZE; 00883 ssl->specs.block_size = AES_BLOCK_SIZE; 00884 ssl->specs.iv_size = AES_IV_SIZE; 00885 00886 break; 00887 #endif 00888 00889 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5 00890 case TLS_RSA_WITH_HC_128_CBC_MD5 : 00891 ssl->specs.bulk_cipher_algorithm = hc128; 00892 ssl->specs.cipher_type = stream; 00893 ssl->specs.mac_algorithm = md5_mac; 00894 ssl->specs.kea = rsa_kea; 00895 ssl->specs.hash_size = MD5_DIGEST_SIZE; 00896 ssl->specs.pad_size = PAD_MD5; 00897 ssl->specs.static_ecdh = 0; 00898 ssl->specs.key_size = HC_128_KEY_SIZE; 00899 ssl->specs.block_size = 0; 00900 ssl->specs.iv_size = HC_128_IV_SIZE; 00901 00902 break; 00903 #endif 00904 00905 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA 00906 case TLS_RSA_WITH_HC_128_CBC_SHA : 00907 ssl->specs.bulk_cipher_algorithm = hc128; 00908 ssl->specs.cipher_type = stream; 00909 ssl->specs.mac_algorithm = sha_mac; 00910 ssl->specs.kea = rsa_kea; 00911 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00912 ssl->specs.pad_size = PAD_SHA; 00913 ssl->specs.static_ecdh = 0; 00914 ssl->specs.key_size = HC_128_KEY_SIZE; 00915 ssl->specs.block_size = 0; 00916 ssl->specs.iv_size = HC_128_IV_SIZE; 00917 00918 break; 00919 #endif 00920 00921 #ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA 00922 case TLS_RSA_WITH_RABBIT_CBC_SHA : 00923 ssl->specs.bulk_cipher_algorithm = rabbit; 00924 ssl->specs.cipher_type = stream; 00925 ssl->specs.mac_algorithm = sha_mac; 00926 ssl->specs.kea = rsa_kea; 00927 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00928 ssl->specs.pad_size = PAD_SHA; 00929 ssl->specs.static_ecdh = 0; 00930 ssl->specs.key_size = RABBIT_KEY_SIZE; 00931 ssl->specs.block_size = 0; 00932 ssl->specs.iv_size = RABBIT_IV_SIZE; 00933 00934 break; 00935 #endif 00936 00937 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 00938 case TLS_RSA_WITH_AES_128_GCM_SHA256 : 00939 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00940 ssl->specs.cipher_type = aead; 00941 ssl->specs.mac_algorithm = sha256_mac; 00942 ssl->specs.kea = rsa_kea; 00943 ssl->specs.sig_algo = rsa_sa_algo; 00944 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00945 ssl->specs.pad_size = PAD_SHA; 00946 ssl->specs.static_ecdh = 0; 00947 ssl->specs.key_size = AES_128_KEY_SIZE; 00948 ssl->specs.block_size = AES_BLOCK_SIZE; 00949 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00950 00951 break; 00952 #endif 00953 00954 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 00955 case TLS_RSA_WITH_AES_256_GCM_SHA384 : 00956 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00957 ssl->specs.cipher_type = aead; 00958 ssl->specs.mac_algorithm = sha384_mac; 00959 ssl->specs.kea = rsa_kea; 00960 ssl->specs.sig_algo = rsa_sa_algo; 00961 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00962 ssl->specs.pad_size = PAD_SHA; 00963 ssl->specs.static_ecdh = 0; 00964 ssl->specs.key_size = AES_256_KEY_SIZE; 00965 ssl->specs.block_size = AES_BLOCK_SIZE; 00966 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00967 00968 break; 00969 #endif 00970 00971 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 00972 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : 00973 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00974 ssl->specs.cipher_type = aead; 00975 ssl->specs.mac_algorithm = sha256_mac; 00976 ssl->specs.kea = diffie_hellman_kea; 00977 ssl->specs.sig_algo = rsa_sa_algo; 00978 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00979 ssl->specs.pad_size = PAD_SHA; 00980 ssl->specs.static_ecdh = 0; 00981 ssl->specs.key_size = AES_128_KEY_SIZE; 00982 ssl->specs.block_size = AES_BLOCK_SIZE; 00983 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 00984 00985 break; 00986 #endif 00987 00988 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 00989 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : 00990 ssl->specs.bulk_cipher_algorithm = aes_gcm; 00991 ssl->specs.cipher_type = aead; 00992 ssl->specs.mac_algorithm = sha384_mac; 00993 ssl->specs.kea = diffie_hellman_kea; 00994 ssl->specs.sig_algo = rsa_sa_algo; 00995 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00996 ssl->specs.pad_size = PAD_SHA; 00997 ssl->specs.static_ecdh = 0; 00998 ssl->specs.key_size = AES_256_KEY_SIZE; 00999 ssl->specs.block_size = AES_BLOCK_SIZE; 01000 ssl->specs.iv_size = AEAD_IMP_IV_SZ; 01001 01002 break; 01003 #endif 01004 01005 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01006 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : 01007 ssl->specs.bulk_cipher_algorithm = camellia; 01008 ssl->specs.cipher_type = block; 01009 ssl->specs.mac_algorithm = sha_mac; 01010 ssl->specs.kea = rsa_kea; 01011 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01012 ssl->specs.pad_size = PAD_SHA; 01013 ssl->specs.static_ecdh = 0; 01014 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01015 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01016 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01017 01018 break; 01019 #endif 01020 01021 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01022 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : 01023 ssl->specs.bulk_cipher_algorithm = camellia; 01024 ssl->specs.cipher_type = block; 01025 ssl->specs.mac_algorithm = sha_mac; 01026 ssl->specs.kea = rsa_kea; 01027 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01028 ssl->specs.pad_size = PAD_SHA; 01029 ssl->specs.static_ecdh = 0; 01030 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 01031 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01032 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01033 01034 break; 01035 #endif 01036 01037 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01038 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : 01039 ssl->specs.bulk_cipher_algorithm = camellia; 01040 ssl->specs.cipher_type = block; 01041 ssl->specs.mac_algorithm = sha256_mac; 01042 ssl->specs.kea = rsa_kea; 01043 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01044 ssl->specs.pad_size = PAD_SHA; 01045 ssl->specs.static_ecdh = 0; 01046 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01047 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01048 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01049 01050 break; 01051 #endif 01052 01053 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01054 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : 01055 ssl->specs.bulk_cipher_algorithm = camellia; 01056 ssl->specs.cipher_type = block; 01057 ssl->specs.mac_algorithm = sha256_mac; 01058 ssl->specs.kea = rsa_kea; 01059 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01060 ssl->specs.pad_size = PAD_SHA; 01061 ssl->specs.static_ecdh = 0; 01062 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 01063 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01064 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01065 01066 break; 01067 #endif 01068 01069 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01070 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : 01071 ssl->specs.bulk_cipher_algorithm = camellia; 01072 ssl->specs.cipher_type = block; 01073 ssl->specs.mac_algorithm = sha_mac; 01074 ssl->specs.kea = diffie_hellman_kea; 01075 ssl->specs.sig_algo = rsa_sa_algo; 01076 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01077 ssl->specs.pad_size = PAD_SHA; 01078 ssl->specs.static_ecdh = 0; 01079 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01080 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01081 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01082 01083 break; 01084 #endif 01085 01086 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 01087 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : 01088 ssl->specs.bulk_cipher_algorithm = camellia; 01089 ssl->specs.cipher_type = block; 01090 ssl->specs.mac_algorithm = sha_mac; 01091 ssl->specs.kea = diffie_hellman_kea; 01092 ssl->specs.sig_algo = rsa_sa_algo; 01093 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01094 ssl->specs.pad_size = PAD_SHA; 01095 ssl->specs.static_ecdh = 0; 01096 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 01097 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01098 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01099 01100 break; 01101 #endif 01102 01103 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 01104 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : 01105 ssl->specs.bulk_cipher_algorithm = camellia; 01106 ssl->specs.cipher_type = block; 01107 ssl->specs.mac_algorithm = sha256_mac; 01108 ssl->specs.kea = diffie_hellman_kea; 01109 ssl->specs.sig_algo = rsa_sa_algo; 01110 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01111 ssl->specs.pad_size = PAD_SHA; 01112 ssl->specs.static_ecdh = 0; 01113 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01114 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01115 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01116 01117 break; 01118 #endif 01119 01120 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 01121 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : 01122 ssl->specs.bulk_cipher_algorithm = camellia; 01123 ssl->specs.cipher_type = block; 01124 ssl->specs.mac_algorithm = sha256_mac; 01125 ssl->specs.kea = diffie_hellman_kea; 01126 ssl->specs.sig_algo = rsa_sa_algo; 01127 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01128 ssl->specs.pad_size = PAD_SHA; 01129 ssl->specs.static_ecdh = 0; 01130 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 01131 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01132 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01133 01134 break; 01135 #endif 01136 01137 default: 01138 CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs"); 01139 return UNSUPPORTED_SUITE; 01140 } /* switch */ 01141 } /* if ECC / Normal suites else */ 01142 01143 /* set TLS if it hasn't been turned off */ 01144 if (ssl->version.major == 3 && ssl->version.minor >= 1) { 01145 #ifndef NO_TLS 01146 ssl->options.tls = 1; 01147 ssl->hmac = TLS_hmac; 01148 if (ssl->version.minor >= 2) 01149 ssl->options.tls1_1 = 1; 01150 #endif 01151 } 01152 01153 #ifdef CYASSL_DTLS 01154 if (ssl->options.dtls) 01155 ssl->hmac = TLS_hmac; 01156 #endif 01157 01158 return 0; 01159 } 01160 01161 01162 enum KeyStuff { 01163 MASTER_ROUNDS = 3, 01164 PREFIX = 3, /* up to three letters for master prefix */ 01165 KEY_PREFIX = 7 /* up to 7 prefix letters for key rounds */ 01166 01167 01168 }; 01169 01170 #ifndef NO_OLD_TLS 01171 /* true or false, zero for error */ 01172 static int SetPrefix(byte* sha_input, int idx) 01173 { 01174 switch (idx) { 01175 case 0: 01176 XMEMCPY(sha_input, "A", 1); 01177 break; 01178 case 1: 01179 XMEMCPY(sha_input, "BB", 2); 01180 break; 01181 case 2: 01182 XMEMCPY(sha_input, "CCC", 3); 01183 break; 01184 case 3: 01185 XMEMCPY(sha_input, "DDDD", 4); 01186 break; 01187 case 4: 01188 XMEMCPY(sha_input, "EEEEE", 5); 01189 break; 01190 case 5: 01191 XMEMCPY(sha_input, "FFFFFF", 6); 01192 break; 01193 case 6: 01194 XMEMCPY(sha_input, "GGGGGGG", 7); 01195 break; 01196 default: 01197 CYASSL_MSG("Set Prefix error, bad input"); 01198 return 0; 01199 } 01200 return 1; 01201 } 01202 #endif 01203 01204 01205 static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, 01206 byte side, void* heap, int devId) 01207 { 01208 #ifdef BUILD_ARC4 01209 word32 sz = specs->key_size; 01210 if (specs->bulk_cipher_algorithm == rc4) { 01211 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); 01212 if (enc->arc4 == NULL) 01213 return MEMORY_E; 01214 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); 01215 if (dec->arc4 == NULL) 01216 return MEMORY_E; 01217 #ifdef HAVE_CAVIUM 01218 if (devId != NO_CAVIUM_DEVICE) { 01219 if (Arc4InitCavium(enc->arc4, devId) != 0) { 01220 CYASSL_MSG("Arc4InitCavium failed in SetKeys"); 01221 return CAVIUM_INIT_E; 01222 } 01223 if (Arc4InitCavium(dec->arc4, devId) != 0) { 01224 CYASSL_MSG("Arc4InitCavium failed in SetKeys"); 01225 return CAVIUM_INIT_E; 01226 } 01227 } 01228 #endif 01229 if (side == CLIENT_END) { 01230 Arc4SetKey(enc->arc4, keys->client_write_key, sz); 01231 Arc4SetKey(dec->arc4, keys->server_write_key, sz); 01232 } 01233 else { 01234 Arc4SetKey(enc->arc4, keys->server_write_key, sz); 01235 Arc4SetKey(dec->arc4, keys->client_write_key, sz); 01236 } 01237 enc->setup = 1; 01238 dec->setup = 1; 01239 } 01240 #endif 01241 01242 #ifdef HAVE_HC128 01243 if (specs->bulk_cipher_algorithm == hc128) { 01244 enc->hc128 = (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER); 01245 if (enc->hc128 == NULL) 01246 return MEMORY_E; 01247 dec->hc128 = (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER); 01248 if (dec->hc128 == NULL) 01249 return MEMORY_E; 01250 if (side == CLIENT_END) { 01251 Hc128_SetKey(enc->hc128, keys->client_write_key, 01252 keys->client_write_IV); 01253 Hc128_SetKey(dec->hc128, keys->server_write_key, 01254 keys->server_write_IV); 01255 } 01256 else { 01257 Hc128_SetKey(enc->hc128, keys->server_write_key, 01258 keys->server_write_IV); 01259 Hc128_SetKey(dec->hc128, keys->client_write_key, 01260 keys->client_write_IV); 01261 } 01262 enc->setup = 1; 01263 dec->setup = 1; 01264 } 01265 #endif 01266 01267 #ifdef BUILD_RABBIT 01268 if (specs->bulk_cipher_algorithm == rabbit) { 01269 enc->rabbit = (Rabbit*)XMALLOC(sizeof(Rabbit),heap,DYNAMIC_TYPE_CIPHER); 01270 if (enc->rabbit == NULL) 01271 return MEMORY_E; 01272 dec->rabbit = (Rabbit*)XMALLOC(sizeof(Rabbit),heap,DYNAMIC_TYPE_CIPHER); 01273 if (dec->rabbit == NULL) 01274 return MEMORY_E; 01275 if (side == CLIENT_END) { 01276 RabbitSetKey(enc->rabbit, keys->client_write_key, 01277 keys->client_write_IV); 01278 RabbitSetKey(dec->rabbit, keys->server_write_key, 01279 keys->server_write_IV); 01280 } 01281 else { 01282 RabbitSetKey(enc->rabbit, keys->server_write_key, 01283 keys->server_write_IV); 01284 RabbitSetKey(dec->rabbit, keys->client_write_key, 01285 keys->client_write_IV); 01286 } 01287 enc->setup = 1; 01288 dec->setup = 1; 01289 } 01290 #endif 01291 01292 #ifdef BUILD_DES3 01293 if (specs->bulk_cipher_algorithm == triple_des) { 01294 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); 01295 if (enc->des3 == NULL) 01296 return MEMORY_E; 01297 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); 01298 if (dec->des3 == NULL) 01299 return MEMORY_E; 01300 #ifdef HAVE_CAVIUM 01301 if (devId != NO_CAVIUM_DEVICE) { 01302 if (Des3_InitCavium(enc->des3, devId) != 0) { 01303 CYASSL_MSG("Des3_InitCavium failed in SetKeys"); 01304 return CAVIUM_INIT_E; 01305 } 01306 if (Des3_InitCavium(dec->des3, devId) != 0) { 01307 CYASSL_MSG("Des3_InitCavium failed in SetKeys"); 01308 return CAVIUM_INIT_E; 01309 } 01310 } 01311 #endif 01312 if (side == CLIENT_END) { 01313 Des3_SetKey(enc->des3, keys->client_write_key, 01314 keys->client_write_IV, DES_ENCRYPTION); 01315 Des3_SetKey(dec->des3, keys->server_write_key, 01316 keys->server_write_IV, DES_DECRYPTION); 01317 } 01318 else { 01319 Des3_SetKey(enc->des3, keys->server_write_key, 01320 keys->server_write_IV, DES_ENCRYPTION); 01321 Des3_SetKey(dec->des3, keys->client_write_key, 01322 keys->client_write_IV, DES_DECRYPTION); 01323 } 01324 enc->setup = 1; 01325 dec->setup = 1; 01326 } 01327 #endif 01328 01329 #ifdef BUILD_AES 01330 if (specs->bulk_cipher_algorithm == aes) { 01331 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 01332 if (enc->aes == NULL) 01333 return MEMORY_E; 01334 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 01335 if (dec->aes == NULL) 01336 return MEMORY_E; 01337 #ifdef HAVE_CAVIUM 01338 if (devId != NO_CAVIUM_DEVICE) { 01339 if (AesInitCavium(enc->aes, devId) != 0) { 01340 CYASSL_MSG("AesInitCavium failed in SetKeys"); 01341 return CAVIUM_INIT_E; 01342 } 01343 if (AesInitCavium(dec->aes, devId) != 0) { 01344 CYASSL_MSG("AesInitCavium failed in SetKeys"); 01345 return CAVIUM_INIT_E; 01346 } 01347 } 01348 #endif 01349 if (side == CLIENT_END) { 01350 AesSetKey(enc->aes, keys->client_write_key, 01351 specs->key_size, keys->client_write_IV, 01352 AES_ENCRYPTION); 01353 AesSetKey(dec->aes, keys->server_write_key, 01354 specs->key_size, keys->server_write_IV, 01355 AES_DECRYPTION); 01356 } 01357 else { 01358 AesSetKey(enc->aes, keys->server_write_key, 01359 specs->key_size, keys->server_write_IV, 01360 AES_ENCRYPTION); 01361 AesSetKey(dec->aes, keys->client_write_key, 01362 specs->key_size, keys->client_write_IV, 01363 AES_DECRYPTION); 01364 } 01365 enc->setup = 1; 01366 dec->setup = 1; 01367 } 01368 #endif 01369 01370 #ifdef BUILD_AESGCM 01371 if (specs->bulk_cipher_algorithm == aes_gcm) { 01372 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 01373 if (enc->aes == NULL) 01374 return MEMORY_E; 01375 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 01376 if (dec->aes == NULL) 01377 return MEMORY_E; 01378 01379 if (side == CLIENT_END) { 01380 AesGcmSetKey(enc->aes, keys->client_write_key, specs->key_size); 01381 XMEMCPY(keys->aead_enc_imp_IV, 01382 keys->client_write_IV, AEAD_IMP_IV_SZ); 01383 AesGcmSetKey(dec->aes, keys->server_write_key, specs->key_size); 01384 XMEMCPY(keys->aead_dec_imp_IV, 01385 keys->server_write_IV, AEAD_IMP_IV_SZ); 01386 } 01387 else { 01388 AesGcmSetKey(enc->aes, keys->server_write_key, specs->key_size); 01389 XMEMCPY(keys->aead_enc_imp_IV, 01390 keys->server_write_IV, AEAD_IMP_IV_SZ); 01391 AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size); 01392 XMEMCPY(keys->aead_dec_imp_IV, 01393 keys->client_write_IV, AEAD_IMP_IV_SZ); 01394 } 01395 enc->setup = 1; 01396 dec->setup = 1; 01397 } 01398 #endif 01399 01400 #ifdef HAVE_AESCCM 01401 if (specs->bulk_cipher_algorithm == aes_ccm) { 01402 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 01403 if (enc->aes == NULL) 01404 return MEMORY_E; 01405 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 01406 if (dec->aes == NULL) 01407 return MEMORY_E; 01408 01409 if (side == CLIENT_END) { 01410 AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size); 01411 XMEMCPY(keys->aead_enc_imp_IV, 01412 keys->client_write_IV, AEAD_IMP_IV_SZ); 01413 AesCcmSetKey(dec->aes, keys->server_write_key, specs->key_size); 01414 XMEMCPY(keys->aead_dec_imp_IV, 01415 keys->server_write_IV, AEAD_IMP_IV_SZ); 01416 } 01417 else { 01418 AesCcmSetKey(enc->aes, keys->server_write_key, specs->key_size); 01419 XMEMCPY(keys->aead_enc_imp_IV, 01420 keys->server_write_IV, AEAD_IMP_IV_SZ); 01421 AesCcmSetKey(dec->aes, keys->client_write_key, specs->key_size); 01422 XMEMCPY(keys->aead_dec_imp_IV, 01423 keys->client_write_IV, AEAD_IMP_IV_SZ); 01424 } 01425 enc->setup = 1; 01426 dec->setup = 1; 01427 } 01428 #endif 01429 01430 #ifdef HAVE_CAMELLIA 01431 if (specs->bulk_cipher_algorithm == camellia) { 01432 enc->cam = (Camellia*)XMALLOC(sizeof(Camellia), 01433 heap, DYNAMIC_TYPE_CIPHER); 01434 if (enc->cam == NULL) 01435 return MEMORY_E; 01436 dec->cam = (Camellia*)XMALLOC(sizeof(Camellia), 01437 heap, DYNAMIC_TYPE_CIPHER); 01438 if (dec->cam == NULL) 01439 return MEMORY_E; 01440 if (side == CLIENT_END) { 01441 CamelliaSetKey(enc->cam, keys->client_write_key, 01442 specs->key_size, keys->client_write_IV); 01443 CamelliaSetKey(dec->cam, keys->server_write_key, 01444 specs->key_size, keys->server_write_IV); 01445 } 01446 else { 01447 CamelliaSetKey(enc->cam, keys->server_write_key, 01448 specs->key_size, keys->server_write_IV); 01449 CamelliaSetKey(dec->cam, keys->client_write_key, 01450 specs->key_size, keys->client_write_IV); 01451 } 01452 enc->setup = 1; 01453 dec->setup = 1; 01454 } 01455 #endif 01456 01457 #ifdef HAVE_NULL_CIPHER 01458 if (specs->bulk_cipher_algorithm == cipher_null) { 01459 enc->setup = 1; 01460 dec->setup = 1; 01461 } 01462 #endif 01463 01464 keys->sequence_number = 0; 01465 keys->peer_sequence_number = 0; 01466 keys->encryptionOn = 0; 01467 (void)side; 01468 (void)heap; 01469 (void)enc; 01470 (void)dec; 01471 (void)specs; 01472 (void)devId; 01473 01474 return 0; 01475 } 01476 01477 01478 /* TLS can call too */ 01479 int StoreKeys(CYASSL* ssl, const byte* keyData) 01480 { 01481 int sz, i = 0; 01482 int devId = NO_CAVIUM_DEVICE; 01483 01484 #ifdef HAVE_CAVIUM 01485 devId = ssl->devId; 01486 #endif 01487 01488 if (ssl->specs.cipher_type != aead) { 01489 sz = ssl->specs.hash_size; 01490 XMEMCPY(ssl->keys.client_write_MAC_secret,&keyData[i], sz); 01491 i += sz; 01492 XMEMCPY(ssl->keys.server_write_MAC_secret,&keyData[i], sz); 01493 i += sz; 01494 } 01495 sz = ssl->specs.key_size; 01496 XMEMCPY(ssl->keys.client_write_key, &keyData[i], sz); 01497 i += sz; 01498 XMEMCPY(ssl->keys.server_write_key, &keyData[i], sz); 01499 i += sz; 01500 01501 sz = ssl->specs.iv_size; 01502 XMEMCPY(ssl->keys.client_write_IV, &keyData[i], sz); 01503 i += sz; 01504 XMEMCPY(ssl->keys.server_write_IV, &keyData[i], sz); 01505 01506 #ifdef HAVE_AEAD 01507 if (ssl->specs.cipher_type == aead) { 01508 /* Initialize the AES-GCM explicit IV to a random number. */ 01509 RNG_GenerateBlock(ssl->rng, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); 01510 } 01511 #endif 01512 01513 return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs, 01514 ssl->options.side, ssl->heap, devId); 01515 } 01516 01517 #ifndef NO_OLD_TLS 01518 int DeriveKeys(CYASSL* ssl) 01519 { 01520 int length = 2 * ssl->specs.hash_size + 01521 2 * ssl->specs.key_size + 01522 2 * ssl->specs.iv_size; 01523 int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i; 01524 01525 byte shaOutput[SHA_DIGEST_SIZE]; 01526 byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE]; 01527 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN]; 01528 01529 Md5 md5; 01530 Sha sha; 01531 01532 byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE]; /* max size */ 01533 01534 InitMd5(&md5); 01535 InitSha(&sha); 01536 01537 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN); 01538 01539 for (i = 0; i < rounds; ++i) { 01540 int j = i + 1; 01541 int idx = j; 01542 01543 if (!SetPrefix(shaInput, i)) { 01544 return PREFIX_ERROR; 01545 } 01546 01547 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN); 01548 idx += SECRET_LEN; 01549 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); 01550 idx += RAN_LEN; 01551 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); 01552 01553 ShaUpdate(&sha, shaInput, (word32)sizeof(shaInput) - KEY_PREFIX + j); 01554 ShaFinal(&sha, shaOutput); 01555 01556 XMEMCPY(&md5Input[SECRET_LEN], shaOutput, SHA_DIGEST_SIZE); 01557 Md5Update(&md5, md5Input, sizeof(md5Input)); 01558 Md5Final(&md5, keyData + i * MD5_DIGEST_SIZE); 01559 } 01560 01561 return StoreKeys(ssl, keyData); 01562 } 01563 01564 01565 static void CleanPreMaster(CYASSL* ssl) 01566 { 01567 int i, sz = ssl->arrays->preMasterSz; 01568 01569 for (i = 0; i < sz; i++) 01570 ssl->arrays->preMasterSecret[i] = 0; 01571 01572 RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz); 01573 01574 for (i = 0; i < sz; i++) 01575 ssl->arrays->preMasterSecret[i] = 0; 01576 01577 } 01578 01579 01580 /* Create and store the master secret see page 32, 6.1 */ 01581 static int MakeSslMasterSecret(CYASSL* ssl) 01582 { 01583 byte shaOutput[SHA_DIGEST_SIZE]; 01584 byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE]; 01585 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN]; 01586 int i, ret; 01587 word32 idx; 01588 word32 pmsSz = ssl->arrays->preMasterSz; 01589 01590 Md5 md5; 01591 Sha sha; 01592 01593 #ifdef SHOW_SECRETS 01594 { 01595 int j; 01596 printf("pre master secret: "); 01597 for (j = 0; j < pmsSz; j++) 01598 printf("%02x", ssl->arrays->preMasterSecret[j]); 01599 printf("\n"); 01600 } 01601 #endif 01602 01603 InitMd5(&md5); 01604 InitSha(&sha); 01605 01606 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz); 01607 01608 for (i = 0; i < MASTER_ROUNDS; ++i) { 01609 byte prefix[PREFIX]; 01610 if (!SetPrefix(prefix, i)) { 01611 return PREFIX_ERROR; 01612 } 01613 01614 idx = 0; 01615 XMEMCPY(shaInput, prefix, i + 1); 01616 idx += i + 1; 01617 01618 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz); 01619 idx += pmsSz; 01620 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); 01621 idx += RAN_LEN; 01622 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); 01623 idx += RAN_LEN; 01624 ShaUpdate(&sha, shaInput, idx); 01625 ShaFinal(&sha, shaOutput); 01626 01627 idx = pmsSz; /* preSz */ 01628 XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE); 01629 idx += SHA_DIGEST_SIZE; 01630 Md5Update(&md5, md5Input, idx); 01631 Md5Final(&md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]); 01632 } 01633 01634 #ifdef SHOW_SECRETS 01635 { 01636 int i; 01637 printf("master secret: "); 01638 for (i = 0; i < SECRET_LEN; i++) 01639 printf("%02x", ssl->arrays->masterSecret[i]); 01640 printf("\n"); 01641 } 01642 #endif 01643 01644 ret = DeriveKeys(ssl); 01645 CleanPreMaster(ssl); 01646 01647 return ret; 01648 } 01649 #endif 01650 01651 01652 /* Master wrapper, doesn't use SSL stack space in TLS mode */ 01653 int MakeMasterSecret(CYASSL* ssl) 01654 { 01655 #ifdef NO_OLD_TLS 01656 return MakeTlsMasterSecret(ssl); 01657 #elif !defined(NO_TLS) 01658 if (ssl->options.tls) return MakeTlsMasterSecret(ssl); 01659 #endif 01660 01661 #ifndef NO_OLD_TLS 01662 return MakeSslMasterSecret(ssl); 01663 #endif 01664 } 01665
Generated on Thu Jul 14 2022 00:25:23 by
1.7.2