wolf SSL
/
wolfSSL-TLS13-Beta
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
keys.c
00001 /* keys.c 00002 * 00003 * Copyright (C) 2006-2016 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSL. 00006 * 00007 * wolfSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 00020 */ 00021 00022 00023 /* Name change compatibility layer no longer needs to be included here */ 00024 00025 #ifdef HAVE_CONFIG_H 00026 #include <config.h> 00027 #endif 00028 00029 #include <wolfssl/wolfcrypt/settings.h> 00030 00031 #ifndef WOLFCRYPT_ONLY 00032 00033 #include <wolfssl/internal.h> 00034 #include <wolfssl/error-ssl.h> 00035 #if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) 00036 #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) 00037 #if MQX_USE_IO_OLD 00038 #include <fio.h> 00039 #else 00040 #include <nio.h> 00041 #endif 00042 #else 00043 #include <stdio.h> 00044 #endif 00045 #endif 00046 00047 00048 int SetCipherSpecs(WOLFSSL* ssl) 00049 { 00050 #ifndef NO_WOLFSSL_CLIENT 00051 if (ssl->options.side == WOLFSSL_CLIENT_END) { 00052 /* server side verified before SetCipherSpecs call */ 00053 if (VerifyClientSuite(ssl) != 1) { 00054 WOLFSSL_MSG("SetCipherSpecs() client has an unusuable suite"); 00055 return UNSUPPORTED_SUITE; 00056 } 00057 } 00058 #endif /* NO_WOLFSSL_CLIENT */ 00059 00060 /* Chacha extensions, 0xcc */ 00061 if (ssl->options.cipherSuite0 == CHACHA_BYTE) { 00062 00063 switch (ssl->options.cipherSuite) { 00064 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00065 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: 00066 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00067 ssl->specs.cipher_type = aead; 00068 ssl->specs.mac_algorithm = sha256_mac; 00069 ssl->specs.kea = ecc_diffie_hellman_kea; 00070 ssl->specs.sig_algo = rsa_sa_algo; 00071 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00072 ssl->specs.pad_size = PAD_SHA; 00073 ssl->specs.static_ecdh = 0; 00074 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00075 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00076 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00077 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00078 ssl->options.oldPoly = 1; /* use old poly1305 padding */ 00079 00080 break; 00081 #endif 00082 00083 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00084 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256: 00085 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00086 ssl->specs.cipher_type = aead; 00087 ssl->specs.mac_algorithm = sha256_mac; 00088 ssl->specs.kea = ecc_diffie_hellman_kea; 00089 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00090 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00091 ssl->specs.pad_size = PAD_SHA; 00092 ssl->specs.static_ecdh = 0; 00093 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00094 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00095 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00096 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00097 ssl->options.oldPoly = 1; /* use old poly1305 padding */ 00098 00099 break; 00100 #endif 00101 00102 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 00103 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: 00104 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00105 ssl->specs.cipher_type = aead; 00106 ssl->specs.mac_algorithm = sha256_mac; 00107 ssl->specs.kea = diffie_hellman_kea; 00108 ssl->specs.sig_algo = rsa_sa_algo; 00109 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00110 ssl->specs.pad_size = PAD_SHA; 00111 ssl->specs.static_ecdh = 0; 00112 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00113 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00114 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00115 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00116 ssl->options.oldPoly = 1; /* use old poly1305 padding */ 00117 00118 break; 00119 #endif 00120 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00121 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 00122 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00123 ssl->specs.cipher_type = aead; 00124 ssl->specs.mac_algorithm = sha256_mac; 00125 ssl->specs.kea = ecc_diffie_hellman_kea; 00126 ssl->specs.sig_algo = rsa_sa_algo; 00127 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00128 ssl->specs.pad_size = PAD_SHA; 00129 ssl->specs.static_ecdh = 0; 00130 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00131 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00132 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00133 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00134 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00135 00136 break; 00137 #endif 00138 00139 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 00140 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: 00141 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00142 ssl->specs.cipher_type = aead; 00143 ssl->specs.mac_algorithm = sha256_mac; 00144 ssl->specs.kea = ecc_diffie_hellman_kea; 00145 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00146 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00147 ssl->specs.pad_size = PAD_SHA; 00148 ssl->specs.static_ecdh = 0; 00149 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00150 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00151 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00152 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00153 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00154 00155 break; 00156 #endif 00157 00158 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 00159 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: 00160 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00161 ssl->specs.cipher_type = aead; 00162 ssl->specs.mac_algorithm = sha256_mac; 00163 ssl->specs.kea = diffie_hellman_kea; 00164 ssl->specs.sig_algo = rsa_sa_algo; 00165 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00166 ssl->specs.pad_size = PAD_SHA; 00167 ssl->specs.static_ecdh = 0; 00168 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00169 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00170 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00171 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00172 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00173 00174 break; 00175 #endif 00176 00177 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 00178 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: 00179 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00180 ssl->specs.cipher_type = aead; 00181 ssl->specs.mac_algorithm = sha256_mac; 00182 ssl->specs.kea = psk_kea; 00183 ssl->specs.sig_algo = anonymous_sa_algo; 00184 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00185 ssl->specs.pad_size = PAD_SHA; 00186 ssl->specs.static_ecdh = 0; 00187 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00188 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00189 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00190 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00191 00192 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00193 ssl->options.usingPSK_cipher = 1; 00194 break; 00195 #endif 00196 00197 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00198 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: 00199 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00200 ssl->specs.cipher_type = aead; 00201 ssl->specs.mac_algorithm = sha256_mac; 00202 ssl->specs.kea = ecdhe_psk_kea; 00203 ssl->specs.sig_algo = anonymous_sa_algo; 00204 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00205 ssl->specs.pad_size = PAD_SHA; 00206 ssl->specs.static_ecdh = 0; 00207 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00208 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00209 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00210 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00211 00212 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00213 ssl->options.usingPSK_cipher = 1; 00214 break; 00215 #endif 00216 00217 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 00218 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: 00219 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 00220 ssl->specs.cipher_type = aead; 00221 ssl->specs.mac_algorithm = sha256_mac; 00222 ssl->specs.kea = dhe_psk_kea; 00223 ssl->specs.sig_algo = anonymous_sa_algo; 00224 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00225 ssl->specs.pad_size = PAD_SHA; 00226 ssl->specs.static_ecdh = 0; 00227 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 00228 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 00229 ssl->specs.iv_size = CHACHA20_IV_SIZE; 00230 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 00231 00232 ssl->options.oldPoly = 0; /* use recent padding RFC */ 00233 ssl->options.usingPSK_cipher = 1; 00234 break; 00235 #endif 00236 default: 00237 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha"); 00238 return UNSUPPORTED_SUITE; 00239 } 00240 } 00241 00242 /* ECC extensions, or AES-CCM */ 00243 if (ssl->options.cipherSuite0 == ECC_BYTE) { 00244 00245 switch (ssl->options.cipherSuite) { 00246 00247 #ifdef HAVE_ECC 00248 00249 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 00250 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : 00251 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00252 ssl->specs.cipher_type = block; 00253 ssl->specs.mac_algorithm = sha256_mac; 00254 ssl->specs.kea = ecc_diffie_hellman_kea; 00255 ssl->specs.sig_algo = rsa_sa_algo; 00256 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00257 ssl->specs.pad_size = PAD_SHA; 00258 ssl->specs.static_ecdh = 0; 00259 ssl->specs.key_size = AES_128_KEY_SIZE; 00260 ssl->specs.iv_size = AES_IV_SIZE; 00261 ssl->specs.block_size = AES_BLOCK_SIZE; 00262 break; 00263 #endif 00264 00265 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 00266 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : 00267 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00268 ssl->specs.cipher_type = block; 00269 ssl->specs.mac_algorithm = sha256_mac; 00270 ssl->specs.kea = ecc_diffie_hellman_kea; 00271 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00272 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00273 ssl->specs.pad_size = PAD_SHA; 00274 ssl->specs.static_ecdh = 0; 00275 ssl->specs.key_size = AES_128_KEY_SIZE; 00276 ssl->specs.iv_size = AES_IV_SIZE; 00277 ssl->specs.block_size = AES_BLOCK_SIZE; 00278 break; 00279 #endif 00280 00281 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 00282 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : 00283 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00284 ssl->specs.cipher_type = block; 00285 ssl->specs.mac_algorithm = sha256_mac; 00286 ssl->specs.kea = ecc_diffie_hellman_kea; 00287 ssl->specs.sig_algo = rsa_sa_algo; 00288 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00289 ssl->specs.pad_size = PAD_SHA; 00290 ssl->specs.static_ecdh = 1; 00291 ssl->specs.key_size = AES_128_KEY_SIZE; 00292 ssl->specs.iv_size = AES_IV_SIZE; 00293 ssl->specs.block_size = AES_BLOCK_SIZE; 00294 break; 00295 #endif 00296 00297 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 00298 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : 00299 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00300 ssl->specs.cipher_type = block; 00301 ssl->specs.mac_algorithm = sha256_mac; 00302 ssl->specs.kea = ecc_diffie_hellman_kea; 00303 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00304 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00305 ssl->specs.pad_size = PAD_SHA; 00306 ssl->specs.static_ecdh = 1; 00307 ssl->specs.key_size = AES_128_KEY_SIZE; 00308 ssl->specs.iv_size = AES_IV_SIZE; 00309 ssl->specs.block_size = AES_BLOCK_SIZE; 00310 break; 00311 #endif 00312 00313 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 00314 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : 00315 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00316 ssl->specs.cipher_type = block; 00317 ssl->specs.mac_algorithm = sha384_mac; 00318 ssl->specs.kea = ecc_diffie_hellman_kea; 00319 ssl->specs.sig_algo = rsa_sa_algo; 00320 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00321 ssl->specs.pad_size = PAD_SHA; 00322 ssl->specs.static_ecdh = 0; 00323 ssl->specs.key_size = AES_256_KEY_SIZE; 00324 ssl->specs.iv_size = AES_IV_SIZE; 00325 ssl->specs.block_size = AES_BLOCK_SIZE; 00326 break; 00327 #endif 00328 00329 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 00330 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : 00331 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00332 ssl->specs.cipher_type = block; 00333 ssl->specs.mac_algorithm = sha384_mac; 00334 ssl->specs.kea = ecc_diffie_hellman_kea; 00335 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00336 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00337 ssl->specs.pad_size = PAD_SHA; 00338 ssl->specs.static_ecdh = 0; 00339 ssl->specs.key_size = AES_256_KEY_SIZE; 00340 ssl->specs.iv_size = AES_IV_SIZE; 00341 ssl->specs.block_size = AES_BLOCK_SIZE; 00342 break; 00343 #endif 00344 00345 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 00346 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : 00347 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00348 ssl->specs.cipher_type = block; 00349 ssl->specs.mac_algorithm = sha384_mac; 00350 ssl->specs.kea = ecc_diffie_hellman_kea; 00351 ssl->specs.sig_algo = rsa_sa_algo; 00352 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00353 ssl->specs.pad_size = PAD_SHA; 00354 ssl->specs.static_ecdh = 1; 00355 ssl->specs.key_size = AES_256_KEY_SIZE; 00356 ssl->specs.iv_size = AES_IV_SIZE; 00357 ssl->specs.block_size = AES_BLOCK_SIZE; 00358 break; 00359 #endif 00360 00361 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 00362 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : 00363 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00364 ssl->specs.cipher_type = block; 00365 ssl->specs.mac_algorithm = sha384_mac; 00366 ssl->specs.kea = ecc_diffie_hellman_kea; 00367 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00368 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00369 ssl->specs.pad_size = PAD_SHA; 00370 ssl->specs.static_ecdh = 1; 00371 ssl->specs.key_size = AES_256_KEY_SIZE; 00372 ssl->specs.iv_size = AES_IV_SIZE; 00373 ssl->specs.block_size = AES_BLOCK_SIZE; 00374 break; 00375 #endif 00376 00377 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 00378 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : 00379 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00380 ssl->specs.cipher_type = block; 00381 ssl->specs.mac_algorithm = sha_mac; 00382 ssl->specs.kea = ecc_diffie_hellman_kea; 00383 ssl->specs.sig_algo = rsa_sa_algo; 00384 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00385 ssl->specs.pad_size = PAD_SHA; 00386 ssl->specs.static_ecdh = 0; 00387 ssl->specs.key_size = AES_128_KEY_SIZE; 00388 ssl->specs.block_size = AES_BLOCK_SIZE; 00389 ssl->specs.iv_size = AES_IV_SIZE; 00390 00391 break; 00392 #endif 00393 00394 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 00395 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : 00396 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00397 ssl->specs.cipher_type = block; 00398 ssl->specs.mac_algorithm = sha_mac; 00399 ssl->specs.kea = ecc_diffie_hellman_kea; 00400 ssl->specs.sig_algo = rsa_sa_algo; 00401 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00402 ssl->specs.pad_size = PAD_SHA; 00403 ssl->specs.static_ecdh = 1; 00404 ssl->specs.key_size = AES_128_KEY_SIZE; 00405 ssl->specs.block_size = AES_BLOCK_SIZE; 00406 ssl->specs.iv_size = AES_IV_SIZE; 00407 00408 break; 00409 #endif 00410 00411 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 00412 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : 00413 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00414 ssl->specs.cipher_type = block; 00415 ssl->specs.mac_algorithm = sha_mac; 00416 ssl->specs.kea = ecc_diffie_hellman_kea; 00417 ssl->specs.sig_algo = rsa_sa_algo; 00418 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00419 ssl->specs.pad_size = PAD_SHA; 00420 ssl->specs.static_ecdh = 0; 00421 ssl->specs.key_size = DES3_KEY_SIZE; 00422 ssl->specs.block_size = DES_BLOCK_SIZE; 00423 ssl->specs.iv_size = DES_IV_SIZE; 00424 00425 break; 00426 #endif 00427 00428 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 00429 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : 00430 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00431 ssl->specs.cipher_type = block; 00432 ssl->specs.mac_algorithm = sha_mac; 00433 ssl->specs.kea = ecc_diffie_hellman_kea; 00434 ssl->specs.sig_algo = rsa_sa_algo; 00435 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00436 ssl->specs.pad_size = PAD_SHA; 00437 ssl->specs.static_ecdh = 1; 00438 ssl->specs.key_size = DES3_KEY_SIZE; 00439 ssl->specs.block_size = DES_BLOCK_SIZE; 00440 ssl->specs.iv_size = DES_IV_SIZE; 00441 00442 break; 00443 #endif 00444 00445 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA 00446 case TLS_ECDHE_RSA_WITH_RC4_128_SHA : 00447 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00448 ssl->specs.cipher_type = stream; 00449 ssl->specs.mac_algorithm = sha_mac; 00450 ssl->specs.kea = ecc_diffie_hellman_kea; 00451 ssl->specs.sig_algo = rsa_sa_algo; 00452 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00453 ssl->specs.pad_size = PAD_SHA; 00454 ssl->specs.static_ecdh = 0; 00455 ssl->specs.key_size = RC4_KEY_SIZE; 00456 ssl->specs.iv_size = 0; 00457 ssl->specs.block_size = 0; 00458 00459 break; 00460 #endif 00461 00462 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA 00463 case TLS_ECDH_RSA_WITH_RC4_128_SHA : 00464 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00465 ssl->specs.cipher_type = stream; 00466 ssl->specs.mac_algorithm = sha_mac; 00467 ssl->specs.kea = ecc_diffie_hellman_kea; 00468 ssl->specs.sig_algo = rsa_sa_algo; 00469 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00470 ssl->specs.pad_size = PAD_SHA; 00471 ssl->specs.static_ecdh = 1; 00472 ssl->specs.key_size = RC4_KEY_SIZE; 00473 ssl->specs.iv_size = 0; 00474 ssl->specs.block_size = 0; 00475 00476 break; 00477 #endif 00478 00479 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 00480 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : 00481 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00482 ssl->specs.cipher_type = block; 00483 ssl->specs.mac_algorithm = sha_mac; 00484 ssl->specs.kea = ecc_diffie_hellman_kea; 00485 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00486 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00487 ssl->specs.pad_size = PAD_SHA; 00488 ssl->specs.static_ecdh = 0; 00489 ssl->specs.key_size = DES3_KEY_SIZE; 00490 ssl->specs.block_size = DES_BLOCK_SIZE; 00491 ssl->specs.iv_size = DES_IV_SIZE; 00492 00493 break; 00494 #endif 00495 00496 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 00497 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : 00498 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 00499 ssl->specs.cipher_type = block; 00500 ssl->specs.mac_algorithm = sha_mac; 00501 ssl->specs.kea = ecc_diffie_hellman_kea; 00502 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00503 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00504 ssl->specs.pad_size = PAD_SHA; 00505 ssl->specs.static_ecdh = 1; 00506 ssl->specs.key_size = DES3_KEY_SIZE; 00507 ssl->specs.block_size = DES_BLOCK_SIZE; 00508 ssl->specs.iv_size = DES_IV_SIZE; 00509 00510 break; 00511 #endif 00512 00513 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 00514 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : 00515 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00516 ssl->specs.cipher_type = stream; 00517 ssl->specs.mac_algorithm = sha_mac; 00518 ssl->specs.kea = ecc_diffie_hellman_kea; 00519 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00520 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00521 ssl->specs.pad_size = PAD_SHA; 00522 ssl->specs.static_ecdh = 0; 00523 ssl->specs.key_size = RC4_KEY_SIZE; 00524 ssl->specs.iv_size = 0; 00525 ssl->specs.block_size = 0; 00526 00527 break; 00528 #endif 00529 00530 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 00531 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : 00532 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 00533 ssl->specs.cipher_type = stream; 00534 ssl->specs.mac_algorithm = sha_mac; 00535 ssl->specs.kea = ecc_diffie_hellman_kea; 00536 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00537 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00538 ssl->specs.pad_size = PAD_SHA; 00539 ssl->specs.static_ecdh = 1; 00540 ssl->specs.key_size = RC4_KEY_SIZE; 00541 ssl->specs.iv_size = 0; 00542 ssl->specs.block_size = 0; 00543 00544 break; 00545 #endif 00546 00547 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 00548 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : 00549 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00550 ssl->specs.cipher_type = block; 00551 ssl->specs.mac_algorithm = sha_mac; 00552 ssl->specs.kea = ecc_diffie_hellman_kea; 00553 ssl->specs.sig_algo = rsa_sa_algo; 00554 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00555 ssl->specs.pad_size = PAD_SHA; 00556 ssl->specs.static_ecdh = 0; 00557 ssl->specs.key_size = AES_256_KEY_SIZE; 00558 ssl->specs.block_size = AES_BLOCK_SIZE; 00559 ssl->specs.iv_size = AES_IV_SIZE; 00560 00561 break; 00562 #endif 00563 00564 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 00565 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : 00566 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00567 ssl->specs.cipher_type = block; 00568 ssl->specs.mac_algorithm = sha_mac; 00569 ssl->specs.kea = ecc_diffie_hellman_kea; 00570 ssl->specs.sig_algo = rsa_sa_algo; 00571 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00572 ssl->specs.pad_size = PAD_SHA; 00573 ssl->specs.static_ecdh = 1; 00574 ssl->specs.key_size = AES_256_KEY_SIZE; 00575 ssl->specs.block_size = AES_BLOCK_SIZE; 00576 ssl->specs.iv_size = AES_IV_SIZE; 00577 00578 break; 00579 #endif 00580 00581 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 00582 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : 00583 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00584 ssl->specs.cipher_type = block; 00585 ssl->specs.mac_algorithm = sha_mac; 00586 ssl->specs.kea = ecc_diffie_hellman_kea; 00587 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00588 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00589 ssl->specs.pad_size = PAD_SHA; 00590 ssl->specs.static_ecdh = 0; 00591 ssl->specs.key_size = AES_128_KEY_SIZE; 00592 ssl->specs.block_size = AES_BLOCK_SIZE; 00593 ssl->specs.iv_size = AES_IV_SIZE; 00594 00595 break; 00596 #endif 00597 00598 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 00599 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : 00600 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00601 ssl->specs.cipher_type = block; 00602 ssl->specs.mac_algorithm = sha_mac; 00603 ssl->specs.kea = ecc_diffie_hellman_kea; 00604 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00605 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00606 ssl->specs.pad_size = PAD_SHA; 00607 ssl->specs.static_ecdh = 1; 00608 ssl->specs.key_size = AES_128_KEY_SIZE; 00609 ssl->specs.block_size = AES_BLOCK_SIZE; 00610 ssl->specs.iv_size = AES_IV_SIZE; 00611 00612 break; 00613 #endif 00614 00615 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 00616 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : 00617 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00618 ssl->specs.cipher_type = block; 00619 ssl->specs.mac_algorithm = sha_mac; 00620 ssl->specs.kea = ecc_diffie_hellman_kea; 00621 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00622 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00623 ssl->specs.pad_size = PAD_SHA; 00624 ssl->specs.static_ecdh = 0; 00625 ssl->specs.key_size = AES_256_KEY_SIZE; 00626 ssl->specs.block_size = AES_BLOCK_SIZE; 00627 ssl->specs.iv_size = AES_IV_SIZE; 00628 00629 break; 00630 #endif 00631 00632 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 00633 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : 00634 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00635 ssl->specs.cipher_type = block; 00636 ssl->specs.mac_algorithm = sha_mac; 00637 ssl->specs.kea = ecc_diffie_hellman_kea; 00638 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00639 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00640 ssl->specs.pad_size = PAD_SHA; 00641 ssl->specs.static_ecdh = 1; 00642 ssl->specs.key_size = AES_256_KEY_SIZE; 00643 ssl->specs.block_size = AES_BLOCK_SIZE; 00644 ssl->specs.iv_size = AES_IV_SIZE; 00645 00646 break; 00647 #endif 00648 00649 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 00650 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 00651 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00652 ssl->specs.cipher_type = aead; 00653 ssl->specs.mac_algorithm = sha256_mac; 00654 ssl->specs.kea = ecc_diffie_hellman_kea; 00655 ssl->specs.sig_algo = rsa_sa_algo; 00656 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00657 ssl->specs.pad_size = PAD_SHA; 00658 ssl->specs.static_ecdh = 0; 00659 ssl->specs.key_size = AES_128_KEY_SIZE; 00660 ssl->specs.block_size = AES_BLOCK_SIZE; 00661 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00662 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00663 00664 break; 00665 #endif 00666 00667 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 00668 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : 00669 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00670 ssl->specs.cipher_type = aead; 00671 ssl->specs.mac_algorithm = sha384_mac; 00672 ssl->specs.kea = ecc_diffie_hellman_kea; 00673 ssl->specs.sig_algo = rsa_sa_algo; 00674 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00675 ssl->specs.pad_size = PAD_SHA; 00676 ssl->specs.static_ecdh = 0; 00677 ssl->specs.key_size = AES_256_KEY_SIZE; 00678 ssl->specs.block_size = AES_BLOCK_SIZE; 00679 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00680 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00681 00682 break; 00683 #endif 00684 00685 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 00686 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : 00687 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00688 ssl->specs.cipher_type = aead; 00689 ssl->specs.mac_algorithm = sha256_mac; 00690 ssl->specs.kea = ecc_diffie_hellman_kea; 00691 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00692 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00693 ssl->specs.pad_size = PAD_SHA; 00694 ssl->specs.static_ecdh = 0; 00695 ssl->specs.key_size = AES_128_KEY_SIZE; 00696 ssl->specs.block_size = AES_BLOCK_SIZE; 00697 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00698 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00699 00700 break; 00701 #endif 00702 00703 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 00704 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : 00705 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00706 ssl->specs.cipher_type = aead; 00707 ssl->specs.mac_algorithm = sha384_mac; 00708 ssl->specs.kea = ecc_diffie_hellman_kea; 00709 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00710 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00711 ssl->specs.pad_size = PAD_SHA; 00712 ssl->specs.static_ecdh = 0; 00713 ssl->specs.key_size = AES_256_KEY_SIZE; 00714 ssl->specs.block_size = AES_BLOCK_SIZE; 00715 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00716 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00717 00718 break; 00719 #endif 00720 00721 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 00722 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : 00723 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00724 ssl->specs.cipher_type = aead; 00725 ssl->specs.mac_algorithm = sha256_mac; 00726 ssl->specs.kea = ecc_diffie_hellman_kea; 00727 ssl->specs.sig_algo = rsa_sa_algo; 00728 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00729 ssl->specs.pad_size = PAD_SHA; 00730 ssl->specs.static_ecdh = 1; 00731 ssl->specs.key_size = AES_128_KEY_SIZE; 00732 ssl->specs.block_size = AES_BLOCK_SIZE; 00733 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00734 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00735 00736 break; 00737 #endif 00738 00739 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 00740 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : 00741 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00742 ssl->specs.cipher_type = aead; 00743 ssl->specs.mac_algorithm = sha384_mac; 00744 ssl->specs.kea = ecc_diffie_hellman_kea; 00745 ssl->specs.sig_algo = rsa_sa_algo; 00746 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00747 ssl->specs.pad_size = PAD_SHA; 00748 ssl->specs.static_ecdh = 1; 00749 ssl->specs.key_size = AES_256_KEY_SIZE; 00750 ssl->specs.block_size = AES_BLOCK_SIZE; 00751 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00752 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00753 00754 break; 00755 #endif 00756 00757 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 00758 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : 00759 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00760 ssl->specs.cipher_type = aead; 00761 ssl->specs.mac_algorithm = sha256_mac; 00762 ssl->specs.kea = ecc_diffie_hellman_kea; 00763 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00764 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00765 ssl->specs.pad_size = PAD_SHA; 00766 ssl->specs.static_ecdh = 1; 00767 ssl->specs.key_size = AES_128_KEY_SIZE; 00768 ssl->specs.block_size = AES_BLOCK_SIZE; 00769 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00770 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00771 00772 break; 00773 #endif 00774 00775 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 00776 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : 00777 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 00778 ssl->specs.cipher_type = aead; 00779 ssl->specs.mac_algorithm = sha384_mac; 00780 ssl->specs.kea = ecc_diffie_hellman_kea; 00781 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00782 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 00783 ssl->specs.pad_size = PAD_SHA; 00784 ssl->specs.static_ecdh = 1; 00785 ssl->specs.key_size = AES_256_KEY_SIZE; 00786 ssl->specs.block_size = AES_BLOCK_SIZE; 00787 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00788 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 00789 00790 break; 00791 #endif 00792 00793 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 00794 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM : 00795 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00796 ssl->specs.cipher_type = aead; 00797 ssl->specs.mac_algorithm = sha256_mac; 00798 ssl->specs.kea = ecc_diffie_hellman_kea; 00799 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00800 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00801 ssl->specs.pad_size = PAD_SHA; 00802 ssl->specs.static_ecdh = 0; 00803 ssl->specs.key_size = AES_128_KEY_SIZE; 00804 ssl->specs.block_size = AES_BLOCK_SIZE; 00805 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00806 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 00807 00808 break; 00809 #endif 00810 00811 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 00812 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : 00813 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00814 ssl->specs.cipher_type = aead; 00815 ssl->specs.mac_algorithm = sha256_mac; 00816 ssl->specs.kea = ecc_diffie_hellman_kea; 00817 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00818 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00819 ssl->specs.pad_size = PAD_SHA; 00820 ssl->specs.static_ecdh = 0; 00821 ssl->specs.key_size = AES_128_KEY_SIZE; 00822 ssl->specs.block_size = AES_BLOCK_SIZE; 00823 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00824 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00825 00826 break; 00827 #endif 00828 00829 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 00830 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : 00831 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00832 ssl->specs.cipher_type = aead; 00833 ssl->specs.mac_algorithm = sha256_mac; 00834 ssl->specs.kea = ecc_diffie_hellman_kea; 00835 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00836 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00837 ssl->specs.pad_size = PAD_SHA; 00838 ssl->specs.static_ecdh = 0; 00839 ssl->specs.key_size = AES_256_KEY_SIZE; 00840 ssl->specs.block_size = AES_BLOCK_SIZE; 00841 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00842 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00843 00844 break; 00845 #endif 00846 00847 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA 00848 case TLS_ECDHE_ECDSA_WITH_NULL_SHA : 00849 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 00850 ssl->specs.cipher_type = stream; 00851 ssl->specs.mac_algorithm = sha_mac; 00852 ssl->specs.kea = ecc_diffie_hellman_kea; 00853 ssl->specs.sig_algo = ecc_dsa_sa_algo; 00854 ssl->specs.hash_size = SHA_DIGEST_SIZE; 00855 ssl->specs.pad_size = PAD_SHA; 00856 ssl->specs.static_ecdh = 0; 00857 ssl->specs.key_size = 0; 00858 ssl->specs.block_size = 0; 00859 ssl->specs.iv_size = 0; 00860 00861 break; 00862 #endif 00863 00864 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 00865 case TLS_ECDHE_PSK_WITH_NULL_SHA256 : 00866 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 00867 ssl->specs.cipher_type = stream; 00868 ssl->specs.mac_algorithm = sha256_mac; 00869 ssl->specs.kea = ecdhe_psk_kea; 00870 ssl->specs.sig_algo = anonymous_sa_algo; 00871 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00872 ssl->specs.pad_size = PAD_SHA; 00873 ssl->specs.static_ecdh = 0; 00874 ssl->specs.key_size = 0; 00875 ssl->specs.block_size = 0; 00876 ssl->specs.iv_size = 0; 00877 00878 ssl->options.usingPSK_cipher = 1; 00879 break; 00880 #endif 00881 00882 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 00883 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : 00884 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 00885 ssl->specs.cipher_type = block; 00886 ssl->specs.mac_algorithm = sha256_mac; 00887 ssl->specs.kea = ecdhe_psk_kea; 00888 ssl->specs.sig_algo = anonymous_sa_algo; 00889 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00890 ssl->specs.pad_size = PAD_SHA; 00891 ssl->specs.static_ecdh = 0; 00892 ssl->specs.key_size = AES_128_KEY_SIZE; 00893 ssl->specs.block_size = AES_BLOCK_SIZE; 00894 ssl->specs.iv_size = AES_IV_SIZE; 00895 00896 ssl->options.usingPSK_cipher = 1; 00897 break; 00898 #endif 00899 #endif /* HAVE_ECC */ 00900 00901 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 00902 case TLS_RSA_WITH_AES_128_CCM_8 : 00903 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00904 ssl->specs.cipher_type = aead; 00905 ssl->specs.mac_algorithm = sha256_mac; 00906 ssl->specs.kea = rsa_kea; 00907 ssl->specs.sig_algo = rsa_sa_algo; 00908 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00909 ssl->specs.pad_size = PAD_SHA; 00910 ssl->specs.static_ecdh = 0; 00911 ssl->specs.key_size = AES_128_KEY_SIZE; 00912 ssl->specs.block_size = AES_BLOCK_SIZE; 00913 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00914 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00915 00916 break; 00917 #endif 00918 00919 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 00920 case TLS_RSA_WITH_AES_256_CCM_8 : 00921 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00922 ssl->specs.cipher_type = aead; 00923 ssl->specs.mac_algorithm = sha256_mac; 00924 ssl->specs.kea = rsa_kea; 00925 ssl->specs.sig_algo = rsa_sa_algo; 00926 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00927 ssl->specs.pad_size = PAD_SHA; 00928 ssl->specs.static_ecdh = 0; 00929 ssl->specs.key_size = AES_256_KEY_SIZE; 00930 ssl->specs.block_size = AES_BLOCK_SIZE; 00931 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00932 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00933 00934 break; 00935 #endif 00936 00937 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 00938 case TLS_PSK_WITH_AES_128_CCM_8 : 00939 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00940 ssl->specs.cipher_type = aead; 00941 ssl->specs.mac_algorithm = sha256_mac; 00942 ssl->specs.kea = psk_kea; 00943 ssl->specs.sig_algo = anonymous_sa_algo; 00944 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00945 ssl->specs.pad_size = PAD_SHA; 00946 ssl->specs.static_ecdh = 0; 00947 ssl->specs.key_size = AES_128_KEY_SIZE; 00948 ssl->specs.block_size = AES_BLOCK_SIZE; 00949 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00950 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00951 00952 ssl->options.usingPSK_cipher = 1; 00953 break; 00954 #endif 00955 00956 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 00957 case TLS_PSK_WITH_AES_256_CCM_8 : 00958 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00959 ssl->specs.cipher_type = aead; 00960 ssl->specs.mac_algorithm = sha256_mac; 00961 ssl->specs.kea = psk_kea; 00962 ssl->specs.sig_algo = anonymous_sa_algo; 00963 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00964 ssl->specs.pad_size = PAD_SHA; 00965 ssl->specs.static_ecdh = 0; 00966 ssl->specs.key_size = AES_256_KEY_SIZE; 00967 ssl->specs.block_size = AES_BLOCK_SIZE; 00968 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00969 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 00970 00971 ssl->options.usingPSK_cipher = 1; 00972 break; 00973 #endif 00974 00975 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM 00976 case TLS_PSK_WITH_AES_128_CCM : 00977 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00978 ssl->specs.cipher_type = aead; 00979 ssl->specs.mac_algorithm = sha256_mac; 00980 ssl->specs.kea = psk_kea; 00981 ssl->specs.sig_algo = anonymous_sa_algo; 00982 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 00983 ssl->specs.pad_size = PAD_SHA; 00984 ssl->specs.static_ecdh = 0; 00985 ssl->specs.key_size = AES_128_KEY_SIZE; 00986 ssl->specs.block_size = AES_BLOCK_SIZE; 00987 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 00988 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 00989 00990 ssl->options.usingPSK_cipher = 1; 00991 break; 00992 #endif 00993 00994 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM 00995 case TLS_PSK_WITH_AES_256_CCM : 00996 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 00997 ssl->specs.cipher_type = aead; 00998 ssl->specs.mac_algorithm = sha256_mac; 00999 ssl->specs.kea = psk_kea; 01000 ssl->specs.sig_algo = anonymous_sa_algo; 01001 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01002 ssl->specs.pad_size = PAD_SHA; 01003 ssl->specs.static_ecdh = 0; 01004 ssl->specs.key_size = AES_256_KEY_SIZE; 01005 ssl->specs.block_size = AES_BLOCK_SIZE; 01006 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01007 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 01008 01009 ssl->options.usingPSK_cipher = 1; 01010 break; 01011 #endif 01012 01013 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM 01014 case TLS_DHE_PSK_WITH_AES_128_CCM : 01015 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 01016 ssl->specs.cipher_type = aead; 01017 ssl->specs.mac_algorithm = sha256_mac; 01018 ssl->specs.kea = dhe_psk_kea; 01019 ssl->specs.sig_algo = anonymous_sa_algo; 01020 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01021 ssl->specs.pad_size = PAD_SHA; 01022 ssl->specs.static_ecdh = 0; 01023 ssl->specs.key_size = AES_128_KEY_SIZE; 01024 ssl->specs.block_size = AES_BLOCK_SIZE; 01025 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01026 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 01027 01028 ssl->options.usingPSK_cipher = 1; 01029 break; 01030 #endif 01031 01032 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM 01033 case TLS_DHE_PSK_WITH_AES_256_CCM : 01034 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 01035 ssl->specs.cipher_type = aead; 01036 ssl->specs.mac_algorithm = sha256_mac; 01037 ssl->specs.kea = dhe_psk_kea; 01038 ssl->specs.sig_algo = anonymous_sa_algo; 01039 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01040 ssl->specs.pad_size = PAD_SHA; 01041 ssl->specs.static_ecdh = 0; 01042 ssl->specs.key_size = AES_256_KEY_SIZE; 01043 ssl->specs.block_size = AES_BLOCK_SIZE; 01044 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01045 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 01046 01047 ssl->options.usingPSK_cipher = 1; 01048 break; 01049 #endif 01050 01051 default: 01052 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC"); 01053 return UNSUPPORTED_SUITE; 01054 } /* switch */ 01055 } /* if */ 01056 01057 /* TLSi v1.3 cipher suites, 0x13 */ 01058 if (ssl->options.cipherSuite0 == TLS13_BYTE) { 01059 switch (ssl->options.cipherSuite) { 01060 01061 #ifdef WOLFSSL_TLS13 01062 #ifdef BUILD_TLS_AES_128_GCM_SHA256 01063 case TLS_AES_128_GCM_SHA256 : 01064 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01065 ssl->specs.cipher_type = aead; 01066 ssl->specs.mac_algorithm = sha256_mac; 01067 ssl->specs.kea = 0; 01068 ssl->specs.sig_algo = 0; 01069 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01070 ssl->specs.pad_size = PAD_SHA; 01071 ssl->specs.static_ecdh = 0; 01072 ssl->specs.key_size = AES_128_KEY_SIZE; 01073 ssl->specs.block_size = AES_BLOCK_SIZE; 01074 ssl->specs.iv_size = AESGCM_NONCE_SZ; 01075 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01076 01077 break; 01078 #endif 01079 01080 #ifdef BUILD_TLS_AES_256_GCM_SHA384 01081 case TLS_AES_256_GCM_SHA384 : 01082 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01083 ssl->specs.cipher_type = aead; 01084 ssl->specs.mac_algorithm = sha384_mac; 01085 ssl->specs.kea = 0; 01086 ssl->specs.sig_algo = 0; 01087 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01088 ssl->specs.pad_size = PAD_SHA; 01089 ssl->specs.static_ecdh = 0; 01090 ssl->specs.key_size = AES_256_KEY_SIZE; 01091 ssl->specs.block_size = AES_BLOCK_SIZE; 01092 ssl->specs.iv_size = AESGCM_NONCE_SZ; 01093 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01094 01095 break; 01096 #endif 01097 01098 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 01099 case TLS_CHACHA20_POLY1305_SHA256 : 01100 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; 01101 ssl->specs.cipher_type = aead; 01102 ssl->specs.mac_algorithm = sha256_mac; 01103 ssl->specs.kea = 0; 01104 ssl->specs.sig_algo = 0; 01105 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01106 ssl->specs.pad_size = PAD_SHA; 01107 ssl->specs.static_ecdh = 0; 01108 ssl->specs.key_size = CHACHA20_256_KEY_SIZE; 01109 ssl->specs.block_size = CHACHA20_BLOCK_SIZE; 01110 ssl->specs.iv_size = CHACHA20_IV_SIZE; 01111 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; 01112 ssl->options.oldPoly = 0; /* use recent padding RFC */ 01113 01114 break; 01115 #endif 01116 01117 #ifdef BUILD_TLS_AES_128_CCM_SHA256 01118 case TLS_AES_128_CCM_SHA256 : 01119 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 01120 ssl->specs.cipher_type = aead; 01121 ssl->specs.mac_algorithm = sha256_mac; 01122 ssl->specs.kea = 0; 01123 ssl->specs.sig_algo = 0; 01124 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01125 ssl->specs.pad_size = PAD_SHA; 01126 ssl->specs.static_ecdh = 0; 01127 ssl->specs.key_size = AES_128_KEY_SIZE; 01128 ssl->specs.block_size = AES_BLOCK_SIZE; 01129 ssl->specs.iv_size = AESGCM_NONCE_SZ; 01130 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; 01131 01132 break; 01133 #endif 01134 01135 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 01136 case TLS_AES_128_CCM_8_SHA256 : 01137 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; 01138 ssl->specs.cipher_type = aead; 01139 ssl->specs.mac_algorithm = sha256_mac; 01140 ssl->specs.kea = 0; 01141 ssl->specs.sig_algo = 0; 01142 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01143 ssl->specs.pad_size = PAD_SHA; 01144 ssl->specs.static_ecdh = 0; 01145 ssl->specs.key_size = AES_128_KEY_SIZE; 01146 ssl->specs.block_size = AES_BLOCK_SIZE; 01147 ssl->specs.iv_size = AESGCM_NONCE_SZ; 01148 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ; 01149 01150 break; 01151 #endif 01152 #endif /* WOLFSSL_TLS13 */ 01153 } 01154 } 01155 01156 if (ssl->options.cipherSuite0 != ECC_BYTE && 01157 ssl->options.cipherSuite0 != CHACHA_BYTE && 01158 ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */ 01159 switch (ssl->options.cipherSuite) { 01160 01161 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA 01162 case SSL_RSA_WITH_RC4_128_SHA : 01163 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 01164 ssl->specs.cipher_type = stream; 01165 ssl->specs.mac_algorithm = sha_mac; 01166 ssl->specs.kea = rsa_kea; 01167 ssl->specs.sig_algo = rsa_sa_algo; 01168 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01169 ssl->specs.pad_size = PAD_SHA; 01170 ssl->specs.static_ecdh = 0; 01171 ssl->specs.key_size = RC4_KEY_SIZE; 01172 ssl->specs.iv_size = 0; 01173 ssl->specs.block_size = 0; 01174 01175 break; 01176 #endif 01177 01178 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA 01179 case TLS_NTRU_RSA_WITH_RC4_128_SHA : 01180 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 01181 ssl->specs.cipher_type = stream; 01182 ssl->specs.mac_algorithm = sha_mac; 01183 ssl->specs.kea = ntru_kea; 01184 ssl->specs.sig_algo = rsa_sa_algo; 01185 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01186 ssl->specs.pad_size = PAD_SHA; 01187 ssl->specs.static_ecdh = 0; 01188 ssl->specs.key_size = RC4_KEY_SIZE; 01189 ssl->specs.iv_size = 0; 01190 ssl->specs.block_size = 0; 01191 01192 break; 01193 #endif 01194 01195 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 01196 case SSL_RSA_WITH_RC4_128_MD5 : 01197 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; 01198 ssl->specs.cipher_type = stream; 01199 ssl->specs.mac_algorithm = md5_mac; 01200 ssl->specs.kea = rsa_kea; 01201 ssl->specs.sig_algo = rsa_sa_algo; 01202 ssl->specs.hash_size = MD5_DIGEST_SIZE; 01203 ssl->specs.pad_size = PAD_MD5; 01204 ssl->specs.static_ecdh = 0; 01205 ssl->specs.key_size = RC4_KEY_SIZE; 01206 ssl->specs.iv_size = 0; 01207 ssl->specs.block_size = 0; 01208 01209 break; 01210 #endif 01211 01212 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 01213 case SSL_RSA_WITH_3DES_EDE_CBC_SHA : 01214 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 01215 ssl->specs.cipher_type = block; 01216 ssl->specs.mac_algorithm = sha_mac; 01217 ssl->specs.kea = rsa_kea; 01218 ssl->specs.sig_algo = rsa_sa_algo; 01219 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01220 ssl->specs.pad_size = PAD_SHA; 01221 ssl->specs.static_ecdh = 0; 01222 ssl->specs.key_size = DES3_KEY_SIZE; 01223 ssl->specs.block_size = DES_BLOCK_SIZE; 01224 ssl->specs.iv_size = DES_IV_SIZE; 01225 01226 break; 01227 #endif 01228 01229 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA 01230 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : 01231 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 01232 ssl->specs.cipher_type = block; 01233 ssl->specs.mac_algorithm = sha_mac; 01234 ssl->specs.kea = ntru_kea; 01235 ssl->specs.sig_algo = rsa_sa_algo; 01236 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01237 ssl->specs.pad_size = PAD_SHA; 01238 ssl->specs.static_ecdh = 0; 01239 ssl->specs.key_size = DES3_KEY_SIZE; 01240 ssl->specs.block_size = DES_BLOCK_SIZE; 01241 ssl->specs.iv_size = DES_IV_SIZE; 01242 01243 break; 01244 #endif 01245 01246 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 01247 case TLS_RSA_WITH_AES_128_CBC_SHA : 01248 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01249 ssl->specs.cipher_type = block; 01250 ssl->specs.mac_algorithm = sha_mac; 01251 ssl->specs.kea = rsa_kea; 01252 ssl->specs.sig_algo = rsa_sa_algo; 01253 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01254 ssl->specs.pad_size = PAD_SHA; 01255 ssl->specs.static_ecdh = 0; 01256 ssl->specs.key_size = AES_128_KEY_SIZE; 01257 ssl->specs.block_size = AES_BLOCK_SIZE; 01258 ssl->specs.iv_size = AES_IV_SIZE; 01259 01260 break; 01261 #endif 01262 01263 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 01264 case TLS_RSA_WITH_AES_128_CBC_SHA256 : 01265 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01266 ssl->specs.cipher_type = block; 01267 ssl->specs.mac_algorithm = sha256_mac; 01268 ssl->specs.kea = rsa_kea; 01269 ssl->specs.sig_algo = rsa_sa_algo; 01270 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01271 ssl->specs.pad_size = PAD_SHA; 01272 ssl->specs.static_ecdh = 0; 01273 ssl->specs.key_size = AES_128_KEY_SIZE; 01274 ssl->specs.block_size = AES_BLOCK_SIZE; 01275 ssl->specs.iv_size = AES_IV_SIZE; 01276 01277 break; 01278 #endif 01279 01280 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA 01281 case TLS_RSA_WITH_NULL_SHA : 01282 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01283 ssl->specs.cipher_type = stream; 01284 ssl->specs.mac_algorithm = sha_mac; 01285 ssl->specs.kea = rsa_kea; 01286 ssl->specs.sig_algo = rsa_sa_algo; 01287 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01288 ssl->specs.pad_size = PAD_SHA; 01289 ssl->specs.static_ecdh = 0; 01290 ssl->specs.key_size = 0; 01291 ssl->specs.block_size = 0; 01292 ssl->specs.iv_size = 0; 01293 01294 break; 01295 #endif 01296 01297 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 01298 case TLS_RSA_WITH_NULL_SHA256 : 01299 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01300 ssl->specs.cipher_type = stream; 01301 ssl->specs.mac_algorithm = sha256_mac; 01302 ssl->specs.kea = rsa_kea; 01303 ssl->specs.sig_algo = rsa_sa_algo; 01304 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01305 ssl->specs.pad_size = PAD_SHA; 01306 ssl->specs.static_ecdh = 0; 01307 ssl->specs.key_size = 0; 01308 ssl->specs.block_size = 0; 01309 ssl->specs.iv_size = 0; 01310 01311 break; 01312 #endif 01313 01314 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA 01315 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : 01316 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01317 ssl->specs.cipher_type = block; 01318 ssl->specs.mac_algorithm = sha_mac; 01319 ssl->specs.kea = ntru_kea; 01320 ssl->specs.sig_algo = rsa_sa_algo; 01321 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01322 ssl->specs.pad_size = PAD_SHA; 01323 ssl->specs.static_ecdh = 0; 01324 ssl->specs.key_size = AES_128_KEY_SIZE; 01325 ssl->specs.block_size = AES_BLOCK_SIZE; 01326 ssl->specs.iv_size = AES_IV_SIZE; 01327 01328 break; 01329 #endif 01330 01331 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 01332 case TLS_RSA_WITH_AES_256_CBC_SHA : 01333 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01334 ssl->specs.cipher_type = block; 01335 ssl->specs.mac_algorithm = sha_mac; 01336 ssl->specs.kea = rsa_kea; 01337 ssl->specs.sig_algo = rsa_sa_algo; 01338 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01339 ssl->specs.pad_size = PAD_SHA; 01340 ssl->specs.static_ecdh = 0; 01341 ssl->specs.key_size = AES_256_KEY_SIZE; 01342 ssl->specs.block_size = AES_BLOCK_SIZE; 01343 ssl->specs.iv_size = AES_IV_SIZE; 01344 01345 break; 01346 #endif 01347 01348 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 01349 case TLS_RSA_WITH_AES_256_CBC_SHA256 : 01350 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01351 ssl->specs.cipher_type = block; 01352 ssl->specs.mac_algorithm = sha256_mac; 01353 ssl->specs.kea = rsa_kea; 01354 ssl->specs.sig_algo = rsa_sa_algo; 01355 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01356 ssl->specs.pad_size = PAD_SHA; 01357 ssl->specs.static_ecdh = 0; 01358 ssl->specs.key_size = AES_256_KEY_SIZE; 01359 ssl->specs.block_size = AES_BLOCK_SIZE; 01360 ssl->specs.iv_size = AES_IV_SIZE; 01361 01362 break; 01363 #endif 01364 01365 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA 01366 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : 01367 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01368 ssl->specs.cipher_type = block; 01369 ssl->specs.mac_algorithm = sha_mac; 01370 ssl->specs.kea = ntru_kea; 01371 ssl->specs.sig_algo = rsa_sa_algo; 01372 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01373 ssl->specs.pad_size = PAD_SHA; 01374 ssl->specs.static_ecdh = 0; 01375 ssl->specs.key_size = AES_256_KEY_SIZE; 01376 ssl->specs.block_size = AES_BLOCK_SIZE; 01377 ssl->specs.iv_size = AES_IV_SIZE; 01378 01379 break; 01380 #endif 01381 01382 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 01383 case TLS_PSK_WITH_AES_128_GCM_SHA256 : 01384 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01385 ssl->specs.cipher_type = aead; 01386 ssl->specs.mac_algorithm = sha256_mac; 01387 ssl->specs.kea = psk_kea; 01388 ssl->specs.sig_algo = anonymous_sa_algo; 01389 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01390 ssl->specs.pad_size = PAD_SHA; 01391 ssl->specs.static_ecdh = 0; 01392 ssl->specs.key_size = AES_128_KEY_SIZE; 01393 ssl->specs.block_size = AES_BLOCK_SIZE; 01394 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01395 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01396 01397 ssl->options.usingPSK_cipher = 1; 01398 break; 01399 #endif 01400 01401 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 01402 case TLS_PSK_WITH_AES_256_GCM_SHA384 : 01403 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01404 ssl->specs.cipher_type = aead; 01405 ssl->specs.mac_algorithm = sha384_mac; 01406 ssl->specs.kea = psk_kea; 01407 ssl->specs.sig_algo = anonymous_sa_algo; 01408 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01409 ssl->specs.pad_size = PAD_SHA; 01410 ssl->specs.static_ecdh = 0; 01411 ssl->specs.key_size = AES_256_KEY_SIZE; 01412 ssl->specs.block_size = AES_BLOCK_SIZE; 01413 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01414 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01415 01416 ssl->options.usingPSK_cipher = 1; 01417 break; 01418 #endif 01419 01420 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 01421 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : 01422 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01423 ssl->specs.cipher_type = aead; 01424 ssl->specs.mac_algorithm = sha256_mac; 01425 ssl->specs.kea = dhe_psk_kea; 01426 ssl->specs.sig_algo = anonymous_sa_algo; 01427 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01428 ssl->specs.pad_size = PAD_SHA; 01429 ssl->specs.static_ecdh = 0; 01430 ssl->specs.key_size = AES_128_KEY_SIZE; 01431 ssl->specs.block_size = AES_BLOCK_SIZE; 01432 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01433 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01434 01435 ssl->options.usingPSK_cipher = 1; 01436 break; 01437 #endif 01438 01439 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 01440 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : 01441 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01442 ssl->specs.cipher_type = aead; 01443 ssl->specs.mac_algorithm = sha384_mac; 01444 ssl->specs.kea = dhe_psk_kea; 01445 ssl->specs.sig_algo = anonymous_sa_algo; 01446 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01447 ssl->specs.pad_size = PAD_SHA; 01448 ssl->specs.static_ecdh = 0; 01449 ssl->specs.key_size = AES_256_KEY_SIZE; 01450 ssl->specs.block_size = AES_BLOCK_SIZE; 01451 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01452 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01453 01454 ssl->options.usingPSK_cipher = 1; 01455 break; 01456 #endif 01457 01458 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 01459 case TLS_PSK_WITH_AES_128_CBC_SHA256 : 01460 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01461 ssl->specs.cipher_type = block; 01462 ssl->specs.mac_algorithm = sha256_mac; 01463 ssl->specs.kea = psk_kea; 01464 ssl->specs.sig_algo = anonymous_sa_algo; 01465 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01466 ssl->specs.pad_size = PAD_SHA; 01467 ssl->specs.static_ecdh = 0; 01468 ssl->specs.key_size = AES_128_KEY_SIZE; 01469 ssl->specs.block_size = AES_BLOCK_SIZE; 01470 ssl->specs.iv_size = AES_IV_SIZE; 01471 01472 ssl->options.usingPSK_cipher = 1; 01473 break; 01474 #endif 01475 01476 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 01477 case TLS_PSK_WITH_AES_256_CBC_SHA384 : 01478 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01479 ssl->specs.cipher_type = block; 01480 ssl->specs.mac_algorithm = sha384_mac; 01481 ssl->specs.kea = psk_kea; 01482 ssl->specs.sig_algo = anonymous_sa_algo; 01483 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01484 ssl->specs.pad_size = PAD_SHA; 01485 ssl->specs.static_ecdh = 0; 01486 ssl->specs.key_size = AES_256_KEY_SIZE; 01487 ssl->specs.block_size = AES_BLOCK_SIZE; 01488 ssl->specs.iv_size = AES_IV_SIZE; 01489 01490 ssl->options.usingPSK_cipher = 1; 01491 break; 01492 #endif 01493 01494 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 01495 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : 01496 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01497 ssl->specs.cipher_type = block; 01498 ssl->specs.mac_algorithm = sha256_mac; 01499 ssl->specs.kea = dhe_psk_kea; 01500 ssl->specs.sig_algo = anonymous_sa_algo; 01501 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01502 ssl->specs.pad_size = PAD_SHA; 01503 ssl->specs.static_ecdh = 0; 01504 ssl->specs.key_size = AES_128_KEY_SIZE; 01505 ssl->specs.block_size = AES_BLOCK_SIZE; 01506 ssl->specs.iv_size = AES_IV_SIZE; 01507 01508 ssl->options.usingPSK_cipher = 1; 01509 break; 01510 #endif 01511 01512 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 01513 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : 01514 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01515 ssl->specs.cipher_type = block; 01516 ssl->specs.mac_algorithm = sha384_mac; 01517 ssl->specs.kea = dhe_psk_kea; 01518 ssl->specs.sig_algo = anonymous_sa_algo; 01519 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01520 ssl->specs.pad_size = PAD_SHA; 01521 ssl->specs.static_ecdh = 0; 01522 ssl->specs.key_size = AES_256_KEY_SIZE; 01523 ssl->specs.block_size = AES_BLOCK_SIZE; 01524 ssl->specs.iv_size = AES_IV_SIZE; 01525 01526 ssl->options.usingPSK_cipher = 1; 01527 break; 01528 #endif 01529 01530 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 01531 case TLS_PSK_WITH_AES_128_CBC_SHA : 01532 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01533 ssl->specs.cipher_type = block; 01534 ssl->specs.mac_algorithm = sha_mac; 01535 ssl->specs.kea = psk_kea; 01536 ssl->specs.sig_algo = anonymous_sa_algo; 01537 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01538 ssl->specs.pad_size = PAD_SHA; 01539 ssl->specs.static_ecdh = 0; 01540 ssl->specs.key_size = AES_128_KEY_SIZE; 01541 ssl->specs.block_size = AES_BLOCK_SIZE; 01542 ssl->specs.iv_size = AES_IV_SIZE; 01543 01544 ssl->options.usingPSK_cipher = 1; 01545 break; 01546 #endif 01547 01548 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 01549 case TLS_PSK_WITH_AES_256_CBC_SHA : 01550 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01551 ssl->specs.cipher_type = block; 01552 ssl->specs.mac_algorithm = sha_mac; 01553 ssl->specs.kea = psk_kea; 01554 ssl->specs.sig_algo = anonymous_sa_algo; 01555 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01556 ssl->specs.pad_size = PAD_SHA; 01557 ssl->specs.static_ecdh = 0; 01558 ssl->specs.key_size = AES_256_KEY_SIZE; 01559 ssl->specs.block_size = AES_BLOCK_SIZE; 01560 ssl->specs.iv_size = AES_IV_SIZE; 01561 01562 ssl->options.usingPSK_cipher = 1; 01563 break; 01564 #endif 01565 01566 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 01567 case TLS_PSK_WITH_NULL_SHA256 : 01568 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01569 ssl->specs.cipher_type = stream; 01570 ssl->specs.mac_algorithm = sha256_mac; 01571 ssl->specs.kea = psk_kea; 01572 ssl->specs.sig_algo = anonymous_sa_algo; 01573 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01574 ssl->specs.pad_size = PAD_SHA; 01575 ssl->specs.static_ecdh = 0; 01576 ssl->specs.key_size = 0; 01577 ssl->specs.block_size = 0; 01578 ssl->specs.iv_size = 0; 01579 01580 ssl->options.usingPSK_cipher = 1; 01581 break; 01582 #endif 01583 01584 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 01585 case TLS_PSK_WITH_NULL_SHA384 : 01586 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01587 ssl->specs.cipher_type = stream; 01588 ssl->specs.mac_algorithm = sha384_mac; 01589 ssl->specs.kea = psk_kea; 01590 ssl->specs.sig_algo = anonymous_sa_algo; 01591 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01592 ssl->specs.pad_size = PAD_SHA; 01593 ssl->specs.static_ecdh = 0; 01594 ssl->specs.key_size = 0; 01595 ssl->specs.block_size = 0; 01596 ssl->specs.iv_size = 0; 01597 01598 ssl->options.usingPSK_cipher = 1; 01599 break; 01600 #endif 01601 01602 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA 01603 case TLS_PSK_WITH_NULL_SHA : 01604 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01605 ssl->specs.cipher_type = stream; 01606 ssl->specs.mac_algorithm = sha_mac; 01607 ssl->specs.kea = psk_kea; 01608 ssl->specs.sig_algo = anonymous_sa_algo; 01609 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01610 ssl->specs.pad_size = PAD_SHA; 01611 ssl->specs.static_ecdh = 0; 01612 ssl->specs.key_size = 0; 01613 ssl->specs.block_size = 0; 01614 ssl->specs.iv_size = 0; 01615 01616 ssl->options.usingPSK_cipher = 1; 01617 break; 01618 #endif 01619 01620 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 01621 case TLS_DHE_PSK_WITH_NULL_SHA256 : 01622 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01623 ssl->specs.cipher_type = stream; 01624 ssl->specs.mac_algorithm = sha256_mac; 01625 ssl->specs.kea = dhe_psk_kea; 01626 ssl->specs.sig_algo = anonymous_sa_algo; 01627 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01628 ssl->specs.pad_size = PAD_SHA; 01629 ssl->specs.static_ecdh = 0; 01630 ssl->specs.key_size = 0; 01631 ssl->specs.block_size = 0; 01632 ssl->specs.iv_size = 0; 01633 01634 ssl->options.usingPSK_cipher = 1; 01635 break; 01636 #endif 01637 01638 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 01639 case TLS_DHE_PSK_WITH_NULL_SHA384 : 01640 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; 01641 ssl->specs.cipher_type = stream; 01642 ssl->specs.mac_algorithm = sha384_mac; 01643 ssl->specs.kea = dhe_psk_kea; 01644 ssl->specs.sig_algo = anonymous_sa_algo; 01645 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01646 ssl->specs.pad_size = PAD_SHA; 01647 ssl->specs.static_ecdh = 0; 01648 ssl->specs.key_size = 0; 01649 ssl->specs.block_size = 0; 01650 ssl->specs.iv_size = 0; 01651 01652 ssl->options.usingPSK_cipher = 1; 01653 break; 01654 #endif 01655 01656 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 01657 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : 01658 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01659 ssl->specs.cipher_type = block; 01660 ssl->specs.mac_algorithm = sha256_mac; 01661 ssl->specs.kea = diffie_hellman_kea; 01662 ssl->specs.sig_algo = rsa_sa_algo; 01663 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01664 ssl->specs.pad_size = PAD_SHA; 01665 ssl->specs.static_ecdh = 0; 01666 ssl->specs.key_size = AES_128_KEY_SIZE; 01667 ssl->specs.block_size = AES_BLOCK_SIZE; 01668 ssl->specs.iv_size = AES_IV_SIZE; 01669 01670 break; 01671 #endif 01672 01673 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 01674 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA : 01675 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; 01676 ssl->specs.cipher_type = block; 01677 ssl->specs.mac_algorithm = sha_mac; 01678 ssl->specs.kea = diffie_hellman_kea; 01679 ssl->specs.sig_algo = rsa_sa_algo; 01680 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01681 ssl->specs.pad_size = PAD_SHA; 01682 ssl->specs.static_ecdh = 0; 01683 ssl->specs.key_size = DES3_KEY_SIZE; 01684 ssl->specs.block_size = DES_BLOCK_SIZE; 01685 ssl->specs.iv_size = DES_IV_SIZE; 01686 01687 break; 01688 #endif 01689 01690 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 01691 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : 01692 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01693 ssl->specs.cipher_type = block; 01694 ssl->specs.mac_algorithm = sha256_mac; 01695 ssl->specs.kea = diffie_hellman_kea; 01696 ssl->specs.sig_algo = rsa_sa_algo; 01697 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01698 ssl->specs.pad_size = PAD_SHA; 01699 ssl->specs.static_ecdh = 0; 01700 ssl->specs.key_size = AES_256_KEY_SIZE; 01701 ssl->specs.block_size = AES_BLOCK_SIZE; 01702 ssl->specs.iv_size = AES_IV_SIZE; 01703 01704 break; 01705 #endif 01706 01707 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 01708 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : 01709 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01710 ssl->specs.cipher_type = block; 01711 ssl->specs.mac_algorithm = sha_mac; 01712 ssl->specs.kea = diffie_hellman_kea; 01713 ssl->specs.sig_algo = rsa_sa_algo; 01714 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01715 ssl->specs.pad_size = PAD_SHA; 01716 ssl->specs.static_ecdh = 0; 01717 ssl->specs.key_size = AES_128_KEY_SIZE; 01718 ssl->specs.block_size = AES_BLOCK_SIZE; 01719 ssl->specs.iv_size = AES_IV_SIZE; 01720 01721 break; 01722 #endif 01723 01724 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 01725 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : 01726 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01727 ssl->specs.cipher_type = block; 01728 ssl->specs.mac_algorithm = sha_mac; 01729 ssl->specs.kea = diffie_hellman_kea; 01730 ssl->specs.sig_algo = rsa_sa_algo; 01731 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01732 ssl->specs.pad_size = PAD_SHA; 01733 ssl->specs.static_ecdh = 0; 01734 ssl->specs.key_size = AES_256_KEY_SIZE; 01735 ssl->specs.block_size = AES_BLOCK_SIZE; 01736 ssl->specs.iv_size = AES_IV_SIZE; 01737 01738 break; 01739 #endif 01740 01741 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 01742 case TLS_RSA_WITH_HC_128_MD5 : 01743 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; 01744 ssl->specs.cipher_type = stream; 01745 ssl->specs.mac_algorithm = md5_mac; 01746 ssl->specs.kea = rsa_kea; 01747 ssl->specs.sig_algo = rsa_sa_algo; 01748 ssl->specs.hash_size = MD5_DIGEST_SIZE; 01749 ssl->specs.pad_size = PAD_MD5; 01750 ssl->specs.static_ecdh = 0; 01751 ssl->specs.key_size = HC_128_KEY_SIZE; 01752 ssl->specs.block_size = 0; 01753 ssl->specs.iv_size = HC_128_IV_SIZE; 01754 01755 break; 01756 #endif 01757 01758 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA 01759 case TLS_RSA_WITH_HC_128_SHA : 01760 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; 01761 ssl->specs.cipher_type = stream; 01762 ssl->specs.mac_algorithm = sha_mac; 01763 ssl->specs.kea = rsa_kea; 01764 ssl->specs.sig_algo = rsa_sa_algo; 01765 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01766 ssl->specs.pad_size = PAD_SHA; 01767 ssl->specs.static_ecdh = 0; 01768 ssl->specs.key_size = HC_128_KEY_SIZE; 01769 ssl->specs.block_size = 0; 01770 ssl->specs.iv_size = HC_128_IV_SIZE; 01771 01772 break; 01773 #endif 01774 01775 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 01776 case TLS_RSA_WITH_HC_128_B2B256: 01777 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; 01778 ssl->specs.cipher_type = stream; 01779 ssl->specs.mac_algorithm = blake2b_mac; 01780 ssl->specs.kea = rsa_kea; 01781 ssl->specs.sig_algo = rsa_sa_algo; 01782 ssl->specs.hash_size = BLAKE2B_256; 01783 ssl->specs.pad_size = PAD_SHA; 01784 ssl->specs.static_ecdh = 0; 01785 ssl->specs.key_size = HC_128_KEY_SIZE; 01786 ssl->specs.block_size = 0; 01787 ssl->specs.iv_size = HC_128_IV_SIZE; 01788 01789 break; 01790 #endif 01791 01792 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 01793 case TLS_RSA_WITH_AES_128_CBC_B2B256: 01794 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01795 ssl->specs.cipher_type = block; 01796 ssl->specs.mac_algorithm = blake2b_mac; 01797 ssl->specs.kea = rsa_kea; 01798 ssl->specs.sig_algo = rsa_sa_algo; 01799 ssl->specs.hash_size = BLAKE2B_256; 01800 ssl->specs.pad_size = PAD_SHA; 01801 ssl->specs.static_ecdh = 0; 01802 ssl->specs.key_size = AES_128_KEY_SIZE; 01803 ssl->specs.iv_size = AES_IV_SIZE; 01804 ssl->specs.block_size = AES_BLOCK_SIZE; 01805 01806 break; 01807 #endif 01808 01809 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 01810 case TLS_RSA_WITH_AES_256_CBC_B2B256: 01811 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 01812 ssl->specs.cipher_type = block; 01813 ssl->specs.mac_algorithm = blake2b_mac; 01814 ssl->specs.kea = rsa_kea; 01815 ssl->specs.sig_algo = rsa_sa_algo; 01816 ssl->specs.hash_size = BLAKE2B_256; 01817 ssl->specs.pad_size = PAD_SHA; 01818 ssl->specs.static_ecdh = 0; 01819 ssl->specs.key_size = AES_256_KEY_SIZE; 01820 ssl->specs.iv_size = AES_IV_SIZE; 01821 ssl->specs.block_size = AES_BLOCK_SIZE; 01822 01823 break; 01824 #endif 01825 01826 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA 01827 case TLS_RSA_WITH_RABBIT_SHA : 01828 ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit; 01829 ssl->specs.cipher_type = stream; 01830 ssl->specs.mac_algorithm = sha_mac; 01831 ssl->specs.kea = rsa_kea; 01832 ssl->specs.sig_algo = rsa_sa_algo; 01833 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01834 ssl->specs.pad_size = PAD_SHA; 01835 ssl->specs.static_ecdh = 0; 01836 ssl->specs.key_size = RABBIT_KEY_SIZE; 01837 ssl->specs.block_size = 0; 01838 ssl->specs.iv_size = RABBIT_IV_SIZE; 01839 01840 break; 01841 #endif 01842 01843 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 01844 case TLS_RSA_WITH_AES_128_GCM_SHA256 : 01845 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01846 ssl->specs.cipher_type = aead; 01847 ssl->specs.mac_algorithm = sha256_mac; 01848 ssl->specs.kea = rsa_kea; 01849 ssl->specs.sig_algo = rsa_sa_algo; 01850 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01851 ssl->specs.pad_size = PAD_SHA; 01852 ssl->specs.static_ecdh = 0; 01853 ssl->specs.key_size = AES_128_KEY_SIZE; 01854 ssl->specs.block_size = AES_BLOCK_SIZE; 01855 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01856 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01857 01858 break; 01859 #endif 01860 01861 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 01862 case TLS_RSA_WITH_AES_256_GCM_SHA384 : 01863 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01864 ssl->specs.cipher_type = aead; 01865 ssl->specs.mac_algorithm = sha384_mac; 01866 ssl->specs.kea = rsa_kea; 01867 ssl->specs.sig_algo = rsa_sa_algo; 01868 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01869 ssl->specs.pad_size = PAD_SHA; 01870 ssl->specs.static_ecdh = 0; 01871 ssl->specs.key_size = AES_256_KEY_SIZE; 01872 ssl->specs.block_size = AES_BLOCK_SIZE; 01873 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01874 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01875 01876 break; 01877 #endif 01878 01879 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 01880 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : 01881 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01882 ssl->specs.cipher_type = aead; 01883 ssl->specs.mac_algorithm = sha256_mac; 01884 ssl->specs.kea = diffie_hellman_kea; 01885 ssl->specs.sig_algo = rsa_sa_algo; 01886 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01887 ssl->specs.pad_size = PAD_SHA; 01888 ssl->specs.static_ecdh = 0; 01889 ssl->specs.key_size = AES_128_KEY_SIZE; 01890 ssl->specs.block_size = AES_BLOCK_SIZE; 01891 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01892 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01893 01894 break; 01895 #endif 01896 01897 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 01898 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : 01899 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; 01900 ssl->specs.cipher_type = aead; 01901 ssl->specs.mac_algorithm = sha384_mac; 01902 ssl->specs.kea = diffie_hellman_kea; 01903 ssl->specs.sig_algo = rsa_sa_algo; 01904 ssl->specs.hash_size = SHA384_DIGEST_SIZE; 01905 ssl->specs.pad_size = PAD_SHA; 01906 ssl->specs.static_ecdh = 0; 01907 ssl->specs.key_size = AES_256_KEY_SIZE; 01908 ssl->specs.block_size = AES_BLOCK_SIZE; 01909 ssl->specs.iv_size = AESGCM_IMP_IV_SZ; 01910 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; 01911 01912 break; 01913 #endif 01914 01915 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 01916 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : 01917 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01918 ssl->specs.cipher_type = block; 01919 ssl->specs.mac_algorithm = sha_mac; 01920 ssl->specs.kea = rsa_kea; 01921 ssl->specs.sig_algo = rsa_sa_algo; 01922 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01923 ssl->specs.pad_size = PAD_SHA; 01924 ssl->specs.static_ecdh = 0; 01925 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01926 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01927 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01928 01929 break; 01930 #endif 01931 01932 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 01933 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : 01934 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01935 ssl->specs.cipher_type = block; 01936 ssl->specs.mac_algorithm = sha_mac; 01937 ssl->specs.kea = rsa_kea; 01938 ssl->specs.sig_algo = rsa_sa_algo; 01939 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01940 ssl->specs.pad_size = PAD_SHA; 01941 ssl->specs.static_ecdh = 0; 01942 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 01943 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01944 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01945 01946 break; 01947 #endif 01948 01949 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 01950 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : 01951 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01952 ssl->specs.cipher_type = block; 01953 ssl->specs.mac_algorithm = sha256_mac; 01954 ssl->specs.kea = rsa_kea; 01955 ssl->specs.sig_algo = rsa_sa_algo; 01956 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01957 ssl->specs.pad_size = PAD_SHA; 01958 ssl->specs.static_ecdh = 0; 01959 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01960 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01961 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01962 01963 break; 01964 #endif 01965 01966 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 01967 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : 01968 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01969 ssl->specs.cipher_type = block; 01970 ssl->specs.mac_algorithm = sha256_mac; 01971 ssl->specs.kea = rsa_kea; 01972 ssl->specs.sig_algo = rsa_sa_algo; 01973 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 01974 ssl->specs.pad_size = PAD_SHA; 01975 ssl->specs.static_ecdh = 0; 01976 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 01977 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01978 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01979 01980 break; 01981 #endif 01982 01983 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 01984 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : 01985 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 01986 ssl->specs.cipher_type = block; 01987 ssl->specs.mac_algorithm = sha_mac; 01988 ssl->specs.kea = diffie_hellman_kea; 01989 ssl->specs.sig_algo = rsa_sa_algo; 01990 ssl->specs.hash_size = SHA_DIGEST_SIZE; 01991 ssl->specs.pad_size = PAD_SHA; 01992 ssl->specs.static_ecdh = 0; 01993 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 01994 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 01995 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 01996 01997 break; 01998 #endif 01999 02000 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 02001 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : 02002 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 02003 ssl->specs.cipher_type = block; 02004 ssl->specs.mac_algorithm = sha_mac; 02005 ssl->specs.kea = diffie_hellman_kea; 02006 ssl->specs.sig_algo = rsa_sa_algo; 02007 ssl->specs.hash_size = SHA_DIGEST_SIZE; 02008 ssl->specs.pad_size = PAD_SHA; 02009 ssl->specs.static_ecdh = 0; 02010 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 02011 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 02012 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 02013 02014 break; 02015 #endif 02016 02017 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 02018 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : 02019 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 02020 ssl->specs.cipher_type = block; 02021 ssl->specs.mac_algorithm = sha256_mac; 02022 ssl->specs.kea = diffie_hellman_kea; 02023 ssl->specs.sig_algo = rsa_sa_algo; 02024 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 02025 ssl->specs.pad_size = PAD_SHA; 02026 ssl->specs.static_ecdh = 0; 02027 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE; 02028 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 02029 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 02030 02031 break; 02032 #endif 02033 02034 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 02035 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : 02036 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; 02037 ssl->specs.cipher_type = block; 02038 ssl->specs.mac_algorithm = sha256_mac; 02039 ssl->specs.kea = diffie_hellman_kea; 02040 ssl->specs.sig_algo = rsa_sa_algo; 02041 ssl->specs.hash_size = SHA256_DIGEST_SIZE; 02042 ssl->specs.pad_size = PAD_SHA; 02043 ssl->specs.static_ecdh = 0; 02044 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE; 02045 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE; 02046 ssl->specs.iv_size = CAMELLIA_IV_SIZE; 02047 02048 break; 02049 #endif 02050 02051 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA 02052 case TLS_DH_anon_WITH_AES_128_CBC_SHA : 02053 ssl->specs.bulk_cipher_algorithm = wolfssl_aes; 02054 ssl->specs.cipher_type = block; 02055 ssl->specs.mac_algorithm = sha_mac; 02056 ssl->specs.kea = diffie_hellman_kea; 02057 ssl->specs.sig_algo = anonymous_sa_algo; 02058 ssl->specs.hash_size = SHA_DIGEST_SIZE; 02059 ssl->specs.pad_size = PAD_SHA; 02060 ssl->specs.static_ecdh = 0; 02061 ssl->specs.key_size = AES_128_KEY_SIZE; 02062 ssl->specs.block_size = AES_BLOCK_SIZE; 02063 ssl->specs.iv_size = AES_IV_SIZE; 02064 02065 ssl->options.usingAnon_cipher = 1; 02066 break; 02067 #endif 02068 02069 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA 02070 case SSL_RSA_WITH_IDEA_CBC_SHA : 02071 ssl->specs.bulk_cipher_algorithm = wolfssl_idea; 02072 ssl->specs.cipher_type = block; 02073 ssl->specs.mac_algorithm = sha_mac; 02074 ssl->specs.kea = rsa_kea; 02075 ssl->specs.sig_algo = rsa_sa_algo; 02076 ssl->specs.hash_size = SHA_DIGEST_SIZE; 02077 ssl->specs.pad_size = PAD_SHA; 02078 ssl->specs.static_ecdh = 0; 02079 ssl->specs.key_size = IDEA_KEY_SIZE; 02080 ssl->specs.block_size = IDEA_BLOCK_SIZE; 02081 ssl->specs.iv_size = IDEA_IV_SIZE; 02082 02083 break; 02084 #endif 02085 02086 default: 02087 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs"); 02088 return UNSUPPORTED_SUITE; 02089 } /* switch */ 02090 } /* if ECC / Normal suites else */ 02091 02092 /* set TLS if it hasn't been turned off */ 02093 if (ssl->version.major == 3 && ssl->version.minor >= 1) { 02094 #ifndef NO_TLS 02095 ssl->options.tls = 1; 02096 ssl->hmac = TLS_hmac; 02097 if (ssl->version.minor >= 2) { 02098 ssl->options.tls1_1 = 1; 02099 if (ssl->version.minor >= 4) 02100 ssl->options.tls1_3 = 1; 02101 } 02102 #endif 02103 } 02104 02105 #ifdef WOLFSSL_DTLS 02106 if (ssl->options.dtls) 02107 ssl->hmac = TLS_hmac; 02108 #endif 02109 02110 return 0; 02111 } 02112 02113 02114 enum KeyStuff { 02115 MASTER_ROUNDS = 3, 02116 PREFIX = 3, /* up to three letters for master prefix */ 02117 KEY_PREFIX = 9 /* up to 9 prefix letters for key rounds */ 02118 02119 02120 }; 02121 02122 #ifndef NO_OLD_TLS 02123 /* true or false, zero for error */ 02124 static int SetPrefix(byte* sha_input, int idx) 02125 { 02126 switch (idx) { 02127 case 0: 02128 XMEMCPY(sha_input, "A", 1); 02129 break; 02130 case 1: 02131 XMEMCPY(sha_input, "BB", 2); 02132 break; 02133 case 2: 02134 XMEMCPY(sha_input, "CCC", 3); 02135 break; 02136 case 3: 02137 XMEMCPY(sha_input, "DDDD", 4); 02138 break; 02139 case 4: 02140 XMEMCPY(sha_input, "EEEEE", 5); 02141 break; 02142 case 5: 02143 XMEMCPY(sha_input, "FFFFFF", 6); 02144 break; 02145 case 6: 02146 XMEMCPY(sha_input, "GGGGGGG", 7); 02147 break; 02148 case 7: 02149 XMEMCPY(sha_input, "HHHHHHHH", 8); 02150 break; 02151 case 8: 02152 XMEMCPY(sha_input, "IIIIIIIII", 9); 02153 break; 02154 default: 02155 WOLFSSL_MSG("Set Prefix error, bad input"); 02156 return 0; 02157 } 02158 return 1; 02159 } 02160 #endif 02161 02162 02163 static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, 02164 int side, void* heap, int devId) 02165 { 02166 #ifdef BUILD_ARC4 02167 word32 sz = specs->key_size; 02168 if (specs->bulk_cipher_algorithm == wolfssl_rc4) { 02169 if (enc && enc->arc4 == NULL) 02170 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); 02171 if (enc && enc->arc4 == NULL) 02172 return MEMORY_E; 02173 if (dec && dec->arc4 == NULL) 02174 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER); 02175 if (dec && dec->arc4 == NULL) 02176 return MEMORY_E; 02177 02178 if (enc) { 02179 if (wc_Arc4Init(enc->arc4, heap, devId) != 0) { 02180 WOLFSSL_MSG("Arc4Init failed in SetKeys"); 02181 return ASYNC_INIT_E; 02182 } 02183 } 02184 if (dec) { 02185 if (wc_Arc4Init(dec->arc4, heap, devId) != 0) { 02186 WOLFSSL_MSG("Arc4Init failed in SetKeys"); 02187 return ASYNC_INIT_E; 02188 } 02189 } 02190 02191 if (side == WOLFSSL_CLIENT_END) { 02192 if (enc) 02193 wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz); 02194 if (dec) 02195 wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz); 02196 } 02197 else { 02198 if (enc) 02199 wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz); 02200 if (dec) 02201 wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz); 02202 } 02203 if (enc) 02204 enc->setup = 1; 02205 if (dec) 02206 dec->setup = 1; 02207 } 02208 #endif /* BUILD_ARC4 */ 02209 02210 02211 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) 02212 /* Check that the max implicit iv size is suffecient */ 02213 #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */ 02214 #error AEAD_MAX_IMP_SZ is too small for ChaCha20 02215 #endif 02216 #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */ 02217 #error MAX_WRITE_IV_SZ is too small for ChaCha20 02218 #endif 02219 02220 if (specs->bulk_cipher_algorithm == wolfssl_chacha) { 02221 int chachaRet; 02222 if (enc && enc->chacha == NULL) 02223 enc->chacha = 02224 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER); 02225 if (enc && enc->chacha == NULL) 02226 return MEMORY_E; 02227 if (dec && dec->chacha == NULL) 02228 dec->chacha = 02229 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER); 02230 if (dec && dec->chacha == NULL) 02231 return MEMORY_E; 02232 if (side == WOLFSSL_CLIENT_END) { 02233 if (enc) { 02234 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key, 02235 specs->key_size); 02236 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, 02237 CHACHA20_IMP_IV_SZ); 02238 if (chachaRet != 0) return chachaRet; 02239 } 02240 if (dec) { 02241 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key, 02242 specs->key_size); 02243 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, 02244 CHACHA20_IMP_IV_SZ); 02245 if (chachaRet != 0) return chachaRet; 02246 } 02247 } 02248 else { 02249 if (enc) { 02250 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key, 02251 specs->key_size); 02252 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, 02253 CHACHA20_IMP_IV_SZ); 02254 if (chachaRet != 0) return chachaRet; 02255 } 02256 if (dec) { 02257 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key, 02258 specs->key_size); 02259 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, 02260 CHACHA20_IMP_IV_SZ); 02261 if (chachaRet != 0) return chachaRet; 02262 } 02263 } 02264 02265 if (enc) 02266 enc->setup = 1; 02267 if (dec) 02268 dec->setup = 1; 02269 } 02270 #endif /* HAVE_CHACHA && HAVE_POLY1305 */ 02271 02272 02273 #ifdef HAVE_HC128 02274 /* check that buffer sizes are sufficient */ 02275 #if (MAX_WRITE_IV_SZ < 16) /* HC_128_IV_SIZE */ 02276 #error MAX_WRITE_IV_SZ too small for HC128 02277 #endif 02278 02279 if (specs->bulk_cipher_algorithm == wolfssl_hc128) { 02280 int hcRet; 02281 if (enc && enc->hc128 == NULL) 02282 enc->hc128 = 02283 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER); 02284 if (enc && enc->hc128 == NULL) 02285 return MEMORY_E; 02286 if (dec && dec->hc128 == NULL) 02287 dec->hc128 = 02288 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER); 02289 if (dec && dec->hc128 == NULL) 02290 return MEMORY_E; 02291 if (side == WOLFSSL_CLIENT_END) { 02292 if (enc) { 02293 hcRet = wc_Hc128_SetKey(enc->hc128, keys->client_write_key, 02294 keys->client_write_IV); 02295 if (hcRet != 0) return hcRet; 02296 } 02297 if (dec) { 02298 hcRet = wc_Hc128_SetKey(dec->hc128, keys->server_write_key, 02299 keys->server_write_IV); 02300 if (hcRet != 0) return hcRet; 02301 } 02302 } 02303 else { 02304 if (enc) { 02305 hcRet = wc_Hc128_SetKey(enc->hc128, keys->server_write_key, 02306 keys->server_write_IV); 02307 if (hcRet != 0) return hcRet; 02308 } 02309 if (dec) { 02310 hcRet = wc_Hc128_SetKey(dec->hc128, keys->client_write_key, 02311 keys->client_write_IV); 02312 if (hcRet != 0) return hcRet; 02313 } 02314 } 02315 if (enc) 02316 enc->setup = 1; 02317 if (dec) 02318 dec->setup = 1; 02319 } 02320 #endif /* HAVE_HC128 */ 02321 02322 #ifdef BUILD_RABBIT 02323 /* check that buffer sizes are sufficient */ 02324 #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */ 02325 #error MAX_WRITE_IV_SZ too small for RABBIT 02326 #endif 02327 02328 if (specs->bulk_cipher_algorithm == wolfssl_rabbit) { 02329 int rabRet; 02330 if (enc && enc->rabbit == NULL) 02331 enc->rabbit = 02332 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER); 02333 if (enc && enc->rabbit == NULL) 02334 return MEMORY_E; 02335 if (dec && dec->rabbit == NULL) 02336 dec->rabbit = 02337 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER); 02338 if (dec && dec->rabbit == NULL) 02339 return MEMORY_E; 02340 if (side == WOLFSSL_CLIENT_END) { 02341 if (enc) { 02342 rabRet = wc_RabbitSetKey(enc->rabbit, keys->client_write_key, 02343 keys->client_write_IV); 02344 if (rabRet != 0) return rabRet; 02345 } 02346 if (dec) { 02347 rabRet = wc_RabbitSetKey(dec->rabbit, keys->server_write_key, 02348 keys->server_write_IV); 02349 if (rabRet != 0) return rabRet; 02350 } 02351 } 02352 else { 02353 if (enc) { 02354 rabRet = wc_RabbitSetKey(enc->rabbit, keys->server_write_key, 02355 keys->server_write_IV); 02356 if (rabRet != 0) return rabRet; 02357 } 02358 if (dec) { 02359 rabRet = wc_RabbitSetKey(dec->rabbit, keys->client_write_key, 02360 keys->client_write_IV); 02361 if (rabRet != 0) return rabRet; 02362 } 02363 } 02364 if (enc) 02365 enc->setup = 1; 02366 if (dec) 02367 dec->setup = 1; 02368 } 02369 #endif /* BUILD_RABBIT */ 02370 02371 #ifdef BUILD_DES3 02372 /* check that buffer sizes are sufficient */ 02373 #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */ 02374 #error MAX_WRITE_IV_SZ too small for 3DES 02375 #endif 02376 02377 if (specs->bulk_cipher_algorithm == wolfssl_triple_des) { 02378 int desRet = 0; 02379 02380 if (enc) { 02381 if (enc->des3 == NULL) 02382 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); 02383 if (enc->des3 == NULL) 02384 return MEMORY_E; 02385 XMEMSET(enc->des3, 0, sizeof(Des3)); 02386 } 02387 if (dec) { 02388 if (dec->des3 == NULL) 02389 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); 02390 if (dec->des3 == NULL) 02391 return MEMORY_E; 02392 XMEMSET(dec->des3, 0, sizeof(Des3)); 02393 } 02394 02395 if (enc) { 02396 if (wc_Des3Init(enc->des3, heap, devId) != 0) { 02397 WOLFSSL_MSG("Des3Init failed in SetKeys"); 02398 return ASYNC_INIT_E; 02399 } 02400 } 02401 if (dec) { 02402 if (wc_Des3Init(dec->des3, heap, devId) != 0) { 02403 WOLFSSL_MSG("Des3Init failed in SetKeys"); 02404 return ASYNC_INIT_E; 02405 } 02406 } 02407 02408 if (side == WOLFSSL_CLIENT_END) { 02409 if (enc) { 02410 desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key, 02411 keys->client_write_IV, DES_ENCRYPTION); 02412 if (desRet != 0) return desRet; 02413 } 02414 if (dec) { 02415 desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key, 02416 keys->server_write_IV, DES_DECRYPTION); 02417 if (desRet != 0) return desRet; 02418 } 02419 } 02420 else { 02421 if (enc) { 02422 desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key, 02423 keys->server_write_IV, DES_ENCRYPTION); 02424 if (desRet != 0) return desRet; 02425 } 02426 if (dec) { 02427 desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key, 02428 keys->client_write_IV, DES_DECRYPTION); 02429 if (desRet != 0) return desRet; 02430 } 02431 } 02432 if (enc) 02433 enc->setup = 1; 02434 if (dec) 02435 dec->setup = 1; 02436 } 02437 #endif /* BUILD_DES3 */ 02438 02439 #ifdef BUILD_AES 02440 /* check that buffer sizes are sufficient */ 02441 #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */ 02442 #error MAX_WRITE_IV_SZ too small for AES 02443 #endif 02444 02445 if (specs->bulk_cipher_algorithm == wolfssl_aes) { 02446 int aesRet = 0; 02447 02448 if (enc) { 02449 if (enc->aes == NULL) 02450 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02451 if (enc->aes == NULL) 02452 return MEMORY_E; 02453 XMEMSET(enc->aes, 0, sizeof(Aes)); 02454 } 02455 if (dec) { 02456 if (dec->aes == NULL) 02457 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02458 if (dec->aes == NULL) 02459 return MEMORY_E; 02460 XMEMSET(dec->aes, 0, sizeof(Aes)); 02461 } 02462 if (enc) { 02463 if (wc_AesInit(enc->aes, heap, devId) != 0) { 02464 WOLFSSL_MSG("AesInit failed in SetKeys"); 02465 return ASYNC_INIT_E; 02466 } 02467 } 02468 if (dec) { 02469 if (wc_AesInit(dec->aes, heap, devId) != 0) { 02470 WOLFSSL_MSG("AesInit failed in SetKeys"); 02471 return ASYNC_INIT_E; 02472 } 02473 } 02474 02475 if (side == WOLFSSL_CLIENT_END) { 02476 if (enc) { 02477 aesRet = wc_AesSetKey(enc->aes, keys->client_write_key, 02478 specs->key_size, keys->client_write_IV, 02479 AES_ENCRYPTION); 02480 if (aesRet != 0) return aesRet; 02481 } 02482 if (dec) { 02483 aesRet = wc_AesSetKey(dec->aes, keys->server_write_key, 02484 specs->key_size, keys->server_write_IV, 02485 AES_DECRYPTION); 02486 if (aesRet != 0) return aesRet; 02487 } 02488 } 02489 else { 02490 if (enc) { 02491 aesRet = wc_AesSetKey(enc->aes, keys->server_write_key, 02492 specs->key_size, keys->server_write_IV, 02493 AES_ENCRYPTION); 02494 if (aesRet != 0) return aesRet; 02495 } 02496 if (dec) { 02497 aesRet = wc_AesSetKey(dec->aes, keys->client_write_key, 02498 specs->key_size, keys->client_write_IV, 02499 AES_DECRYPTION); 02500 if (aesRet != 0) return aesRet; 02501 } 02502 } 02503 if (enc) 02504 enc->setup = 1; 02505 if (dec) 02506 dec->setup = 1; 02507 } 02508 #endif /* BUILD_AES */ 02509 02510 #ifdef BUILD_AESGCM 02511 /* check that buffer sizes are sufficient */ 02512 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02513 #error AEAD_MAX_IMP_SZ too small for AESGCM 02514 #endif 02515 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */ 02516 #error AEAD_MAX_EXP_SZ too small for AESGCM 02517 #endif 02518 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02519 #error MAX_WRITE_IV_SZ too small for AESGCM 02520 #endif 02521 02522 if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) { 02523 int gcmRet; 02524 02525 if (enc) { 02526 if (enc->aes == NULL) 02527 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02528 if (enc->aes == NULL) 02529 return MEMORY_E; 02530 XMEMSET(enc->aes, 0, sizeof(Aes)); 02531 } 02532 if (dec) { 02533 if (dec->aes == NULL) 02534 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02535 if (dec->aes == NULL) 02536 return MEMORY_E; 02537 XMEMSET(dec->aes, 0, sizeof(Aes)); 02538 } 02539 02540 if (enc) { 02541 if (wc_AesInit(enc->aes, heap, devId) != 0) { 02542 WOLFSSL_MSG("AesInit failed in SetKeys"); 02543 return ASYNC_INIT_E; 02544 } 02545 } 02546 if (dec) { 02547 if (wc_AesInit(dec->aes, heap, devId) != 0) { 02548 WOLFSSL_MSG("AesInit failed in SetKeys"); 02549 return ASYNC_INIT_E; 02550 } 02551 } 02552 02553 if (side == WOLFSSL_CLIENT_END) { 02554 if (enc) { 02555 gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key, 02556 specs->key_size); 02557 if (gcmRet != 0) return gcmRet; 02558 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, 02559 AEAD_MAX_IMP_SZ); 02560 } 02561 if (dec) { 02562 gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key, 02563 specs->key_size); 02564 if (gcmRet != 0) return gcmRet; 02565 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, 02566 AEAD_MAX_IMP_SZ); 02567 } 02568 } 02569 else { 02570 if (enc) { 02571 gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key, 02572 specs->key_size); 02573 if (gcmRet != 0) return gcmRet; 02574 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, 02575 AEAD_MAX_IMP_SZ); 02576 } 02577 if (dec) { 02578 gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key, 02579 specs->key_size); 02580 if (gcmRet != 0) return gcmRet; 02581 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, 02582 AEAD_MAX_IMP_SZ); 02583 } 02584 } 02585 if (enc) 02586 enc->setup = 1; 02587 if (dec) 02588 dec->setup = 1; 02589 } 02590 #endif /* BUILD_AESGCM */ 02591 02592 #ifdef HAVE_AESCCM 02593 /* check that buffer sizes are sufficient (CCM is same size as GCM) */ 02594 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02595 #error AEAD_MAX_IMP_SZ too small for AESCCM 02596 #endif 02597 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */ 02598 #error AEAD_MAX_EXP_SZ too small for AESCCM 02599 #endif 02600 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */ 02601 #error MAX_WRITE_IV_SZ too small for AESCCM 02602 #endif 02603 02604 if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) { 02605 int CcmRet; 02606 02607 if (enc) { 02608 if (enc->aes == NULL) 02609 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02610 if (enc->aes == NULL) 02611 return MEMORY_E; 02612 XMEMSET(enc->aes, 0, sizeof(Aes)); 02613 } 02614 if (dec) { 02615 if (dec->aes == NULL) 02616 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); 02617 if (dec->aes == NULL) 02618 return MEMORY_E; 02619 XMEMSET(dec->aes, 0, sizeof(Aes)); 02620 } 02621 02622 if (enc) { 02623 if (wc_AesInit(enc->aes, heap, devId) != 0) { 02624 WOLFSSL_MSG("AesInit failed in SetKeys"); 02625 return ASYNC_INIT_E; 02626 } 02627 } 02628 if (dec) { 02629 if (wc_AesInit(dec->aes, heap, devId) != 0) { 02630 WOLFSSL_MSG("AesInit failed in SetKeys"); 02631 return ASYNC_INIT_E; 02632 } 02633 } 02634 02635 if (side == WOLFSSL_CLIENT_END) { 02636 if (enc) { 02637 CcmRet = wc_AesCcmSetKey(enc->aes, keys->client_write_key, 02638 specs->key_size); 02639 if (CcmRet != 0) { 02640 return CcmRet; 02641 } 02642 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, 02643 AESGCM_IMP_IV_SZ); 02644 } 02645 if (dec) { 02646 CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key, 02647 specs->key_size); 02648 if (CcmRet != 0) { 02649 return CcmRet; 02650 } 02651 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, 02652 AESGCM_IMP_IV_SZ); 02653 } 02654 } 02655 else { 02656 if (enc) { 02657 CcmRet = wc_AesCcmSetKey(enc->aes, keys->server_write_key, 02658 specs->key_size); 02659 if (CcmRet != 0) { 02660 return CcmRet; 02661 } 02662 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, 02663 AESGCM_IMP_IV_SZ); 02664 } 02665 if (dec) { 02666 CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key, 02667 specs->key_size); 02668 if (CcmRet != 0) { 02669 return CcmRet; 02670 } 02671 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, 02672 AESGCM_IMP_IV_SZ); 02673 } 02674 } 02675 if (enc) 02676 enc->setup = 1; 02677 if (dec) 02678 dec->setup = 1; 02679 } 02680 #endif /* HAVE_AESCCM */ 02681 02682 #ifdef HAVE_CAMELLIA 02683 /* check that buffer sizes are sufficient */ 02684 #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */ 02685 #error MAX_WRITE_IV_SZ too small for CAMELLIA 02686 #endif 02687 02688 if (specs->bulk_cipher_algorithm == wolfssl_camellia) { 02689 int camRet; 02690 02691 if (enc && enc->cam == NULL) 02692 enc->cam = 02693 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); 02694 if (enc && enc->cam == NULL) 02695 return MEMORY_E; 02696 02697 if (dec && dec->cam == NULL) 02698 dec->cam = 02699 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); 02700 if (dec && dec->cam == NULL) 02701 return MEMORY_E; 02702 02703 if (side == WOLFSSL_CLIENT_END) { 02704 if (enc) { 02705 camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key, 02706 specs->key_size, keys->client_write_IV); 02707 if (camRet != 0) return camRet; 02708 } 02709 if (dec) { 02710 camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key, 02711 specs->key_size, keys->server_write_IV); 02712 if (camRet != 0) return camRet; 02713 } 02714 } 02715 else { 02716 if (enc) { 02717 camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key, 02718 specs->key_size, keys->server_write_IV); 02719 if (camRet != 0) return camRet; 02720 } 02721 if (dec) { 02722 camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key, 02723 specs->key_size, keys->client_write_IV); 02724 if (camRet != 0) return camRet; 02725 } 02726 } 02727 if (enc) 02728 enc->setup = 1; 02729 if (dec) 02730 dec->setup = 1; 02731 } 02732 #endif /* HAVE_CAMELLIA */ 02733 02734 #ifdef HAVE_IDEA 02735 /* check that buffer sizes are sufficient */ 02736 #if (MAX_WRITE_IV_SZ < 8) /* IDEA_IV_SIZE */ 02737 #error MAX_WRITE_IV_SZ too small for IDEA 02738 #endif 02739 02740 if (specs->bulk_cipher_algorithm == wolfssl_idea) { 02741 int ideaRet; 02742 02743 if (enc && enc->idea == NULL) 02744 enc->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER); 02745 if (enc && enc->idea == NULL) 02746 return MEMORY_E; 02747 02748 if (dec && dec->idea == NULL) 02749 dec->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER); 02750 if (dec && dec->idea == NULL) 02751 return MEMORY_E; 02752 02753 if (side == WOLFSSL_CLIENT_END) { 02754 if (enc) { 02755 ideaRet = wc_IdeaSetKey(enc->idea, keys->client_write_key, 02756 specs->key_size, keys->client_write_IV, 02757 IDEA_ENCRYPTION); 02758 if (ideaRet != 0) return ideaRet; 02759 } 02760 if (dec) { 02761 ideaRet = wc_IdeaSetKey(dec->idea, keys->server_write_key, 02762 specs->key_size, keys->server_write_IV, 02763 IDEA_DECRYPTION); 02764 if (ideaRet != 0) return ideaRet; 02765 } 02766 } 02767 else { 02768 if (enc) { 02769 ideaRet = wc_IdeaSetKey(enc->idea, keys->server_write_key, 02770 specs->key_size, keys->server_write_IV, 02771 IDEA_ENCRYPTION); 02772 if (ideaRet != 0) return ideaRet; 02773 } 02774 if (dec) { 02775 ideaRet = wc_IdeaSetKey(dec->idea, keys->client_write_key, 02776 specs->key_size, keys->client_write_IV, 02777 IDEA_DECRYPTION); 02778 if (ideaRet != 0) return ideaRet; 02779 } 02780 } 02781 if (enc) 02782 enc->setup = 1; 02783 if (dec) 02784 dec->setup = 1; 02785 } 02786 #endif /* HAVE_IDEA */ 02787 02788 #ifdef HAVE_NULL_CIPHER 02789 if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) { 02790 if (enc) 02791 enc->setup = 1; 02792 if (dec) 02793 dec->setup = 1; 02794 } 02795 #endif 02796 02797 if (enc) { 02798 keys->sequence_number_hi = 0; 02799 keys->sequence_number_lo = 0; 02800 } 02801 if (dec) { 02802 keys->peer_sequence_number_hi = 0; 02803 keys->peer_sequence_number_lo = 0; 02804 } 02805 (void)side; 02806 (void)heap; 02807 (void)enc; 02808 (void)dec; 02809 (void)specs; 02810 (void)devId; 02811 02812 return 0; 02813 } 02814 02815 02816 #ifdef HAVE_ONE_TIME_AUTH 02817 /* set one time authentication keys */ 02818 static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys, 02819 CipherSpecs* specs, void* heap, int devId) 02820 { 02821 02822 #ifdef HAVE_POLY1305 02823 /* set up memory space for poly1305 */ 02824 if (authentication && authentication->poly1305 == NULL) 02825 authentication->poly1305 = 02826 (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER); 02827 if (authentication && authentication->poly1305 == NULL) 02828 return MEMORY_E; 02829 if (authentication) 02830 authentication->setup = 1; 02831 #endif 02832 (void)authentication; 02833 (void)heap; 02834 (void)keys; 02835 (void)specs; 02836 (void)devId; 02837 02838 return 0; 02839 } 02840 #endif /* HAVE_ONE_TIME_AUTH */ 02841 02842 #ifdef HAVE_SECURE_RENEGOTIATION 02843 /* function name is for cache_status++ 02844 * This function was added because of error incrementing enum type when 02845 * compiling with a C++ compiler. 02846 */ 02847 static void CacheStatusPP(SecureRenegotiation* cache) 02848 { 02849 switch (cache->cache_status) { 02850 case SCR_CACHE_NULL: 02851 cache->cache_status = SCR_CACHE_NEEDED; 02852 break; 02853 02854 case SCR_CACHE_NEEDED: 02855 cache->cache_status = SCR_CACHE_COPY; 02856 break; 02857 02858 case SCR_CACHE_COPY: 02859 cache->cache_status = SCR_CACHE_PARTIAL; 02860 break; 02861 02862 case SCR_CACHE_PARTIAL: 02863 cache->cache_status = SCR_CACHE_COMPLETE; 02864 break; 02865 02866 case SCR_CACHE_COMPLETE: 02867 WOLFSSL_MSG("SCR Cache state Complete"); 02868 break; 02869 02870 default: 02871 WOLFSSL_MSG("Unknown cache state!!"); 02872 } 02873 } 02874 #endif /* HAVE_SECURE_RENEGOTIATION */ 02875 02876 02877 /* Set wc_encrypt/wc_decrypt or both sides of key setup 02878 * note: use wc_encrypt to avoid shadowing global encrypt 02879 * declared in unistd.h 02880 */ 02881 int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) 02882 { 02883 int devId = INVALID_DEVID, ret, copy = 0; 02884 Ciphers* wc_encrypt = NULL; 02885 Ciphers* wc_decrypt = NULL; 02886 Keys* keys = &ssl->keys; 02887 02888 (void)copy; 02889 02890 #ifdef WOLFSSL_ASYNC_CRYPT 02891 devId = ssl->devId; 02892 #endif 02893 02894 #ifdef HAVE_SECURE_RENEGOTIATION 02895 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) { 02896 keys = &ssl->secure_renegotiation->tmp_keys; 02897 copy = 1; 02898 } 02899 #endif /* HAVE_SECURE_RENEGOTIATION */ 02900 02901 switch (side) { 02902 case ENCRYPT_SIDE_ONLY: 02903 wc_encrypt = &ssl->encrypt; 02904 break; 02905 02906 case DECRYPT_SIDE_ONLY: 02907 wc_decrypt = &ssl->decrypt; 02908 break; 02909 02910 case ENCRYPT_AND_DECRYPT_SIDE: 02911 wc_encrypt = &ssl->encrypt; 02912 wc_decrypt = &ssl->decrypt; 02913 break; 02914 02915 default: 02916 return BAD_FUNC_ARG; 02917 } 02918 02919 #ifdef HAVE_ONE_TIME_AUTH 02920 if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){ 02921 ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, devId); 02922 if (ret != 0) 02923 return ret; 02924 } 02925 #endif 02926 02927 ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side, 02928 ssl->heap, devId); 02929 02930 #ifdef HAVE_SECURE_RENEGOTIATION 02931 if (copy) { 02932 int clientCopy = 0; 02933 02934 if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt) 02935 clientCopy = 1; 02936 else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt) 02937 clientCopy = 1; 02938 02939 if (clientCopy) { 02940 XMEMCPY(ssl->keys.client_write_MAC_secret, 02941 keys->client_write_MAC_secret, MAX_DIGEST_SIZE); 02942 XMEMCPY(ssl->keys.client_write_key, 02943 keys->client_write_key, AES_256_KEY_SIZE); 02944 XMEMCPY(ssl->keys.client_write_IV, 02945 keys->client_write_IV, MAX_WRITE_IV_SZ); 02946 } else { 02947 XMEMCPY(ssl->keys.server_write_MAC_secret, 02948 keys->server_write_MAC_secret, MAX_DIGEST_SIZE); 02949 XMEMCPY(ssl->keys.server_write_key, 02950 keys->server_write_key, AES_256_KEY_SIZE); 02951 XMEMCPY(ssl->keys.server_write_IV, 02952 keys->server_write_IV, MAX_WRITE_IV_SZ); 02953 } 02954 if (wc_encrypt) { 02955 ssl->keys.sequence_number_hi = keys->sequence_number_hi; 02956 ssl->keys.sequence_number_lo = keys->sequence_number_lo; 02957 #ifdef HAVE_AEAD 02958 if (ssl->specs.cipher_type == aead) { 02959 /* Initialize the AES-GCM/CCM explicit IV to a zero. */ 02960 XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV, 02961 AEAD_MAX_EXP_SZ); 02962 02963 /* Initialize encrypt implicit IV by encrypt side */ 02964 if (ssl->options.side == WOLFSSL_CLIENT_END) { 02965 XMEMCPY(ssl->keys.aead_enc_imp_IV, 02966 keys->client_write_IV, AEAD_MAX_IMP_SZ); 02967 } else { 02968 XMEMCPY(ssl->keys.aead_enc_imp_IV, 02969 keys->server_write_IV, AEAD_MAX_IMP_SZ); 02970 } 02971 } 02972 #endif 02973 } 02974 if (wc_decrypt) { 02975 ssl->keys.peer_sequence_number_hi = keys->peer_sequence_number_hi; 02976 ssl->keys.peer_sequence_number_lo = keys->peer_sequence_number_lo; 02977 #ifdef HAVE_AEAD 02978 if (ssl->specs.cipher_type == aead) { 02979 /* Initialize decrypt implicit IV by decrypt side */ 02980 if (ssl->options.side == WOLFSSL_SERVER_END) { 02981 XMEMCPY(ssl->keys.aead_dec_imp_IV, 02982 keys->client_write_IV, AEAD_MAX_IMP_SZ); 02983 } else { 02984 XMEMCPY(ssl->keys.aead_dec_imp_IV, 02985 keys->server_write_IV, AEAD_MAX_IMP_SZ); 02986 } 02987 } 02988 #endif 02989 } 02990 CacheStatusPP(ssl->secure_renegotiation); 02991 } 02992 #endif /* HAVE_SECURE_RENEGOTIATION */ 02993 02994 return ret; 02995 } 02996 02997 02998 /* TLS can call too */ 02999 int StoreKeys(WOLFSSL* ssl, const byte* keyData) 03000 { 03001 int sz, i = 0; 03002 Keys* keys = &ssl->keys; 03003 03004 #ifdef HAVE_SECURE_RENEGOTIATION 03005 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status == 03006 SCR_CACHE_NEEDED) { 03007 keys = &ssl->secure_renegotiation->tmp_keys; 03008 CacheStatusPP(ssl->secure_renegotiation); 03009 } 03010 #endif /* HAVE_SECURE_RENEGOTIATION */ 03011 03012 if (ssl->specs.cipher_type != aead) { 03013 sz = ssl->specs.hash_size; 03014 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz); 03015 i += sz; 03016 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz); 03017 i += sz; 03018 } 03019 sz = ssl->specs.key_size; 03020 XMEMCPY(keys->client_write_key, &keyData[i], sz); 03021 i += sz; 03022 XMEMCPY(keys->server_write_key, &keyData[i], sz); 03023 i += sz; 03024 03025 sz = ssl->specs.iv_size; 03026 XMEMCPY(keys->client_write_IV, &keyData[i], sz); 03027 i += sz; 03028 XMEMCPY(keys->server_write_IV, &keyData[i], sz); 03029 03030 #ifdef HAVE_AEAD 03031 if (ssl->specs.cipher_type == aead) { 03032 /* Initialize the AES-GCM/CCM explicit IV to a zero. */ 03033 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ); 03034 } 03035 #endif 03036 03037 return 0; 03038 } 03039 03040 #ifndef NO_OLD_TLS 03041 int DeriveKeys(WOLFSSL* ssl) 03042 { 03043 int length = 2 * ssl->specs.hash_size + 03044 2 * ssl->specs.key_size + 03045 2 * ssl->specs.iv_size; 03046 int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i; 03047 int ret = 0; 03048 03049 #ifdef WOLFSSL_SMALL_STACK 03050 byte* shaOutput; 03051 byte* md5Input; 03052 byte* shaInput; 03053 byte* keyData; 03054 Md5* md5; 03055 Sha* sha; 03056 #else 03057 byte shaOutput[SHA_DIGEST_SIZE]; 03058 byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE]; 03059 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN]; 03060 byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE]; 03061 Md5 md5[1]; 03062 Sha sha[1]; 03063 #endif 03064 03065 #ifdef WOLFSSL_SMALL_STACK 03066 shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE, 03067 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03068 md5Input = (byte*)XMALLOC(SECRET_LEN + SHA_DIGEST_SIZE, 03069 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03070 shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN, 03071 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03072 keyData = (byte*)XMALLOC(KEY_PREFIX * MD5_DIGEST_SIZE, 03073 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03074 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); 03075 sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); 03076 03077 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || 03078 keyData == NULL || md5 == NULL || sha == NULL) { 03079 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03080 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03081 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03082 if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03083 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03084 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03085 03086 return MEMORY_E; 03087 } 03088 #endif 03089 03090 wc_InitMd5(md5); 03091 03092 ret = wc_InitSha(sha); 03093 03094 if (ret == 0) { 03095 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN); 03096 03097 for (i = 0; i < rounds; ++i) { 03098 int j = i + 1; 03099 int idx = j; 03100 03101 if (!SetPrefix(shaInput, i)) { 03102 ret = PREFIX_ERROR; 03103 break; 03104 } 03105 03106 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN); 03107 idx += SECRET_LEN; 03108 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); 03109 idx += RAN_LEN; 03110 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); 03111 03112 wc_ShaUpdate(sha, shaInput, (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) 03113 - KEY_PREFIX + j); 03114 wc_ShaFinal(sha, shaOutput); 03115 03116 XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE); 03117 wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE); 03118 wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE); 03119 } 03120 03121 if (ret == 0) 03122 ret = StoreKeys(ssl, keyData); 03123 } 03124 03125 #ifdef WOLFSSL_SMALL_STACK 03126 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03127 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03128 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03129 XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03130 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03131 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03132 #endif 03133 03134 return ret; 03135 } 03136 03137 03138 static int CleanPreMaster(WOLFSSL* ssl) 03139 { 03140 int i, ret, sz = ssl->arrays->preMasterSz; 03141 03142 for (i = 0; i < sz; i++) 03143 ssl->arrays->preMasterSecret[i] = 0; 03144 03145 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz); 03146 if (ret != 0) 03147 return ret; 03148 03149 for (i = 0; i < sz; i++) 03150 ssl->arrays->preMasterSecret[i] = 0; 03151 03152 return 0; 03153 } 03154 03155 03156 /* Create and store the master secret see page 32, 6.1 */ 03157 static int MakeSslMasterSecret(WOLFSSL* ssl) 03158 { 03159 int i, ret; 03160 word32 idx; 03161 word32 pmsSz = ssl->arrays->preMasterSz; 03162 03163 #ifdef WOLFSSL_SMALL_STACK 03164 byte* shaOutput; 03165 byte* md5Input; 03166 byte* shaInput; 03167 Md5* md5; 03168 Sha* sha; 03169 #else 03170 byte shaOutput[SHA_DIGEST_SIZE]; 03171 byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE]; 03172 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN]; 03173 Md5 md5[1]; 03174 Sha sha[1]; 03175 #endif 03176 03177 #ifdef SHOW_SECRETS 03178 { 03179 word32 j; 03180 printf("pre master secret: "); 03181 for (j = 0; j < pmsSz; j++) 03182 printf("%02x", ssl->arrays->preMasterSecret[j]); 03183 printf("\n"); 03184 } 03185 #endif 03186 03187 #ifdef WOLFSSL_SMALL_STACK 03188 shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE, 03189 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03190 md5Input = (byte*)XMALLOC(ENCRYPT_LEN + SHA_DIGEST_SIZE, 03191 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03192 shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN, 03193 NULL, DYNAMIC_TYPE_TMP_BUFFER); 03194 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); 03195 sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); 03196 03197 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || 03198 md5 == NULL || sha == NULL) { 03199 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03200 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03201 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03202 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03203 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03204 03205 return MEMORY_E; 03206 } 03207 #endif 03208 03209 wc_InitMd5(md5); 03210 03211 ret = wc_InitSha(sha); 03212 03213 if (ret == 0) { 03214 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz); 03215 03216 for (i = 0; i < MASTER_ROUNDS; ++i) { 03217 byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */ 03218 if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */ 03219 ret = PREFIX_ERROR; 03220 break; 03221 } 03222 03223 idx = 0; 03224 XMEMCPY(shaInput, prefix, i + 1); 03225 idx += i + 1; 03226 03227 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz); 03228 idx += pmsSz; 03229 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); 03230 idx += RAN_LEN; 03231 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN); 03232 idx += RAN_LEN; 03233 wc_ShaUpdate(sha, shaInput, idx); 03234 wc_ShaFinal(sha, shaOutput); 03235 03236 idx = pmsSz; /* preSz */ 03237 XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE); 03238 idx += SHA_DIGEST_SIZE; 03239 wc_Md5Update(md5, md5Input, idx); 03240 wc_Md5Final(md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]); 03241 } 03242 03243 #ifdef SHOW_SECRETS 03244 { 03245 word32 j; 03246 printf("master secret: "); 03247 for (j = 0; j < SECRET_LEN; j++) 03248 printf("%02x", ssl->arrays->masterSecret[j]); 03249 printf("\n"); 03250 } 03251 #endif 03252 03253 if (ret == 0) 03254 ret = DeriveKeys(ssl); 03255 } 03256 03257 #ifdef WOLFSSL_SMALL_STACK 03258 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03259 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03260 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03261 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03262 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); 03263 #endif 03264 03265 if (ret == 0) 03266 ret = CleanPreMaster(ssl); 03267 else 03268 CleanPreMaster(ssl); 03269 03270 return ret; 03271 } 03272 #endif 03273 03274 03275 /* Master wrapper, doesn't use SSL stack space in TLS mode */ 03276 int MakeMasterSecret(WOLFSSL* ssl) 03277 { 03278 /* append secret to premaster : premaster | SerSi | CliSi */ 03279 #ifdef HAVE_QSH 03280 word32 offset = 0; 03281 03282 if (ssl->peerQSHKeyPresent) { 03283 offset += ssl->arrays->preMasterSz; 03284 ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length + 03285 ssl->QSH_secret->SerSi->length; 03286 /* test and set flag if QSH has been used */ 03287 if (ssl->QSH_secret->CliSi->length > 0 || 03288 ssl->QSH_secret->SerSi->length > 0) 03289 ssl->isQSH = 1; 03290 03291 /* append secrets to the premaster */ 03292 if (ssl->QSH_secret->SerSi != NULL) { 03293 XMEMCPY(ssl->arrays->preMasterSecret + offset, 03294 ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length); 03295 } 03296 offset += ssl->QSH_secret->SerSi->length; 03297 if (ssl->QSH_secret->CliSi != NULL) { 03298 XMEMCPY(ssl->arrays->preMasterSecret + offset, 03299 ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length); 03300 } 03301 03302 /* show secret SerSi and CliSi */ 03303 #ifdef SHOW_SECRETS 03304 { 03305 word32 j; 03306 printf("QSH generated secret material\n"); 03307 printf("SerSi : "); 03308 for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) { 03309 printf("%02x", ssl->QSH_secret->SerSi->buffer[j]); 03310 } 03311 printf("\n"); 03312 printf("CliSi : "); 03313 for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) { 03314 printf("%02x", ssl->QSH_secret->CliSi->buffer[j]); 03315 } 03316 printf("\n"); 03317 } 03318 #endif 03319 } 03320 #endif 03321 03322 #ifdef NO_OLD_TLS 03323 return MakeTlsMasterSecret(ssl); 03324 #elif !defined(NO_TLS) 03325 if (ssl->options.tls) return MakeTlsMasterSecret(ssl); 03326 #endif 03327 03328 #ifndef NO_OLD_TLS 03329 return MakeSslMasterSecret(ssl); 03330 #endif 03331 } 03332 03333 #endif /* WOLFCRYPT_ONLY */ 03334 03335
Generated on Tue Jul 12 2022 23:30:58 by
1.7.2