Xuyi Wang
wolfSSL SSL/TLS library, support up to TLS1.3
Embed:
(wiki syntax)
Show/hide line numbers
keys.c
00001 /* keys.c 00002 * 00003 * Copyright (C) 2006-2017 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSL. 00006 * 00007 * wolfSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 00020 */ 00021 00022 00023 /* Name change compatibility layer no longer needs to be included here */ 00024 00025 #ifdef HAVE_CONFIG_H 00026 #include <config.h> 00027 #endif 00028 00029 #include <wolfcrypt/settings.h> 00030 00031 #ifndef WOLFCRYPT_ONLY 00032 00033 #include <wolfssl/internal.h> 00034 #include <wolfssl/error-ssl.h> 00035 #if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) 00036 #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) 00037 #if MQX_USE_IO_OLD 00038 #include <fio.h> 00039 #else 00040 #include <nio.h> 00041 #endif 00042 #else 00043 #include <stdio.h> 00044 #endif 00045 #endif 00046 00047 00048 int SetCipherSpecs(WOLFSSL* ssl) 00049 { 00050 #ifndef NO_WOLFSSL_CLIENT 00051 if (ssl->options.side == WOLFSSL_CLIENT_END) { 00052 /* server side verified before SetCipherSpecs call */ 00053 if (VerifyClientSuite(ssl) != 1) { 00054 WOLFSSL_MSG("SetCipherSpecs() client has an unusuable suite"); 00055 return UNSUPPORTED_SUITE; 00056 } 00057 } 00058 #endif /* NO_WOLFSSL_CLIENT */ 00059 00060 /* Chacha extensions, 0xcc */ 00061 if (ssl->options.cipherSuite0 == CHACHA_BYTE) { 00062 00063 switch (ssl->options.cipherSuite) { 00064 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00065 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: 00066 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00067 ssl->specs.cipher_type = aead; 00068 ssl->specs.mac_algorithm = sha256_mac; 00069 ssl->specs.kea = ecc_diffie_hellman_kea; 00070 ssl->specs.sig_algo = rsa_sa_algo; 00071 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00072 ssl->specs.pad_size = PAD_SHA; 00073 ssl->specs.static_ecdh = 0; 00074 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00075 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00076 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00077 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00078 ssl->options.oldPoly = 1; /* use old poly1305 padding */ 00079 00080 break; 00081 #endif 00082 00083 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00084 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256: 00085 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00086 ssl->specs.cipher_type = aead; 00087 ssl->specs.mac_algorithm = sha256_mac; 00088 ssl->specs.kea = ecc_diffie_hellman_kea; 00089 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00090 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00091 ssl->specs.pad_size = PAD_SHA; 00092 ssl->specs.static_ecdh = 0; 00093 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00094 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00095 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00096 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00097 ssl->options.oldPoly = 1; /* use old poly1305 padding */ 00098 00099 break; 00100 #endif 00101 00102 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00103 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: 00104 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00105 ssl->specs.cipher_type = aead; 00106 ssl->specs.mac_algorithm = sha256_mac; 00107 ssl->specs.kea = diffie_hellman_kea; 00108 ssl->specs.sig_algo = rsa_sa_algo; 00109 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00110 ssl->specs.pad_size = PAD_SHA; 00111 ssl->specs.static_ecdh = 0; 00112 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00113 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00114 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00115 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00116 ssl->options.oldPoly = 1; /* use old poly1305 padding */ 00117 00118 break; 00119 #endif 00120 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00121 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 00122 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00123 ssl->specs.cipher_type = aead; 00124 ssl->specs.mac_algorithm = sha256_mac; 00125 ssl->specs.kea = ecc_diffie_hellman_kea; 00126 ssl->specs.sig_algo = rsa_sa_algo; 00127 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00128 ssl->specs.pad_size = PAD_SHA; 00129 ssl->specs.static_ecdh = 0; 00130 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00131 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00132 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00133 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00134 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00135 00136 break; 00137 #endif 00138 00139 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 00140 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: 00141 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00142 ssl->specs.cipher_type = aead; 00143 ssl->specs.mac_algorithm = sha256_mac; 00144 ssl->specs.kea = ecc_diffie_hellman_kea; 00145 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00146 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00147 ssl->specs.pad_size = PAD_SHA; 00148 ssl->specs.static_ecdh = 0; 00149 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00150 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00151 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00152 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00153 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00154 00155 break; 00156 #endif 00157 00158 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00159 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 00160 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00161 ssl->specs.cipher_type = aead; 00162 ssl->specs.mac_algorithm = sha256_mac; 00163 ssl->specs.kea = diffie_hellman_kea; 00164 ssl->specs.sig_algo = rsa_sa_algo; 00165 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00166 ssl->specs.pad_size = PAD_SHA; 00167 ssl->specs.static_ecdh = 0; 00168 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00169 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00170 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00171 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00172 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00173 00174 break; 00175 #endif 00176 00177 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 00178 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: 00179 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00180 ssl->specs.cipher_type = aead; 00181 ssl->specs.mac_algorithm = sha256_mac; 00182 ssl->specs.kea = psk_kea; 00183 ssl->specs.sig_algo = anonymous_sa_algo; 00184 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00185 ssl->specs.pad_size = PAD_SHA; 00186 ssl->specs.static_ecdh = 0; 00187 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00188 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00189 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00190 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00191 00192 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00193 ssl->options.usingPSK_cipher = 1; 00194 break; 00195 #endif 00196 00197 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00198 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: 00199 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00200 ssl->specs.cipher_type = aead; 00201 ssl->specs.mac_algorithm = sha256_mac; 00202 ssl->specs.kea = ecdhe_psk_kea; 00203 ssl->specs.sig_algo = anonymous_sa_algo; 00204 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00205 ssl->specs.pad_size = PAD_SHA; 00206 ssl->specs.static_ecdh = 0; 00207 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00208 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00209 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00210 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00211 00212 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00213 ssl->options.usingPSK_cipher = 1; 00214 break; 00215 #endif 00216 00217 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00218 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: 00219 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00220 ssl->specs.cipher_type = aead; 00221 ssl->specs.mac_algorithm = sha256_mac; 00222 ssl->specs.kea = dhe_psk_kea; 00223 ssl->specs.sig_algo = anonymous_sa_algo; 00224 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00225 ssl->specs.pad_size = PAD_SHA; 00226 ssl->specs.static_ecdh = 0; 00227 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00228 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00229 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00230 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00231 00232 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00233 ssl->options.usingPSK_cipher = 1; 00234 break; 00235 #endif 00236 default: 00237 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha"); 00238 return UNSUPPORTED_SUITE; 00239 } 00240 } 00241 00242 /* ECC extensions, or AES-CCM */ 00243 if (ssl->options.cipherSuite0 == ECC_BYTE) { 00244 00245 switch (ssl->options.cipherSuite) { 00246 00247 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 00248 00249 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00250 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : 00251 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00252 ssl->specs.cipher_type = block; 00253 ssl->specs.mac_algorithm = sha256_mac; 00254 ssl->specs.kea = ecc_diffie_hellman_kea; 00255 ssl->specs.sig_algo = rsa_sa_algo; 00256 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00257 ssl->specs.pad_size = PAD_SHA; 00258 ssl->specs.static_ecdh = 0; 00259 ssl->specs.key_size = AES_128_KEY_SIZE; 00260 ssl->specs.iv_size = AES_IV_SIZE; 00261 ssl->specs.block_size = AES_BLOCK_SIZE; 00262 00263 break; 00264 #endif 00265 00266 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00267 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : 00268 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00269 ssl->specs.cipher_type = block; 00270 ssl->specs.mac_algorithm = sha384_mac; 00271 ssl->specs.kea = ecc_diffie_hellman_kea; 00272 ssl->specs.sig_algo = rsa_sa_algo; 00273 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 00274 ssl->specs.pad_size = PAD_SHA; 00275 ssl->specs.static_ecdh = 0; 00276 ssl->specs.key_size = AES_256_KEY_SIZE; 00277 ssl->specs.iv_size = AES_IV_SIZE; 00278 ssl->specs.block_size = AES_BLOCK_SIZE; 00279 00280 break; 00281 #endif 00282 00283 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00284 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : 00285 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00286 ssl->specs.cipher_type = block; 00287 ssl->specs.mac_algorithm = sha_mac; 00288 ssl->specs.kea = ecc_diffie_hellman_kea; 00289 ssl->specs.sig_algo = rsa_sa_algo; 00290 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00291 ssl->specs.pad_size = PAD_SHA; 00292 ssl->specs.static_ecdh = 0; 00293 ssl->specs.key_size = AES_128_KEY_SIZE; 00294 ssl->specs.block_size = AES_BLOCK_SIZE; 00295 ssl->specs.iv_size = AES_IV_SIZE; 00296 00297 break; 00298 #endif 00299 00300 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00301 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : 00302 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00303 ssl->specs.cipher_type = block; 00304 ssl->specs.mac_algorithm = sha_mac; 00305 ssl->specs.kea = ecc_diffie_hellman_kea; 00306 ssl->specs.sig_algo = rsa_sa_algo; 00307 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00308 ssl->specs.pad_size = PAD_SHA; 00309 ssl->specs.static_ecdh = 0; 00310 ssl->specs.key_size = DES3_KEY_SIZE; 00311 ssl->specs.block_size = DES_BLOCK_SIZE; 00312 ssl->specs.iv_size = DES_IV_SIZE; 00313 00314 break; 00315 #endif 00316 00317 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00318 case TLS_ECDHE_RSA_WITH_RC4_128_SHA : 00319 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00320 ssl->specs.cipher_type = stream; 00321 ssl->specs.mac_algorithm = sha_mac; 00322 ssl->specs.kea = ecc_diffie_hellman_kea; 00323 ssl->specs.sig_algo = rsa_sa_algo; 00324 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00325 ssl->specs.pad_size = PAD_SHA; 00326 ssl->specs.static_ecdh = 0; 00327 ssl->specs.key_size = RC4_KEY_SIZE; 00328 ssl->specs.iv_size = 0; 00329 ssl->specs.block_size = 0; 00330 00331 break; 00332 #endif 00333 00334 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00335 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : 00336 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00337 ssl->specs.cipher_type = block; 00338 ssl->specs.mac_algorithm = sha_mac; 00339 ssl->specs.kea = ecc_diffie_hellman_kea; 00340 ssl->specs.sig_algo = rsa_sa_algo; 00341 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00342 ssl->specs.pad_size = PAD_SHA; 00343 ssl->specs.static_ecdh = 0; 00344 ssl->specs.key_size = AES_256_KEY_SIZE; 00345 ssl->specs.block_size = AES_BLOCK_SIZE; 00346 ssl->specs.iv_size = AES_IV_SIZE; 00347 00348 break; 00349 #endif 00350 00351 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00352 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 00353 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00354 ssl->specs.cipher_type = aead; 00355 ssl->specs.mac_algorithm = sha256_mac; 00356 ssl->specs.kea = ecc_diffie_hellman_kea; 00357 ssl->specs.sig_algo = rsa_sa_algo; 00358 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00359 ssl->specs.pad_size = PAD_SHA; 00360 ssl->specs.static_ecdh = 0; 00361 ssl->specs.key_size = AES_128_KEY_SIZE; 00362 ssl->specs.block_size = AES_BLOCK_SIZE; 00363 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00364 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00365 00366 break; 00367 #endif 00368 00369 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00370 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : 00371 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00372 ssl->specs.cipher_type = aead; 00373 ssl->specs.mac_algorithm = sha384_mac; 00374 ssl->specs.kea = ecc_diffie_hellman_kea; 00375 ssl->specs.sig_algo = rsa_sa_algo; 00376 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 00377 ssl->specs.pad_size = PAD_SHA; 00378 ssl->specs.static_ecdh = 0; 00379 ssl->specs.key_size = AES_256_KEY_SIZE; 00380 ssl->specs.block_size = AES_BLOCK_SIZE; 00381 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00382 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00383 00384 break; 00385 #endif 00386 00387 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 00388 case TLS_ECDHE_PSK_WITH_NULL_SHA256 : 00389 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 00390 ssl->specs.cipher_type = stream; 00391 ssl->specs.mac_algorithm = sha256_mac; 00392 ssl->specs.kea = ecdhe_psk_kea; 00393 ssl->specs.sig_algo = anonymous_sa_algo; 00394 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00395 ssl->specs.pad_size = PAD_SHA; 00396 ssl->specs.static_ecdh = 0; 00397 ssl->specs.key_size = 0; 00398 ssl->specs.block_size = 0; 00399 ssl->specs.iv_size = 0; 00400 00401 ssl->options.usingPSK_cipher = 1; 00402 break; 00403 #endif 00404 00405 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00406 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : 00407 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00408 ssl->specs.cipher_type = block; 00409 ssl->specs.mac_algorithm = sha256_mac; 00410 ssl->specs.kea = ecdhe_psk_kea; 00411 ssl->specs.sig_algo = anonymous_sa_algo; 00412 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00413 ssl->specs.pad_size = PAD_SHA; 00414 ssl->specs.static_ecdh = 0; 00415 ssl->specs.key_size = AES_128_KEY_SIZE; 00416 ssl->specs.block_size = AES_BLOCK_SIZE; 00417 ssl->specs.iv_size = AES_IV_SIZE; 00418 00419 ssl->options.usingPSK_cipher = 1; 00420 break; 00421 #endif 00422 00423 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 00424 00425 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) 00426 00427 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00428 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : 00429 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00430 ssl->specs.cipher_type = block; 00431 ssl->specs.mac_algorithm = sha256_mac; 00432 ssl->specs.kea = ecc_diffie_hellman_kea; 00433 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00434 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00435 ssl->specs.pad_size = PAD_SHA; 00436 ssl->specs.static_ecdh = 0; 00437 ssl->specs.key_size = AES_128_KEY_SIZE; 00438 ssl->specs.iv_size = AES_IV_SIZE; 00439 ssl->specs.block_size = AES_BLOCK_SIZE; 00440 00441 break; 00442 #endif 00443 00444 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00445 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : 00446 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00447 ssl->specs.cipher_type = block; 00448 ssl->specs.mac_algorithm = sha384_mac; 00449 ssl->specs.kea = ecc_diffie_hellman_kea; 00450 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00451 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 00452 ssl->specs.pad_size = PAD_SHA; 00453 ssl->specs.static_ecdh = 0; 00454 ssl->specs.key_size = AES_256_KEY_SIZE; 00455 ssl->specs.iv_size = AES_IV_SIZE; 00456 ssl->specs.block_size = AES_BLOCK_SIZE; 00457 00458 break; 00459 #endif 00460 00461 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00462 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : 00463 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00464 ssl->specs.cipher_type = block; 00465 ssl->specs.mac_algorithm = sha_mac; 00466 ssl->specs.kea = ecc_diffie_hellman_kea; 00467 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00468 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00469 ssl->specs.pad_size = PAD_SHA; 00470 ssl->specs.static_ecdh = 0; 00471 ssl->specs.key_size = DES3_KEY_SIZE; 00472 ssl->specs.block_size = DES_BLOCK_SIZE; 00473 ssl->specs.iv_size = DES_IV_SIZE; 00474 00475 break; 00476 #endif 00477 00478 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00479 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : 00480 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00481 ssl->specs.cipher_type = stream; 00482 ssl->specs.mac_algorithm = sha_mac; 00483 ssl->specs.kea = ecc_diffie_hellman_kea; 00484 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00485 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00486 ssl->specs.pad_size = PAD_SHA; 00487 ssl->specs.static_ecdh = 0; 00488 ssl->specs.key_size = RC4_KEY_SIZE; 00489 ssl->specs.iv_size = 0; 00490 ssl->specs.block_size = 0; 00491 00492 break; 00493 #endif 00494 00495 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00496 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : 00497 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00498 ssl->specs.cipher_type = block; 00499 ssl->specs.mac_algorithm = sha_mac; 00500 ssl->specs.kea = ecc_diffie_hellman_kea; 00501 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00502 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00503 ssl->specs.pad_size = PAD_SHA; 00504 ssl->specs.static_ecdh = 0; 00505 ssl->specs.key_size = AES_128_KEY_SIZE; 00506 ssl->specs.block_size = AES_BLOCK_SIZE; 00507 ssl->specs.iv_size = AES_IV_SIZE; 00508 00509 break; 00510 #endif 00511 00512 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00513 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : 00514 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00515 ssl->specs.cipher_type = block; 00516 ssl->specs.mac_algorithm = sha_mac; 00517 ssl->specs.kea = ecc_diffie_hellman_kea; 00518 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00519 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00520 ssl->specs.pad_size = PAD_SHA; 00521 ssl->specs.static_ecdh = 0; 00522 ssl->specs.key_size = AES_256_KEY_SIZE; 00523 ssl->specs.block_size = AES_BLOCK_SIZE; 00524 ssl->specs.iv_size = AES_IV_SIZE; 00525 00526 break; 00527 #endif 00528 00529 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00530 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : 00531 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00532 ssl->specs.cipher_type = aead; 00533 ssl->specs.mac_algorithm = sha256_mac; 00534 ssl->specs.kea = ecc_diffie_hellman_kea; 00535 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00536 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00537 ssl->specs.pad_size = PAD_SHA; 00538 ssl->specs.static_ecdh = 0; 00539 ssl->specs.key_size = AES_128_KEY_SIZE; 00540 ssl->specs.block_size = AES_BLOCK_SIZE; 00541 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00542 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00543 00544 break; 00545 #endif 00546 00547 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00548 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : 00549 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00550 ssl->specs.cipher_type = aead; 00551 ssl->specs.mac_algorithm = sha384_mac; 00552 ssl->specs.kea = ecc_diffie_hellman_kea; 00553 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00554 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 00555 ssl->specs.pad_size = PAD_SHA; 00556 ssl->specs.static_ecdh = 0; 00557 ssl->specs.key_size = AES_256_KEY_SIZE; 00558 ssl->specs.block_size = AES_BLOCK_SIZE; 00559 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00560 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00561 00562 break; 00563 #endif 00564 00565 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 00566 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM : 00567 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00568 ssl->specs.cipher_type = aead; 00569 ssl->specs.mac_algorithm = sha256_mac; 00570 ssl->specs.kea = ecc_diffie_hellman_kea; 00571 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00572 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00573 ssl->specs.pad_size = PAD_SHA; 00574 ssl->specs.static_ecdh = 0; 00575 ssl->specs.key_size = AES_128_KEY_SIZE; 00576 ssl->specs.block_size = AES_BLOCK_SIZE; 00577 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00578 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 00579 00580 break; 00581 #endif 00582 00583 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 00584 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : 00585 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00586 ssl->specs.cipher_type = aead; 00587 ssl->specs.mac_algorithm = sha256_mac; 00588 ssl->specs.kea = ecc_diffie_hellman_kea; 00589 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00590 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00591 ssl->specs.pad_size = PAD_SHA; 00592 ssl->specs.static_ecdh = 0; 00593 ssl->specs.key_size = AES_128_KEY_SIZE; 00594 ssl->specs.block_size = AES_BLOCK_SIZE; 00595 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00596 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00597 00598 break; 00599 #endif 00600 00601 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 00602 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : 00603 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00604 ssl->specs.cipher_type = aead; 00605 ssl->specs.mac_algorithm = sha256_mac; 00606 ssl->specs.kea = ecc_diffie_hellman_kea; 00607 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00608 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00609 ssl->specs.pad_size = PAD_SHA; 00610 ssl->specs.static_ecdh = 0; 00611 ssl->specs.key_size = AES_256_KEY_SIZE; 00612 ssl->specs.block_size = AES_BLOCK_SIZE; 00613 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00614 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00615 00616 break; 00617 #endif 00618 00619 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00620 case TLS_ECDHE_ECDSA_WITH_NULL_SHA : 00621 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 00622 ssl->specs.cipher_type = stream; 00623 ssl->specs.mac_algorithm = sha_mac; 00624 ssl->specs.kea = ecc_diffie_hellman_kea; 00625 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00626 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00627 ssl->specs.pad_size = PAD_SHA; 00628 ssl->specs.static_ecdh = 0; 00629 ssl->specs.key_size = 0; 00630 ssl->specs.block_size = 0; 00631 ssl->specs.iv_size = 0; 00632 00633 break; 00634 #endif 00635 00636 #endif /* HAVE_ECC || (HAVE_CURVE25519 && HAVE_ED25519) */ 00637 00638 #if defined(HAVE_ECC) 00639 00640 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00641 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : 00642 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00643 ssl->specs.cipher_type = block; 00644 ssl->specs.mac_algorithm = sha256_mac; 00645 ssl->specs.kea = ecc_diffie_hellman_kea; 00646 ssl->specs.sig_algo = rsa_sa_algo; 00647 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00648 ssl->specs.pad_size = PAD_SHA; 00649 ssl->specs.static_ecdh = 1; 00650 ssl->specs.key_size = AES_128_KEY_SIZE; 00651 ssl->specs.iv_size = AES_IV_SIZE; 00652 ssl->specs.block_size = AES_BLOCK_SIZE; 00653 00654 break; 00655 #endif 00656 00657 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00658 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : 00659 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00660 ssl->specs.cipher_type = block; 00661 ssl->specs.mac_algorithm = sha256_mac; 00662 ssl->specs.kea = ecc_diffie_hellman_kea; 00663 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00664 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00665 ssl->specs.pad_size = PAD_SHA; 00666 ssl->specs.static_ecdh = 1; 00667 ssl->specs.key_size = AES_128_KEY_SIZE; 00668 ssl->specs.iv_size = AES_IV_SIZE; 00669 ssl->specs.block_size = AES_BLOCK_SIZE; 00670 00671 break; 00672 #endif 00673 00674 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00675 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : 00676 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00677 ssl->specs.cipher_type = block; 00678 ssl->specs.mac_algorithm = sha384_mac; 00679 ssl->specs.kea = ecc_diffie_hellman_kea; 00680 ssl->specs.sig_algo = rsa_sa_algo; 00681 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 00682 ssl->specs.pad_size = PAD_SHA; 00683 ssl->specs.static_ecdh = 1; 00684 ssl->specs.key_size = AES_256_KEY_SIZE; 00685 ssl->specs.iv_size = AES_IV_SIZE; 00686 ssl->specs.block_size = AES_BLOCK_SIZE; 00687 00688 break; 00689 #endif 00690 00691 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00692 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : 00693 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00694 ssl->specs.cipher_type = block; 00695 ssl->specs.mac_algorithm = sha384_mac; 00696 ssl->specs.kea = ecc_diffie_hellman_kea; 00697 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00698 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 00699 ssl->specs.pad_size = PAD_SHA; 00700 ssl->specs.static_ecdh = 1; 00701 ssl->specs.key_size = AES_256_KEY_SIZE; 00702 ssl->specs.iv_size = AES_IV_SIZE; 00703 ssl->specs.block_size = AES_BLOCK_SIZE; 00704 00705 break; 00706 #endif 00707 00708 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00709 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : 00710 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00711 ssl->specs.cipher_type = block; 00712 ssl->specs.mac_algorithm = sha_mac; 00713 ssl->specs.kea = ecc_diffie_hellman_kea; 00714 ssl->specs.sig_algo = rsa_sa_algo; 00715 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00716 ssl->specs.pad_size = PAD_SHA; 00717 ssl->specs.static_ecdh = 1; 00718 ssl->specs.key_size = AES_128_KEY_SIZE; 00719 ssl->specs.block_size = AES_BLOCK_SIZE; 00720 ssl->specs.iv_size = AES_IV_SIZE; 00721 00722 break; 00723 #endif 00724 00725 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00726 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : 00727 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00728 ssl->specs.cipher_type = block; 00729 ssl->specs.mac_algorithm = sha_mac; 00730 ssl->specs.kea = ecc_diffie_hellman_kea; 00731 ssl->specs.sig_algo = rsa_sa_algo; 00732 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00733 ssl->specs.pad_size = PAD_SHA; 00734 ssl->specs.static_ecdh = 1; 00735 ssl->specs.key_size = DES3_KEY_SIZE; 00736 ssl->specs.block_size = DES_BLOCK_SIZE; 00737 ssl->specs.iv_size = DES_IV_SIZE; 00738 00739 break; 00740 #endif 00741 00742 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA 00743 case TLS_ECDH_RSA_WITH_RC4_128_SHA : 00744 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00745 ssl->specs.cipher_type = stream; 00746 ssl->specs.mac_algorithm = sha_mac; 00747 ssl->specs.kea = ecc_diffie_hellman_kea; 00748 ssl->specs.sig_algo = rsa_sa_algo; 00749 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00750 ssl->specs.pad_size = PAD_SHA; 00751 ssl->specs.static_ecdh = 1; 00752 ssl->specs.key_size = RC4_KEY_SIZE; 00753 ssl->specs.iv_size = 0; 00754 ssl->specs.block_size = 0; 00755 00756 break; 00757 #endif 00758 00759 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00760 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : 00761 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00762 ssl->specs.cipher_type = block; 00763 ssl->specs.mac_algorithm = sha_mac; 00764 ssl->specs.kea = ecc_diffie_hellman_kea; 00765 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00766 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00767 ssl->specs.pad_size = PAD_SHA; 00768 ssl->specs.static_ecdh = 1; 00769 ssl->specs.key_size = DES3_KEY_SIZE; 00770 ssl->specs.block_size = DES_BLOCK_SIZE; 00771 ssl->specs.iv_size = DES_IV_SIZE; 00772 00773 break; 00774 #endif 00775 00776 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00777 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : 00778 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00779 ssl->specs.cipher_type = stream; 00780 ssl->specs.mac_algorithm = sha_mac; 00781 ssl->specs.kea = ecc_diffie_hellman_kea; 00782 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00783 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00784 ssl->specs.pad_size = PAD_SHA; 00785 ssl->specs.static_ecdh = 1; 00786 ssl->specs.key_size = RC4_KEY_SIZE; 00787 ssl->specs.iv_size = 0; 00788 ssl->specs.block_size = 0; 00789 00790 break; 00791 #endif 00792 00793 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00794 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : 00795 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00796 ssl->specs.cipher_type = block; 00797 ssl->specs.mac_algorithm = sha_mac; 00798 ssl->specs.kea = ecc_diffie_hellman_kea; 00799 ssl->specs.sig_algo = rsa_sa_algo; 00800 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00801 ssl->specs.pad_size = PAD_SHA; 00802 ssl->specs.static_ecdh = 1; 00803 ssl->specs.key_size = AES_256_KEY_SIZE; 00804 ssl->specs.block_size = AES_BLOCK_SIZE; 00805 ssl->specs.iv_size = AES_IV_SIZE; 00806 00807 break; 00808 #endif 00809 00810 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00811 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : 00812 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00813 ssl->specs.cipher_type = block; 00814 ssl->specs.mac_algorithm = sha_mac; 00815 ssl->specs.kea = ecc_diffie_hellman_kea; 00816 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00817 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00818 ssl->specs.pad_size = PAD_SHA; 00819 ssl->specs.static_ecdh = 1; 00820 ssl->specs.key_size = AES_128_KEY_SIZE; 00821 ssl->specs.block_size = AES_BLOCK_SIZE; 00822 ssl->specs.iv_size = AES_IV_SIZE; 00823 00824 break; 00825 #endif 00826 00827 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00828 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : 00829 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00830 ssl->specs.cipher_type = block; 00831 ssl->specs.mac_algorithm = sha_mac; 00832 ssl->specs.kea = ecc_diffie_hellman_kea; 00833 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00834 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 00835 ssl->specs.pad_size = PAD_SHA; 00836 ssl->specs.static_ecdh = 1; 00837 ssl->specs.key_size = AES_256_KEY_SIZE; 00838 ssl->specs.block_size = AES_BLOCK_SIZE; 00839 ssl->specs.iv_size = AES_IV_SIZE; 00840 00841 break; 00842 #endif 00843 00844 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00845 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : 00846 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00847 ssl->specs.cipher_type = aead; 00848 ssl->specs.mac_algorithm = sha256_mac; 00849 ssl->specs.kea = ecc_diffie_hellman_kea; 00850 ssl->specs.sig_algo = rsa_sa_algo; 00851 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00852 ssl->specs.pad_size = PAD_SHA; 00853 ssl->specs.static_ecdh = 1; 00854 ssl->specs.key_size = AES_128_KEY_SIZE; 00855 ssl->specs.block_size = AES_BLOCK_SIZE; 00856 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00857 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00858 00859 break; 00860 #endif 00861 00862 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00863 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : 00864 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00865 ssl->specs.cipher_type = aead; 00866 ssl->specs.mac_algorithm = sha384_mac; 00867 ssl->specs.kea = ecc_diffie_hellman_kea; 00868 ssl->specs.sig_algo = rsa_sa_algo; 00869 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 00870 ssl->specs.pad_size = PAD_SHA; 00871 ssl->specs.static_ecdh = 1; 00872 ssl->specs.key_size = AES_256_KEY_SIZE; 00873 ssl->specs.block_size = AES_BLOCK_SIZE; 00874 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00875 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00876 00877 break; 00878 #endif 00879 00880 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00881 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : 00882 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00883 ssl->specs.cipher_type = aead; 00884 ssl->specs.mac_algorithm = sha256_mac; 00885 ssl->specs.kea = ecc_diffie_hellman_kea; 00886 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00887 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00888 ssl->specs.pad_size = PAD_SHA; 00889 ssl->specs.static_ecdh = 1; 00890 ssl->specs.key_size = AES_128_KEY_SIZE; 00891 ssl->specs.block_size = AES_BLOCK_SIZE; 00892 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00893 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00894 00895 break; 00896 #endif 00897 00898 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00899 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : 00900 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00901 ssl->specs.cipher_type = aead; 00902 ssl->specs.mac_algorithm = sha384_mac; 00903 ssl->specs.kea = ecc_diffie_hellman_kea; 00904 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00905 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 00906 ssl->specs.pad_size = PAD_SHA; 00907 ssl->specs.static_ecdh = 1; 00908 ssl->specs.key_size = AES_256_KEY_SIZE; 00909 ssl->specs.block_size = AES_BLOCK_SIZE; 00910 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00911 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00912 00913 break; 00914 #endif 00915 00916 #endif /* HAVE_ECC */ 00917 00918 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 00919 case TLS_RSA_WITH_AES_128_CCM_8 : 00920 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00921 ssl->specs.cipher_type = aead; 00922 ssl->specs.mac_algorithm = sha256_mac; 00923 ssl->specs.kea = rsa_kea; 00924 ssl->specs.sig_algo = rsa_sa_algo; 00925 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00926 ssl->specs.pad_size = PAD_SHA; 00927 ssl->specs.static_ecdh = 0; 00928 ssl->specs.key_size = AES_128_KEY_SIZE; 00929 ssl->specs.block_size = AES_BLOCK_SIZE; 00930 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00931 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00932 00933 break; 00934 #endif 00935 00936 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 00937 case TLS_RSA_WITH_AES_256_CCM_8 : 00938 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00939 ssl->specs.cipher_type = aead; 00940 ssl->specs.mac_algorithm = sha256_mac; 00941 ssl->specs.kea = rsa_kea; 00942 ssl->specs.sig_algo = rsa_sa_algo; 00943 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00944 ssl->specs.pad_size = PAD_SHA; 00945 ssl->specs.static_ecdh = 0; 00946 ssl->specs.key_size = AES_256_KEY_SIZE; 00947 ssl->specs.block_size = AES_BLOCK_SIZE; 00948 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00949 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00950 00951 break; 00952 #endif 00953 00954 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 00955 case TLS_PSK_WITH_AES_128_CCM_8 : 00956 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00957 ssl->specs.cipher_type = aead; 00958 ssl->specs.mac_algorithm = sha256_mac; 00959 ssl->specs.kea = psk_kea; 00960 ssl->specs.sig_algo = anonymous_sa_algo; 00961 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00962 ssl->specs.pad_size = PAD_SHA; 00963 ssl->specs.static_ecdh = 0; 00964 ssl->specs.key_size = AES_128_KEY_SIZE; 00965 ssl->specs.block_size = AES_BLOCK_SIZE; 00966 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00967 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00968 00969 ssl->options.usingPSK_cipher = 1; 00970 break; 00971 #endif 00972 00973 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 00974 case TLS_PSK_WITH_AES_256_CCM_8 : 00975 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00976 ssl->specs.cipher_type = aead; 00977 ssl->specs.mac_algorithm = sha256_mac; 00978 ssl->specs.kea = psk_kea; 00979 ssl->specs.sig_algo = anonymous_sa_algo; 00980 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 00981 ssl->specs.pad_size = PAD_SHA; 00982 ssl->specs.static_ecdh = 0; 00983 ssl->specs.key_size = AES_256_KEY_SIZE; 00984 ssl->specs.block_size = AES_BLOCK_SIZE; 00985 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00986 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00987 00988 ssl->options.usingPSK_cipher = 1; 00989 break; 00990 #endif 00991 00992 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM 00993 case TLS_PSK_WITH_AES_128_CCM : 00994 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00995 ssl->specs.cipher_type = aead; 00996 ssl->specs.mac_algorithm = sha256_mac; 00997 ssl->specs.kea = psk_kea; 00998 ssl->specs.sig_algo = anonymous_sa_algo; 00999 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01000 ssl->specs.pad_size = PAD_SHA; 01001 ssl->specs.static_ecdh = 0; 01002 ssl->specs.key_size = AES_128_KEY_SIZE; 01003 ssl->specs.block_size = AES_BLOCK_SIZE; 01004 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01005 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 01006 01007 ssl->options.usingPSK_cipher = 1; 01008 break; 01009 #endif 01010 01011 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM 01012 case TLS_PSK_WITH_AES_256_CCM : 01013 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 01014 ssl->specs.cipher_type = aead; 01015 ssl->specs.mac_algorithm = sha256_mac; 01016 ssl->specs.kea = psk_kea; 01017 ssl->specs.sig_algo = anonymous_sa_algo; 01018 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01019 ssl->specs.pad_size = PAD_SHA; 01020 ssl->specs.static_ecdh = 0; 01021 ssl->specs.key_size = AES_256_KEY_SIZE; 01022 ssl->specs.block_size = AES_BLOCK_SIZE; 01023 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01024 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 01025 01026 ssl->options.usingPSK_cipher = 1; 01027 break; 01028 #endif 01029 01030 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM 01031 case TLS_DHE_PSK_WITH_AES_128_CCM : 01032 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 01033 ssl->specs.cipher_type = aead; 01034 ssl->specs.mac_algorithm = sha256_mac; 01035 ssl->specs.kea = dhe_psk_kea; 01036 ssl->specs.sig_algo = anonymous_sa_algo; 01037 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01038 ssl->specs.pad_size = PAD_SHA; 01039 ssl->specs.static_ecdh = 0; 01040 ssl->specs.key_size = AES_128_KEY_SIZE; 01041 ssl->specs.block_size = AES_BLOCK_SIZE; 01042 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01043 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 01044 01045 ssl->options.usingPSK_cipher = 1; 01046 break; 01047 #endif 01048 01049 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM 01050 case TLS_DHE_PSK_WITH_AES_256_CCM : 01051 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 01052 ssl->specs.cipher_type = aead; 01053 ssl->specs.mac_algorithm = sha256_mac; 01054 ssl->specs.kea = dhe_psk_kea; 01055 ssl->specs.sig_algo = anonymous_sa_algo; 01056 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01057 ssl->specs.pad_size = PAD_SHA; 01058 ssl->specs.static_ecdh = 0; 01059 ssl->specs.key_size = AES_256_KEY_SIZE; 01060 ssl->specs.block_size = AES_BLOCK_SIZE; 01061 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01062 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 01063 01064 ssl->options.usingPSK_cipher = 1; 01065 break; 01066 #endif 01067 01068 default: 01069 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC"); 01070 return UNSUPPORTED_SUITE; 01071 } /* switch */ 01072 } /* if */ 01073 01074 /* TLSi v1.3 cipher suites, 0x13 */ 01075 if (ssl->options.cipherSuite0 == TLS13_BYTE) { 01076 switch (ssl->options.cipherSuite) { 01077 01078 #ifdef WOLFSSL_TLS13 01079 #ifdef BUILD_TLS_AES_128_GCM_SHA256 01080 case TLS_AES_128_GCM_SHA256 : 01081 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01082 ssl->specs.cipher_type = aead; 01083 ssl->specs.mac_algorithm = sha256_mac; 01084 ssl->specs.kea = 0; 01085 ssl->specs.sig_algo = 0; 01086 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01087 ssl->specs.pad_size = PAD_SHA; 01088 ssl->specs.static_ecdh = 0; 01089 ssl->specs.key_size = AES_128_KEY_SIZE; 01090 ssl->specs.block_size = AES_BLOCK_SIZE; 01091 ssl->specs.iv_size = AESGCM_NONCE_SZ; 01092 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01093 01094 break; 01095 #endif 01096 01097 #ifdef BUILD_TLS_AES_256_GCM_SHA384 01098 case TLS_AES_256_GCM_SHA384 : 01099 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01100 ssl->specs.cipher_type = aead; 01101 ssl->specs.mac_algorithm = sha384_mac; 01102 ssl->specs.kea = 0; 01103 ssl->specs.sig_algo = 0; 01104 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 01105 ssl->specs.pad_size = PAD_SHA; 01106 ssl->specs.static_ecdh = 0; 01107 ssl->specs.key_size = AES_256_KEY_SIZE; 01108 ssl->specs.block_size = AES_BLOCK_SIZE; 01109 ssl->specs.iv_size = AESGCM_NONCE_SZ; 01110 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01111 01112 break; 01113 #endif 01114 01115 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 01116 case TLS_CHACHA20_POLY1305_SHA256 : 01117 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 01118 ssl->specs.cipher_type = aead; 01119 ssl->specs.mac_algorithm = sha256_mac; 01120 ssl->specs.kea = 0; 01121 ssl->specs.sig_algo = 0; 01122 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01123 ssl->specs.pad_size = PAD_SHA; 01124 ssl->specs.static_ecdh = 0; 01125 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 01126 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 01127 ssl->specs.iv_size = CHACHA20_IV_SIZE; 01128 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 01129 ssl->options.oldPoly = 0; /* use recent padding RFC */ 01130 01131 break; 01132 #endif 01133 01134 #ifdef BUILD_TLS_AES_128_CCM_SHA256 01135 case TLS_AES_128_CCM_SHA256 : 01136 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 01137 ssl->specs.cipher_type = aead; 01138 ssl->specs.mac_algorithm = sha256_mac; 01139 ssl->specs.kea = 0; 01140 ssl->specs.sig_algo = 0; 01141 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01142 ssl->specs.pad_size = PAD_SHA; 01143 ssl->specs.static_ecdh = 0; 01144 ssl->specs.key_size = AES_128_KEY_SIZE; 01145 ssl->specs.block_size = AES_BLOCK_SIZE; 01146 ssl->specs.iv_size = AESGCM_NONCE_SZ; 01147 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 01148 01149 break; 01150 #endif 01151 01152 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 01153 case TLS_AES_128_CCM_8_SHA256 : 01154 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 01155 ssl->specs.cipher_type = aead; 01156 ssl->specs.mac_algorithm = sha256_mac; 01157 ssl->specs.kea = 0; 01158 ssl->specs.sig_algo = 0; 01159 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01160 ssl->specs.pad_size = PAD_SHA; 01161 ssl->specs.static_ecdh = 0; 01162 ssl->specs.key_size = AES_128_KEY_SIZE; 01163 ssl->specs.block_size = AES_BLOCK_SIZE; 01164 ssl->specs.iv_size = AESGCM_NONCE_SZ; 01165 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 01166 01167 break; 01168 #endif 01169 #endif /* WOLFSSL_TLS13 */ 01170 } 01171 } 01172 01173 if (ssl->options.cipherSuite0 != ECC_BYTE && 01174 ssl->options.cipherSuite0 != CHACHA_BYTE && 01175 ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */ 01176 switch (ssl->options.cipherSuite) { 01177 01178 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA 01179 case SSL_RSA_WITH_RC4_128_SHA : 01180 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 01181 ssl->specs.cipher_type = stream; 01182 ssl->specs.mac_algorithm = sha_mac; 01183 ssl->specs.kea = rsa_kea; 01184 ssl->specs.sig_algo = rsa_sa_algo; 01185 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01186 ssl->specs.pad_size = PAD_SHA; 01187 ssl->specs.static_ecdh = 0; 01188 ssl->specs.key_size = RC4_KEY_SIZE; 01189 ssl->specs.iv_size = 0; 01190 ssl->specs.block_size = 0; 01191 01192 break; 01193 #endif 01194 01195 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA 01196 case TLS_NTRU_RSA_WITH_RC4_128_SHA : 01197 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 01198 ssl->specs.cipher_type = stream; 01199 ssl->specs.mac_algorithm = sha_mac; 01200 ssl->specs.kea = ntru_kea; 01201 ssl->specs.sig_algo = rsa_sa_algo; 01202 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01203 ssl->specs.pad_size = PAD_SHA; 01204 ssl->specs.static_ecdh = 0; 01205 ssl->specs.key_size = RC4_KEY_SIZE; 01206 ssl->specs.iv_size = 0; 01207 ssl->specs.block_size = 0; 01208 01209 break; 01210 #endif 01211 01212 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 01213 case SSL_RSA_WITH_RC4_128_MD5 : 01214 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 01215 ssl->specs.cipher_type = stream; 01216 ssl->specs.mac_algorithm = md5_mac; 01217 ssl->specs.kea = rsa_kea; 01218 ssl->specs.sig_algo = rsa_sa_algo; 01219 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE; 01220 ssl->specs.pad_size = PAD_MD5; 01221 ssl->specs.static_ecdh = 0; 01222 ssl->specs.key_size = RC4_KEY_SIZE; 01223 ssl->specs.iv_size = 0; 01224 ssl->specs.block_size = 0; 01225 01226 break; 01227 #endif 01228 01229 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 01230 case SSL_RSA_WITH_3DES_EDE_CBC_SHA : 01231 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 01232 ssl->specs.cipher_type = block; 01233 ssl->specs.mac_algorithm = sha_mac; 01234 ssl->specs.kea = rsa_kea; 01235 ssl->specs.sig_algo = rsa_sa_algo; 01236 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01237 ssl->specs.pad_size = PAD_SHA; 01238 ssl->specs.static_ecdh = 0; 01239 ssl->specs.key_size = DES3_KEY_SIZE; 01240 ssl->specs.block_size = DES_BLOCK_SIZE; 01241 ssl->specs.iv_size = DES_IV_SIZE; 01242 01243 break; 01244 #endif 01245 01246 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA 01247 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : 01248 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 01249 ssl->specs.cipher_type = block; 01250 ssl->specs.mac_algorithm = sha_mac; 01251 ssl->specs.kea = ntru_kea; 01252 ssl->specs.sig_algo = rsa_sa_algo; 01253 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01254 ssl->specs.pad_size = PAD_SHA; 01255 ssl->specs.static_ecdh = 0; 01256 ssl->specs.key_size = DES3_KEY_SIZE; 01257 ssl->specs.block_size = DES_BLOCK_SIZE; 01258 ssl->specs.iv_size = DES_IV_SIZE; 01259 01260 break; 01261 #endif 01262 01263 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 01264 case TLS_RSA_WITH_AES_128_CBC_SHA : 01265 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01266 ssl->specs.cipher_type = block; 01267 ssl->specs.mac_algorithm = sha_mac; 01268 ssl->specs.kea = rsa_kea; 01269 ssl->specs.sig_algo = rsa_sa_algo; 01270 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01271 ssl->specs.pad_size = PAD_SHA; 01272 ssl->specs.static_ecdh = 0; 01273 ssl->specs.key_size = AES_128_KEY_SIZE; 01274 ssl->specs.block_size = AES_BLOCK_SIZE; 01275 ssl->specs.iv_size = AES_IV_SIZE; 01276 01277 break; 01278 #endif 01279 01280 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 01281 case TLS_RSA_WITH_AES_128_CBC_SHA256 : 01282 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01283 ssl->specs.cipher_type = block; 01284 ssl->specs.mac_algorithm = sha256_mac; 01285 ssl->specs.kea = rsa_kea; 01286 ssl->specs.sig_algo = rsa_sa_algo; 01287 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01288 ssl->specs.pad_size = PAD_SHA; 01289 ssl->specs.static_ecdh = 0; 01290 ssl->specs.key_size = AES_128_KEY_SIZE; 01291 ssl->specs.block_size = AES_BLOCK_SIZE; 01292 ssl->specs.iv_size = AES_IV_SIZE; 01293 01294 break; 01295 #endif 01296 01297 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA 01298 case TLS_RSA_WITH_NULL_SHA : 01299 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01300 ssl->specs.cipher_type = stream; 01301 ssl->specs.mac_algorithm = sha_mac; 01302 ssl->specs.kea = rsa_kea; 01303 ssl->specs.sig_algo = rsa_sa_algo; 01304 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01305 ssl->specs.pad_size = PAD_SHA; 01306 ssl->specs.static_ecdh = 0; 01307 ssl->specs.key_size = 0; 01308 ssl->specs.block_size = 0; 01309 ssl->specs.iv_size = 0; 01310 01311 break; 01312 #endif 01313 01314 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 01315 case TLS_RSA_WITH_NULL_SHA256 : 01316 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01317 ssl->specs.cipher_type = stream; 01318 ssl->specs.mac_algorithm = sha256_mac; 01319 ssl->specs.kea = rsa_kea; 01320 ssl->specs.sig_algo = rsa_sa_algo; 01321 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01322 ssl->specs.pad_size = PAD_SHA; 01323 ssl->specs.static_ecdh = 0; 01324 ssl->specs.key_size = 0; 01325 ssl->specs.block_size = 0; 01326 ssl->specs.iv_size = 0; 01327 01328 break; 01329 #endif 01330 01331 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA 01332 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : 01333 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01334 ssl->specs.cipher_type = block; 01335 ssl->specs.mac_algorithm = sha_mac; 01336 ssl->specs.kea = ntru_kea; 01337 ssl->specs.sig_algo = rsa_sa_algo; 01338 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01339 ssl->specs.pad_size = PAD_SHA; 01340 ssl->specs.static_ecdh = 0; 01341 ssl->specs.key_size = AES_128_KEY_SIZE; 01342 ssl->specs.block_size = AES_BLOCK_SIZE; 01343 ssl->specs.iv_size = AES_IV_SIZE; 01344 01345 break; 01346 #endif 01347 01348 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 01349 case TLS_RSA_WITH_AES_256_CBC_SHA : 01350 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01351 ssl->specs.cipher_type = block; 01352 ssl->specs.mac_algorithm = sha_mac; 01353 ssl->specs.kea = rsa_kea; 01354 ssl->specs.sig_algo = rsa_sa_algo; 01355 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01356 ssl->specs.pad_size = PAD_SHA; 01357 ssl->specs.static_ecdh = 0; 01358 ssl->specs.key_size = AES_256_KEY_SIZE; 01359 ssl->specs.block_size = AES_BLOCK_SIZE; 01360 ssl->specs.iv_size = AES_IV_SIZE; 01361 01362 break; 01363 #endif 01364 01365 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 01366 case TLS_RSA_WITH_AES_256_CBC_SHA256 : 01367 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01368 ssl->specs.cipher_type = block; 01369 ssl->specs.mac_algorithm = sha256_mac; 01370 ssl->specs.kea = rsa_kea; 01371 ssl->specs.sig_algo = rsa_sa_algo; 01372 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01373 ssl->specs.pad_size = PAD_SHA; 01374 ssl->specs.static_ecdh = 0; 01375 ssl->specs.key_size = AES_256_KEY_SIZE; 01376 ssl->specs.block_size = AES_BLOCK_SIZE; 01377 ssl->specs.iv_size = AES_IV_SIZE; 01378 01379 break; 01380 #endif 01381 01382 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA 01383 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : 01384 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01385 ssl->specs.cipher_type = block; 01386 ssl->specs.mac_algorithm = sha_mac; 01387 ssl->specs.kea = ntru_kea; 01388 ssl->specs.sig_algo = rsa_sa_algo; 01389 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01390 ssl->specs.pad_size = PAD_SHA; 01391 ssl->specs.static_ecdh = 0; 01392 ssl->specs.key_size = AES_256_KEY_SIZE; 01393 ssl->specs.block_size = AES_BLOCK_SIZE; 01394 ssl->specs.iv_size = AES_IV_SIZE; 01395 01396 break; 01397 #endif 01398 01399 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 01400 case TLS_PSK_WITH_AES_128_GCM_SHA256 : 01401 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01402 ssl->specs.cipher_type = aead; 01403 ssl->specs.mac_algorithm = sha256_mac; 01404 ssl->specs.kea = psk_kea; 01405 ssl->specs.sig_algo = anonymous_sa_algo; 01406 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01407 ssl->specs.pad_size = PAD_SHA; 01408 ssl->specs.static_ecdh = 0; 01409 ssl->specs.key_size = AES_128_KEY_SIZE; 01410 ssl->specs.block_size = AES_BLOCK_SIZE; 01411 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01412 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01413 01414 ssl->options.usingPSK_cipher = 1; 01415 break; 01416 #endif 01417 01418 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 01419 case TLS_PSK_WITH_AES_256_GCM_SHA384 : 01420 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01421 ssl->specs.cipher_type = aead; 01422 ssl->specs.mac_algorithm = sha384_mac; 01423 ssl->specs.kea = psk_kea; 01424 ssl->specs.sig_algo = anonymous_sa_algo; 01425 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 01426 ssl->specs.pad_size = PAD_SHA; 01427 ssl->specs.static_ecdh = 0; 01428 ssl->specs.key_size = AES_256_KEY_SIZE; 01429 ssl->specs.block_size = AES_BLOCK_SIZE; 01430 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01431 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01432 01433 ssl->options.usingPSK_cipher = 1; 01434 break; 01435 #endif 01436 01437 #ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 01438 case TLS_DH_anon_WITH_AES_256_GCM_SHA384: 01439 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01440 ssl->specs.cipher_type = aead; 01441 ssl->specs.mac_algorithm = sha384_mac; 01442 ssl->specs.kea = diffie_hellman_kea; 01443 ssl->specs.sig_algo = anonymous_sa_algo; 01444 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 01445 ssl->specs.pad_size = PAD_SHA; 01446 ssl->specs.static_ecdh = 0; 01447 ssl->specs.key_size = AES_256_KEY_SIZE; 01448 ssl->specs.block_size = AES_BLOCK_SIZE; 01449 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01450 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01451 01452 ssl->options.usingAnon_cipher = 1; 01453 break; 01454 #endif 01455 01456 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01457 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : 01458 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01459 ssl->specs.cipher_type = aead; 01460 ssl->specs.mac_algorithm = sha256_mac; 01461 ssl->specs.kea = dhe_psk_kea; 01462 ssl->specs.sig_algo = anonymous_sa_algo; 01463 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01464 ssl->specs.pad_size = PAD_SHA; 01465 ssl->specs.static_ecdh = 0; 01466 ssl->specs.key_size = AES_128_KEY_SIZE; 01467 ssl->specs.block_size = AES_BLOCK_SIZE; 01468 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01469 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01470 01471 ssl->options.usingPSK_cipher = 1; 01472 break; 01473 #endif 01474 01475 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01476 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : 01477 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01478 ssl->specs.cipher_type = aead; 01479 ssl->specs.mac_algorithm = sha384_mac; 01480 ssl->specs.kea = dhe_psk_kea; 01481 ssl->specs.sig_algo = anonymous_sa_algo; 01482 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 01483 ssl->specs.pad_size = PAD_SHA; 01484 ssl->specs.static_ecdh = 0; 01485 ssl->specs.key_size = AES_256_KEY_SIZE; 01486 ssl->specs.block_size = AES_BLOCK_SIZE; 01487 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01488 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01489 01490 ssl->options.usingPSK_cipher = 1; 01491 break; 01492 #endif 01493 01494 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 01495 case TLS_PSK_WITH_AES_128_CBC_SHA256 : 01496 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01497 ssl->specs.cipher_type = block; 01498 ssl->specs.mac_algorithm = sha256_mac; 01499 ssl->specs.kea = psk_kea; 01500 ssl->specs.sig_algo = anonymous_sa_algo; 01501 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01502 ssl->specs.pad_size = PAD_SHA; 01503 ssl->specs.static_ecdh = 0; 01504 ssl->specs.key_size = AES_128_KEY_SIZE; 01505 ssl->specs.block_size = AES_BLOCK_SIZE; 01506 ssl->specs.iv_size = AES_IV_SIZE; 01507 01508 ssl->options.usingPSK_cipher = 1; 01509 break; 01510 #endif 01511 01512 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 01513 case TLS_PSK_WITH_AES_256_CBC_SHA384 : 01514 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01515 ssl->specs.cipher_type = block; 01516 ssl->specs.mac_algorithm = sha384_mac; 01517 ssl->specs.kea = psk_kea; 01518 ssl->specs.sig_algo = anonymous_sa_algo; 01519 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 01520 ssl->specs.pad_size = PAD_SHA; 01521 ssl->specs.static_ecdh = 0; 01522 ssl->specs.key_size = AES_256_KEY_SIZE; 01523 ssl->specs.block_size = AES_BLOCK_SIZE; 01524 ssl->specs.iv_size = AES_IV_SIZE; 01525 01526 ssl->options.usingPSK_cipher = 1; 01527 break; 01528 #endif 01529 01530 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01531 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : 01532 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01533 ssl->specs.cipher_type = block; 01534 ssl->specs.mac_algorithm = sha256_mac; 01535 ssl->specs.kea = dhe_psk_kea; 01536 ssl->specs.sig_algo = anonymous_sa_algo; 01537 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01538 ssl->specs.pad_size = PAD_SHA; 01539 ssl->specs.static_ecdh = 0; 01540 ssl->specs.key_size = AES_128_KEY_SIZE; 01541 ssl->specs.block_size = AES_BLOCK_SIZE; 01542 ssl->specs.iv_size = AES_IV_SIZE; 01543 01544 ssl->options.usingPSK_cipher = 1; 01545 break; 01546 #endif 01547 01548 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01549 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : 01550 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01551 ssl->specs.cipher_type = block; 01552 ssl->specs.mac_algorithm = sha384_mac; 01553 ssl->specs.kea = dhe_psk_kea; 01554 ssl->specs.sig_algo = anonymous_sa_algo; 01555 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 01556 ssl->specs.pad_size = PAD_SHA; 01557 ssl->specs.static_ecdh = 0; 01558 ssl->specs.key_size = AES_256_KEY_SIZE; 01559 ssl->specs.block_size = AES_BLOCK_SIZE; 01560 ssl->specs.iv_size = AES_IV_SIZE; 01561 01562 ssl->options.usingPSK_cipher = 1; 01563 break; 01564 #endif 01565 01566 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 01567 case TLS_PSK_WITH_AES_128_CBC_SHA : 01568 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01569 ssl->specs.cipher_type = block; 01570 ssl->specs.mac_algorithm = sha_mac; 01571 ssl->specs.kea = psk_kea; 01572 ssl->specs.sig_algo = anonymous_sa_algo; 01573 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01574 ssl->specs.pad_size = PAD_SHA; 01575 ssl->specs.static_ecdh = 0; 01576 ssl->specs.key_size = AES_128_KEY_SIZE; 01577 ssl->specs.block_size = AES_BLOCK_SIZE; 01578 ssl->specs.iv_size = AES_IV_SIZE; 01579 01580 ssl->options.usingPSK_cipher = 1; 01581 break; 01582 #endif 01583 01584 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 01585 case TLS_PSK_WITH_AES_256_CBC_SHA : 01586 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01587 ssl->specs.cipher_type = block; 01588 ssl->specs.mac_algorithm = sha_mac; 01589 ssl->specs.kea = psk_kea; 01590 ssl->specs.sig_algo = anonymous_sa_algo; 01591 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01592 ssl->specs.pad_size = PAD_SHA; 01593 ssl->specs.static_ecdh = 0; 01594 ssl->specs.key_size = AES_256_KEY_SIZE; 01595 ssl->specs.block_size = AES_BLOCK_SIZE; 01596 ssl->specs.iv_size = AES_IV_SIZE; 01597 01598 ssl->options.usingPSK_cipher = 1; 01599 break; 01600 #endif 01601 01602 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 01603 case TLS_PSK_WITH_NULL_SHA256 : 01604 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01605 ssl->specs.cipher_type = stream; 01606 ssl->specs.mac_algorithm = sha256_mac; 01607 ssl->specs.kea = psk_kea; 01608 ssl->specs.sig_algo = anonymous_sa_algo; 01609 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01610 ssl->specs.pad_size = PAD_SHA; 01611 ssl->specs.static_ecdh = 0; 01612 ssl->specs.key_size = 0; 01613 ssl->specs.block_size = 0; 01614 ssl->specs.iv_size = 0; 01615 01616 ssl->options.usingPSK_cipher = 1; 01617 break; 01618 #endif 01619 01620 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 01621 case TLS_PSK_WITH_NULL_SHA384 : 01622 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01623 ssl->specs.cipher_type = stream; 01624 ssl->specs.mac_algorithm = sha384_mac; 01625 ssl->specs.kea = psk_kea; 01626 ssl->specs.sig_algo = anonymous_sa_algo; 01627 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 01628 ssl->specs.pad_size = PAD_SHA; 01629 ssl->specs.static_ecdh = 0; 01630 ssl->specs.key_size = 0; 01631 ssl->specs.block_size = 0; 01632 ssl->specs.iv_size = 0; 01633 01634 ssl->options.usingPSK_cipher = 1; 01635 break; 01636 #endif 01637 01638 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA 01639 case TLS_PSK_WITH_NULL_SHA : 01640 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01641 ssl->specs.cipher_type = stream; 01642 ssl->specs.mac_algorithm = sha_mac; 01643 ssl->specs.kea = psk_kea; 01644 ssl->specs.sig_algo = anonymous_sa_algo; 01645 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01646 ssl->specs.pad_size = PAD_SHA; 01647 ssl->specs.static_ecdh = 0; 01648 ssl->specs.key_size = 0; 01649 ssl->specs.block_size = 0; 01650 ssl->specs.iv_size = 0; 01651 01652 ssl->options.usingPSK_cipher = 1; 01653 break; 01654 #endif 01655 01656 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 01657 case TLS_DHE_PSK_WITH_NULL_SHA256 : 01658 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01659 ssl->specs.cipher_type = stream; 01660 ssl->specs.mac_algorithm = sha256_mac; 01661 ssl->specs.kea = dhe_psk_kea; 01662 ssl->specs.sig_algo = anonymous_sa_algo; 01663 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01664 ssl->specs.pad_size = PAD_SHA; 01665 ssl->specs.static_ecdh = 0; 01666 ssl->specs.key_size = 0; 01667 ssl->specs.block_size = 0; 01668 ssl->specs.iv_size = 0; 01669 01670 ssl->options.usingPSK_cipher = 1; 01671 break; 01672 #endif 01673 01674 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 01675 case TLS_DHE_PSK_WITH_NULL_SHA384 : 01676 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01677 ssl->specs.cipher_type = stream; 01678 ssl->specs.mac_algorithm = sha384_mac; 01679 ssl->specs.kea = dhe_psk_kea; 01680 ssl->specs.sig_algo = anonymous_sa_algo; 01681 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 01682 ssl->specs.pad_size = PAD_SHA; 01683 ssl->specs.static_ecdh = 0; 01684 ssl->specs.key_size = 0; 01685 ssl->specs.block_size = 0; 01686 ssl->specs.iv_size = 0; 01687 01688 ssl->options.usingPSK_cipher = 1; 01689 break; 01690 #endif 01691 01692 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01693 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : 01694 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01695 ssl->specs.cipher_type = block; 01696 ssl->specs.mac_algorithm = sha256_mac; 01697 ssl->specs.kea = diffie_hellman_kea; 01698 ssl->specs.sig_algo = rsa_sa_algo; 01699 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01700 ssl->specs.pad_size = PAD_SHA; 01701 ssl->specs.static_ecdh = 0; 01702 ssl->specs.key_size = AES_128_KEY_SIZE; 01703 ssl->specs.block_size = AES_BLOCK_SIZE; 01704 ssl->specs.iv_size = AES_IV_SIZE; 01705 01706 break; 01707 #endif 01708 01709 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01710 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA : 01711 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 01712 ssl->specs.cipher_type = block; 01713 ssl->specs.mac_algorithm = sha_mac; 01714 ssl->specs.kea = diffie_hellman_kea; 01715 ssl->specs.sig_algo = rsa_sa_algo; 01716 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01717 ssl->specs.pad_size = PAD_SHA; 01718 ssl->specs.static_ecdh = 0; 01719 ssl->specs.key_size = DES3_KEY_SIZE; 01720 ssl->specs.block_size = DES_BLOCK_SIZE; 01721 ssl->specs.iv_size = DES_IV_SIZE; 01722 01723 break; 01724 #endif 01725 01726 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01727 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : 01728 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01729 ssl->specs.cipher_type = block; 01730 ssl->specs.mac_algorithm = sha256_mac; 01731 ssl->specs.kea = diffie_hellman_kea; 01732 ssl->specs.sig_algo = rsa_sa_algo; 01733 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01734 ssl->specs.pad_size = PAD_SHA; 01735 ssl->specs.static_ecdh = 0; 01736 ssl->specs.key_size = AES_256_KEY_SIZE; 01737 ssl->specs.block_size = AES_BLOCK_SIZE; 01738 ssl->specs.iv_size = AES_IV_SIZE; 01739 01740 break; 01741 #endif 01742 01743 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01744 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : 01745 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01746 ssl->specs.cipher_type = block; 01747 ssl->specs.mac_algorithm = sha_mac; 01748 ssl->specs.kea = diffie_hellman_kea; 01749 ssl->specs.sig_algo = rsa_sa_algo; 01750 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01751 ssl->specs.pad_size = PAD_SHA; 01752 ssl->specs.static_ecdh = 0; 01753 ssl->specs.key_size = AES_128_KEY_SIZE; 01754 ssl->specs.block_size = AES_BLOCK_SIZE; 01755 ssl->specs.iv_size = AES_IV_SIZE; 01756 01757 break; 01758 #endif 01759 01760 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01761 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : 01762 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01763 ssl->specs.cipher_type = block; 01764 ssl->specs.mac_algorithm = sha_mac; 01765 ssl->specs.kea = diffie_hellman_kea; 01766 ssl->specs.sig_algo = rsa_sa_algo; 01767 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01768 ssl->specs.pad_size = PAD_SHA; 01769 ssl->specs.static_ecdh = 0; 01770 ssl->specs.key_size = AES_256_KEY_SIZE; 01771 ssl->specs.block_size = AES_BLOCK_SIZE; 01772 ssl->specs.iv_size = AES_IV_SIZE; 01773 01774 break; 01775 #endif 01776 01777 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 01778 case TLS_RSA_WITH_HC_128_MD5 : 01779 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; 01780 ssl->specs.cipher_type = stream; 01781 ssl->specs.mac_algorithm = md5_mac; 01782 ssl->specs.kea = rsa_kea; 01783 ssl->specs.sig_algo = rsa_sa_algo; 01784 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE; 01785 ssl->specs.pad_size = PAD_MD5; 01786 ssl->specs.static_ecdh = 0; 01787 ssl->specs.key_size = HC_128_KEY_SIZE; 01788 ssl->specs.block_size = 0; 01789 ssl->specs.iv_size = HC_128_IV_SIZE; 01790 01791 break; 01792 #endif 01793 01794 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA 01795 case TLS_RSA_WITH_HC_128_SHA : 01796 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; 01797 ssl->specs.cipher_type = stream; 01798 ssl->specs.mac_algorithm = sha_mac; 01799 ssl->specs.kea = rsa_kea; 01800 ssl->specs.sig_algo = rsa_sa_algo; 01801 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01802 ssl->specs.pad_size = PAD_SHA; 01803 ssl->specs.static_ecdh = 0; 01804 ssl->specs.key_size = HC_128_KEY_SIZE; 01805 ssl->specs.block_size = 0; 01806 ssl->specs.iv_size = HC_128_IV_SIZE; 01807 01808 break; 01809 #endif 01810 01811 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 01812 case TLS_RSA_WITH_HC_128_B2B256: 01813 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; 01814 ssl->specs.cipher_type = stream; 01815 ssl->specs.mac_algorithm = blake2b_mac; 01816 ssl->specs.kea = rsa_kea; 01817 ssl->specs.sig_algo = rsa_sa_algo; 01818 ssl->specs.hash_size = BLAKE2B_256; 01819 ssl->specs.pad_size = PAD_SHA; 01820 ssl->specs.static_ecdh = 0; 01821 ssl->specs.key_size = HC_128_KEY_SIZE; 01822 ssl->specs.block_size = 0; 01823 ssl->specs.iv_size = HC_128_IV_SIZE; 01824 01825 break; 01826 #endif 01827 01828 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 01829 case TLS_RSA_WITH_AES_128_CBC_B2B256: 01830 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01831 ssl->specs.cipher_type = block; 01832 ssl->specs.mac_algorithm = blake2b_mac; 01833 ssl->specs.kea = rsa_kea; 01834 ssl->specs.sig_algo = rsa_sa_algo; 01835 ssl->specs.hash_size = BLAKE2B_256; 01836 ssl->specs.pad_size = PAD_SHA; 01837 ssl->specs.static_ecdh = 0; 01838 ssl->specs.key_size = AES_128_KEY_SIZE; 01839 ssl->specs.iv_size = AES_IV_SIZE; 01840 ssl->specs.block_size = AES_BLOCK_SIZE; 01841 01842 break; 01843 #endif 01844 01845 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 01846 case TLS_RSA_WITH_AES_256_CBC_B2B256: 01847 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01848 ssl->specs.cipher_type = block; 01849 ssl->specs.mac_algorithm = blake2b_mac; 01850 ssl->specs.kea = rsa_kea; 01851 ssl->specs.sig_algo = rsa_sa_algo; 01852 ssl->specs.hash_size = BLAKE2B_256; 01853 ssl->specs.pad_size = PAD_SHA; 01854 ssl->specs.static_ecdh = 0; 01855 ssl->specs.key_size = AES_256_KEY_SIZE; 01856 ssl->specs.iv_size = AES_IV_SIZE; 01857 ssl->specs.block_size = AES_BLOCK_SIZE; 01858 01859 break; 01860 #endif 01861 01862 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA 01863 case TLS_RSA_WITH_RABBIT_SHA : 01864 ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit; 01865 ssl->specs.cipher_type = stream; 01866 ssl->specs.mac_algorithm = sha_mac; 01867 ssl->specs.kea = rsa_kea; 01868 ssl->specs.sig_algo = rsa_sa_algo; 01869 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01870 ssl->specs.pad_size = PAD_SHA; 01871 ssl->specs.static_ecdh = 0; 01872 ssl->specs.key_size = RABBIT_KEY_SIZE; 01873 ssl->specs.block_size = 0; 01874 ssl->specs.iv_size = RABBIT_IV_SIZE; 01875 01876 break; 01877 #endif 01878 01879 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 01880 case TLS_RSA_WITH_AES_128_GCM_SHA256 : 01881 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01882 ssl->specs.cipher_type = aead; 01883 ssl->specs.mac_algorithm = sha256_mac; 01884 ssl->specs.kea = rsa_kea; 01885 ssl->specs.sig_algo = rsa_sa_algo; 01886 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01887 ssl->specs.pad_size = PAD_SHA; 01888 ssl->specs.static_ecdh = 0; 01889 ssl->specs.key_size = AES_128_KEY_SIZE; 01890 ssl->specs.block_size = AES_BLOCK_SIZE; 01891 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01892 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01893 01894 break; 01895 #endif 01896 01897 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 01898 case TLS_RSA_WITH_AES_256_GCM_SHA384 : 01899 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01900 ssl->specs.cipher_type = aead; 01901 ssl->specs.mac_algorithm = sha384_mac; 01902 ssl->specs.kea = rsa_kea; 01903 ssl->specs.sig_algo = rsa_sa_algo; 01904 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 01905 ssl->specs.pad_size = PAD_SHA; 01906 ssl->specs.static_ecdh = 0; 01907 ssl->specs.key_size = AES_256_KEY_SIZE; 01908 ssl->specs.block_size = AES_BLOCK_SIZE; 01909 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01910 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01911 01912 break; 01913 #endif 01914 01915 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01916 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : 01917 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01918 ssl->specs.cipher_type = aead; 01919 ssl->specs.mac_algorithm = sha256_mac; 01920 ssl->specs.kea = diffie_hellman_kea; 01921 ssl->specs.sig_algo = rsa_sa_algo; 01922 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01923 ssl->specs.pad_size = PAD_SHA; 01924 ssl->specs.static_ecdh = 0; 01925 ssl->specs.key_size = AES_128_KEY_SIZE; 01926 ssl->specs.block_size = AES_BLOCK_SIZE; 01927 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01928 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01929 01930 break; 01931 #endif 01932 01933 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01934 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : 01935 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01936 ssl->specs.cipher_type = aead; 01937 ssl->specs.mac_algorithm = sha384_mac; 01938 ssl->specs.kea = diffie_hellman_kea; 01939 ssl->specs.sig_algo = rsa_sa_algo; 01940 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; 01941 ssl->specs.pad_size = PAD_SHA; 01942 ssl->specs.static_ecdh = 0; 01943 ssl->specs.key_size = AES_256_KEY_SIZE; 01944 ssl->specs.block_size = AES_BLOCK_SIZE; 01945 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01946 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01947 01948 break; 01949 #endif 01950 01951 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01952 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : 01953 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01954 ssl->specs.cipher_type = block; 01955 ssl->specs.mac_algorithm = sha_mac; 01956 ssl->specs.kea = rsa_kea; 01957 ssl->specs.sig_algo = rsa_sa_algo; 01958 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01959 ssl->specs.pad_size = PAD_SHA; 01960 ssl->specs.static_ecdh = 0; 01961 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01962 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01963 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01964 01965 break; 01966 #endif 01967 01968 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01969 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : 01970 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01971 ssl->specs.cipher_type = block; 01972 ssl->specs.mac_algorithm = sha_mac; 01973 ssl->specs.kea = rsa_kea; 01974 ssl->specs.sig_algo = rsa_sa_algo; 01975 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 01976 ssl->specs.pad_size = PAD_SHA; 01977 ssl->specs.static_ecdh = 0; 01978 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 01979 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01980 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01981 01982 break; 01983 #endif 01984 01985 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01986 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : 01987 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01988 ssl->specs.cipher_type = block; 01989 ssl->specs.mac_algorithm = sha256_mac; 01990 ssl->specs.kea = rsa_kea; 01991 ssl->specs.sig_algo = rsa_sa_algo; 01992 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 01993 ssl->specs.pad_size = PAD_SHA; 01994 ssl->specs.static_ecdh = 0; 01995 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01996 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01997 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01998 01999 break; 02000 #endif 02001 02002 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 02003 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : 02004 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 02005 ssl->specs.cipher_type = block; 02006 ssl->specs.mac_algorithm = sha256_mac; 02007 ssl->specs.kea = rsa_kea; 02008 ssl->specs.sig_algo = rsa_sa_algo; 02009 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 02010 ssl->specs.pad_size = PAD_SHA; 02011 ssl->specs.static_ecdh = 0; 02012 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 02013 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 02014 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 02015 02016 break; 02017 #endif 02018 02019 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 02020 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : 02021 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 02022 ssl->specs.cipher_type = block; 02023 ssl->specs.mac_algorithm = sha_mac; 02024 ssl->specs.kea = diffie_hellman_kea; 02025 ssl->specs.sig_algo = rsa_sa_algo; 02026 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 02027 ssl->specs.pad_size = PAD_SHA; 02028 ssl->specs.static_ecdh = 0; 02029 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 02030 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 02031 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 02032 02033 break; 02034 #endif 02035 02036 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 02037 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : 02038 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 02039 ssl->specs.cipher_type = block; 02040 ssl->specs.mac_algorithm = sha_mac; 02041 ssl->specs.kea = diffie_hellman_kea; 02042 ssl->specs.sig_algo = rsa_sa_algo; 02043 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 02044 ssl->specs.pad_size = PAD_SHA; 02045 ssl->specs.static_ecdh = 0; 02046 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 02047 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 02048 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 02049 02050 break; 02051 #endif 02052 02053 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 02054 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : 02055 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 02056 ssl->specs.cipher_type = block; 02057 ssl->specs.mac_algorithm = sha256_mac; 02058 ssl->specs.kea = diffie_hellman_kea; 02059 ssl->specs.sig_algo = rsa_sa_algo; 02060 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 02061 ssl->specs.pad_size = PAD_SHA; 02062 ssl->specs.static_ecdh = 0; 02063 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 02064 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 02065 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 02066 02067 break; 02068 #endif 02069 02070 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 02071 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : 02072 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 02073 ssl->specs.cipher_type = block; 02074 ssl->specs.mac_algorithm = sha256_mac; 02075 ssl->specs.kea = diffie_hellman_kea; 02076 ssl->specs.sig_algo = rsa_sa_algo; 02077 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 02078 ssl->specs.pad_size = PAD_SHA; 02079 ssl->specs.static_ecdh = 0; 02080 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 02081 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 02082 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 02083 02084 break; 02085 #endif 02086 02087 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA 02088 case TLS_DH_anon_WITH_AES_128_CBC_SHA : 02089 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 02090 ssl->specs.cipher_type = block; 02091 ssl->specs.mac_algorithm = sha_mac; 02092 ssl->specs.kea = diffie_hellman_kea; 02093 ssl->specs.sig_algo = anonymous_sa_algo; 02094 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 02095 ssl->specs.pad_size = PAD_SHA; 02096 ssl->specs.static_ecdh = 0; 02097 ssl->specs.key_size = AES_128_KEY_SIZE; 02098 ssl->specs.block_size = AES_BLOCK_SIZE; 02099 ssl->specs.iv_size = AES_IV_SIZE; 02100 02101 ssl->options.usingAnon_cipher = 1; 02102 break; 02103 #endif 02104 02105 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA 02106 case SSL_RSA_WITH_IDEA_CBC_SHA : 02107 ssl->specs.bulk_cipher_algorithm = wolfssl_idea; 02108 ssl->specs.cipher_type = block; 02109 ssl->specs.mac_algorithm = sha_mac; 02110 ssl->specs.kea = rsa_kea; 02111 ssl->specs.sig_algo = rsa_sa_algo; 02112 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; 02113 ssl->specs.pad_size = PAD_SHA; 02114 ssl->specs.static_ecdh = 0; 02115 ssl->specs.key_size = IDEA_KEY_SIZE; 02116 ssl->specs.block_size = IDEA_BLOCK_SIZE; 02117 ssl->specs.iv_size = IDEA_IV_SIZE; 02118 02119 break; 02120 #endif 02121 02122 #ifdef BUILD_WDM_WITH_NULL_SHA256 02123 case WDM_WITH_NULL_SHA256 : 02124 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 02125 ssl->specs.cipher_type = stream; 02126 ssl->specs.mac_algorithm = sha256_mac; 02127 ssl->specs.kea = no_kea; 02128 ssl->specs.sig_algo = anonymous_sa_algo; 02129 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; 02130 ssl->specs.pad_size = PAD_SHA; 02131 02132 break; 02133 #endif 02134 02135 default: 02136 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs"); 02137 return UNSUPPORTED_SUITE; 02138 } /* switch */ 02139 } /* if ECC / Normal suites else */ 02140 02141 /* set TLS if it hasn't been turned off */ 02142 if (ssl->version.major == 3 && ssl->version.minor >= 1) { 02143 #ifndef NO_TLS 02144 ssl->options.tls = 1; 02145 #ifndef WOLFSSL_NO_TLS12 02146 ssl->hmac = TLS_hmac; 02147 #endif 02148 if (ssl->version.minor >= 2) { 02149 ssl->options.tls1_1 = 1; 02150 if (ssl->version.minor >= 4) 02151 ssl->options.tls1_3 = 1; 02152 } 02153 #endif 02154 } 02155 02156 #ifdef WOLFSSL_DTLS 02157 if (ssl->options.dtls) 02158 ssl->hmac = TLS_hmac; 02159 #endif 02160 02161 return 0; 02162 } 02163 02164 02165 enum KeyStuff { 02166 MASTER_ROUNDS = 3, 02167 PREFIX = 3, /* up to three letters for master prefix */ 02168 KEY_PREFIX = 9 /* up to 9 prefix letters for key rounds */ 02169 02170 02171 }; 02172 02173 #ifndef NO_OLD_TLS 02174 /* true or false, zero for error */ 02175 static int SetPrefix(byte* sha_input, int idx) 02176 { 02177 switch (idx) { 02178 case 0: 02179 XMEMCPY(sha_input, "A", 1); 02180 break; 02181 case 1: 02182 XMEMCPY(sha_input, "BB", 2); 02183 break; 02184 case 2: 02185 XMEMCPY(sha_input, "CCC", 3); 02186 break; 02187 case 3: 02188 XMEMCPY(sha_input, "DDDD", 4); 02189 break; 02190 case 4: 02191 XMEMCPY(sha_input, "EEEEE", 5); 02192 break; 02193 case 5: 02194 XMEMCPY(sha_input, "FFFFFF", 6); 02195 break; 02196 case 6: 02197 XMEMCPY(sha_input, "GGGGGGG", 7); 02198 break; 02199 case 7: 02200 XMEMCPY(sha_input, "HHHHHHHH", 8); 02201 break; 02202 case 8: 02203 XMEMCPY(sha_input, "IIIIIIIII", 9); 02204 break; 02205 default: 02206 WOLFSSL_MSG("Set Prefix error, bad input"); 02207 return 0; 02208 } 02209 return 1; 02210 } 02211 #endif 02212 02213 02214 static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, 02215 int side, void* heap, int devId) 02216 { 02217 #ifdef BUILD_ARC4 02218 word32 sz = specs->key_size; 02219 if (specs->bulk_cipher_algorithm == wolfssl_rc4) { 02220 if (enc && enc->arc4 == NULL) 02221 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); 02222 if (enc && enc->arc4 == NULL) 02223 return MEMORY_E; 02224 if (dec && dec->arc4 == NULL) 02225 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); 02226 if (dec && dec->arc4 == NULL) 02227 return MEMORY_E; 02228 02229 if (enc) { 02230 if (wc_Arc4Init(enc->arc4, heap, devId) != 0) { 02231 WOLFSSL_MSG("Arc4Init failed in SetKeys"); 02232 return ASYNC_INIT_E; 02233 } 02234 } 02235 if (dec) { 02236 if (wc_Arc4Init(dec->arc4, heap, devId) != 0) { 02237 WOLFSSL_MSG("Arc4Init failed in SetKeys"); 02238 return ASYNC_INIT_E; 02239 } 02240 } 02241 02242 if (side == WOLFSSL_CLIENT_END) { 02243 if (enc) 02244 wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz); 02245 if (dec) 02246 wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz); 02247 } 02248 else { 02249 if (enc) 02250 wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz); 02251 if (dec) 02252 wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz); 02253 } 02254 if (enc) 02255 enc->setup = 1; 02256 if (dec) 02257 dec->setup = 1; 02258 } 02259 #endif /* BUILD_ARC4 */ 02260 02261 02262 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) 02263 /* Check that the max implicit iv size is suffecient */ 02264 #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */ 02265 #error AEAD_MAX_IMP_SZ is too small for ChaCha20 02266 #endif 02267 #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */ 02268 #error MAX_WRITE_IV_SZ is too small for ChaCha20 02269 #endif 02270 02271 if (specs->bulk_cipher_algorithm == wolfssl_chacha) { 02272 int chachaRet; 02273 if (enc && enc->chacha == NULL) 02274 enc->chacha = 02275 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER); 02276 if (enc && enc->chacha == NULL) 02277 return MEMORY_E; 02278 if (dec && dec->chacha == NULL) 02279 dec->chacha = 02280 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER); 02281 if (dec && dec->chacha == NULL) 02282 return MEMORY_E; 02283 if (side == WOLFSSL_CLIENT_END) { 02284 if (enc) { 02285 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key, 02286 specs->key_size); 02287 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, 02288 CHACHA20_IMP_IV_SZ); 02289 if (chachaRet != 0) return chachaRet; 02290 } 02291 if (dec) { 02292 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key, 02293 specs->key_size); 02294 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, 02295 CHACHA20_IMP_IV_SZ); 02296 if (chachaRet != 0) return chachaRet; 02297 } 02298 } 02299 else { 02300 if (enc) { 02301 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key, 02302 specs->key_size); 02303 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, 02304 CHACHA20_IMP_IV_SZ); 02305 if (chachaRet != 0) return chachaRet; 02306 } 02307 if (dec) { 02308 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key, 02309 specs->key_size); 02310 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, 02311 CHACHA20_IMP_IV_SZ); 02312 if (chachaRet != 0) return chachaRet; 02313 } 02314 } 02315 02316 if (enc) 02317 enc->setup = 1; 02318 if (dec) 02319 dec->setup = 1; 02320 } 02321 #endif /* HAVE_CHACHA && HAVE_POLY1305 */ 02322 02323 02324 #ifdef HAVE_HC128 02325 /* check that buffer sizes are sufficient */ 02326 #if (MAX_WRITE_IV_SZ < 16) /* HC_128_IV_SIZE */ 02327 #error MAX_WRITE_IV_SZ too small for HC128 02328 #endif 02329 02330 if (specs->bulk_cipher_algorithm == wolfssl_hc128) { 02331 int hcRet; 02332 if (enc && enc->hc128 == NULL) 02333 enc->hc128 = 02334 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER); 02335 if (enc && enc->hc128 == NULL) 02336 return MEMORY_E; 02337 if (dec && dec->hc128 == NULL) 02338 dec->hc128 = 02339 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER); 02340 if (dec && dec->hc128 == NULL) 02341 return MEMORY_E; 02342 if (side == WOLFSSL_CLIENT_END) { 02343 if (enc) { 02344 hcRet = wc_Hc128_SetKey(enc->hc128, keys->client_write_key, 02345 keys->client_write_IV); 02346 if (hcRet != 0) return hcRet; 02347 } 02348 if (dec) { 02349 hcRet = wc_Hc128_SetKey(dec->hc128, keys->server_write_key, 02350 keys->server_write_IV); 02351 if (hcRet != 0) return hcRet; 02352 } 02353 } 02354 else { 02355 if (enc) { 02356 hcRet = wc_Hc128_SetKey(enc->hc128, keys->server_write_key, 02357 keys->server_write_IV); 02358 if (hcRet != 0) return hcRet; 02359 } 02360 if (dec) { 02361 hcRet = wc_Hc128_SetKey(dec->hc128, keys->client_write_key, 02362 keys->client_write_IV); 02363 if (hcRet != 0) return hcRet; 02364 } 02365 } 02366 if (enc) 02367 enc->setup = 1; 02368 if (dec) 02369 dec->setup = 1; 02370 } 02371 #endif /* HAVE_HC128 */ 02372 02373 #ifdef BUILD_RABBIT 02374 /* check that buffer sizes are sufficient */ 02375 #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */ 02376 #error MAX_WRITE_IV_SZ too small for RABBIT 02377 #endif 02378 02379 if (specs->bulk_cipher_algorithm == wolfssl_rabbit) { 02380 int rabRet; 02381 if (enc && enc->rabbit == NULL) 02382 enc->rabbit = 02383 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER); 02384 if (enc && enc->rabbit == NULL) 02385 return MEMORY_E; 02386 if (dec && dec->rabbit == NULL) 02387 dec->rabbit = 02388 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER); 02389 if (dec && dec->rabbit == NULL) 02390 return MEMORY_E; 02391 if (side == WOLFSSL_CLIENT_END) { 02392 if (enc) { 02393 rabRet = wc_RabbitSetKey(enc->rabbit, keys->client_write_key, 02394 keys->client_write_IV); 02395 if (rabRet != 0) return rabRet; 02396 } 02397 if (dec) { 02398 rabRet = wc_RabbitSetKey(dec->rabbit, keys->server_write_key, 02399 keys->server_write_IV); 02400 if (rabRet != 0) return rabRet; 02401 } 02402 } 02403 else { 02404 if (enc) { 02405 rabRet = wc_RabbitSetKey(enc->rabbit, keys->server_write_key, 02406 keys->server_write_IV); 02407 if (rabRet != 0) return rabRet; 02408 } 02409 if (dec) { 02410 rabRet = wc_RabbitSetKey(dec->rabbit, keys->client_write_key, 02411 keys->client_write_IV); 02412 if (rabRet != 0) return rabRet; 02413 } 02414 } 02415 if (enc) 02416 enc->setup = 1; 02417 if (dec) 02418 dec->setup = 1; 02419 } 02420 #endif /* BUILD_RABBIT */ 02421 02422 #ifdef BUILD_DES3 02423 /* check that buffer sizes are sufficient */ 02424 #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */ 02425 #error MAX_WRITE_IV_SZ too small for 3DES 02426 #endif 02427 02428 if (specs->bulk_cipher_algorithm == wolfssl_triple_des) { 02429 int desRet = 0; 02430 02431 if (enc) { 02432 if (enc->des3 == NULL) 02433 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); 02434 if (enc->des3 == NULL) 02435 return MEMORY_E; 02436 XMEMSET(enc->des3, 0, sizeof(Des3)); 02437 } 02438 if (dec) { 02439 if (dec->des3 == NULL) 02440 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); 02441 if (dec->des3 == NULL) 02442 return MEMORY_E; 02443 XMEMSET(dec->des3, 0, sizeof(Des3)); 02444 } 02445 02446 if (enc) { 02447 if (wc_Des3Init(enc->des3, heap, devId) != 0) { 02448 WOLFSSL_MSG("Des3Init failed in SetKeys"); 02449 return ASYNC_INIT_E; 02450 } 02451 } 02452 if (dec) { 02453 if (wc_Des3Init(dec->des3, heap, devId) != 0) { 02454 WOLFSSL_MSG("Des3Init failed in SetKeys"); 02455 return ASYNC_INIT_E; 02456 } 02457 } 02458 02459 if (side == WOLFSSL_CLIENT_END) { 02460 if (enc) { 02461 desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key, 02462 keys->client_write_IV, DES_ENCRYPTION); 02463 if (desRet != 0) return desRet; 02464 } 02465 if (dec) { 02466 desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key, 02467 keys->server_write_IV, DES_DECRYPTION); 02468 if (desRet != 0) return desRet; 02469 } 02470 } 02471 else { 02472 if (enc) { 02473 desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key, 02474 keys->server_write_IV, DES_ENCRYPTION); 02475 if (desRet != 0) return desRet; 02476 } 02477 if (dec) { 02478 desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key, 02479 keys->client_write_IV, DES_DECRYPTION); 02480 if (desRet != 0) return desRet; 02481 } 02482 } 02483 if (enc) 02484 enc->setup = 1; 02485 if (dec) 02486 dec->setup = 1; 02487 } 02488 #endif /* BUILD_DES3 */ 02489 02490 #ifdef BUILD_AES 02491 /* check that buffer sizes are sufficient */ 02492 #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */ 02493 #error MAX_WRITE_IV_SZ too small for AES 02494 #endif 02495 02496 if (specs->bulk_cipher_algorithm == wolfssl_aes) { 02497 int aesRet = 0; 02498 02499 if (enc) { 02500 if (enc->aes == NULL) 02501 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02502 if (enc->aes == NULL) 02503 return MEMORY_E; 02504 XMEMSET(enc->aes, 0, sizeof(Aes)); 02505 } 02506 if (dec) { 02507 if (dec->aes == NULL) 02508 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02509 if (dec->aes == NULL) 02510 return MEMORY_E; 02511 XMEMSET(dec->aes, 0, sizeof(Aes)); 02512 } 02513 if (enc) { 02514 if (wc_AesInit(enc->aes, heap, devId) != 0) { 02515 WOLFSSL_MSG("AesInit failed in SetKeys"); 02516 return ASYNC_INIT_E; 02517 } 02518 } 02519 if (dec) { 02520 if (wc_AesInit(dec->aes, heap, devId) != 0) { 02521 WOLFSSL_MSG("AesInit failed in SetKeys"); 02522 return ASYNC_INIT_E; 02523 } 02524 } 02525 02526 if (side == WOLFSSL_CLIENT_END) { 02527 if (enc) { 02528 aesRet = wc_AesSetKey(enc->aes, keys->client_write_key, 02529 specs->key_size, keys->client_write_IV, 02530 AES_ENCRYPTION); 02531 if (aesRet != 0) return aesRet; 02532 } 02533 if (dec) { 02534 aesRet = wc_AesSetKey(dec->aes, keys->server_write_key, 02535 specs->key_size, keys->server_write_IV, 02536 AES_DECRYPTION); 02537 if (aesRet != 0) return aesRet; 02538 } 02539 } 02540 else { 02541 if (enc) { 02542 aesRet = wc_AesSetKey(enc->aes, keys->server_write_key, 02543 specs->key_size, keys->server_write_IV, 02544 AES_ENCRYPTION); 02545 if (aesRet != 0) return aesRet; 02546 } 02547 if (dec) { 02548 aesRet = wc_AesSetKey(dec->aes, keys->client_write_key, 02549 specs->key_size, keys->client_write_IV, 02550 AES_DECRYPTION); 02551 if (aesRet != 0) return aesRet; 02552 } 02553 } 02554 if (enc) 02555 enc->setup = 1; 02556 if (dec) 02557 dec->setup = 1; 02558 } 02559 #endif /* BUILD_AES */ 02560 02561 #ifdef BUILD_AESGCM 02562 /* check that buffer sizes are sufficient */ 02563 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02564 #error AEAD_MAX_IMP_SZ too small for AESGCM 02565 #endif 02566 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */ 02567 #error AEAD_MAX_EXP_SZ too small for AESGCM 02568 #endif 02569 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02570 #error MAX_WRITE_IV_SZ too small for AESGCM 02571 #endif 02572 02573 if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) { 02574 int gcmRet; 02575 02576 if (enc) { 02577 if (enc->aes == NULL) 02578 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02579 if (enc->aes == NULL) 02580 return MEMORY_E; 02581 XMEMSET(enc->aes, 0, sizeof(Aes)); 02582 } 02583 if (dec) { 02584 if (dec->aes == NULL) 02585 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02586 if (dec->aes == NULL) 02587 return MEMORY_E; 02588 XMEMSET(dec->aes, 0, sizeof(Aes)); 02589 } 02590 02591 if (enc) { 02592 if (wc_AesInit(enc->aes, heap, devId) != 0) { 02593 WOLFSSL_MSG("AesInit failed in SetKeys"); 02594 return ASYNC_INIT_E; 02595 } 02596 } 02597 if (dec) { 02598 if (wc_AesInit(dec->aes, heap, devId) != 0) { 02599 WOLFSSL_MSG("AesInit failed in SetKeys"); 02600 return ASYNC_INIT_E; 02601 } 02602 } 02603 02604 if (side == WOLFSSL_CLIENT_END) { 02605 if (enc) { 02606 gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key, 02607 specs->key_size); 02608 if (gcmRet != 0) return gcmRet; 02609 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, 02610 AEAD_MAX_IMP_SZ); 02611 } 02612 if (dec) { 02613 gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key, 02614 specs->key_size); 02615 if (gcmRet != 0) return gcmRet; 02616 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, 02617 AEAD_MAX_IMP_SZ); 02618 } 02619 } 02620 else { 02621 if (enc) { 02622 gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key, 02623 specs->key_size); 02624 if (gcmRet != 0) return gcmRet; 02625 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, 02626 AEAD_MAX_IMP_SZ); 02627 } 02628 if (dec) { 02629 gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key, 02630 specs->key_size); 02631 if (gcmRet != 0) return gcmRet; 02632 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, 02633 AEAD_MAX_IMP_SZ); 02634 } 02635 } 02636 if (enc) 02637 enc->setup = 1; 02638 if (dec) 02639 dec->setup = 1; 02640 } 02641 #endif /* BUILD_AESGCM */ 02642 02643 #ifdef HAVE_AESCCM 02644 /* check that buffer sizes are sufficient (CCM is same size as GCM) */ 02645 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02646 #error AEAD_MAX_IMP_SZ too small for AESCCM 02647 #endif 02648 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */ 02649 #error AEAD_MAX_EXP_SZ too small for AESCCM 02650 #endif 02651 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02652 #error MAX_WRITE_IV_SZ too small for AESCCM 02653 #endif 02654 02655 if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) { 02656 int CcmRet; 02657 02658 if (enc) { 02659 if (enc->aes == NULL) 02660 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02661 if (enc->aes == NULL) 02662 return MEMORY_E; 02663 XMEMSET(enc->aes, 0, sizeof(Aes)); 02664 } 02665 if (dec) { 02666 if (dec->aes == NULL) 02667 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02668 if (dec->aes == NULL) 02669 return MEMORY_E; 02670 XMEMSET(dec->aes, 0, sizeof(Aes)); 02671 } 02672 02673 if (enc) { 02674 if (wc_AesInit(enc->aes, heap, devId) != 0) { 02675 WOLFSSL_MSG("AesInit failed in SetKeys"); 02676 return ASYNC_INIT_E; 02677 } 02678 } 02679 if (dec) { 02680 if (wc_AesInit(dec->aes, heap, devId) != 0) { 02681 WOLFSSL_MSG("AesInit failed in SetKeys"); 02682 return ASYNC_INIT_E; 02683 } 02684 } 02685 02686 if (side == WOLFSSL_CLIENT_END) { 02687 if (enc) { 02688 CcmRet = wc_AesCcmSetKey(enc->aes, keys->client_write_key, 02689 specs->key_size); 02690 if (CcmRet != 0) { 02691 return CcmRet; 02692 } 02693 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, 02694 AEAD_MAX_IMP_SZ); 02695 } 02696 if (dec) { 02697 CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key, 02698 specs->key_size); 02699 if (CcmRet != 0) { 02700 return CcmRet; 02701 } 02702 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, 02703 AEAD_MAX_IMP_SZ); 02704 } 02705 } 02706 else { 02707 if (enc) { 02708 CcmRet = wc_AesCcmSetKey(enc->aes, keys->server_write_key, 02709 specs->key_size); 02710 if (CcmRet != 0) { 02711 return CcmRet; 02712 } 02713 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, 02714 AEAD_MAX_IMP_SZ); 02715 } 02716 if (dec) { 02717 CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key, 02718 specs->key_size); 02719 if (CcmRet != 0) { 02720 return CcmRet; 02721 } 02722 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, 02723 AEAD_MAX_IMP_SZ); 02724 } 02725 } 02726 if (enc) 02727 enc->setup = 1; 02728 if (dec) 02729 dec->setup = 1; 02730 } 02731 #endif /* HAVE_AESCCM */ 02732 02733 #ifdef HAVE_CAMELLIA 02734 /* check that buffer sizes are sufficient */ 02735 #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */ 02736 #error MAX_WRITE_IV_SZ too small for CAMELLIA 02737 #endif 02738 02739 if (specs->bulk_cipher_algorithm == wolfssl_camellia) { 02740 int camRet; 02741 02742 if (enc && enc->cam == NULL) 02743 enc->cam = 02744 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); 02745 if (enc && enc->cam == NULL) 02746 return MEMORY_E; 02747 02748 if (dec && dec->cam == NULL) 02749 dec->cam = 02750 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); 02751 if (dec && dec->cam == NULL) 02752 return MEMORY_E; 02753 02754 if (side == WOLFSSL_CLIENT_END) { 02755 if (enc) { 02756 camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key, 02757 specs->key_size, keys->client_write_IV); 02758 if (camRet != 0) return camRet; 02759 } 02760 if (dec) { 02761 camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key, 02762 specs->key_size, keys->server_write_IV); 02763 if (camRet != 0) return camRet; 02764 } 02765 } 02766 else { 02767 if (enc) { 02768 camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key, 02769 specs->key_size, keys->server_write_IV); 02770 if (camRet != 0) return camRet; 02771 } 02772 if (dec) { 02773 camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key, 02774 specs->key_size, keys->client_write_IV); 02775 if (camRet != 0) return camRet; 02776 } 02777 } 02778 if (enc) 02779 enc->setup = 1; 02780 if (dec) 02781 dec->setup = 1; 02782 } 02783 #endif /* HAVE_CAMELLIA */ 02784 02785 #ifdef HAVE_IDEA 02786 /* check that buffer sizes are sufficient */ 02787 #if (MAX_WRITE_IV_SZ < 8) /* IDEA_IV_SIZE */ 02788 #error MAX_WRITE_IV_SZ too small for IDEA 02789 #endif 02790 02791 if (specs->bulk_cipher_algorithm == wolfssl_idea) { 02792 int ideaRet; 02793 02794 if (enc && enc->idea == NULL) 02795 enc->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER); 02796 if (enc && enc->idea == NULL) 02797 return MEMORY_E; 02798 02799 if (dec && dec->idea == NULL) 02800 dec->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER); 02801 if (dec && dec->idea == NULL) 02802 return MEMORY_E; 02803 02804 if (side == WOLFSSL_CLIENT_END) { 02805 if (enc) { 02806 ideaRet = wc_IdeaSetKey(enc->idea, keys->client_write_key, 02807 specs->key_size, keys->client_write_IV, 02808 IDEA_ENCRYPTION); 02809 if (ideaRet != 0) return ideaRet; 02810 } 02811 if (dec) { 02812 ideaRet = wc_IdeaSetKey(dec->idea, keys->server_write_key, 02813 specs->key_size, keys->server_write_IV, 02814 IDEA_DECRYPTION); 02815 if (ideaRet != 0) return ideaRet; 02816 } 02817 } 02818 else { 02819 if (enc) { 02820 ideaRet = wc_IdeaSetKey(enc->idea, keys->server_write_key, 02821 specs->key_size, keys->server_write_IV, 02822 IDEA_ENCRYPTION); 02823 if (ideaRet != 0) return ideaRet; 02824 } 02825 if (dec) { 02826 ideaRet = wc_IdeaSetKey(dec->idea, keys->client_write_key, 02827 specs->key_size, keys->client_write_IV, 02828 IDEA_DECRYPTION); 02829 if (ideaRet != 0) return ideaRet; 02830 } 02831 } 02832 if (enc) 02833 enc->setup = 1; 02834 if (dec) 02835 dec->setup = 1; 02836 } 02837 #endif /* HAVE_IDEA */ 02838 02839 #ifdef HAVE_NULL_CIPHER 02840 if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) { 02841 if (enc) 02842 enc->setup = 1; 02843 if (dec) 02844 dec->setup = 1; 02845 } 02846 #endif 02847 02848 if (enc) { 02849 keys->sequence_number_hi = 0; 02850 keys->sequence_number_lo = 0; 02851 } 02852 if (dec) { 02853 keys->peer_sequence_number_hi = 0; 02854 keys->peer_sequence_number_lo = 0; 02855 } 02856 (void)side; 02857 (void)heap; 02858 (void)enc; 02859 (void)dec; 02860 (void)specs; 02861 (void)devId; 02862 02863 return 0; 02864 } 02865 02866 02867 #ifdef HAVE_ONE_TIME_AUTH 02868 /* set one time authentication keys */ 02869 static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys, 02870 CipherSpecs* specs, void* heap, int devId) 02871 { 02872 02873 #ifdef HAVE_POLY1305 02874 /* set up memory space for poly1305 */ 02875 if (authentication && authentication->poly1305 == NULL) 02876 authentication->poly1305 = 02877 (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER); 02878 if (authentication && authentication->poly1305 == NULL) 02879 return MEMORY_E; 02880 if (authentication) 02881 authentication->setup = 1; 02882 #endif 02883 (void)authentication; 02884 (void)heap; 02885 (void)keys; 02886 (void)specs; 02887 (void)devId; 02888 02889 return 0; 02890 } 02891 #endif /* HAVE_ONE_TIME_AUTH */ 02892 02893 #ifdef HAVE_SECURE_RENEGOTIATION 02894 /* function name is for cache_status++ 02895 * This function was added because of error incrementing enum type when 02896 * compiling with a C++ compiler. 02897 */ 02898 static void CacheStatusPP(SecureRenegotiation* cache) 02899 { 02900 switch (cache->cache_status) { 02901 case SCR_CACHE_NULL: 02902 cache->cache_status = SCR_CACHE_NEEDED; 02903 break; 02904 02905 case SCR_CACHE_NEEDED: 02906 cache->cache_status = SCR_CACHE_COPY; 02907 break; 02908 02909 case SCR_CACHE_COPY: 02910 cache->cache_status = SCR_CACHE_PARTIAL; 02911 break; 02912 02913 case SCR_CACHE_PARTIAL: 02914 cache->cache_status = SCR_CACHE_COMPLETE; 02915 break; 02916 02917 case SCR_CACHE_COMPLETE: 02918 WOLFSSL_MSG("SCR Cache state Complete"); 02919 break; 02920 02921 default: 02922 WOLFSSL_MSG("Unknown cache state!!"); 02923 } 02924 } 02925 #endif /* HAVE_SECURE_RENEGOTIATION */ 02926 02927 02928 /* Set wc_encrypt/wc_decrypt or both sides of key setup 02929 * note: use wc_encrypt to avoid shadowing global encrypt 02930 * declared in unistd.h 02931 */ 02932 int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) 02933 { 02934 int devId = INVALID_DEVID, ret, copy = 0; 02935 Ciphers* wc_encrypt = NULL; 02936 Ciphers* wc_decrypt = NULL; 02937 Keys* keys = &ssl->keys; 02938 02939 (void)copy; 02940 02941 #ifdef WOLFSSL_ASYNC_CRYPT 02942 devId = ssl->devId; 02943 #endif 02944 02945 #ifdef HAVE_SECURE_RENEGOTIATION 02946 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) { 02947 keys = &ssl->secure_renegotiation->tmp_keys; 02948 copy = 1; 02949 } 02950 #endif /* HAVE_SECURE_RENEGOTIATION */ 02951 02952 switch (side) { 02953 case ENCRYPT_SIDE_ONLY: 02954 #ifdef WOLFSSL_DEBUG_TLS 02955 WOLFSSL_MSG("Provisioning ENCRYPT key"); 02956 if (ssl->options.side == WOLFSSL_CLIENT_END) { 02957 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE); 02958 } 02959 else { 02960 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE); 02961 } 02962 #endif 02963 wc_encrypt = &ssl->encrypt; 02964 break; 02965 02966 case DECRYPT_SIDE_ONLY: 02967 #ifdef WOLFSSL_DEBUG_TLS 02968 WOLFSSL_MSG("Provisioning DECRYPT key"); 02969 if (ssl->options.side == WOLFSSL_CLIENT_END) { 02970 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE); 02971 } 02972 else { 02973 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE); 02974 } 02975 #endif 02976 wc_decrypt = &ssl->decrypt; 02977 break; 02978 02979 case ENCRYPT_AND_DECRYPT_SIDE: 02980 #ifdef WOLFSSL_DEBUG_TLS 02981 WOLFSSL_MSG("Provisioning ENCRYPT key"); 02982 if (ssl->options.side == WOLFSSL_CLIENT_END) { 02983 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE); 02984 } 02985 else { 02986 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE); 02987 } 02988 WOLFSSL_MSG("Provisioning DECRYPT key"); 02989 if (ssl->options.side == WOLFSSL_CLIENT_END) { 02990 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE); 02991 } 02992 else { 02993 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE); 02994 } 02995 #endif 02996 wc_encrypt = &ssl->encrypt; 02997 wc_decrypt = &ssl->decrypt; 02998 break; 02999 03000 default: 03001 return BAD_FUNC_ARG; 03002 } 03003 03004 #ifdef HAVE_ONE_TIME_AUTH 03005 if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){ 03006 ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, devId); 03007 if (ret != 0) 03008 return ret; 03009 } 03010 #endif 03011 03012 ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side, 03013 ssl->heap, devId); 03014 03015 #ifdef HAVE_SECURE_RENEGOTIATION 03016 if (copy) { 03017 int clientCopy = 0; 03018 03019 if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt) 03020 clientCopy = 1; 03021 else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt) 03022 clientCopy = 1; 03023 03024 if (clientCopy) { 03025 XMEMCPY(ssl->keys.client_write_MAC_secret, 03026 keys->client_write_MAC_secret, WC_MAX_DIGEST_SIZE); 03027 XMEMCPY(ssl->keys.client_write_key, 03028 keys->client_write_key, AES_256_KEY_SIZE); 03029 XMEMCPY(ssl->keys.client_write_IV, 03030 keys->client_write_IV, MAX_WRITE_IV_SZ); 03031 } else { 03032 XMEMCPY(ssl->keys.server_write_MAC_secret, 03033 keys->server_write_MAC_secret, WC_MAX_DIGEST_SIZE); 03034 XMEMCPY(ssl->keys.server_write_key, 03035 keys->server_write_key, AES_256_KEY_SIZE); 03036 XMEMCPY(ssl->keys.server_write_IV, 03037 keys->server_write_IV, MAX_WRITE_IV_SZ); 03038 } 03039 if (wc_encrypt) { 03040 ssl->keys.sequence_number_hi = keys->sequence_number_hi; 03041 ssl->keys.sequence_number_lo = keys->sequence_number_lo; 03042 #ifdef HAVE_AEAD 03043 if (ssl->specs.cipher_type == aead) { 03044 /* Initialize the AES-GCM/CCM explicit IV to a zero. */ 03045 XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV, 03046 AEAD_MAX_EXP_SZ); 03047 03048 /* Initialize encrypt implicit IV by encrypt side */ 03049 if (ssl->options.side == WOLFSSL_CLIENT_END) { 03050 XMEMCPY(ssl->keys.aead_enc_imp_IV, 03051 keys->client_write_IV, AEAD_MAX_IMP_SZ); 03052 } else { 03053 XMEMCPY(ssl->keys.aead_enc_imp_IV, 03054 keys->server_write_IV, AEAD_MAX_IMP_SZ); 03055 } 03056 } 03057 #endif 03058 } 03059 if (wc_decrypt) { 03060 ssl->keys.peer_sequence_number_hi = keys->peer_sequence_number_hi; 03061 ssl->keys.peer_sequence_number_lo = keys->peer_sequence_number_lo; 03062 #ifdef HAVE_AEAD 03063 if (ssl->specs.cipher_type == aead) { 03064 /* Initialize decrypt implicit IV by decrypt side */ 03065 if (ssl->options.side == WOLFSSL_SERVER_END) { 03066 XMEMCPY(ssl->keys.aead_dec_imp_IV, 03067 keys->client_write_IV, AEAD_MAX_IMP_SZ); 03068 } else { 03069 XMEMCPY(ssl->keys.aead_dec_imp_IV, 03070 keys->server_write_IV, AEAD_MAX_IMP_SZ); 03071 } 03072 } 03073 #endif 03074 } 03075 CacheStatusPP(ssl->secure_renegotiation); 03076 } 03077 #endif /* HAVE_SECURE_RENEGOTIATION */ 03078 03079 return ret; 03080 } 03081 03082 03083 /* TLS can call too */ 03084 int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side) 03085 { 03086 int sz, i = 0; 03087 Keys* keys = &ssl->keys; 03088 03089 #ifdef HAVE_SECURE_RENEGOTIATION 03090 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status == 03091 SCR_CACHE_NEEDED) { 03092 keys = &ssl->secure_renegotiation->tmp_keys; 03093 CacheStatusPP(ssl->secure_renegotiation); 03094 } 03095 #endif /* HAVE_SECURE_RENEGOTIATION */ 03096 03097 #ifdef WOLFSSL_MULTICAST 03098 if (ssl->options.haveMcast) { 03099 /* Use the same keys for encrypt and decrypt. */ 03100 if (ssl->specs.cipher_type != aead) { 03101 sz = ssl->specs.hash_size; 03102 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz); 03103 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz); 03104 i += sz; 03105 } 03106 sz = ssl->specs.key_size; 03107 XMEMCPY(keys->client_write_key, &keyData[i], sz); 03108 XMEMCPY(keys->server_write_key, &keyData[i], sz); 03109 i += sz; 03110 03111 sz = ssl->specs.iv_size; 03112 XMEMCPY(keys->client_write_IV, &keyData[i], sz); 03113 XMEMCPY(keys->server_write_IV, &keyData[i], sz); 03114 03115 #ifdef HAVE_AEAD 03116 if (ssl->specs.cipher_type == aead) { 03117 /* Initialize the AES-GCM/CCM explicit IV to a zero. */ 03118 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ); 03119 } 03120 #endif /* HAVE_AEAD */ 03121 03122 return 0; 03123 } 03124 #endif /* WOLFSSL_MULTICAST */ 03125 03126 if (ssl->specs.cipher_type != aead) { 03127 sz = ssl->specs.hash_size; 03128 if (side & PROVISION_CLIENT) { 03129 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz); 03130 i += sz; 03131 } 03132 if (side & PROVISION_SERVER) { 03133 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz); 03134 i += sz; 03135 } 03136 } 03137 sz = ssl->specs.key_size; 03138 if (side & PROVISION_CLIENT) { 03139 XMEMCPY(keys->client_write_key, &keyData[i], sz); 03140 i += sz; 03141 } 03142 if (side & PROVISION_SERVER) { 03143 XMEMCPY(keys->server_write_key, &keyData[i], sz); 03144 i += sz; 03145 } 03146 03147 sz = ssl->specs.iv_size; 03148 if (side & PROVISION_CLIENT) { 03149 XMEMCPY(keys->client_write_IV, &keyData[i], sz); 03150 i += sz; 03151 } 03152 if (side & PROVISION_SERVER) 03153 XMEMCPY(keys->server_write_IV, &keyData[i], sz); 03154 03155 #ifdef HAVE_AEAD 03156 if (ssl->specs.cipher_type == aead) { 03157 /* Initialize the AES-GCM/CCM explicit IV to a zero. */ 03158 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ); 03159 } 03160 #endif 03161 03162 return 0; 03163 } 03164 03165 #ifndef NO_OLD_TLS 03166 int DeriveKeys(WOLFSSL* ssl) 03167 { 03168 int length = 2 * ssl->specs.hash_size + 03169 2 * ssl->specs.key_size + 03170 2 * ssl->specs.iv_size; 03171 int rounds = (length + WC_MD5_DIGEST_SIZE - 1 ) / WC_MD5_DIGEST_SIZE, i; 03172 int ret = 0; 03173 03174 #ifdef WOLFSSL_SMALL_STACK 03175 byte* shaOutput; 03176 byte* md5Input; 03177 byte* shaInput; 03178 byte* keyData; 03179 wc_Md5* md5; 03180 wc_Sha* sha; 03181 #else 03182 byte shaOutput[WC_SHA_DIGEST_SIZE]; 03183 byte md5Input[SECRET_LEN + WC_SHA_DIGEST_SIZE]; 03184 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN]; 03185 byte keyData[KEY_PREFIX * WC_MD5_DIGEST_SIZE]; 03186 wc_Md5 md5[1]; 03187 wc_Sha sha[1]; 03188 #endif 03189 03190 #ifdef WOLFSSL_SMALL_STACK 03191 shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE, 03192 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03193 md5Input = (byte*)XMALLOC(SECRET_LEN + WC_SHA_DIGEST_SIZE, 03194 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03195 shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN, 03196 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03197 keyData = (byte*)XMALLOC(KEY_PREFIX * WC_MD5_DIGEST_SIZE, 03198 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03199 md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); 03200 sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); 03201 03202 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || 03203 keyData == NULL || md5 == NULL || sha == NULL) { 03204 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03205 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03206 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03207 if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03208 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03209 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03210 03211 return MEMORY_E; 03212 } 03213 #endif 03214 03215 ret = wc_InitMd5(md5); 03216 if (ret == 0) { 03217 ret = wc_InitSha(sha); 03218 } 03219 if (ret == 0) { 03220 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN); 03221 03222 for (i = 0; i < rounds; ++i) { 03223 int j = i + 1; 03224 int idx = j; 03225 03226 if (!SetPrefix(shaInput, i)) { 03227 ret = PREFIX_ERROR; 03228 break; 03229 } 03230 03231 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN); 03232 idx += SECRET_LEN; 03233 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); 03234 idx += RAN_LEN; 03235 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); 03236 if (ret == 0) { 03237 ret = wc_ShaUpdate(sha, shaInput, 03238 (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j); 03239 } 03240 if (ret == 0) { 03241 ret = wc_ShaFinal(sha, shaOutput); 03242 } 03243 03244 XMEMCPY(md5Input + SECRET_LEN, shaOutput, WC_SHA_DIGEST_SIZE); 03245 if (ret == 0) { 03246 ret = wc_Md5Update(md5, md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE); 03247 } 03248 if (ret == 0) { 03249 ret = wc_Md5Final(md5, keyData + i * WC_MD5_DIGEST_SIZE); 03250 } 03251 } 03252 03253 if (ret == 0) 03254 ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER); 03255 } 03256 03257 #ifdef WOLFSSL_SMALL_STACK 03258 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03259 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03260 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03261 XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03262 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03263 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03264 #endif 03265 03266 return ret; 03267 } 03268 03269 03270 static int CleanPreMaster(WOLFSSL* ssl) 03271 { 03272 int i, ret, sz = ssl->arrays->preMasterSz; 03273 03274 for (i = 0; i < sz; i++) 03275 ssl->arrays->preMasterSecret[i] = 0; 03276 03277 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz); 03278 if (ret != 0) 03279 return ret; 03280 03281 for (i = 0; i < sz; i++) 03282 ssl->arrays->preMasterSecret[i] = 0; 03283 03284 return 0; 03285 } 03286 03287 03288 /* Create and store the master secret see page 32, 6.1 */ 03289 static int MakeSslMasterSecret(WOLFSSL* ssl) 03290 { 03291 int i, ret; 03292 word32 idx; 03293 word32 pmsSz = ssl->arrays->preMasterSz; 03294 03295 #ifdef WOLFSSL_SMALL_STACK 03296 byte* shaOutput; 03297 byte* md5Input; 03298 byte* shaInput; 03299 wc_Md5* md5; 03300 wc_Sha* sha; 03301 #else 03302 byte shaOutput[WC_SHA_DIGEST_SIZE]; 03303 byte md5Input[ENCRYPT_LEN + WC_SHA_DIGEST_SIZE]; 03304 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN]; 03305 wc_Md5 md5[1]; 03306 wc_Sha sha[1]; 03307 #endif 03308 03309 #ifdef SHOW_SECRETS 03310 { 03311 word32 j; 03312 printf("pre master secret: "); 03313 for (j = 0; j < pmsSz; j++) 03314 printf("%02x", ssl->arrays->preMasterSecret[j]); 03315 printf("\n"); 03316 } 03317 #endif 03318 03319 #ifdef WOLFSSL_SMALL_STACK 03320 shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE, 03321 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03322 md5Input = (byte*)XMALLOC(ENCRYPT_LEN + WC_SHA_DIGEST_SIZE, 03323 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03324 shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN, 03325 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03326 md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); 03327 sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); 03328 03329 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || 03330 md5 == NULL || sha == NULL) { 03331 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03332 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03333 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03334 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03335 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03336 03337 return MEMORY_E; 03338 } 03339 #endif 03340 03341 ret = wc_InitMd5(md5); 03342 if (ret == 0) { 03343 ret = wc_InitSha(sha); 03344 } 03345 if (ret == 0) { 03346 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz); 03347 03348 for (i = 0; i < MASTER_ROUNDS; ++i) { 03349 byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */ 03350 if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */ 03351 ret = PREFIX_ERROR; 03352 break; 03353 } 03354 03355 idx = 0; 03356 XMEMCPY(shaInput, prefix, i + 1); 03357 idx += i + 1; 03358 03359 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz); 03360 idx += pmsSz; 03361 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); 03362 idx += RAN_LEN; 03363 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); 03364 idx += RAN_LEN; 03365 if (ret == 0) { 03366 ret = wc_ShaUpdate(sha, shaInput, idx); 03367 } 03368 if (ret == 0) { 03369 ret = wc_ShaFinal(sha, shaOutput); 03370 } 03371 idx = pmsSz; /* preSz */ 03372 XMEMCPY(md5Input + idx, shaOutput, WC_SHA_DIGEST_SIZE); 03373 idx += WC_SHA_DIGEST_SIZE; 03374 if (ret == 0) { 03375 ret = wc_Md5Update(md5, md5Input, idx); 03376 } 03377 if (ret == 0) { 03378 ret = wc_Md5Final(md5, 03379 &ssl->arrays->masterSecret[i * WC_MD5_DIGEST_SIZE]); 03380 } 03381 } 03382 03383 #ifdef SHOW_SECRETS 03384 { 03385 word32 j; 03386 printf("master secret: "); 03387 for (j = 0; j < SECRET_LEN; j++) 03388 printf("%02x", ssl->arrays->masterSecret[j]); 03389 printf("\n"); 03390 } 03391 #endif 03392 03393 if (ret == 0) 03394 ret = DeriveKeys(ssl); 03395 } 03396 03397 #ifdef WOLFSSL_SMALL_STACK 03398 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03399 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03400 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03401 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03402 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03403 #endif 03404 03405 if (ret == 0) 03406 ret = CleanPreMaster(ssl); 03407 else 03408 CleanPreMaster(ssl); 03409 03410 return ret; 03411 } 03412 #endif 03413 03414 03415 /* Master wrapper, doesn't use SSL stack space in TLS mode */ 03416 int MakeMasterSecret(WOLFSSL* ssl) 03417 { 03418 /* append secret to premaster : premaster | SerSi | CliSi */ 03419 #ifdef HAVE_QSH 03420 word32 offset = 0; 03421 03422 if (ssl->peerQSHKeyPresent) { 03423 offset += ssl->arrays->preMasterSz; 03424 ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length + 03425 ssl->QSH_secret->SerSi->length; 03426 /* test and set flag if QSH has been used */ 03427 if (ssl->QSH_secret->CliSi->length > 0 || 03428 ssl->QSH_secret->SerSi->length > 0) 03429 ssl->isQSH = 1; 03430 03431 /* append secrets to the premaster */ 03432 if (ssl->QSH_secret->SerSi != NULL) { 03433 XMEMCPY(ssl->arrays->preMasterSecret + offset, 03434 ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length); 03435 } 03436 offset += ssl->QSH_secret->SerSi->length; 03437 if (ssl->QSH_secret->CliSi != NULL) { 03438 XMEMCPY(ssl->arrays->preMasterSecret + offset, 03439 ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length); 03440 } 03441 03442 /* show secret SerSi and CliSi */ 03443 #ifdef SHOW_SECRETS 03444 { 03445 word32 j; 03446 printf("QSH generated secret material\n"); 03447 printf("SerSi : "); 03448 for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) { 03449 printf("%02x", ssl->QSH_secret->SerSi->buffer[j]); 03450 } 03451 printf("\n"); 03452 printf("CliSi : "); 03453 for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) { 03454 printf("%02x", ssl->QSH_secret->CliSi->buffer[j]); 03455 } 03456 printf("\n"); 03457 } 03458 #endif 03459 } 03460 #endif 03461 03462 #ifndef NO_OLD_TLS 03463 if (ssl->options.tls) return MakeTlsMasterSecret(ssl); 03464 return MakeSslMasterSecret(ssl); 03465 #elif !defined(WOLFSSL_NO_TLS12) 03466 return MakeTlsMasterSecret(ssl); 03467 #else 03468 (void)ssl; 03469 return 0; 03470 #endif 03471 } 03472 03473 #endif /* WOLFCRYPT_ONLY */ 03474 03475
Generated on Wed Jul 13 2022 01:38:42 by
1.7.2