wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/keys.c@11:cee25a834751, 2017-05-30 (annotated)

Committer:
wolfSSL
Date:
Tue May 30 01:44:10 2017 +0000
Revision:
11:cee25a834751
wolfSSL 3.11.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 11:cee25a834751 1 /* keys.c
wolfSSL 11:cee25a834751 2 *
wolfSSL 11:cee25a834751 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 11:cee25a834751 4 *
wolfSSL 11:cee25a834751 5 * This file is part of wolfSSL.
wolfSSL 11:cee25a834751 6 *
wolfSSL 11:cee25a834751 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 11:cee25a834751 8 * it under the terms of the GNU General Public License as published by
wolfSSL 11:cee25a834751 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 11:cee25a834751 10 * (at your option) any later version.
wolfSSL 11:cee25a834751 11 *
wolfSSL 11:cee25a834751 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 11:cee25a834751 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 11:cee25a834751 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 11:cee25a834751 15 * GNU General Public License for more details.
wolfSSL 11:cee25a834751 16 *
wolfSSL 11:cee25a834751 17 * You should have received a copy of the GNU General Public License
wolfSSL 11:cee25a834751 18 * along with this program; if not, write to the Free Software
wolfSSL 11:cee25a834751 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 11:cee25a834751 20 */
wolfSSL 11:cee25a834751 21
wolfSSL 11:cee25a834751 22
wolfSSL 11:cee25a834751 23 /* Name change compatibility layer no longer needs to be included here */
wolfSSL 11:cee25a834751 24
wolfSSL 11:cee25a834751 25 #ifdef HAVE_CONFIG_H
wolfSSL 11:cee25a834751 26 #include <config.h>
wolfSSL 11:cee25a834751 27 #endif
wolfSSL 11:cee25a834751 28
wolfSSL 11:cee25a834751 29 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 11:cee25a834751 30
wolfSSL 11:cee25a834751 31 #ifndef WOLFCRYPT_ONLY
wolfSSL 11:cee25a834751 32
wolfSSL 11:cee25a834751 33 #include <wolfssl/internal.h>
wolfSSL 11:cee25a834751 34 #include <wolfssl/error-ssl.h>
wolfSSL 11:cee25a834751 35 #if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
wolfSSL 11:cee25a834751 36 #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
wolfSSL 11:cee25a834751 37 #if MQX_USE_IO_OLD
wolfSSL 11:cee25a834751 38 #include <fio.h>
wolfSSL 11:cee25a834751 39 #else
wolfSSL 11:cee25a834751 40 #include <nio.h>
wolfSSL 11:cee25a834751 41 #endif
wolfSSL 11:cee25a834751 42 #else
wolfSSL 11:cee25a834751 43 #include <stdio.h>
wolfSSL 11:cee25a834751 44 #endif
wolfSSL 11:cee25a834751 45 #endif
wolfSSL 11:cee25a834751 46
wolfSSL 11:cee25a834751 47
wolfSSL 11:cee25a834751 48 int SetCipherSpecs(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 49 {
wolfSSL 11:cee25a834751 50 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 51 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 52 /* server side verified before SetCipherSpecs call */
wolfSSL 11:cee25a834751 53 if (VerifyClientSuite(ssl) != 1) {
wolfSSL 11:cee25a834751 54 WOLFSSL_MSG("SetCipherSpecs() client has an unusuable suite");
wolfSSL 11:cee25a834751 55 return UNSUPPORTED_SUITE;
wolfSSL 11:cee25a834751 56 }
wolfSSL 11:cee25a834751 57 }
wolfSSL 11:cee25a834751 58 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 59
wolfSSL 11:cee25a834751 60 /* Chacha extensions, 0xcc */
wolfSSL 11:cee25a834751 61 if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
wolfSSL 11:cee25a834751 62
wolfSSL 11:cee25a834751 63 switch (ssl->options.cipherSuite) {
wolfSSL 11:cee25a834751 64 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 65 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
wolfSSL 11:cee25a834751 66 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
wolfSSL 11:cee25a834751 67 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 68 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 69 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 70 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 71 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 72 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 73 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 74 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
wolfSSL 11:cee25a834751 75 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
wolfSSL 11:cee25a834751 76 ssl->specs.iv_size = CHACHA20_IV_SIZE;
wolfSSL 11:cee25a834751 77 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
wolfSSL 11:cee25a834751 78 ssl->options.oldPoly = 1; /* use old poly1305 padding */
wolfSSL 11:cee25a834751 79
wolfSSL 11:cee25a834751 80 break;
wolfSSL 11:cee25a834751 81 #endif
wolfSSL 11:cee25a834751 82
wolfSSL 11:cee25a834751 83 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 84 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
wolfSSL 11:cee25a834751 85 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
wolfSSL 11:cee25a834751 86 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 87 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 88 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 89 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 90 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 91 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 92 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 93 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
wolfSSL 11:cee25a834751 94 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
wolfSSL 11:cee25a834751 95 ssl->specs.iv_size = CHACHA20_IV_SIZE;
wolfSSL 11:cee25a834751 96 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
wolfSSL 11:cee25a834751 97 ssl->options.oldPoly = 1; /* use old poly1305 padding */
wolfSSL 11:cee25a834751 98
wolfSSL 11:cee25a834751 99 break;
wolfSSL 11:cee25a834751 100 #endif
wolfSSL 11:cee25a834751 101
wolfSSL 11:cee25a834751 102 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 103 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
wolfSSL 11:cee25a834751 104 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
wolfSSL 11:cee25a834751 105 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 106 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 107 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 108 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 109 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 110 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 111 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 112 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
wolfSSL 11:cee25a834751 113 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
wolfSSL 11:cee25a834751 114 ssl->specs.iv_size = CHACHA20_IV_SIZE;
wolfSSL 11:cee25a834751 115 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
wolfSSL 11:cee25a834751 116 ssl->options.oldPoly = 1; /* use old poly1305 padding */
wolfSSL 11:cee25a834751 117
wolfSSL 11:cee25a834751 118 break;
wolfSSL 11:cee25a834751 119 #endif
wolfSSL 11:cee25a834751 120 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 121 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
wolfSSL 11:cee25a834751 122 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
wolfSSL 11:cee25a834751 123 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 124 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 125 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 126 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 127 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 128 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 129 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 130 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
wolfSSL 11:cee25a834751 131 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
wolfSSL 11:cee25a834751 132 ssl->specs.iv_size = CHACHA20_IV_SIZE;
wolfSSL 11:cee25a834751 133 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
wolfSSL 11:cee25a834751 134 ssl->options.oldPoly = 0; /* use recent padding RFC */
wolfSSL 11:cee25a834751 135
wolfSSL 11:cee25a834751 136 break;
wolfSSL 11:cee25a834751 137 #endif
wolfSSL 11:cee25a834751 138
wolfSSL 11:cee25a834751 139 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 140 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
wolfSSL 11:cee25a834751 141 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
wolfSSL 11:cee25a834751 142 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 143 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 144 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 145 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 146 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 147 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 148 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 149 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
wolfSSL 11:cee25a834751 150 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
wolfSSL 11:cee25a834751 151 ssl->specs.iv_size = CHACHA20_IV_SIZE;
wolfSSL 11:cee25a834751 152 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
wolfSSL 11:cee25a834751 153 ssl->options.oldPoly = 0; /* use recent padding RFC */
wolfSSL 11:cee25a834751 154
wolfSSL 11:cee25a834751 155 break;
wolfSSL 11:cee25a834751 156 #endif
wolfSSL 11:cee25a834751 157
wolfSSL 11:cee25a834751 158 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 159 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
wolfSSL 11:cee25a834751 160 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
wolfSSL 11:cee25a834751 161 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 162 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 163 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 164 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 165 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 166 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 167 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 168 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
wolfSSL 11:cee25a834751 169 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
wolfSSL 11:cee25a834751 170 ssl->specs.iv_size = CHACHA20_IV_SIZE;
wolfSSL 11:cee25a834751 171 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
wolfSSL 11:cee25a834751 172 ssl->options.oldPoly = 0; /* use recent padding RFC */
wolfSSL 11:cee25a834751 173
wolfSSL 11:cee25a834751 174 break;
wolfSSL 11:cee25a834751 175 #endif
wolfSSL 11:cee25a834751 176
wolfSSL 11:cee25a834751 177 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 178 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256:
wolfSSL 11:cee25a834751 179 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
wolfSSL 11:cee25a834751 180 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 181 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 182 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 183 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 184 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 185 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 186 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 187 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
wolfSSL 11:cee25a834751 188 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
wolfSSL 11:cee25a834751 189 ssl->specs.iv_size = CHACHA20_IV_SIZE;
wolfSSL 11:cee25a834751 190 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
wolfSSL 11:cee25a834751 191
wolfSSL 11:cee25a834751 192 ssl->options.oldPoly = 0; /* use recent padding RFC */
wolfSSL 11:cee25a834751 193 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 194 break;
wolfSSL 11:cee25a834751 195 #endif
wolfSSL 11:cee25a834751 196
wolfSSL 11:cee25a834751 197 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 198 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
wolfSSL 11:cee25a834751 199 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
wolfSSL 11:cee25a834751 200 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 201 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 202 ssl->specs.kea = ecdhe_psk_kea;
wolfSSL 11:cee25a834751 203 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 204 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 205 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 206 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 207 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
wolfSSL 11:cee25a834751 208 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
wolfSSL 11:cee25a834751 209 ssl->specs.iv_size = CHACHA20_IV_SIZE;
wolfSSL 11:cee25a834751 210 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
wolfSSL 11:cee25a834751 211
wolfSSL 11:cee25a834751 212 ssl->options.oldPoly = 0; /* use recent padding RFC */
wolfSSL 11:cee25a834751 213 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 214 break;
wolfSSL 11:cee25a834751 215 #endif
wolfSSL 11:cee25a834751 216
wolfSSL 11:cee25a834751 217 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 218 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
wolfSSL 11:cee25a834751 219 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
wolfSSL 11:cee25a834751 220 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 221 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 222 ssl->specs.kea = dhe_psk_kea;
wolfSSL 11:cee25a834751 223 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 224 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 225 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 226 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 227 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
wolfSSL 11:cee25a834751 228 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
wolfSSL 11:cee25a834751 229 ssl->specs.iv_size = CHACHA20_IV_SIZE;
wolfSSL 11:cee25a834751 230 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
wolfSSL 11:cee25a834751 231
wolfSSL 11:cee25a834751 232 ssl->options.oldPoly = 0; /* use recent padding RFC */
wolfSSL 11:cee25a834751 233 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 234 break;
wolfSSL 11:cee25a834751 235 #endif
wolfSSL 11:cee25a834751 236 default:
wolfSSL 11:cee25a834751 237 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
wolfSSL 11:cee25a834751 238 return UNSUPPORTED_SUITE;
wolfSSL 11:cee25a834751 239 }
wolfSSL 11:cee25a834751 240 }
wolfSSL 11:cee25a834751 241
wolfSSL 11:cee25a834751 242 /* ECC extensions, or AES-CCM */
wolfSSL 11:cee25a834751 243 if (ssl->options.cipherSuite0 == ECC_BYTE) {
wolfSSL 11:cee25a834751 244
wolfSSL 11:cee25a834751 245 switch (ssl->options.cipherSuite) {
wolfSSL 11:cee25a834751 246
wolfSSL 11:cee25a834751 247 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 248
wolfSSL 11:cee25a834751 249 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 250 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 251 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 252 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 253 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 254 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 255 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 256 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 257 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 258 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 259 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 260 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 261 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 262 break;
wolfSSL 11:cee25a834751 263 #endif
wolfSSL 11:cee25a834751 264
wolfSSL 11:cee25a834751 265 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 266 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 267 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 268 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 269 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 270 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 271 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 272 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 273 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 274 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 275 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 276 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 277 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 278 break;
wolfSSL 11:cee25a834751 279 #endif
wolfSSL 11:cee25a834751 280
wolfSSL 11:cee25a834751 281 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 282 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 283 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 284 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 285 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 286 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 287 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 288 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 289 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 290 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 291 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 292 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 293 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 294 break;
wolfSSL 11:cee25a834751 295 #endif
wolfSSL 11:cee25a834751 296
wolfSSL 11:cee25a834751 297 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 298 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 299 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 300 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 301 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 302 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 303 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 304 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 305 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 306 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 307 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 308 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 309 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 310 break;
wolfSSL 11:cee25a834751 311 #endif
wolfSSL 11:cee25a834751 312
wolfSSL 11:cee25a834751 313 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 314 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 315 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 316 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 317 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 318 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 319 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 320 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 321 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 322 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 323 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 324 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 325 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 326 break;
wolfSSL 11:cee25a834751 327 #endif
wolfSSL 11:cee25a834751 328
wolfSSL 11:cee25a834751 329 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 330 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 331 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 332 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 333 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 334 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 335 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 336 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 337 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 338 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 339 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 340 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 341 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 342 break;
wolfSSL 11:cee25a834751 343 #endif
wolfSSL 11:cee25a834751 344
wolfSSL 11:cee25a834751 345 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 346 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 347 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 348 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 349 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 350 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 351 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 352 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 353 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 354 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 355 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 356 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 357 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 358 break;
wolfSSL 11:cee25a834751 359 #endif
wolfSSL 11:cee25a834751 360
wolfSSL 11:cee25a834751 361 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 362 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 363 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 364 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 365 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 366 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 367 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 368 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 369 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 370 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 371 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 372 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 373 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 374 break;
wolfSSL 11:cee25a834751 375 #endif
wolfSSL 11:cee25a834751 376
wolfSSL 11:cee25a834751 377 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 378 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 379 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 380 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 381 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 382 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 383 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 384 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 385 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 386 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 387 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 388 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 389 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 390
wolfSSL 11:cee25a834751 391 break;
wolfSSL 11:cee25a834751 392 #endif
wolfSSL 11:cee25a834751 393
wolfSSL 11:cee25a834751 394 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 395 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 396 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 397 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 398 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 399 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 400 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 401 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 402 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 403 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 404 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 405 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 406 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 407
wolfSSL 11:cee25a834751 408 break;
wolfSSL 11:cee25a834751 409 #endif
wolfSSL 11:cee25a834751 410
wolfSSL 11:cee25a834751 411 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 412 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 413 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
wolfSSL 11:cee25a834751 414 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 415 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 416 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 417 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 418 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 419 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 420 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 421 ssl->specs.key_size = DES3_KEY_SIZE;
wolfSSL 11:cee25a834751 422 ssl->specs.block_size = DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 423 ssl->specs.iv_size = DES_IV_SIZE;
wolfSSL 11:cee25a834751 424
wolfSSL 11:cee25a834751 425 break;
wolfSSL 11:cee25a834751 426 #endif
wolfSSL 11:cee25a834751 427
wolfSSL 11:cee25a834751 428 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 429 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 430 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
wolfSSL 11:cee25a834751 431 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 432 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 433 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 434 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 435 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 436 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 437 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 438 ssl->specs.key_size = DES3_KEY_SIZE;
wolfSSL 11:cee25a834751 439 ssl->specs.block_size = DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 440 ssl->specs.iv_size = DES_IV_SIZE;
wolfSSL 11:cee25a834751 441
wolfSSL 11:cee25a834751 442 break;
wolfSSL 11:cee25a834751 443 #endif
wolfSSL 11:cee25a834751 444
wolfSSL 11:cee25a834751 445 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 446 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 447 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
wolfSSL 11:cee25a834751 448 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 449 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 450 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 451 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 452 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 453 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 454 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 455 ssl->specs.key_size = RC4_KEY_SIZE;
wolfSSL 11:cee25a834751 456 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 457 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 458
wolfSSL 11:cee25a834751 459 break;
wolfSSL 11:cee25a834751 460 #endif
wolfSSL 11:cee25a834751 461
wolfSSL 11:cee25a834751 462 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 463 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 464 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
wolfSSL 11:cee25a834751 465 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 466 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 467 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 468 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 469 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 470 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 471 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 472 ssl->specs.key_size = RC4_KEY_SIZE;
wolfSSL 11:cee25a834751 473 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 474 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 475
wolfSSL 11:cee25a834751 476 break;
wolfSSL 11:cee25a834751 477 #endif
wolfSSL 11:cee25a834751 478
wolfSSL 11:cee25a834751 479 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 480 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 481 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
wolfSSL 11:cee25a834751 482 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 483 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 484 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 485 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 486 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 487 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 488 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 489 ssl->specs.key_size = DES3_KEY_SIZE;
wolfSSL 11:cee25a834751 490 ssl->specs.block_size = DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 491 ssl->specs.iv_size = DES_IV_SIZE;
wolfSSL 11:cee25a834751 492
wolfSSL 11:cee25a834751 493 break;
wolfSSL 11:cee25a834751 494 #endif
wolfSSL 11:cee25a834751 495
wolfSSL 11:cee25a834751 496 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 497 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 498 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
wolfSSL 11:cee25a834751 499 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 500 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 501 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 502 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 503 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 504 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 505 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 506 ssl->specs.key_size = DES3_KEY_SIZE;
wolfSSL 11:cee25a834751 507 ssl->specs.block_size = DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 508 ssl->specs.iv_size = DES_IV_SIZE;
wolfSSL 11:cee25a834751 509
wolfSSL 11:cee25a834751 510 break;
wolfSSL 11:cee25a834751 511 #endif
wolfSSL 11:cee25a834751 512
wolfSSL 11:cee25a834751 513 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 514 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 515 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
wolfSSL 11:cee25a834751 516 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 517 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 518 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 519 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 520 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 521 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 522 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 523 ssl->specs.key_size = RC4_KEY_SIZE;
wolfSSL 11:cee25a834751 524 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 525 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 526
wolfSSL 11:cee25a834751 527 break;
wolfSSL 11:cee25a834751 528 #endif
wolfSSL 11:cee25a834751 529
wolfSSL 11:cee25a834751 530 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 531 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 532 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
wolfSSL 11:cee25a834751 533 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 534 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 535 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 536 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 537 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 538 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 539 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 540 ssl->specs.key_size = RC4_KEY_SIZE;
wolfSSL 11:cee25a834751 541 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 542 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 543
wolfSSL 11:cee25a834751 544 break;
wolfSSL 11:cee25a834751 545 #endif
wolfSSL 11:cee25a834751 546
wolfSSL 11:cee25a834751 547 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 548 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 549 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 550 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 551 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 552 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 553 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 554 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 555 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 556 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 557 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 558 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 559 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 560
wolfSSL 11:cee25a834751 561 break;
wolfSSL 11:cee25a834751 562 #endif
wolfSSL 11:cee25a834751 563
wolfSSL 11:cee25a834751 564 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 565 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 566 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 567 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 568 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 569 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 570 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 571 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 572 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 573 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 574 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 575 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 576 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 577
wolfSSL 11:cee25a834751 578 break;
wolfSSL 11:cee25a834751 579 #endif
wolfSSL 11:cee25a834751 580
wolfSSL 11:cee25a834751 581 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 582 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 583 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 584 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 585 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 586 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 587 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 588 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 589 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 590 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 591 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 592 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 593 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 594
wolfSSL 11:cee25a834751 595 break;
wolfSSL 11:cee25a834751 596 #endif
wolfSSL 11:cee25a834751 597
wolfSSL 11:cee25a834751 598 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 599 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 600 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 601 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 602 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 603 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 604 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 605 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 606 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 607 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 608 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 609 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 610 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 611
wolfSSL 11:cee25a834751 612 break;
wolfSSL 11:cee25a834751 613 #endif
wolfSSL 11:cee25a834751 614
wolfSSL 11:cee25a834751 615 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 616 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 617 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 618 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 619 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 620 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 621 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 622 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 623 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 624 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 625 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 626 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 627 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 628
wolfSSL 11:cee25a834751 629 break;
wolfSSL 11:cee25a834751 630 #endif
wolfSSL 11:cee25a834751 631
wolfSSL 11:cee25a834751 632 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 633 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 634 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 635 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 636 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 637 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 638 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 639 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 640 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 641 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 642 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 643 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 644 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 645
wolfSSL 11:cee25a834751 646 break;
wolfSSL 11:cee25a834751 647 #endif
wolfSSL 11:cee25a834751 648
wolfSSL 11:cee25a834751 649 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 650 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 651 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 652 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 653 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 654 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 655 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 656 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 657 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 658 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 659 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 660 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 661 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 662 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 663
wolfSSL 11:cee25a834751 664 break;
wolfSSL 11:cee25a834751 665 #endif
wolfSSL 11:cee25a834751 666
wolfSSL 11:cee25a834751 667 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 668 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 669 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 670 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 671 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 672 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 673 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 674 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 675 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 676 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 677 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 678 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 679 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 680 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 681
wolfSSL 11:cee25a834751 682 break;
wolfSSL 11:cee25a834751 683 #endif
wolfSSL 11:cee25a834751 684
wolfSSL 11:cee25a834751 685 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 686 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 687 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 688 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 689 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 690 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 691 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 692 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 693 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 694 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 695 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 696 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 697 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 698 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 699
wolfSSL 11:cee25a834751 700 break;
wolfSSL 11:cee25a834751 701 #endif
wolfSSL 11:cee25a834751 702
wolfSSL 11:cee25a834751 703 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 704 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 705 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 706 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 707 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 708 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 709 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 710 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 711 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 712 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 713 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 714 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 715 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 716 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 717
wolfSSL 11:cee25a834751 718 break;
wolfSSL 11:cee25a834751 719 #endif
wolfSSL 11:cee25a834751 720
wolfSSL 11:cee25a834751 721 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 722 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 723 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 724 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 725 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 726 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 727 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 728 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 729 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 730 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 731 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 732 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 733 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 734 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 735
wolfSSL 11:cee25a834751 736 break;
wolfSSL 11:cee25a834751 737 #endif
wolfSSL 11:cee25a834751 738
wolfSSL 11:cee25a834751 739 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 740 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 741 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 742 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 743 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 744 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 745 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 746 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 747 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 748 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 749 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 750 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 751 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 752 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 753
wolfSSL 11:cee25a834751 754 break;
wolfSSL 11:cee25a834751 755 #endif
wolfSSL 11:cee25a834751 756
wolfSSL 11:cee25a834751 757 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 758 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 759 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 760 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 761 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 762 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 763 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 764 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 765 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 766 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 767 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 768 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 769 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 770 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 771
wolfSSL 11:cee25a834751 772 break;
wolfSSL 11:cee25a834751 773 #endif
wolfSSL 11:cee25a834751 774
wolfSSL 11:cee25a834751 775 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 776 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 777 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 778 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 779 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 780 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 781 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 782 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 783 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 784 ssl->specs.static_ecdh = 1;
wolfSSL 11:cee25a834751 785 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 786 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 787 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 788 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 789
wolfSSL 11:cee25a834751 790 break;
wolfSSL 11:cee25a834751 791 #endif
wolfSSL 11:cee25a834751 792
wolfSSL 11:cee25a834751 793 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 794 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
wolfSSL 11:cee25a834751 795 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
wolfSSL 11:cee25a834751 796 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 797 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 798 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 799 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 800 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 801 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 802 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 803 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 804 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 805 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 806 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
wolfSSL 11:cee25a834751 807
wolfSSL 11:cee25a834751 808 break;
wolfSSL 11:cee25a834751 809 #endif
wolfSSL 11:cee25a834751 810
wolfSSL 11:cee25a834751 811 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 812 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
wolfSSL 11:cee25a834751 813 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
wolfSSL 11:cee25a834751 814 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 815 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 816 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 817 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 818 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 819 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 820 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 821 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 822 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 823 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 824 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
wolfSSL 11:cee25a834751 825
wolfSSL 11:cee25a834751 826 break;
wolfSSL 11:cee25a834751 827 #endif
wolfSSL 11:cee25a834751 828
wolfSSL 11:cee25a834751 829 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 830 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL 11:cee25a834751 831 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
wolfSSL 11:cee25a834751 832 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 833 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 834 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 835 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 836 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 837 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 838 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 839 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 840 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 841 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 842 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
wolfSSL 11:cee25a834751 843
wolfSSL 11:cee25a834751 844 break;
wolfSSL 11:cee25a834751 845 #endif
wolfSSL 11:cee25a834751 846
wolfSSL 11:cee25a834751 847 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL 11:cee25a834751 848 case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
wolfSSL 11:cee25a834751 849 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
wolfSSL 11:cee25a834751 850 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 851 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 852 ssl->specs.kea = ecc_diffie_hellman_kea;
wolfSSL 11:cee25a834751 853 ssl->specs.sig_algo = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 854 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 855 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 856 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 857 ssl->specs.key_size = 0;
wolfSSL 11:cee25a834751 858 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 859 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 860
wolfSSL 11:cee25a834751 861 break;
wolfSSL 11:cee25a834751 862 #endif
wolfSSL 11:cee25a834751 863
wolfSSL 11:cee25a834751 864 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 865 case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 866 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
wolfSSL 11:cee25a834751 867 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 868 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 869 ssl->specs.kea = ecdhe_psk_kea;
wolfSSL 11:cee25a834751 870 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 871 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 872 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 873 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 874 ssl->specs.key_size = 0;
wolfSSL 11:cee25a834751 875 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 876 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 877
wolfSSL 11:cee25a834751 878 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 879 break;
wolfSSL 11:cee25a834751 880 #endif
wolfSSL 11:cee25a834751 881
wolfSSL 11:cee25a834751 882 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 883 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 884 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 885 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 886 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 887 ssl->specs.kea = ecdhe_psk_kea;
wolfSSL 11:cee25a834751 888 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 889 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 890 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 891 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 892 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 893 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 894 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 895
wolfSSL 11:cee25a834751 896 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 897 break;
wolfSSL 11:cee25a834751 898 #endif
wolfSSL 11:cee25a834751 899 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 900
wolfSSL 11:cee25a834751 901 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 902 case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL 11:cee25a834751 903 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
wolfSSL 11:cee25a834751 904 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 905 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 906 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 907 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 908 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 909 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 910 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 911 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 912 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 913 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 914 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
wolfSSL 11:cee25a834751 915
wolfSSL 11:cee25a834751 916 break;
wolfSSL 11:cee25a834751 917 #endif
wolfSSL 11:cee25a834751 918
wolfSSL 11:cee25a834751 919 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 920 case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL 11:cee25a834751 921 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
wolfSSL 11:cee25a834751 922 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 923 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 924 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 925 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 926 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 927 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 928 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 929 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 930 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 931 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 932 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
wolfSSL 11:cee25a834751 933
wolfSSL 11:cee25a834751 934 break;
wolfSSL 11:cee25a834751 935 #endif
wolfSSL 11:cee25a834751 936
wolfSSL 11:cee25a834751 937 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 938 case TLS_PSK_WITH_AES_128_CCM_8 :
wolfSSL 11:cee25a834751 939 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
wolfSSL 11:cee25a834751 940 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 941 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 942 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 943 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 944 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 945 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 946 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 947 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 948 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 949 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 950 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
wolfSSL 11:cee25a834751 951
wolfSSL 11:cee25a834751 952 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 953 break;
wolfSSL 11:cee25a834751 954 #endif
wolfSSL 11:cee25a834751 955
wolfSSL 11:cee25a834751 956 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 957 case TLS_PSK_WITH_AES_256_CCM_8 :
wolfSSL 11:cee25a834751 958 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
wolfSSL 11:cee25a834751 959 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 960 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 961 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 962 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 963 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 964 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 965 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 966 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 967 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 968 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 969 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
wolfSSL 11:cee25a834751 970
wolfSSL 11:cee25a834751 971 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 972 break;
wolfSSL 11:cee25a834751 973 #endif
wolfSSL 11:cee25a834751 974
wolfSSL 11:cee25a834751 975 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 976 case TLS_PSK_WITH_AES_128_CCM :
wolfSSL 11:cee25a834751 977 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
wolfSSL 11:cee25a834751 978 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 979 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 980 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 981 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 982 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 983 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 984 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 985 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 986 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 987 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 988 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
wolfSSL 11:cee25a834751 989
wolfSSL 11:cee25a834751 990 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 991 break;
wolfSSL 11:cee25a834751 992 #endif
wolfSSL 11:cee25a834751 993
wolfSSL 11:cee25a834751 994 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL 11:cee25a834751 995 case TLS_PSK_WITH_AES_256_CCM :
wolfSSL 11:cee25a834751 996 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
wolfSSL 11:cee25a834751 997 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 998 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 999 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 1000 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1001 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1002 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1003 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1004 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1005 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1006 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 1007 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
wolfSSL 11:cee25a834751 1008
wolfSSL 11:cee25a834751 1009 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1010 break;
wolfSSL 11:cee25a834751 1011 #endif
wolfSSL 11:cee25a834751 1012
wolfSSL 11:cee25a834751 1013 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 1014 case TLS_DHE_PSK_WITH_AES_128_CCM :
wolfSSL 11:cee25a834751 1015 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
wolfSSL 11:cee25a834751 1016 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 1017 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1018 ssl->specs.kea = dhe_psk_kea;
wolfSSL 11:cee25a834751 1019 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1020 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1021 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1022 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1023 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1024 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1025 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 1026 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
wolfSSL 11:cee25a834751 1027
wolfSSL 11:cee25a834751 1028 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1029 break;
wolfSSL 11:cee25a834751 1030 #endif
wolfSSL 11:cee25a834751 1031
wolfSSL 11:cee25a834751 1032 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL 11:cee25a834751 1033 case TLS_DHE_PSK_WITH_AES_256_CCM :
wolfSSL 11:cee25a834751 1034 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
wolfSSL 11:cee25a834751 1035 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 1036 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1037 ssl->specs.kea = dhe_psk_kea;
wolfSSL 11:cee25a834751 1038 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1039 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1040 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1041 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1042 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1043 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1044 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 1045 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
wolfSSL 11:cee25a834751 1046
wolfSSL 11:cee25a834751 1047 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1048 break;
wolfSSL 11:cee25a834751 1049 #endif
wolfSSL 11:cee25a834751 1050
wolfSSL 11:cee25a834751 1051 default:
wolfSSL 11:cee25a834751 1052 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
wolfSSL 11:cee25a834751 1053 return UNSUPPORTED_SUITE;
wolfSSL 11:cee25a834751 1054 } /* switch */
wolfSSL 11:cee25a834751 1055 } /* if */
wolfSSL 11:cee25a834751 1056 if (ssl->options.cipherSuite0 != ECC_BYTE &&
wolfSSL 11:cee25a834751 1057 ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */
wolfSSL 11:cee25a834751 1058 switch (ssl->options.cipherSuite) {
wolfSSL 11:cee25a834751 1059
wolfSSL 11:cee25a834751 1060 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 1061 case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 1062 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
wolfSSL 11:cee25a834751 1063 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1064 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1065 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1066 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1067 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1068 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1069 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1070 ssl->specs.key_size = RC4_KEY_SIZE;
wolfSSL 11:cee25a834751 1071 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 1072 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1073
wolfSSL 11:cee25a834751 1074 break;
wolfSSL 11:cee25a834751 1075 #endif
wolfSSL 11:cee25a834751 1076
wolfSSL 11:cee25a834751 1077 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 1078 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 1079 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
wolfSSL 11:cee25a834751 1080 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1081 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1082 ssl->specs.kea = ntru_kea;
wolfSSL 11:cee25a834751 1083 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1084 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1085 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1086 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1087 ssl->specs.key_size = RC4_KEY_SIZE;
wolfSSL 11:cee25a834751 1088 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 1089 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1090
wolfSSL 11:cee25a834751 1091 break;
wolfSSL 11:cee25a834751 1092 #endif
wolfSSL 11:cee25a834751 1093
wolfSSL 11:cee25a834751 1094 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL 11:cee25a834751 1095 case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL 11:cee25a834751 1096 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
wolfSSL 11:cee25a834751 1097 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1098 ssl->specs.mac_algorithm = md5_mac;
wolfSSL 11:cee25a834751 1099 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1100 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1101 ssl->specs.hash_size = MD5_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1102 ssl->specs.pad_size = PAD_MD5;
wolfSSL 11:cee25a834751 1103 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1104 ssl->specs.key_size = RC4_KEY_SIZE;
wolfSSL 11:cee25a834751 1105 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 1106 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1107
wolfSSL 11:cee25a834751 1108 break;
wolfSSL 11:cee25a834751 1109 #endif
wolfSSL 11:cee25a834751 1110
wolfSSL 11:cee25a834751 1111 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 1112 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 1113 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
wolfSSL 11:cee25a834751 1114 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1115 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1116 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1117 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1118 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1119 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1120 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1121 ssl->specs.key_size = DES3_KEY_SIZE;
wolfSSL 11:cee25a834751 1122 ssl->specs.block_size = DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1123 ssl->specs.iv_size = DES_IV_SIZE;
wolfSSL 11:cee25a834751 1124
wolfSSL 11:cee25a834751 1125 break;
wolfSSL 11:cee25a834751 1126 #endif
wolfSSL 11:cee25a834751 1127
wolfSSL 11:cee25a834751 1128 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 1129 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 1130 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
wolfSSL 11:cee25a834751 1131 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1132 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1133 ssl->specs.kea = ntru_kea;
wolfSSL 11:cee25a834751 1134 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1135 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1136 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1137 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1138 ssl->specs.key_size = DES3_KEY_SIZE;
wolfSSL 11:cee25a834751 1139 ssl->specs.block_size = DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1140 ssl->specs.iv_size = DES_IV_SIZE;
wolfSSL 11:cee25a834751 1141
wolfSSL 11:cee25a834751 1142 break;
wolfSSL 11:cee25a834751 1143 #endif
wolfSSL 11:cee25a834751 1144
wolfSSL 11:cee25a834751 1145 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 1146 case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 1147 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1148 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1149 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1150 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1151 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1152 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1153 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1154 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1155 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1156 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1157 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1158
wolfSSL 11:cee25a834751 1159 break;
wolfSSL 11:cee25a834751 1160 #endif
wolfSSL 11:cee25a834751 1161
wolfSSL 11:cee25a834751 1162 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 1163 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 1164 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1165 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1166 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1167 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1168 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1169 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1170 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1171 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1172 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1173 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1174 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1175
wolfSSL 11:cee25a834751 1176 break;
wolfSSL 11:cee25a834751 1177 #endif
wolfSSL 11:cee25a834751 1178
wolfSSL 11:cee25a834751 1179 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL 11:cee25a834751 1180 case TLS_RSA_WITH_NULL_SHA :
wolfSSL 11:cee25a834751 1181 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
wolfSSL 11:cee25a834751 1182 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1183 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1184 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1185 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1186 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1187 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1188 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1189 ssl->specs.key_size = 0;
wolfSSL 11:cee25a834751 1190 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1191 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 1192
wolfSSL 11:cee25a834751 1193 break;
wolfSSL 11:cee25a834751 1194 #endif
wolfSSL 11:cee25a834751 1195
wolfSSL 11:cee25a834751 1196 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 1197 case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 1198 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
wolfSSL 11:cee25a834751 1199 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1200 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1201 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1202 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1203 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1204 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1205 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1206 ssl->specs.key_size = 0;
wolfSSL 11:cee25a834751 1207 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1208 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 1209
wolfSSL 11:cee25a834751 1210 break;
wolfSSL 11:cee25a834751 1211 #endif
wolfSSL 11:cee25a834751 1212
wolfSSL 11:cee25a834751 1213 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 1214 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 1215 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1216 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1217 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1218 ssl->specs.kea = ntru_kea;
wolfSSL 11:cee25a834751 1219 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1220 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1221 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1222 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1223 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1224 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1225 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1226
wolfSSL 11:cee25a834751 1227 break;
wolfSSL 11:cee25a834751 1228 #endif
wolfSSL 11:cee25a834751 1229
wolfSSL 11:cee25a834751 1230 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 1231 case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 1232 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1233 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1234 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1235 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1236 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1237 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1238 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1239 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1240 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1241 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1242 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1243
wolfSSL 11:cee25a834751 1244 break;
wolfSSL 11:cee25a834751 1245 #endif
wolfSSL 11:cee25a834751 1246
wolfSSL 11:cee25a834751 1247 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 11:cee25a834751 1248 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 1249 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1250 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1251 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1252 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1253 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1254 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1255 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1256 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1257 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1258 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1259 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1260
wolfSSL 11:cee25a834751 1261 break;
wolfSSL 11:cee25a834751 1262 #endif
wolfSSL 11:cee25a834751 1263
wolfSSL 11:cee25a834751 1264 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 1265 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 1266 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1267 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1268 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1269 ssl->specs.kea = ntru_kea;
wolfSSL 11:cee25a834751 1270 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1271 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1272 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1273 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1274 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1275 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1276 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1277
wolfSSL 11:cee25a834751 1278 break;
wolfSSL 11:cee25a834751 1279 #endif
wolfSSL 11:cee25a834751 1280
wolfSSL 11:cee25a834751 1281 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1282 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 1283 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 1284 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 1285 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1286 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 1287 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1288 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1289 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1290 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1291 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1292 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1293 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 1294 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 1295
wolfSSL 11:cee25a834751 1296 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1297 break;
wolfSSL 11:cee25a834751 1298 #endif
wolfSSL 11:cee25a834751 1299
wolfSSL 11:cee25a834751 1300 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1301 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 1302 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 1303 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 1304 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 1305 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 1306 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1307 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1308 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1309 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1310 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1311 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1312 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 1313 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 1314
wolfSSL 11:cee25a834751 1315 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1316 break;
wolfSSL 11:cee25a834751 1317 #endif
wolfSSL 11:cee25a834751 1318
wolfSSL 11:cee25a834751 1319 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1320 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 1321 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 1322 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 1323 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1324 ssl->specs.kea = dhe_psk_kea;
wolfSSL 11:cee25a834751 1325 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1326 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1327 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1328 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1329 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1330 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1331 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 1332 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 1333
wolfSSL 11:cee25a834751 1334 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1335 break;
wolfSSL 11:cee25a834751 1336 #endif
wolfSSL 11:cee25a834751 1337
wolfSSL 11:cee25a834751 1338 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1339 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 1340 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 1341 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 1342 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 1343 ssl->specs.kea = dhe_psk_kea;
wolfSSL 11:cee25a834751 1344 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1345 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1346 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1347 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1348 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1349 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1350 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 1351 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 1352
wolfSSL 11:cee25a834751 1353 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1354 break;
wolfSSL 11:cee25a834751 1355 #endif
wolfSSL 11:cee25a834751 1356
wolfSSL 11:cee25a834751 1357 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 1358 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 1359 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1360 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1361 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1362 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 1363 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1364 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1365 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1366 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1367 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1368 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1369 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1370
wolfSSL 11:cee25a834751 1371 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1372 break;
wolfSSL 11:cee25a834751 1373 #endif
wolfSSL 11:cee25a834751 1374
wolfSSL 11:cee25a834751 1375 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 1376 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 1377 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1378 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1379 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 1380 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 1381 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1382 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1383 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1384 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1385 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1386 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1387 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1388
wolfSSL 11:cee25a834751 1389 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1390 break;
wolfSSL 11:cee25a834751 1391 #endif
wolfSSL 11:cee25a834751 1392
wolfSSL 11:cee25a834751 1393 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 1394 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 1395 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1396 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1397 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1398 ssl->specs.kea = dhe_psk_kea;
wolfSSL 11:cee25a834751 1399 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1400 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1401 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1402 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1403 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1404 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1405 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1406
wolfSSL 11:cee25a834751 1407 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1408 break;
wolfSSL 11:cee25a834751 1409 #endif
wolfSSL 11:cee25a834751 1410
wolfSSL 11:cee25a834751 1411 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 1412 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 1413 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1414 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1415 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 1416 ssl->specs.kea = dhe_psk_kea;
wolfSSL 11:cee25a834751 1417 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1418 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1419 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1420 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1421 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1422 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1423 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1424
wolfSSL 11:cee25a834751 1425 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1426 break;
wolfSSL 11:cee25a834751 1427 #endif
wolfSSL 11:cee25a834751 1428
wolfSSL 11:cee25a834751 1429 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 1430 case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 1431 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1432 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1433 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1434 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 1435 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1436 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1437 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1438 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1439 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1440 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1441 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1442
wolfSSL 11:cee25a834751 1443 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1444 break;
wolfSSL 11:cee25a834751 1445 #endif
wolfSSL 11:cee25a834751 1446
wolfSSL 11:cee25a834751 1447 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 1448 case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 1449 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1450 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1451 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1452 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 1453 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1454 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1455 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1456 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1457 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1458 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1459 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1460
wolfSSL 11:cee25a834751 1461 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1462 break;
wolfSSL 11:cee25a834751 1463 #endif
wolfSSL 11:cee25a834751 1464
wolfSSL 11:cee25a834751 1465 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 1466 case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 1467 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
wolfSSL 11:cee25a834751 1468 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1469 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1470 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 1471 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1472 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1473 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1474 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1475 ssl->specs.key_size = 0;
wolfSSL 11:cee25a834751 1476 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1477 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 1478
wolfSSL 11:cee25a834751 1479 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1480 break;
wolfSSL 11:cee25a834751 1481 #endif
wolfSSL 11:cee25a834751 1482
wolfSSL 11:cee25a834751 1483 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL 11:cee25a834751 1484 case TLS_PSK_WITH_NULL_SHA384 :
wolfSSL 11:cee25a834751 1485 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
wolfSSL 11:cee25a834751 1486 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1487 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 1488 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 1489 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1490 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1491 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1492 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1493 ssl->specs.key_size = 0;
wolfSSL 11:cee25a834751 1494 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1495 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 1496
wolfSSL 11:cee25a834751 1497 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1498 break;
wolfSSL 11:cee25a834751 1499 #endif
wolfSSL 11:cee25a834751 1500
wolfSSL 11:cee25a834751 1501 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL 11:cee25a834751 1502 case TLS_PSK_WITH_NULL_SHA :
wolfSSL 11:cee25a834751 1503 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
wolfSSL 11:cee25a834751 1504 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1505 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1506 ssl->specs.kea = psk_kea;
wolfSSL 11:cee25a834751 1507 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1508 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1509 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1510 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1511 ssl->specs.key_size = 0;
wolfSSL 11:cee25a834751 1512 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1513 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 1514
wolfSSL 11:cee25a834751 1515 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1516 break;
wolfSSL 11:cee25a834751 1517 #endif
wolfSSL 11:cee25a834751 1518
wolfSSL 11:cee25a834751 1519 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 1520 case TLS_DHE_PSK_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 1521 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
wolfSSL 11:cee25a834751 1522 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1523 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1524 ssl->specs.kea = dhe_psk_kea;
wolfSSL 11:cee25a834751 1525 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1526 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1527 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1528 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1529 ssl->specs.key_size = 0;
wolfSSL 11:cee25a834751 1530 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1531 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 1532
wolfSSL 11:cee25a834751 1533 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1534 break;
wolfSSL 11:cee25a834751 1535 #endif
wolfSSL 11:cee25a834751 1536
wolfSSL 11:cee25a834751 1537 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL 11:cee25a834751 1538 case TLS_DHE_PSK_WITH_NULL_SHA384 :
wolfSSL 11:cee25a834751 1539 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
wolfSSL 11:cee25a834751 1540 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1541 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 1542 ssl->specs.kea = dhe_psk_kea;
wolfSSL 11:cee25a834751 1543 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1544 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1545 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1546 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1547 ssl->specs.key_size = 0;
wolfSSL 11:cee25a834751 1548 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1549 ssl->specs.iv_size = 0;
wolfSSL 11:cee25a834751 1550
wolfSSL 11:cee25a834751 1551 ssl->options.usingPSK_cipher = 1;
wolfSSL 11:cee25a834751 1552 break;
wolfSSL 11:cee25a834751 1553 #endif
wolfSSL 11:cee25a834751 1554
wolfSSL 11:cee25a834751 1555 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 1556 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 1557 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1558 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1559 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1560 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1561 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1562 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1563 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1564 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1565 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1566 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1567 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1568
wolfSSL 11:cee25a834751 1569 break;
wolfSSL 11:cee25a834751 1570 #endif
wolfSSL 11:cee25a834751 1571
wolfSSL 11:cee25a834751 1572 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 1573 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 1574 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
wolfSSL 11:cee25a834751 1575 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1576 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1577 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1578 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1579 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1580 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1581 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1582 ssl->specs.key_size = DES3_KEY_SIZE;
wolfSSL 11:cee25a834751 1583 ssl->specs.block_size = DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1584 ssl->specs.iv_size = DES_IV_SIZE;
wolfSSL 11:cee25a834751 1585
wolfSSL 11:cee25a834751 1586 break;
wolfSSL 11:cee25a834751 1587 #endif
wolfSSL 11:cee25a834751 1588
wolfSSL 11:cee25a834751 1589 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 11:cee25a834751 1590 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 1591 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1592 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1593 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1594 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1595 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1596 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1597 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1598 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1599 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1600 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1601 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1602
wolfSSL 11:cee25a834751 1603 break;
wolfSSL 11:cee25a834751 1604 #endif
wolfSSL 11:cee25a834751 1605
wolfSSL 11:cee25a834751 1606 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 1607 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 1608 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1609 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1610 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1611 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1612 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1613 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1614 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1615 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1616 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1617 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1618 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1619
wolfSSL 11:cee25a834751 1620 break;
wolfSSL 11:cee25a834751 1621 #endif
wolfSSL 11:cee25a834751 1622
wolfSSL 11:cee25a834751 1623 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 1624 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 1625 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1626 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1627 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1628 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1629 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1630 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1631 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1632 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1633 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1634 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1635 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1636
wolfSSL 11:cee25a834751 1637 break;
wolfSSL 11:cee25a834751 1638 #endif
wolfSSL 11:cee25a834751 1639
wolfSSL 11:cee25a834751 1640 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL 11:cee25a834751 1641 case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL 11:cee25a834751 1642 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
wolfSSL 11:cee25a834751 1643 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1644 ssl->specs.mac_algorithm = md5_mac;
wolfSSL 11:cee25a834751 1645 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1646 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1647 ssl->specs.hash_size = MD5_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1648 ssl->specs.pad_size = PAD_MD5;
wolfSSL 11:cee25a834751 1649 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1650 ssl->specs.key_size = HC_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1651 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1652 ssl->specs.iv_size = HC_128_IV_SIZE;
wolfSSL 11:cee25a834751 1653
wolfSSL 11:cee25a834751 1654 break;
wolfSSL 11:cee25a834751 1655 #endif
wolfSSL 11:cee25a834751 1656
wolfSSL 11:cee25a834751 1657 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL 11:cee25a834751 1658 case TLS_RSA_WITH_HC_128_SHA :
wolfSSL 11:cee25a834751 1659 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
wolfSSL 11:cee25a834751 1660 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1661 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1662 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1663 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1664 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1665 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1666 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1667 ssl->specs.key_size = HC_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1668 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1669 ssl->specs.iv_size = HC_128_IV_SIZE;
wolfSSL 11:cee25a834751 1670
wolfSSL 11:cee25a834751 1671 break;
wolfSSL 11:cee25a834751 1672 #endif
wolfSSL 11:cee25a834751 1673
wolfSSL 11:cee25a834751 1674 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL 11:cee25a834751 1675 case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL 11:cee25a834751 1676 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
wolfSSL 11:cee25a834751 1677 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1678 ssl->specs.mac_algorithm = blake2b_mac;
wolfSSL 11:cee25a834751 1679 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1680 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1681 ssl->specs.hash_size = BLAKE2B_256;
wolfSSL 11:cee25a834751 1682 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1683 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1684 ssl->specs.key_size = HC_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1685 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1686 ssl->specs.iv_size = HC_128_IV_SIZE;
wolfSSL 11:cee25a834751 1687
wolfSSL 11:cee25a834751 1688 break;
wolfSSL 11:cee25a834751 1689 #endif
wolfSSL 11:cee25a834751 1690
wolfSSL 11:cee25a834751 1691 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL 11:cee25a834751 1692 case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL 11:cee25a834751 1693 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1694 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1695 ssl->specs.mac_algorithm = blake2b_mac;
wolfSSL 11:cee25a834751 1696 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1697 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1698 ssl->specs.hash_size = BLAKE2B_256;
wolfSSL 11:cee25a834751 1699 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1700 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1701 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1702 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1703 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1704
wolfSSL 11:cee25a834751 1705 break;
wolfSSL 11:cee25a834751 1706 #endif
wolfSSL 11:cee25a834751 1707
wolfSSL 11:cee25a834751 1708 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL 11:cee25a834751 1709 case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL 11:cee25a834751 1710 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1711 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1712 ssl->specs.mac_algorithm = blake2b_mac;
wolfSSL 11:cee25a834751 1713 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1714 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1715 ssl->specs.hash_size = BLAKE2B_256;
wolfSSL 11:cee25a834751 1716 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1717 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1718 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1719 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1720 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1721
wolfSSL 11:cee25a834751 1722 break;
wolfSSL 11:cee25a834751 1723 #endif
wolfSSL 11:cee25a834751 1724
wolfSSL 11:cee25a834751 1725 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL 11:cee25a834751 1726 case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL 11:cee25a834751 1727 ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit;
wolfSSL 11:cee25a834751 1728 ssl->specs.cipher_type = stream;
wolfSSL 11:cee25a834751 1729 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1730 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1731 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1732 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1733 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1734 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1735 ssl->specs.key_size = RABBIT_KEY_SIZE;
wolfSSL 11:cee25a834751 1736 ssl->specs.block_size = 0;
wolfSSL 11:cee25a834751 1737 ssl->specs.iv_size = RABBIT_IV_SIZE;
wolfSSL 11:cee25a834751 1738
wolfSSL 11:cee25a834751 1739 break;
wolfSSL 11:cee25a834751 1740 #endif
wolfSSL 11:cee25a834751 1741
wolfSSL 11:cee25a834751 1742 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1743 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 1744 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 1745 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 1746 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1747 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1748 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1749 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1750 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1751 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1752 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1753 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1754 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 1755 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 1756
wolfSSL 11:cee25a834751 1757 break;
wolfSSL 11:cee25a834751 1758 #endif
wolfSSL 11:cee25a834751 1759
wolfSSL 11:cee25a834751 1760 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1761 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 1762 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 1763 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 1764 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 1765 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1766 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1767 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1768 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1769 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1770 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1771 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1772 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 1773 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 1774
wolfSSL 11:cee25a834751 1775 break;
wolfSSL 11:cee25a834751 1776 #endif
wolfSSL 11:cee25a834751 1777
wolfSSL 11:cee25a834751 1778 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1779 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 1780 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 1781 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 1782 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1783 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1784 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1785 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1786 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1787 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1788 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1789 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1790 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 1791 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 1792
wolfSSL 11:cee25a834751 1793 break;
wolfSSL 11:cee25a834751 1794 #endif
wolfSSL 11:cee25a834751 1795
wolfSSL 11:cee25a834751 1796 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1797 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 1798 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
wolfSSL 11:cee25a834751 1799 ssl->specs.cipher_type = aead;
wolfSSL 11:cee25a834751 1800 ssl->specs.mac_algorithm = sha384_mac;
wolfSSL 11:cee25a834751 1801 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1802 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1803 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1804 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1805 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1806 ssl->specs.key_size = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1807 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1808 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
wolfSSL 11:cee25a834751 1809 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
wolfSSL 11:cee25a834751 1810
wolfSSL 11:cee25a834751 1811 break;
wolfSSL 11:cee25a834751 1812 #endif
wolfSSL 11:cee25a834751 1813
wolfSSL 11:cee25a834751 1814 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 11:cee25a834751 1815 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 11:cee25a834751 1816 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
wolfSSL 11:cee25a834751 1817 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1818 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1819 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1820 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1821 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1822 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1823 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1824 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1825 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1826 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
wolfSSL 11:cee25a834751 1827
wolfSSL 11:cee25a834751 1828 break;
wolfSSL 11:cee25a834751 1829 #endif
wolfSSL 11:cee25a834751 1830
wolfSSL 11:cee25a834751 1831 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 11:cee25a834751 1832 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 11:cee25a834751 1833 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
wolfSSL 11:cee25a834751 1834 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1835 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1836 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1837 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1838 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1839 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1840 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1841 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1842 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1843 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
wolfSSL 11:cee25a834751 1844
wolfSSL 11:cee25a834751 1845 break;
wolfSSL 11:cee25a834751 1846 #endif
wolfSSL 11:cee25a834751 1847
wolfSSL 11:cee25a834751 1848 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 11:cee25a834751 1849 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 1850 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
wolfSSL 11:cee25a834751 1851 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1852 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1853 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1854 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1855 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1856 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1857 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1858 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1859 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1860 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
wolfSSL 11:cee25a834751 1861
wolfSSL 11:cee25a834751 1862 break;
wolfSSL 11:cee25a834751 1863 #endif
wolfSSL 11:cee25a834751 1864
wolfSSL 11:cee25a834751 1865 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 11:cee25a834751 1866 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 1867 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
wolfSSL 11:cee25a834751 1868 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1869 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1870 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1871 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1872 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1873 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1874 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1875 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1876 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1877 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
wolfSSL 11:cee25a834751 1878
wolfSSL 11:cee25a834751 1879 break;
wolfSSL 11:cee25a834751 1880 #endif
wolfSSL 11:cee25a834751 1881
wolfSSL 11:cee25a834751 1882 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 11:cee25a834751 1883 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 11:cee25a834751 1884 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
wolfSSL 11:cee25a834751 1885 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1886 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1887 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1888 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1889 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1890 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1891 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1892 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1893 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1894 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
wolfSSL 11:cee25a834751 1895
wolfSSL 11:cee25a834751 1896 break;
wolfSSL 11:cee25a834751 1897 #endif
wolfSSL 11:cee25a834751 1898
wolfSSL 11:cee25a834751 1899 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 11:cee25a834751 1900 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 11:cee25a834751 1901 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
wolfSSL 11:cee25a834751 1902 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1903 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1904 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1905 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1906 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1907 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1908 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1909 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1910 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1911 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
wolfSSL 11:cee25a834751 1912
wolfSSL 11:cee25a834751 1913 break;
wolfSSL 11:cee25a834751 1914 #endif
wolfSSL 11:cee25a834751 1915
wolfSSL 11:cee25a834751 1916 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 11:cee25a834751 1917 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 1918 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
wolfSSL 11:cee25a834751 1919 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1920 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1921 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1922 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1923 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1924 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1925 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1926 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1927 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1928 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
wolfSSL 11:cee25a834751 1929
wolfSSL 11:cee25a834751 1930 break;
wolfSSL 11:cee25a834751 1931 #endif
wolfSSL 11:cee25a834751 1932
wolfSSL 11:cee25a834751 1933 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 11:cee25a834751 1934 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 1935 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
wolfSSL 11:cee25a834751 1936 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1937 ssl->specs.mac_algorithm = sha256_mac;
wolfSSL 11:cee25a834751 1938 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1939 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1940 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1941 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1942 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1943 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
wolfSSL 11:cee25a834751 1944 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1945 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
wolfSSL 11:cee25a834751 1946
wolfSSL 11:cee25a834751 1947 break;
wolfSSL 11:cee25a834751 1948 #endif
wolfSSL 11:cee25a834751 1949
wolfSSL 11:cee25a834751 1950 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 1951 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 1952 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
wolfSSL 11:cee25a834751 1953 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1954 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1955 ssl->specs.kea = diffie_hellman_kea;
wolfSSL 11:cee25a834751 1956 ssl->specs.sig_algo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1957 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1958 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1959 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1960 ssl->specs.key_size = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 1961 ssl->specs.block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1962 ssl->specs.iv_size = AES_IV_SIZE;
wolfSSL 11:cee25a834751 1963
wolfSSL 11:cee25a834751 1964 ssl->options.usingAnon_cipher = 1;
wolfSSL 11:cee25a834751 1965 break;
wolfSSL 11:cee25a834751 1966 #endif
wolfSSL 11:cee25a834751 1967
wolfSSL 11:cee25a834751 1968 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL 11:cee25a834751 1969 case SSL_RSA_WITH_IDEA_CBC_SHA :
wolfSSL 11:cee25a834751 1970 ssl->specs.bulk_cipher_algorithm = wolfssl_idea;
wolfSSL 11:cee25a834751 1971 ssl->specs.cipher_type = block;
wolfSSL 11:cee25a834751 1972 ssl->specs.mac_algorithm = sha_mac;
wolfSSL 11:cee25a834751 1973 ssl->specs.kea = rsa_kea;
wolfSSL 11:cee25a834751 1974 ssl->specs.sig_algo = rsa_sa_algo;
wolfSSL 11:cee25a834751 1975 ssl->specs.hash_size = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 1976 ssl->specs.pad_size = PAD_SHA;
wolfSSL 11:cee25a834751 1977 ssl->specs.static_ecdh = 0;
wolfSSL 11:cee25a834751 1978 ssl->specs.key_size = IDEA_KEY_SIZE;
wolfSSL 11:cee25a834751 1979 ssl->specs.block_size = IDEA_BLOCK_SIZE;
wolfSSL 11:cee25a834751 1980 ssl->specs.iv_size = IDEA_IV_SIZE;
wolfSSL 11:cee25a834751 1981
wolfSSL 11:cee25a834751 1982 break;
wolfSSL 11:cee25a834751 1983 #endif
wolfSSL 11:cee25a834751 1984
wolfSSL 11:cee25a834751 1985 default:
wolfSSL 11:cee25a834751 1986 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
wolfSSL 11:cee25a834751 1987 return UNSUPPORTED_SUITE;
wolfSSL 11:cee25a834751 1988 } /* switch */
wolfSSL 11:cee25a834751 1989 } /* if ECC / Normal suites else */
wolfSSL 11:cee25a834751 1990
wolfSSL 11:cee25a834751 1991 /* set TLS if it hasn't been turned off */
wolfSSL 11:cee25a834751 1992 if (ssl->version.major == 3 && ssl->version.minor >= 1) {
wolfSSL 11:cee25a834751 1993 #ifndef NO_TLS
wolfSSL 11:cee25a834751 1994 ssl->options.tls = 1;
wolfSSL 11:cee25a834751 1995 ssl->hmac = TLS_hmac;
wolfSSL 11:cee25a834751 1996 if (ssl->version.minor >= 2)
wolfSSL 11:cee25a834751 1997 ssl->options.tls1_1 = 1;
wolfSSL 11:cee25a834751 1998 #endif
wolfSSL 11:cee25a834751 1999 }
wolfSSL 11:cee25a834751 2000
wolfSSL 11:cee25a834751 2001 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 2002 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 2003 ssl->hmac = TLS_hmac;
wolfSSL 11:cee25a834751 2004 #endif
wolfSSL 11:cee25a834751 2005
wolfSSL 11:cee25a834751 2006 return 0;
wolfSSL 11:cee25a834751 2007 }
wolfSSL 11:cee25a834751 2008
wolfSSL 11:cee25a834751 2009
wolfSSL 11:cee25a834751 2010 enum KeyStuff {
wolfSSL 11:cee25a834751 2011 MASTER_ROUNDS = 3,
wolfSSL 11:cee25a834751 2012 PREFIX = 3, /* up to three letters for master prefix */
wolfSSL 11:cee25a834751 2013 KEY_PREFIX = 9 /* up to 9 prefix letters for key rounds */
wolfSSL 11:cee25a834751 2014
wolfSSL 11:cee25a834751 2015
wolfSSL 11:cee25a834751 2016 };
wolfSSL 11:cee25a834751 2017
wolfSSL 11:cee25a834751 2018 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 2019 /* true or false, zero for error */
wolfSSL 11:cee25a834751 2020 static int SetPrefix(byte* sha_input, int idx)
wolfSSL 11:cee25a834751 2021 {
wolfSSL 11:cee25a834751 2022 switch (idx) {
wolfSSL 11:cee25a834751 2023 case 0:
wolfSSL 11:cee25a834751 2024 XMEMCPY(sha_input, "A", 1);
wolfSSL 11:cee25a834751 2025 break;
wolfSSL 11:cee25a834751 2026 case 1:
wolfSSL 11:cee25a834751 2027 XMEMCPY(sha_input, "BB", 2);
wolfSSL 11:cee25a834751 2028 break;
wolfSSL 11:cee25a834751 2029 case 2:
wolfSSL 11:cee25a834751 2030 XMEMCPY(sha_input, "CCC", 3);
wolfSSL 11:cee25a834751 2031 break;
wolfSSL 11:cee25a834751 2032 case 3:
wolfSSL 11:cee25a834751 2033 XMEMCPY(sha_input, "DDDD", 4);
wolfSSL 11:cee25a834751 2034 break;
wolfSSL 11:cee25a834751 2035 case 4:
wolfSSL 11:cee25a834751 2036 XMEMCPY(sha_input, "EEEEE", 5);
wolfSSL 11:cee25a834751 2037 break;
wolfSSL 11:cee25a834751 2038 case 5:
wolfSSL 11:cee25a834751 2039 XMEMCPY(sha_input, "FFFFFF", 6);
wolfSSL 11:cee25a834751 2040 break;
wolfSSL 11:cee25a834751 2041 case 6:
wolfSSL 11:cee25a834751 2042 XMEMCPY(sha_input, "GGGGGGG", 7);
wolfSSL 11:cee25a834751 2043 break;
wolfSSL 11:cee25a834751 2044 case 7:
wolfSSL 11:cee25a834751 2045 XMEMCPY(sha_input, "HHHHHHHH", 8);
wolfSSL 11:cee25a834751 2046 break;
wolfSSL 11:cee25a834751 2047 case 8:
wolfSSL 11:cee25a834751 2048 XMEMCPY(sha_input, "IIIIIIIII", 9);
wolfSSL 11:cee25a834751 2049 break;
wolfSSL 11:cee25a834751 2050 default:
wolfSSL 11:cee25a834751 2051 WOLFSSL_MSG("Set Prefix error, bad input");
wolfSSL 11:cee25a834751 2052 return 0;
wolfSSL 11:cee25a834751 2053 }
wolfSSL 11:cee25a834751 2054 return 1;
wolfSSL 11:cee25a834751 2055 }
wolfSSL 11:cee25a834751 2056 #endif
wolfSSL 11:cee25a834751 2057
wolfSSL 11:cee25a834751 2058
wolfSSL 11:cee25a834751 2059 static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
wolfSSL 11:cee25a834751 2060 int side, void* heap, int devId)
wolfSSL 11:cee25a834751 2061 {
wolfSSL 11:cee25a834751 2062 #ifdef BUILD_ARC4
wolfSSL 11:cee25a834751 2063 word32 sz = specs->key_size;
wolfSSL 11:cee25a834751 2064 if (specs->bulk_cipher_algorithm == wolfssl_rc4) {
wolfSSL 11:cee25a834751 2065 if (enc && enc->arc4 == NULL)
wolfSSL 11:cee25a834751 2066 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2067 if (enc && enc->arc4 == NULL)
wolfSSL 11:cee25a834751 2068 return MEMORY_E;
wolfSSL 11:cee25a834751 2069 if (dec && dec->arc4 == NULL)
wolfSSL 11:cee25a834751 2070 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2071 if (dec && dec->arc4 == NULL)
wolfSSL 11:cee25a834751 2072 return MEMORY_E;
wolfSSL 11:cee25a834751 2073
wolfSSL 11:cee25a834751 2074 if (enc) {
wolfSSL 11:cee25a834751 2075 if (wc_Arc4Init(enc->arc4, heap, devId) != 0) {
wolfSSL 11:cee25a834751 2076 WOLFSSL_MSG("Arc4Init failed in SetKeys");
wolfSSL 11:cee25a834751 2077 return ASYNC_INIT_E;
wolfSSL 11:cee25a834751 2078 }
wolfSSL 11:cee25a834751 2079 }
wolfSSL 11:cee25a834751 2080 if (dec) {
wolfSSL 11:cee25a834751 2081 if (wc_Arc4Init(dec->arc4, heap, devId) != 0) {
wolfSSL 11:cee25a834751 2082 WOLFSSL_MSG("Arc4Init failed in SetKeys");
wolfSSL 11:cee25a834751 2083 return ASYNC_INIT_E;
wolfSSL 11:cee25a834751 2084 }
wolfSSL 11:cee25a834751 2085 }
wolfSSL 11:cee25a834751 2086
wolfSSL 11:cee25a834751 2087 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2088 if (enc)
wolfSSL 11:cee25a834751 2089 wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
wolfSSL 11:cee25a834751 2090 if (dec)
wolfSSL 11:cee25a834751 2091 wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz);
wolfSSL 11:cee25a834751 2092 }
wolfSSL 11:cee25a834751 2093 else {
wolfSSL 11:cee25a834751 2094 if (enc)
wolfSSL 11:cee25a834751 2095 wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz);
wolfSSL 11:cee25a834751 2096 if (dec)
wolfSSL 11:cee25a834751 2097 wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz);
wolfSSL 11:cee25a834751 2098 }
wolfSSL 11:cee25a834751 2099 if (enc)
wolfSSL 11:cee25a834751 2100 enc->setup = 1;
wolfSSL 11:cee25a834751 2101 if (dec)
wolfSSL 11:cee25a834751 2102 dec->setup = 1;
wolfSSL 11:cee25a834751 2103 }
wolfSSL 11:cee25a834751 2104 #endif /* BUILD_ARC4 */
wolfSSL 11:cee25a834751 2105
wolfSSL 11:cee25a834751 2106
wolfSSL 11:cee25a834751 2107 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL 11:cee25a834751 2108 /* Check that the max implicit iv size is suffecient */
wolfSSL 11:cee25a834751 2109 #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */
wolfSSL 11:cee25a834751 2110 #error AEAD_MAX_IMP_SZ is too small for ChaCha20
wolfSSL 11:cee25a834751 2111 #endif
wolfSSL 11:cee25a834751 2112 #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */
wolfSSL 11:cee25a834751 2113 #error MAX_WRITE_IV_SZ is too small for ChaCha20
wolfSSL 11:cee25a834751 2114 #endif
wolfSSL 11:cee25a834751 2115
wolfSSL 11:cee25a834751 2116 if (specs->bulk_cipher_algorithm == wolfssl_chacha) {
wolfSSL 11:cee25a834751 2117 int chachaRet;
wolfSSL 11:cee25a834751 2118 if (enc && enc->chacha == NULL)
wolfSSL 11:cee25a834751 2119 enc->chacha =
wolfSSL 11:cee25a834751 2120 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2121 if (enc && enc->chacha == NULL)
wolfSSL 11:cee25a834751 2122 return MEMORY_E;
wolfSSL 11:cee25a834751 2123 if (dec && dec->chacha == NULL)
wolfSSL 11:cee25a834751 2124 dec->chacha =
wolfSSL 11:cee25a834751 2125 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2126 if (dec && dec->chacha == NULL)
wolfSSL 11:cee25a834751 2127 return MEMORY_E;
wolfSSL 11:cee25a834751 2128 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2129 if (enc) {
wolfSSL 11:cee25a834751 2130 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key,
wolfSSL 11:cee25a834751 2131 specs->key_size);
wolfSSL 11:cee25a834751 2132 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
wolfSSL 11:cee25a834751 2133 CHACHA20_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2134 if (chachaRet != 0) return chachaRet;
wolfSSL 11:cee25a834751 2135 }
wolfSSL 11:cee25a834751 2136 if (dec) {
wolfSSL 11:cee25a834751 2137 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key,
wolfSSL 11:cee25a834751 2138 specs->key_size);
wolfSSL 11:cee25a834751 2139 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
wolfSSL 11:cee25a834751 2140 CHACHA20_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2141 if (chachaRet != 0) return chachaRet;
wolfSSL 11:cee25a834751 2142 }
wolfSSL 11:cee25a834751 2143 }
wolfSSL 11:cee25a834751 2144 else {
wolfSSL 11:cee25a834751 2145 if (enc) {
wolfSSL 11:cee25a834751 2146 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key,
wolfSSL 11:cee25a834751 2147 specs->key_size);
wolfSSL 11:cee25a834751 2148 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
wolfSSL 11:cee25a834751 2149 CHACHA20_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2150 if (chachaRet != 0) return chachaRet;
wolfSSL 11:cee25a834751 2151 }
wolfSSL 11:cee25a834751 2152 if (dec) {
wolfSSL 11:cee25a834751 2153 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key,
wolfSSL 11:cee25a834751 2154 specs->key_size);
wolfSSL 11:cee25a834751 2155 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
wolfSSL 11:cee25a834751 2156 CHACHA20_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2157 if (chachaRet != 0) return chachaRet;
wolfSSL 11:cee25a834751 2158 }
wolfSSL 11:cee25a834751 2159 }
wolfSSL 11:cee25a834751 2160
wolfSSL 11:cee25a834751 2161 if (enc)
wolfSSL 11:cee25a834751 2162 enc->setup = 1;
wolfSSL 11:cee25a834751 2163 if (dec)
wolfSSL 11:cee25a834751 2164 dec->setup = 1;
wolfSSL 11:cee25a834751 2165 }
wolfSSL 11:cee25a834751 2166 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
wolfSSL 11:cee25a834751 2167
wolfSSL 11:cee25a834751 2168
wolfSSL 11:cee25a834751 2169 #ifdef HAVE_HC128
wolfSSL 11:cee25a834751 2170 /* check that buffer sizes are sufficient */
wolfSSL 11:cee25a834751 2171 #if (MAX_WRITE_IV_SZ < 16) /* HC_128_IV_SIZE */
wolfSSL 11:cee25a834751 2172 #error MAX_WRITE_IV_SZ too small for HC128
wolfSSL 11:cee25a834751 2173 #endif
wolfSSL 11:cee25a834751 2174
wolfSSL 11:cee25a834751 2175 if (specs->bulk_cipher_algorithm == wolfssl_hc128) {
wolfSSL 11:cee25a834751 2176 int hcRet;
wolfSSL 11:cee25a834751 2177 if (enc && enc->hc128 == NULL)
wolfSSL 11:cee25a834751 2178 enc->hc128 =
wolfSSL 11:cee25a834751 2179 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2180 if (enc && enc->hc128 == NULL)
wolfSSL 11:cee25a834751 2181 return MEMORY_E;
wolfSSL 11:cee25a834751 2182 if (dec && dec->hc128 == NULL)
wolfSSL 11:cee25a834751 2183 dec->hc128 =
wolfSSL 11:cee25a834751 2184 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2185 if (dec && dec->hc128 == NULL)
wolfSSL 11:cee25a834751 2186 return MEMORY_E;
wolfSSL 11:cee25a834751 2187 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2188 if (enc) {
wolfSSL 11:cee25a834751 2189 hcRet = wc_Hc128_SetKey(enc->hc128, keys->client_write_key,
wolfSSL 11:cee25a834751 2190 keys->client_write_IV);
wolfSSL 11:cee25a834751 2191 if (hcRet != 0) return hcRet;
wolfSSL 11:cee25a834751 2192 }
wolfSSL 11:cee25a834751 2193 if (dec) {
wolfSSL 11:cee25a834751 2194 hcRet = wc_Hc128_SetKey(dec->hc128, keys->server_write_key,
wolfSSL 11:cee25a834751 2195 keys->server_write_IV);
wolfSSL 11:cee25a834751 2196 if (hcRet != 0) return hcRet;
wolfSSL 11:cee25a834751 2197 }
wolfSSL 11:cee25a834751 2198 }
wolfSSL 11:cee25a834751 2199 else {
wolfSSL 11:cee25a834751 2200 if (enc) {
wolfSSL 11:cee25a834751 2201 hcRet = wc_Hc128_SetKey(enc->hc128, keys->server_write_key,
wolfSSL 11:cee25a834751 2202 keys->server_write_IV);
wolfSSL 11:cee25a834751 2203 if (hcRet != 0) return hcRet;
wolfSSL 11:cee25a834751 2204 }
wolfSSL 11:cee25a834751 2205 if (dec) {
wolfSSL 11:cee25a834751 2206 hcRet = wc_Hc128_SetKey(dec->hc128, keys->client_write_key,
wolfSSL 11:cee25a834751 2207 keys->client_write_IV);
wolfSSL 11:cee25a834751 2208 if (hcRet != 0) return hcRet;
wolfSSL 11:cee25a834751 2209 }
wolfSSL 11:cee25a834751 2210 }
wolfSSL 11:cee25a834751 2211 if (enc)
wolfSSL 11:cee25a834751 2212 enc->setup = 1;
wolfSSL 11:cee25a834751 2213 if (dec)
wolfSSL 11:cee25a834751 2214 dec->setup = 1;
wolfSSL 11:cee25a834751 2215 }
wolfSSL 11:cee25a834751 2216 #endif /* HAVE_HC128 */
wolfSSL 11:cee25a834751 2217
wolfSSL 11:cee25a834751 2218 #ifdef BUILD_RABBIT
wolfSSL 11:cee25a834751 2219 /* check that buffer sizes are sufficient */
wolfSSL 11:cee25a834751 2220 #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */
wolfSSL 11:cee25a834751 2221 #error MAX_WRITE_IV_SZ too small for RABBIT
wolfSSL 11:cee25a834751 2222 #endif
wolfSSL 11:cee25a834751 2223
wolfSSL 11:cee25a834751 2224 if (specs->bulk_cipher_algorithm == wolfssl_rabbit) {
wolfSSL 11:cee25a834751 2225 int rabRet;
wolfSSL 11:cee25a834751 2226 if (enc && enc->rabbit == NULL)
wolfSSL 11:cee25a834751 2227 enc->rabbit =
wolfSSL 11:cee25a834751 2228 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2229 if (enc && enc->rabbit == NULL)
wolfSSL 11:cee25a834751 2230 return MEMORY_E;
wolfSSL 11:cee25a834751 2231 if (dec && dec->rabbit == NULL)
wolfSSL 11:cee25a834751 2232 dec->rabbit =
wolfSSL 11:cee25a834751 2233 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2234 if (dec && dec->rabbit == NULL)
wolfSSL 11:cee25a834751 2235 return MEMORY_E;
wolfSSL 11:cee25a834751 2236 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2237 if (enc) {
wolfSSL 11:cee25a834751 2238 rabRet = wc_RabbitSetKey(enc->rabbit, keys->client_write_key,
wolfSSL 11:cee25a834751 2239 keys->client_write_IV);
wolfSSL 11:cee25a834751 2240 if (rabRet != 0) return rabRet;
wolfSSL 11:cee25a834751 2241 }
wolfSSL 11:cee25a834751 2242 if (dec) {
wolfSSL 11:cee25a834751 2243 rabRet = wc_RabbitSetKey(dec->rabbit, keys->server_write_key,
wolfSSL 11:cee25a834751 2244 keys->server_write_IV);
wolfSSL 11:cee25a834751 2245 if (rabRet != 0) return rabRet;
wolfSSL 11:cee25a834751 2246 }
wolfSSL 11:cee25a834751 2247 }
wolfSSL 11:cee25a834751 2248 else {
wolfSSL 11:cee25a834751 2249 if (enc) {
wolfSSL 11:cee25a834751 2250 rabRet = wc_RabbitSetKey(enc->rabbit, keys->server_write_key,
wolfSSL 11:cee25a834751 2251 keys->server_write_IV);
wolfSSL 11:cee25a834751 2252 if (rabRet != 0) return rabRet;
wolfSSL 11:cee25a834751 2253 }
wolfSSL 11:cee25a834751 2254 if (dec) {
wolfSSL 11:cee25a834751 2255 rabRet = wc_RabbitSetKey(dec->rabbit, keys->client_write_key,
wolfSSL 11:cee25a834751 2256 keys->client_write_IV);
wolfSSL 11:cee25a834751 2257 if (rabRet != 0) return rabRet;
wolfSSL 11:cee25a834751 2258 }
wolfSSL 11:cee25a834751 2259 }
wolfSSL 11:cee25a834751 2260 if (enc)
wolfSSL 11:cee25a834751 2261 enc->setup = 1;
wolfSSL 11:cee25a834751 2262 if (dec)
wolfSSL 11:cee25a834751 2263 dec->setup = 1;
wolfSSL 11:cee25a834751 2264 }
wolfSSL 11:cee25a834751 2265 #endif /* BUILD_RABBIT */
wolfSSL 11:cee25a834751 2266
wolfSSL 11:cee25a834751 2267 #ifdef BUILD_DES3
wolfSSL 11:cee25a834751 2268 /* check that buffer sizes are sufficient */
wolfSSL 11:cee25a834751 2269 #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */
wolfSSL 11:cee25a834751 2270 #error MAX_WRITE_IV_SZ too small for 3DES
wolfSSL 11:cee25a834751 2271 #endif
wolfSSL 11:cee25a834751 2272
wolfSSL 11:cee25a834751 2273 if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
wolfSSL 11:cee25a834751 2274 int desRet = 0;
wolfSSL 11:cee25a834751 2275
wolfSSL 11:cee25a834751 2276 if (enc) {
wolfSSL 11:cee25a834751 2277 if (enc->des3 == NULL)
wolfSSL 11:cee25a834751 2278 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2279 if (enc->des3 == NULL)
wolfSSL 11:cee25a834751 2280 return MEMORY_E;
wolfSSL 11:cee25a834751 2281 XMEMSET(enc->des3, 0, sizeof(Des3));
wolfSSL 11:cee25a834751 2282 }
wolfSSL 11:cee25a834751 2283 if (dec) {
wolfSSL 11:cee25a834751 2284 if (dec->des3 == NULL)
wolfSSL 11:cee25a834751 2285 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2286 if (dec->des3 == NULL)
wolfSSL 11:cee25a834751 2287 return MEMORY_E;
wolfSSL 11:cee25a834751 2288 XMEMSET(dec->des3, 0, sizeof(Des3));
wolfSSL 11:cee25a834751 2289 }
wolfSSL 11:cee25a834751 2290
wolfSSL 11:cee25a834751 2291 if (enc) {
wolfSSL 11:cee25a834751 2292 if (wc_Des3Init(enc->des3, heap, devId) != 0) {
wolfSSL 11:cee25a834751 2293 WOLFSSL_MSG("Des3Init failed in SetKeys");
wolfSSL 11:cee25a834751 2294 return ASYNC_INIT_E;
wolfSSL 11:cee25a834751 2295 }
wolfSSL 11:cee25a834751 2296 }
wolfSSL 11:cee25a834751 2297 if (dec) {
wolfSSL 11:cee25a834751 2298 if (wc_Des3Init(dec->des3, heap, devId) != 0) {
wolfSSL 11:cee25a834751 2299 WOLFSSL_MSG("Des3Init failed in SetKeys");
wolfSSL 11:cee25a834751 2300 return ASYNC_INIT_E;
wolfSSL 11:cee25a834751 2301 }
wolfSSL 11:cee25a834751 2302 }
wolfSSL 11:cee25a834751 2303
wolfSSL 11:cee25a834751 2304 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2305 if (enc) {
wolfSSL 11:cee25a834751 2306 desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
wolfSSL 11:cee25a834751 2307 keys->client_write_IV, DES_ENCRYPTION);
wolfSSL 11:cee25a834751 2308 if (desRet != 0) return desRet;
wolfSSL 11:cee25a834751 2309 }
wolfSSL 11:cee25a834751 2310 if (dec) {
wolfSSL 11:cee25a834751 2311 desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key,
wolfSSL 11:cee25a834751 2312 keys->server_write_IV, DES_DECRYPTION);
wolfSSL 11:cee25a834751 2313 if (desRet != 0) return desRet;
wolfSSL 11:cee25a834751 2314 }
wolfSSL 11:cee25a834751 2315 }
wolfSSL 11:cee25a834751 2316 else {
wolfSSL 11:cee25a834751 2317 if (enc) {
wolfSSL 11:cee25a834751 2318 desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key,
wolfSSL 11:cee25a834751 2319 keys->server_write_IV, DES_ENCRYPTION);
wolfSSL 11:cee25a834751 2320 if (desRet != 0) return desRet;
wolfSSL 11:cee25a834751 2321 }
wolfSSL 11:cee25a834751 2322 if (dec) {
wolfSSL 11:cee25a834751 2323 desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key,
wolfSSL 11:cee25a834751 2324 keys->client_write_IV, DES_DECRYPTION);
wolfSSL 11:cee25a834751 2325 if (desRet != 0) return desRet;
wolfSSL 11:cee25a834751 2326 }
wolfSSL 11:cee25a834751 2327 }
wolfSSL 11:cee25a834751 2328 if (enc)
wolfSSL 11:cee25a834751 2329 enc->setup = 1;
wolfSSL 11:cee25a834751 2330 if (dec)
wolfSSL 11:cee25a834751 2331 dec->setup = 1;
wolfSSL 11:cee25a834751 2332 }
wolfSSL 11:cee25a834751 2333 #endif /* BUILD_DES3 */
wolfSSL 11:cee25a834751 2334
wolfSSL 11:cee25a834751 2335 #ifdef BUILD_AES
wolfSSL 11:cee25a834751 2336 /* check that buffer sizes are sufficient */
wolfSSL 11:cee25a834751 2337 #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */
wolfSSL 11:cee25a834751 2338 #error MAX_WRITE_IV_SZ too small for AES
wolfSSL 11:cee25a834751 2339 #endif
wolfSSL 11:cee25a834751 2340
wolfSSL 11:cee25a834751 2341 if (specs->bulk_cipher_algorithm == wolfssl_aes) {
wolfSSL 11:cee25a834751 2342 int aesRet = 0;
wolfSSL 11:cee25a834751 2343
wolfSSL 11:cee25a834751 2344 if (enc) {
wolfSSL 11:cee25a834751 2345 if (enc->aes == NULL)
wolfSSL 11:cee25a834751 2346 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2347 if (enc->aes == NULL)
wolfSSL 11:cee25a834751 2348 return MEMORY_E;
wolfSSL 11:cee25a834751 2349 XMEMSET(enc->aes, 0, sizeof(Aes));
wolfSSL 11:cee25a834751 2350 }
wolfSSL 11:cee25a834751 2351 if (dec) {
wolfSSL 11:cee25a834751 2352 if (dec->aes == NULL)
wolfSSL 11:cee25a834751 2353 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2354 if (dec->aes == NULL)
wolfSSL 11:cee25a834751 2355 return MEMORY_E;
wolfSSL 11:cee25a834751 2356 XMEMSET(dec->aes, 0, sizeof(Aes));
wolfSSL 11:cee25a834751 2357 }
wolfSSL 11:cee25a834751 2358 if (enc) {
wolfSSL 11:cee25a834751 2359 if (wc_AesInit(enc->aes, heap, devId) != 0) {
wolfSSL 11:cee25a834751 2360 WOLFSSL_MSG("AesInit failed in SetKeys");
wolfSSL 11:cee25a834751 2361 return ASYNC_INIT_E;
wolfSSL 11:cee25a834751 2362 }
wolfSSL 11:cee25a834751 2363 }
wolfSSL 11:cee25a834751 2364 if (dec) {
wolfSSL 11:cee25a834751 2365 if (wc_AesInit(dec->aes, heap, devId) != 0) {
wolfSSL 11:cee25a834751 2366 WOLFSSL_MSG("AesInit failed in SetKeys");
wolfSSL 11:cee25a834751 2367 return ASYNC_INIT_E;
wolfSSL 11:cee25a834751 2368 }
wolfSSL 11:cee25a834751 2369 }
wolfSSL 11:cee25a834751 2370
wolfSSL 11:cee25a834751 2371 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2372 if (enc) {
wolfSSL 11:cee25a834751 2373 aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
wolfSSL 11:cee25a834751 2374 specs->key_size, keys->client_write_IV,
wolfSSL 11:cee25a834751 2375 AES_ENCRYPTION);
wolfSSL 11:cee25a834751 2376 if (aesRet != 0) return aesRet;
wolfSSL 11:cee25a834751 2377 }
wolfSSL 11:cee25a834751 2378 if (dec) {
wolfSSL 11:cee25a834751 2379 aesRet = wc_AesSetKey(dec->aes, keys->server_write_key,
wolfSSL 11:cee25a834751 2380 specs->key_size, keys->server_write_IV,
wolfSSL 11:cee25a834751 2381 AES_DECRYPTION);
wolfSSL 11:cee25a834751 2382 if (aesRet != 0) return aesRet;
wolfSSL 11:cee25a834751 2383 }
wolfSSL 11:cee25a834751 2384 }
wolfSSL 11:cee25a834751 2385 else {
wolfSSL 11:cee25a834751 2386 if (enc) {
wolfSSL 11:cee25a834751 2387 aesRet = wc_AesSetKey(enc->aes, keys->server_write_key,
wolfSSL 11:cee25a834751 2388 specs->key_size, keys->server_write_IV,
wolfSSL 11:cee25a834751 2389 AES_ENCRYPTION);
wolfSSL 11:cee25a834751 2390 if (aesRet != 0) return aesRet;
wolfSSL 11:cee25a834751 2391 }
wolfSSL 11:cee25a834751 2392 if (dec) {
wolfSSL 11:cee25a834751 2393 aesRet = wc_AesSetKey(dec->aes, keys->client_write_key,
wolfSSL 11:cee25a834751 2394 specs->key_size, keys->client_write_IV,
wolfSSL 11:cee25a834751 2395 AES_DECRYPTION);
wolfSSL 11:cee25a834751 2396 if (aesRet != 0) return aesRet;
wolfSSL 11:cee25a834751 2397 }
wolfSSL 11:cee25a834751 2398 }
wolfSSL 11:cee25a834751 2399 if (enc)
wolfSSL 11:cee25a834751 2400 enc->setup = 1;
wolfSSL 11:cee25a834751 2401 if (dec)
wolfSSL 11:cee25a834751 2402 dec->setup = 1;
wolfSSL 11:cee25a834751 2403 }
wolfSSL 11:cee25a834751 2404 #endif /* BUILD_AES */
wolfSSL 11:cee25a834751 2405
wolfSSL 11:cee25a834751 2406 #ifdef BUILD_AESGCM
wolfSSL 11:cee25a834751 2407 /* check that buffer sizes are sufficient */
wolfSSL 11:cee25a834751 2408 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
wolfSSL 11:cee25a834751 2409 #error AEAD_MAX_IMP_SZ too small for AESGCM
wolfSSL 11:cee25a834751 2410 #endif
wolfSSL 11:cee25a834751 2411 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
wolfSSL 11:cee25a834751 2412 #error AEAD_MAX_EXP_SZ too small for AESGCM
wolfSSL 11:cee25a834751 2413 #endif
wolfSSL 11:cee25a834751 2414 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
wolfSSL 11:cee25a834751 2415 #error MAX_WRITE_IV_SZ too small for AESGCM
wolfSSL 11:cee25a834751 2416 #endif
wolfSSL 11:cee25a834751 2417
wolfSSL 11:cee25a834751 2418 if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
wolfSSL 11:cee25a834751 2419 int gcmRet;
wolfSSL 11:cee25a834751 2420
wolfSSL 11:cee25a834751 2421 if (enc) {
wolfSSL 11:cee25a834751 2422 if (enc->aes == NULL)
wolfSSL 11:cee25a834751 2423 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2424 if (enc->aes == NULL)
wolfSSL 11:cee25a834751 2425 return MEMORY_E;
wolfSSL 11:cee25a834751 2426 XMEMSET(enc->aes, 0, sizeof(Aes));
wolfSSL 11:cee25a834751 2427 }
wolfSSL 11:cee25a834751 2428 if (dec) {
wolfSSL 11:cee25a834751 2429 if (dec->aes == NULL)
wolfSSL 11:cee25a834751 2430 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2431 if (dec->aes == NULL)
wolfSSL 11:cee25a834751 2432 return MEMORY_E;
wolfSSL 11:cee25a834751 2433 XMEMSET(dec->aes, 0, sizeof(Aes));
wolfSSL 11:cee25a834751 2434 }
wolfSSL 11:cee25a834751 2435
wolfSSL 11:cee25a834751 2436 if (enc) {
wolfSSL 11:cee25a834751 2437 if (wc_AesInit(enc->aes, heap, devId) != 0) {
wolfSSL 11:cee25a834751 2438 WOLFSSL_MSG("AesInit failed in SetKeys");
wolfSSL 11:cee25a834751 2439 return ASYNC_INIT_E;
wolfSSL 11:cee25a834751 2440 }
wolfSSL 11:cee25a834751 2441 }
wolfSSL 11:cee25a834751 2442 if (dec) {
wolfSSL 11:cee25a834751 2443 if (wc_AesInit(dec->aes, heap, devId) != 0) {
wolfSSL 11:cee25a834751 2444 WOLFSSL_MSG("AesInit failed in SetKeys");
wolfSSL 11:cee25a834751 2445 return ASYNC_INIT_E;
wolfSSL 11:cee25a834751 2446 }
wolfSSL 11:cee25a834751 2447 }
wolfSSL 11:cee25a834751 2448
wolfSSL 11:cee25a834751 2449 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2450 if (enc) {
wolfSSL 11:cee25a834751 2451 gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key,
wolfSSL 11:cee25a834751 2452 specs->key_size);
wolfSSL 11:cee25a834751 2453 if (gcmRet != 0) return gcmRet;
wolfSSL 11:cee25a834751 2454 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
wolfSSL 11:cee25a834751 2455 AESGCM_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2456 }
wolfSSL 11:cee25a834751 2457 if (dec) {
wolfSSL 11:cee25a834751 2458 gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
wolfSSL 11:cee25a834751 2459 specs->key_size);
wolfSSL 11:cee25a834751 2460 if (gcmRet != 0) return gcmRet;
wolfSSL 11:cee25a834751 2461 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
wolfSSL 11:cee25a834751 2462 AESGCM_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2463 }
wolfSSL 11:cee25a834751 2464 }
wolfSSL 11:cee25a834751 2465 else {
wolfSSL 11:cee25a834751 2466 if (enc) {
wolfSSL 11:cee25a834751 2467 gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key,
wolfSSL 11:cee25a834751 2468 specs->key_size);
wolfSSL 11:cee25a834751 2469 if (gcmRet != 0) return gcmRet;
wolfSSL 11:cee25a834751 2470 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
wolfSSL 11:cee25a834751 2471 AESGCM_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2472 }
wolfSSL 11:cee25a834751 2473 if (dec) {
wolfSSL 11:cee25a834751 2474 gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
wolfSSL 11:cee25a834751 2475 specs->key_size);
wolfSSL 11:cee25a834751 2476 if (gcmRet != 0) return gcmRet;
wolfSSL 11:cee25a834751 2477 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
wolfSSL 11:cee25a834751 2478 AESGCM_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2479 }
wolfSSL 11:cee25a834751 2480 }
wolfSSL 11:cee25a834751 2481 if (enc)
wolfSSL 11:cee25a834751 2482 enc->setup = 1;
wolfSSL 11:cee25a834751 2483 if (dec)
wolfSSL 11:cee25a834751 2484 dec->setup = 1;
wolfSSL 11:cee25a834751 2485 }
wolfSSL 11:cee25a834751 2486 #endif /* BUILD_AESGCM */
wolfSSL 11:cee25a834751 2487
wolfSSL 11:cee25a834751 2488 #ifdef HAVE_AESCCM
wolfSSL 11:cee25a834751 2489 /* check that buffer sizes are sufficient (CCM is same size as GCM) */
wolfSSL 11:cee25a834751 2490 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
wolfSSL 11:cee25a834751 2491 #error AEAD_MAX_IMP_SZ too small for AESCCM
wolfSSL 11:cee25a834751 2492 #endif
wolfSSL 11:cee25a834751 2493 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
wolfSSL 11:cee25a834751 2494 #error AEAD_MAX_EXP_SZ too small for AESCCM
wolfSSL 11:cee25a834751 2495 #endif
wolfSSL 11:cee25a834751 2496 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
wolfSSL 11:cee25a834751 2497 #error MAX_WRITE_IV_SZ too small for AESCCM
wolfSSL 11:cee25a834751 2498 #endif
wolfSSL 11:cee25a834751 2499
wolfSSL 11:cee25a834751 2500 if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
wolfSSL 11:cee25a834751 2501 int CcmRet;
wolfSSL 11:cee25a834751 2502
wolfSSL 11:cee25a834751 2503 if (enc) {
wolfSSL 11:cee25a834751 2504 if (enc->aes == NULL)
wolfSSL 11:cee25a834751 2505 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2506 if (enc->aes == NULL)
wolfSSL 11:cee25a834751 2507 return MEMORY_E;
wolfSSL 11:cee25a834751 2508 XMEMSET(enc->aes, 0, sizeof(Aes));
wolfSSL 11:cee25a834751 2509 }
wolfSSL 11:cee25a834751 2510 if (dec) {
wolfSSL 11:cee25a834751 2511 if (dec->aes == NULL)
wolfSSL 11:cee25a834751 2512 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2513 if (dec->aes == NULL)
wolfSSL 11:cee25a834751 2514 return MEMORY_E;
wolfSSL 11:cee25a834751 2515 XMEMSET(dec->aes, 0, sizeof(Aes));
wolfSSL 11:cee25a834751 2516 }
wolfSSL 11:cee25a834751 2517
wolfSSL 11:cee25a834751 2518 if (enc) {
wolfSSL 11:cee25a834751 2519 if (wc_AesInit(enc->aes, heap, devId) != 0) {
wolfSSL 11:cee25a834751 2520 WOLFSSL_MSG("AesInit failed in SetKeys");
wolfSSL 11:cee25a834751 2521 return ASYNC_INIT_E;
wolfSSL 11:cee25a834751 2522 }
wolfSSL 11:cee25a834751 2523 }
wolfSSL 11:cee25a834751 2524 if (dec) {
wolfSSL 11:cee25a834751 2525 if (wc_AesInit(dec->aes, heap, devId) != 0) {
wolfSSL 11:cee25a834751 2526 WOLFSSL_MSG("AesInit failed in SetKeys");
wolfSSL 11:cee25a834751 2527 return ASYNC_INIT_E;
wolfSSL 11:cee25a834751 2528 }
wolfSSL 11:cee25a834751 2529 }
wolfSSL 11:cee25a834751 2530
wolfSSL 11:cee25a834751 2531 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2532 if (enc) {
wolfSSL 11:cee25a834751 2533 CcmRet = wc_AesCcmSetKey(enc->aes, keys->client_write_key,
wolfSSL 11:cee25a834751 2534 specs->key_size);
wolfSSL 11:cee25a834751 2535 if (CcmRet != 0) {
wolfSSL 11:cee25a834751 2536 return CcmRet;
wolfSSL 11:cee25a834751 2537 }
wolfSSL 11:cee25a834751 2538 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
wolfSSL 11:cee25a834751 2539 AESGCM_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2540 }
wolfSSL 11:cee25a834751 2541 if (dec) {
wolfSSL 11:cee25a834751 2542 CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key,
wolfSSL 11:cee25a834751 2543 specs->key_size);
wolfSSL 11:cee25a834751 2544 if (CcmRet != 0) {
wolfSSL 11:cee25a834751 2545 return CcmRet;
wolfSSL 11:cee25a834751 2546 }
wolfSSL 11:cee25a834751 2547 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
wolfSSL 11:cee25a834751 2548 AESGCM_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2549 }
wolfSSL 11:cee25a834751 2550 }
wolfSSL 11:cee25a834751 2551 else {
wolfSSL 11:cee25a834751 2552 if (enc) {
wolfSSL 11:cee25a834751 2553 CcmRet = wc_AesCcmSetKey(enc->aes, keys->server_write_key,
wolfSSL 11:cee25a834751 2554 specs->key_size);
wolfSSL 11:cee25a834751 2555 if (CcmRet != 0) {
wolfSSL 11:cee25a834751 2556 return CcmRet;
wolfSSL 11:cee25a834751 2557 }
wolfSSL 11:cee25a834751 2558 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
wolfSSL 11:cee25a834751 2559 AESGCM_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2560 }
wolfSSL 11:cee25a834751 2561 if (dec) {
wolfSSL 11:cee25a834751 2562 CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key,
wolfSSL 11:cee25a834751 2563 specs->key_size);
wolfSSL 11:cee25a834751 2564 if (CcmRet != 0) {
wolfSSL 11:cee25a834751 2565 return CcmRet;
wolfSSL 11:cee25a834751 2566 }
wolfSSL 11:cee25a834751 2567 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
wolfSSL 11:cee25a834751 2568 AESGCM_IMP_IV_SZ);
wolfSSL 11:cee25a834751 2569 }
wolfSSL 11:cee25a834751 2570 }
wolfSSL 11:cee25a834751 2571 if (enc)
wolfSSL 11:cee25a834751 2572 enc->setup = 1;
wolfSSL 11:cee25a834751 2573 if (dec)
wolfSSL 11:cee25a834751 2574 dec->setup = 1;
wolfSSL 11:cee25a834751 2575 }
wolfSSL 11:cee25a834751 2576 #endif /* HAVE_AESCCM */
wolfSSL 11:cee25a834751 2577
wolfSSL 11:cee25a834751 2578 #ifdef HAVE_CAMELLIA
wolfSSL 11:cee25a834751 2579 /* check that buffer sizes are sufficient */
wolfSSL 11:cee25a834751 2580 #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */
wolfSSL 11:cee25a834751 2581 #error MAX_WRITE_IV_SZ too small for CAMELLIA
wolfSSL 11:cee25a834751 2582 #endif
wolfSSL 11:cee25a834751 2583
wolfSSL 11:cee25a834751 2584 if (specs->bulk_cipher_algorithm == wolfssl_camellia) {
wolfSSL 11:cee25a834751 2585 int camRet;
wolfSSL 11:cee25a834751 2586
wolfSSL 11:cee25a834751 2587 if (enc && enc->cam == NULL)
wolfSSL 11:cee25a834751 2588 enc->cam =
wolfSSL 11:cee25a834751 2589 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2590 if (enc && enc->cam == NULL)
wolfSSL 11:cee25a834751 2591 return MEMORY_E;
wolfSSL 11:cee25a834751 2592
wolfSSL 11:cee25a834751 2593 if (dec && dec->cam == NULL)
wolfSSL 11:cee25a834751 2594 dec->cam =
wolfSSL 11:cee25a834751 2595 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2596 if (dec && dec->cam == NULL)
wolfSSL 11:cee25a834751 2597 return MEMORY_E;
wolfSSL 11:cee25a834751 2598
wolfSSL 11:cee25a834751 2599 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2600 if (enc) {
wolfSSL 11:cee25a834751 2601 camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key,
wolfSSL 11:cee25a834751 2602 specs->key_size, keys->client_write_IV);
wolfSSL 11:cee25a834751 2603 if (camRet != 0) return camRet;
wolfSSL 11:cee25a834751 2604 }
wolfSSL 11:cee25a834751 2605 if (dec) {
wolfSSL 11:cee25a834751 2606 camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key,
wolfSSL 11:cee25a834751 2607 specs->key_size, keys->server_write_IV);
wolfSSL 11:cee25a834751 2608 if (camRet != 0) return camRet;
wolfSSL 11:cee25a834751 2609 }
wolfSSL 11:cee25a834751 2610 }
wolfSSL 11:cee25a834751 2611 else {
wolfSSL 11:cee25a834751 2612 if (enc) {
wolfSSL 11:cee25a834751 2613 camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key,
wolfSSL 11:cee25a834751 2614 specs->key_size, keys->server_write_IV);
wolfSSL 11:cee25a834751 2615 if (camRet != 0) return camRet;
wolfSSL 11:cee25a834751 2616 }
wolfSSL 11:cee25a834751 2617 if (dec) {
wolfSSL 11:cee25a834751 2618 camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key,
wolfSSL 11:cee25a834751 2619 specs->key_size, keys->client_write_IV);
wolfSSL 11:cee25a834751 2620 if (camRet != 0) return camRet;
wolfSSL 11:cee25a834751 2621 }
wolfSSL 11:cee25a834751 2622 }
wolfSSL 11:cee25a834751 2623 if (enc)
wolfSSL 11:cee25a834751 2624 enc->setup = 1;
wolfSSL 11:cee25a834751 2625 if (dec)
wolfSSL 11:cee25a834751 2626 dec->setup = 1;
wolfSSL 11:cee25a834751 2627 }
wolfSSL 11:cee25a834751 2628 #endif /* HAVE_CAMELLIA */
wolfSSL 11:cee25a834751 2629
wolfSSL 11:cee25a834751 2630 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 2631 /* check that buffer sizes are sufficient */
wolfSSL 11:cee25a834751 2632 #if (MAX_WRITE_IV_SZ < 8) /* IDEA_IV_SIZE */
wolfSSL 11:cee25a834751 2633 #error MAX_WRITE_IV_SZ too small for IDEA
wolfSSL 11:cee25a834751 2634 #endif
wolfSSL 11:cee25a834751 2635
wolfSSL 11:cee25a834751 2636 if (specs->bulk_cipher_algorithm == wolfssl_idea) {
wolfSSL 11:cee25a834751 2637 int ideaRet;
wolfSSL 11:cee25a834751 2638
wolfSSL 11:cee25a834751 2639 if (enc && enc->idea == NULL)
wolfSSL 11:cee25a834751 2640 enc->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2641 if (enc && enc->idea == NULL)
wolfSSL 11:cee25a834751 2642 return MEMORY_E;
wolfSSL 11:cee25a834751 2643
wolfSSL 11:cee25a834751 2644 if (dec && dec->idea == NULL)
wolfSSL 11:cee25a834751 2645 dec->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2646 if (dec && dec->idea == NULL)
wolfSSL 11:cee25a834751 2647 return MEMORY_E;
wolfSSL 11:cee25a834751 2648
wolfSSL 11:cee25a834751 2649 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2650 if (enc) {
wolfSSL 11:cee25a834751 2651 ideaRet = wc_IdeaSetKey(enc->idea, keys->client_write_key,
wolfSSL 11:cee25a834751 2652 specs->key_size, keys->client_write_IV,
wolfSSL 11:cee25a834751 2653 IDEA_ENCRYPTION);
wolfSSL 11:cee25a834751 2654 if (ideaRet != 0) return ideaRet;
wolfSSL 11:cee25a834751 2655 }
wolfSSL 11:cee25a834751 2656 if (dec) {
wolfSSL 11:cee25a834751 2657 ideaRet = wc_IdeaSetKey(dec->idea, keys->server_write_key,
wolfSSL 11:cee25a834751 2658 specs->key_size, keys->server_write_IV,
wolfSSL 11:cee25a834751 2659 IDEA_DECRYPTION);
wolfSSL 11:cee25a834751 2660 if (ideaRet != 0) return ideaRet;
wolfSSL 11:cee25a834751 2661 }
wolfSSL 11:cee25a834751 2662 }
wolfSSL 11:cee25a834751 2663 else {
wolfSSL 11:cee25a834751 2664 if (enc) {
wolfSSL 11:cee25a834751 2665 ideaRet = wc_IdeaSetKey(enc->idea, keys->server_write_key,
wolfSSL 11:cee25a834751 2666 specs->key_size, keys->server_write_IV,
wolfSSL 11:cee25a834751 2667 IDEA_ENCRYPTION);
wolfSSL 11:cee25a834751 2668 if (ideaRet != 0) return ideaRet;
wolfSSL 11:cee25a834751 2669 }
wolfSSL 11:cee25a834751 2670 if (dec) {
wolfSSL 11:cee25a834751 2671 ideaRet = wc_IdeaSetKey(dec->idea, keys->client_write_key,
wolfSSL 11:cee25a834751 2672 specs->key_size, keys->client_write_IV,
wolfSSL 11:cee25a834751 2673 IDEA_DECRYPTION);
wolfSSL 11:cee25a834751 2674 if (ideaRet != 0) return ideaRet;
wolfSSL 11:cee25a834751 2675 }
wolfSSL 11:cee25a834751 2676 }
wolfSSL 11:cee25a834751 2677 if (enc)
wolfSSL 11:cee25a834751 2678 enc->setup = 1;
wolfSSL 11:cee25a834751 2679 if (dec)
wolfSSL 11:cee25a834751 2680 dec->setup = 1;
wolfSSL 11:cee25a834751 2681 }
wolfSSL 11:cee25a834751 2682 #endif /* HAVE_IDEA */
wolfSSL 11:cee25a834751 2683
wolfSSL 11:cee25a834751 2684 #ifdef HAVE_NULL_CIPHER
wolfSSL 11:cee25a834751 2685 if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
wolfSSL 11:cee25a834751 2686 if (enc)
wolfSSL 11:cee25a834751 2687 enc->setup = 1;
wolfSSL 11:cee25a834751 2688 if (dec)
wolfSSL 11:cee25a834751 2689 dec->setup = 1;
wolfSSL 11:cee25a834751 2690 }
wolfSSL 11:cee25a834751 2691 #endif
wolfSSL 11:cee25a834751 2692
wolfSSL 11:cee25a834751 2693 if (enc) {
wolfSSL 11:cee25a834751 2694 keys->sequence_number_hi = 0;
wolfSSL 11:cee25a834751 2695 keys->sequence_number_lo = 0;
wolfSSL 11:cee25a834751 2696 }
wolfSSL 11:cee25a834751 2697 if (dec) {
wolfSSL 11:cee25a834751 2698 keys->peer_sequence_number_hi = 0;
wolfSSL 11:cee25a834751 2699 keys->peer_sequence_number_lo = 0;
wolfSSL 11:cee25a834751 2700 }
wolfSSL 11:cee25a834751 2701 (void)side;
wolfSSL 11:cee25a834751 2702 (void)heap;
wolfSSL 11:cee25a834751 2703 (void)enc;
wolfSSL 11:cee25a834751 2704 (void)dec;
wolfSSL 11:cee25a834751 2705 (void)specs;
wolfSSL 11:cee25a834751 2706 (void)devId;
wolfSSL 11:cee25a834751 2707
wolfSSL 11:cee25a834751 2708 return 0;
wolfSSL 11:cee25a834751 2709 }
wolfSSL 11:cee25a834751 2710
wolfSSL 11:cee25a834751 2711
wolfSSL 11:cee25a834751 2712 #ifdef HAVE_ONE_TIME_AUTH
wolfSSL 11:cee25a834751 2713 /* set one time authentication keys */
wolfSSL 11:cee25a834751 2714 static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
wolfSSL 11:cee25a834751 2715 CipherSpecs* specs, void* heap, int devId)
wolfSSL 11:cee25a834751 2716 {
wolfSSL 11:cee25a834751 2717
wolfSSL 11:cee25a834751 2718 #ifdef HAVE_POLY1305
wolfSSL 11:cee25a834751 2719 /* set up memory space for poly1305 */
wolfSSL 11:cee25a834751 2720 if (authentication && authentication->poly1305 == NULL)
wolfSSL 11:cee25a834751 2721 authentication->poly1305 =
wolfSSL 11:cee25a834751 2722 (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 2723 if (authentication && authentication->poly1305 == NULL)
wolfSSL 11:cee25a834751 2724 return MEMORY_E;
wolfSSL 11:cee25a834751 2725 if (authentication)
wolfSSL 11:cee25a834751 2726 authentication->setup = 1;
wolfSSL 11:cee25a834751 2727 #endif
wolfSSL 11:cee25a834751 2728 (void)authentication;
wolfSSL 11:cee25a834751 2729 (void)heap;
wolfSSL 11:cee25a834751 2730 (void)keys;
wolfSSL 11:cee25a834751 2731 (void)specs;
wolfSSL 11:cee25a834751 2732 (void)devId;
wolfSSL 11:cee25a834751 2733
wolfSSL 11:cee25a834751 2734 return 0;
wolfSSL 11:cee25a834751 2735 }
wolfSSL 11:cee25a834751 2736 #endif /* HAVE_ONE_TIME_AUTH */
wolfSSL 11:cee25a834751 2737
wolfSSL 11:cee25a834751 2738 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 2739 /* function name is for cache_status++
wolfSSL 11:cee25a834751 2740 * This function was added because of error incrementing enum type when
wolfSSL 11:cee25a834751 2741 * compiling with a C++ compiler.
wolfSSL 11:cee25a834751 2742 */
wolfSSL 11:cee25a834751 2743 static void CacheStatusPP(SecureRenegotiation* cache)
wolfSSL 11:cee25a834751 2744 {
wolfSSL 11:cee25a834751 2745 switch (cache->cache_status) {
wolfSSL 11:cee25a834751 2746 case SCR_CACHE_NULL:
wolfSSL 11:cee25a834751 2747 cache->cache_status = SCR_CACHE_NEEDED;
wolfSSL 11:cee25a834751 2748 break;
wolfSSL 11:cee25a834751 2749
wolfSSL 11:cee25a834751 2750 case SCR_CACHE_NEEDED:
wolfSSL 11:cee25a834751 2751 cache->cache_status = SCR_CACHE_COPY;
wolfSSL 11:cee25a834751 2752 break;
wolfSSL 11:cee25a834751 2753
wolfSSL 11:cee25a834751 2754 case SCR_CACHE_COPY:
wolfSSL 11:cee25a834751 2755 cache->cache_status = SCR_CACHE_PARTIAL;
wolfSSL 11:cee25a834751 2756 break;
wolfSSL 11:cee25a834751 2757
wolfSSL 11:cee25a834751 2758 case SCR_CACHE_PARTIAL:
wolfSSL 11:cee25a834751 2759 cache->cache_status = SCR_CACHE_COMPLETE;
wolfSSL 11:cee25a834751 2760 break;
wolfSSL 11:cee25a834751 2761
wolfSSL 11:cee25a834751 2762 case SCR_CACHE_COMPLETE:
wolfSSL 11:cee25a834751 2763 WOLFSSL_MSG("SCR Cache state Complete");
wolfSSL 11:cee25a834751 2764 break;
wolfSSL 11:cee25a834751 2765
wolfSSL 11:cee25a834751 2766 default:
wolfSSL 11:cee25a834751 2767 WOLFSSL_MSG("Unknown cache state!!");
wolfSSL 11:cee25a834751 2768 }
wolfSSL 11:cee25a834751 2769 }
wolfSSL 11:cee25a834751 2770 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 11:cee25a834751 2771
wolfSSL 11:cee25a834751 2772
wolfSSL 11:cee25a834751 2773 /* Set wc_encrypt/wc_decrypt or both sides of key setup
wolfSSL 11:cee25a834751 2774 * note: use wc_encrypt to avoid shadowing global encrypt
wolfSSL 11:cee25a834751 2775 * declared in unistd.h
wolfSSL 11:cee25a834751 2776 */
wolfSSL 11:cee25a834751 2777 int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
wolfSSL 11:cee25a834751 2778 {
wolfSSL 11:cee25a834751 2779 int devId = INVALID_DEVID, ret, copy = 0;
wolfSSL 11:cee25a834751 2780 Ciphers* wc_encrypt = NULL;
wolfSSL 11:cee25a834751 2781 Ciphers* wc_decrypt = NULL;
wolfSSL 11:cee25a834751 2782 Keys* keys = &ssl->keys;
wolfSSL 11:cee25a834751 2783
wolfSSL 11:cee25a834751 2784 (void)copy;
wolfSSL 11:cee25a834751 2785
wolfSSL 11:cee25a834751 2786 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 2787 devId = ssl->devId;
wolfSSL 11:cee25a834751 2788 #endif
wolfSSL 11:cee25a834751 2789
wolfSSL 11:cee25a834751 2790 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 2791 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) {
wolfSSL 11:cee25a834751 2792 keys = &ssl->secure_renegotiation->tmp_keys;
wolfSSL 11:cee25a834751 2793 copy = 1;
wolfSSL 11:cee25a834751 2794 }
wolfSSL 11:cee25a834751 2795 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 11:cee25a834751 2796
wolfSSL 11:cee25a834751 2797 switch (side) {
wolfSSL 11:cee25a834751 2798 case ENCRYPT_SIDE_ONLY:
wolfSSL 11:cee25a834751 2799 wc_encrypt = &ssl->encrypt;
wolfSSL 11:cee25a834751 2800 break;
wolfSSL 11:cee25a834751 2801
wolfSSL 11:cee25a834751 2802 case DECRYPT_SIDE_ONLY:
wolfSSL 11:cee25a834751 2803 wc_decrypt = &ssl->decrypt;
wolfSSL 11:cee25a834751 2804 break;
wolfSSL 11:cee25a834751 2805
wolfSSL 11:cee25a834751 2806 case ENCRYPT_AND_DECRYPT_SIDE:
wolfSSL 11:cee25a834751 2807 wc_encrypt = &ssl->encrypt;
wolfSSL 11:cee25a834751 2808 wc_decrypt = &ssl->decrypt;
wolfSSL 11:cee25a834751 2809 break;
wolfSSL 11:cee25a834751 2810
wolfSSL 11:cee25a834751 2811 default:
wolfSSL 11:cee25a834751 2812 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2813 }
wolfSSL 11:cee25a834751 2814
wolfSSL 11:cee25a834751 2815 #ifdef HAVE_ONE_TIME_AUTH
wolfSSL 11:cee25a834751 2816 if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){
wolfSSL 11:cee25a834751 2817 ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, devId);
wolfSSL 11:cee25a834751 2818 if (ret != 0)
wolfSSL 11:cee25a834751 2819 return ret;
wolfSSL 11:cee25a834751 2820 }
wolfSSL 11:cee25a834751 2821 #endif
wolfSSL 11:cee25a834751 2822
wolfSSL 11:cee25a834751 2823 ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
wolfSSL 11:cee25a834751 2824 ssl->heap, devId);
wolfSSL 11:cee25a834751 2825
wolfSSL 11:cee25a834751 2826 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 2827 if (copy) {
wolfSSL 11:cee25a834751 2828 int clientCopy = 0;
wolfSSL 11:cee25a834751 2829
wolfSSL 11:cee25a834751 2830 if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt)
wolfSSL 11:cee25a834751 2831 clientCopy = 1;
wolfSSL 11:cee25a834751 2832 else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt)
wolfSSL 11:cee25a834751 2833 clientCopy = 1;
wolfSSL 11:cee25a834751 2834
wolfSSL 11:cee25a834751 2835 if (clientCopy) {
wolfSSL 11:cee25a834751 2836 XMEMCPY(ssl->keys.client_write_MAC_secret,
wolfSSL 11:cee25a834751 2837 keys->client_write_MAC_secret, MAX_DIGEST_SIZE);
wolfSSL 11:cee25a834751 2838 XMEMCPY(ssl->keys.client_write_key,
wolfSSL 11:cee25a834751 2839 keys->client_write_key, AES_256_KEY_SIZE);
wolfSSL 11:cee25a834751 2840 XMEMCPY(ssl->keys.client_write_IV,
wolfSSL 11:cee25a834751 2841 keys->client_write_IV, MAX_WRITE_IV_SZ);
wolfSSL 11:cee25a834751 2842 } else {
wolfSSL 11:cee25a834751 2843 XMEMCPY(ssl->keys.server_write_MAC_secret,
wolfSSL 11:cee25a834751 2844 keys->server_write_MAC_secret, MAX_DIGEST_SIZE);
wolfSSL 11:cee25a834751 2845 XMEMCPY(ssl->keys.server_write_key,
wolfSSL 11:cee25a834751 2846 keys->server_write_key, AES_256_KEY_SIZE);
wolfSSL 11:cee25a834751 2847 XMEMCPY(ssl->keys.server_write_IV,
wolfSSL 11:cee25a834751 2848 keys->server_write_IV, MAX_WRITE_IV_SZ);
wolfSSL 11:cee25a834751 2849 }
wolfSSL 11:cee25a834751 2850 if (wc_encrypt) {
wolfSSL 11:cee25a834751 2851 ssl->keys.sequence_number_hi = keys->sequence_number_hi;
wolfSSL 11:cee25a834751 2852 ssl->keys.sequence_number_lo = keys->sequence_number_lo;
wolfSSL 11:cee25a834751 2853 #ifdef HAVE_AEAD
wolfSSL 11:cee25a834751 2854 if (ssl->specs.cipher_type == aead) {
wolfSSL 11:cee25a834751 2855 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
wolfSSL 11:cee25a834751 2856 XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
wolfSSL 11:cee25a834751 2857 AEAD_MAX_EXP_SZ);
wolfSSL 11:cee25a834751 2858
wolfSSL 11:cee25a834751 2859 /* Initialize encrypt implicit IV by encrypt side */
wolfSSL 11:cee25a834751 2860 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2861 XMEMCPY(ssl->keys.aead_enc_imp_IV,
wolfSSL 11:cee25a834751 2862 keys->client_write_IV, AEAD_MAX_IMP_SZ);
wolfSSL 11:cee25a834751 2863 } else {
wolfSSL 11:cee25a834751 2864 XMEMCPY(ssl->keys.aead_enc_imp_IV,
wolfSSL 11:cee25a834751 2865 keys->server_write_IV, AEAD_MAX_IMP_SZ);
wolfSSL 11:cee25a834751 2866 }
wolfSSL 11:cee25a834751 2867 }
wolfSSL 11:cee25a834751 2868 #endif
wolfSSL 11:cee25a834751 2869 }
wolfSSL 11:cee25a834751 2870 if (wc_decrypt) {
wolfSSL 11:cee25a834751 2871 ssl->keys.peer_sequence_number_hi = keys->peer_sequence_number_hi;
wolfSSL 11:cee25a834751 2872 ssl->keys.peer_sequence_number_lo = keys->peer_sequence_number_lo;
wolfSSL 11:cee25a834751 2873 #ifdef HAVE_AEAD
wolfSSL 11:cee25a834751 2874 if (ssl->specs.cipher_type == aead) {
wolfSSL 11:cee25a834751 2875 /* Initialize decrypt implicit IV by decrypt side */
wolfSSL 11:cee25a834751 2876 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 2877 XMEMCPY(ssl->keys.aead_dec_imp_IV,
wolfSSL 11:cee25a834751 2878 keys->client_write_IV, AEAD_MAX_IMP_SZ);
wolfSSL 11:cee25a834751 2879 } else {
wolfSSL 11:cee25a834751 2880 XMEMCPY(ssl->keys.aead_dec_imp_IV,
wolfSSL 11:cee25a834751 2881 keys->server_write_IV, AEAD_MAX_IMP_SZ);
wolfSSL 11:cee25a834751 2882 }
wolfSSL 11:cee25a834751 2883 }
wolfSSL 11:cee25a834751 2884 #endif
wolfSSL 11:cee25a834751 2885 }
wolfSSL 11:cee25a834751 2886 CacheStatusPP(ssl->secure_renegotiation);
wolfSSL 11:cee25a834751 2887 }
wolfSSL 11:cee25a834751 2888 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 11:cee25a834751 2889
wolfSSL 11:cee25a834751 2890 return ret;
wolfSSL 11:cee25a834751 2891 }
wolfSSL 11:cee25a834751 2892
wolfSSL 11:cee25a834751 2893
wolfSSL 11:cee25a834751 2894 /* TLS can call too */
wolfSSL 11:cee25a834751 2895 int StoreKeys(WOLFSSL* ssl, const byte* keyData)
wolfSSL 11:cee25a834751 2896 {
wolfSSL 11:cee25a834751 2897 int sz, i = 0;
wolfSSL 11:cee25a834751 2898 Keys* keys = &ssl->keys;
wolfSSL 11:cee25a834751 2899
wolfSSL 11:cee25a834751 2900 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 2901 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status ==
wolfSSL 11:cee25a834751 2902 SCR_CACHE_NEEDED) {
wolfSSL 11:cee25a834751 2903 keys = &ssl->secure_renegotiation->tmp_keys;
wolfSSL 11:cee25a834751 2904 CacheStatusPP(ssl->secure_renegotiation);
wolfSSL 11:cee25a834751 2905 }
wolfSSL 11:cee25a834751 2906 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 11:cee25a834751 2907
wolfSSL 11:cee25a834751 2908 if (ssl->specs.cipher_type != aead) {
wolfSSL 11:cee25a834751 2909 sz = ssl->specs.hash_size;
wolfSSL 11:cee25a834751 2910 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
wolfSSL 11:cee25a834751 2911 i += sz;
wolfSSL 11:cee25a834751 2912 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
wolfSSL 11:cee25a834751 2913 i += sz;
wolfSSL 11:cee25a834751 2914 }
wolfSSL 11:cee25a834751 2915 sz = ssl->specs.key_size;
wolfSSL 11:cee25a834751 2916 XMEMCPY(keys->client_write_key, &keyData[i], sz);
wolfSSL 11:cee25a834751 2917 i += sz;
wolfSSL 11:cee25a834751 2918 XMEMCPY(keys->server_write_key, &keyData[i], sz);
wolfSSL 11:cee25a834751 2919 i += sz;
wolfSSL 11:cee25a834751 2920
wolfSSL 11:cee25a834751 2921 sz = ssl->specs.iv_size;
wolfSSL 11:cee25a834751 2922 XMEMCPY(keys->client_write_IV, &keyData[i], sz);
wolfSSL 11:cee25a834751 2923 i += sz;
wolfSSL 11:cee25a834751 2924 XMEMCPY(keys->server_write_IV, &keyData[i], sz);
wolfSSL 11:cee25a834751 2925
wolfSSL 11:cee25a834751 2926 #ifdef HAVE_AEAD
wolfSSL 11:cee25a834751 2927 if (ssl->specs.cipher_type == aead) {
wolfSSL 11:cee25a834751 2928 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
wolfSSL 11:cee25a834751 2929 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
wolfSSL 11:cee25a834751 2930 }
wolfSSL 11:cee25a834751 2931 #endif
wolfSSL 11:cee25a834751 2932
wolfSSL 11:cee25a834751 2933 return 0;
wolfSSL 11:cee25a834751 2934 }
wolfSSL 11:cee25a834751 2935
wolfSSL 11:cee25a834751 2936 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 2937 int DeriveKeys(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2938 {
wolfSSL 11:cee25a834751 2939 int length = 2 * ssl->specs.hash_size +
wolfSSL 11:cee25a834751 2940 2 * ssl->specs.key_size +
wolfSSL 11:cee25a834751 2941 2 * ssl->specs.iv_size;
wolfSSL 11:cee25a834751 2942 int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
wolfSSL 11:cee25a834751 2943 int ret = 0;
wolfSSL 11:cee25a834751 2944
wolfSSL 11:cee25a834751 2945 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 2946 byte* shaOutput;
wolfSSL 11:cee25a834751 2947 byte* md5Input;
wolfSSL 11:cee25a834751 2948 byte* shaInput;
wolfSSL 11:cee25a834751 2949 byte* keyData;
wolfSSL 11:cee25a834751 2950 Md5* md5;
wolfSSL 11:cee25a834751 2951 Sha* sha;
wolfSSL 11:cee25a834751 2952 #else
wolfSSL 11:cee25a834751 2953 byte shaOutput[SHA_DIGEST_SIZE];
wolfSSL 11:cee25a834751 2954 byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE];
wolfSSL 11:cee25a834751 2955 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
wolfSSL 11:cee25a834751 2956 byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE];
wolfSSL 11:cee25a834751 2957 Md5 md5[1];
wolfSSL 11:cee25a834751 2958 Sha sha[1];
wolfSSL 11:cee25a834751 2959 #endif
wolfSSL 11:cee25a834751 2960
wolfSSL 11:cee25a834751 2961 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 2962 shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
wolfSSL 11:cee25a834751 2963 NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2964 md5Input = (byte*)XMALLOC(SECRET_LEN + SHA_DIGEST_SIZE,
wolfSSL 11:cee25a834751 2965 NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2966 shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN,
wolfSSL 11:cee25a834751 2967 NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2968 keyData = (byte*)XMALLOC(KEY_PREFIX * MD5_DIGEST_SIZE,
wolfSSL 11:cee25a834751 2969 NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2970 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2971 sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2972
wolfSSL 11:cee25a834751 2973 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
wolfSSL 11:cee25a834751 2974 keyData == NULL || md5 == NULL || sha == NULL) {
wolfSSL 11:cee25a834751 2975 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2976 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2977 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2978 if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2979 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2980 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2981
wolfSSL 11:cee25a834751 2982 return MEMORY_E;
wolfSSL 11:cee25a834751 2983 }
wolfSSL 11:cee25a834751 2984 #endif
wolfSSL 11:cee25a834751 2985
wolfSSL 11:cee25a834751 2986 wc_InitMd5(md5);
wolfSSL 11:cee25a834751 2987
wolfSSL 11:cee25a834751 2988 ret = wc_InitSha(sha);
wolfSSL 11:cee25a834751 2989
wolfSSL 11:cee25a834751 2990 if (ret == 0) {
wolfSSL 11:cee25a834751 2991 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 11:cee25a834751 2992
wolfSSL 11:cee25a834751 2993 for (i = 0; i < rounds; ++i) {
wolfSSL 11:cee25a834751 2994 int j = i + 1;
wolfSSL 11:cee25a834751 2995 int idx = j;
wolfSSL 11:cee25a834751 2996
wolfSSL 11:cee25a834751 2997 if (!SetPrefix(shaInput, i)) {
wolfSSL 11:cee25a834751 2998 ret = PREFIX_ERROR;
wolfSSL 11:cee25a834751 2999 break;
wolfSSL 11:cee25a834751 3000 }
wolfSSL 11:cee25a834751 3001
wolfSSL 11:cee25a834751 3002 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 11:cee25a834751 3003 idx += SECRET_LEN;
wolfSSL 11:cee25a834751 3004 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 11:cee25a834751 3005 idx += RAN_LEN;
wolfSSL 11:cee25a834751 3006 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 11:cee25a834751 3007
wolfSSL 11:cee25a834751 3008 wc_ShaUpdate(sha, shaInput, (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN)
wolfSSL 11:cee25a834751 3009 - KEY_PREFIX + j);
wolfSSL 11:cee25a834751 3010 wc_ShaFinal(sha, shaOutput);
wolfSSL 11:cee25a834751 3011
wolfSSL 11:cee25a834751 3012 XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE);
wolfSSL 11:cee25a834751 3013 wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE);
wolfSSL 11:cee25a834751 3014 wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE);
wolfSSL 11:cee25a834751 3015 }
wolfSSL 11:cee25a834751 3016
wolfSSL 11:cee25a834751 3017 if (ret == 0)
wolfSSL 11:cee25a834751 3018 ret = StoreKeys(ssl, keyData);
wolfSSL 11:cee25a834751 3019 }
wolfSSL 11:cee25a834751 3020
wolfSSL 11:cee25a834751 3021 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3022 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3023 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3024 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3025 XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3026 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3027 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3028 #endif
wolfSSL 11:cee25a834751 3029
wolfSSL 11:cee25a834751 3030 return ret;
wolfSSL 11:cee25a834751 3031 }
wolfSSL 11:cee25a834751 3032
wolfSSL 11:cee25a834751 3033
wolfSSL 11:cee25a834751 3034 static int CleanPreMaster(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 3035 {
wolfSSL 11:cee25a834751 3036 int i, ret, sz = ssl->arrays->preMasterSz;
wolfSSL 11:cee25a834751 3037
wolfSSL 11:cee25a834751 3038 for (i = 0; i < sz; i++)
wolfSSL 11:cee25a834751 3039 ssl->arrays->preMasterSecret[i] = 0;
wolfSSL 11:cee25a834751 3040
wolfSSL 11:cee25a834751 3041 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
wolfSSL 11:cee25a834751 3042 if (ret != 0)
wolfSSL 11:cee25a834751 3043 return ret;
wolfSSL 11:cee25a834751 3044
wolfSSL 11:cee25a834751 3045 for (i = 0; i < sz; i++)
wolfSSL 11:cee25a834751 3046 ssl->arrays->preMasterSecret[i] = 0;
wolfSSL 11:cee25a834751 3047
wolfSSL 11:cee25a834751 3048 return 0;
wolfSSL 11:cee25a834751 3049 }
wolfSSL 11:cee25a834751 3050
wolfSSL 11:cee25a834751 3051
wolfSSL 11:cee25a834751 3052 /* Create and store the master secret see page 32, 6.1 */
wolfSSL 11:cee25a834751 3053 static int MakeSslMasterSecret(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 3054 {
wolfSSL 11:cee25a834751 3055 int i, ret;
wolfSSL 11:cee25a834751 3056 word32 idx;
wolfSSL 11:cee25a834751 3057 word32 pmsSz = ssl->arrays->preMasterSz;
wolfSSL 11:cee25a834751 3058
wolfSSL 11:cee25a834751 3059 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3060 byte* shaOutput;
wolfSSL 11:cee25a834751 3061 byte* md5Input;
wolfSSL 11:cee25a834751 3062 byte* shaInput;
wolfSSL 11:cee25a834751 3063 Md5* md5;
wolfSSL 11:cee25a834751 3064 Sha* sha;
wolfSSL 11:cee25a834751 3065 #else
wolfSSL 11:cee25a834751 3066 byte shaOutput[SHA_DIGEST_SIZE];
wolfSSL 11:cee25a834751 3067 byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
wolfSSL 11:cee25a834751 3068 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
wolfSSL 11:cee25a834751 3069 Md5 md5[1];
wolfSSL 11:cee25a834751 3070 Sha sha[1];
wolfSSL 11:cee25a834751 3071 #endif
wolfSSL 11:cee25a834751 3072
wolfSSL 11:cee25a834751 3073 #ifdef SHOW_SECRETS
wolfSSL 11:cee25a834751 3074 {
wolfSSL 11:cee25a834751 3075 word32 j;
wolfSSL 11:cee25a834751 3076 printf("pre master secret: ");
wolfSSL 11:cee25a834751 3077 for (j = 0; j < pmsSz; j++)
wolfSSL 11:cee25a834751 3078 printf("%02x", ssl->arrays->preMasterSecret[j]);
wolfSSL 11:cee25a834751 3079 printf("\n");
wolfSSL 11:cee25a834751 3080 }
wolfSSL 11:cee25a834751 3081 #endif
wolfSSL 11:cee25a834751 3082
wolfSSL 11:cee25a834751 3083 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3084 shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
wolfSSL 11:cee25a834751 3085 NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3086 md5Input = (byte*)XMALLOC(ENCRYPT_LEN + SHA_DIGEST_SIZE,
wolfSSL 11:cee25a834751 3087 NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3088 shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN,
wolfSSL 11:cee25a834751 3089 NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3090 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3091 sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3092
wolfSSL 11:cee25a834751 3093 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
wolfSSL 11:cee25a834751 3094 md5 == NULL || sha == NULL) {
wolfSSL 11:cee25a834751 3095 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3096 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3097 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3098 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3099 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3100
wolfSSL 11:cee25a834751 3101 return MEMORY_E;
wolfSSL 11:cee25a834751 3102 }
wolfSSL 11:cee25a834751 3103 #endif
wolfSSL 11:cee25a834751 3104
wolfSSL 11:cee25a834751 3105 wc_InitMd5(md5);
wolfSSL 11:cee25a834751 3106
wolfSSL 11:cee25a834751 3107 ret = wc_InitSha(sha);
wolfSSL 11:cee25a834751 3108
wolfSSL 11:cee25a834751 3109 if (ret == 0) {
wolfSSL 11:cee25a834751 3110 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
wolfSSL 11:cee25a834751 3111
wolfSSL 11:cee25a834751 3112 for (i = 0; i < MASTER_ROUNDS; ++i) {
wolfSSL 11:cee25a834751 3113 byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */
wolfSSL 11:cee25a834751 3114 if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */
wolfSSL 11:cee25a834751 3115 ret = PREFIX_ERROR;
wolfSSL 11:cee25a834751 3116 break;
wolfSSL 11:cee25a834751 3117 }
wolfSSL 11:cee25a834751 3118
wolfSSL 11:cee25a834751 3119 idx = 0;
wolfSSL 11:cee25a834751 3120 XMEMCPY(shaInput, prefix, i + 1);
wolfSSL 11:cee25a834751 3121 idx += i + 1;
wolfSSL 11:cee25a834751 3122
wolfSSL 11:cee25a834751 3123 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
wolfSSL 11:cee25a834751 3124 idx += pmsSz;
wolfSSL 11:cee25a834751 3125 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 11:cee25a834751 3126 idx += RAN_LEN;
wolfSSL 11:cee25a834751 3127 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 11:cee25a834751 3128 idx += RAN_LEN;
wolfSSL 11:cee25a834751 3129 wc_ShaUpdate(sha, shaInput, idx);
wolfSSL 11:cee25a834751 3130 wc_ShaFinal(sha, shaOutput);
wolfSSL 11:cee25a834751 3131
wolfSSL 11:cee25a834751 3132 idx = pmsSz; /* preSz */
wolfSSL 11:cee25a834751 3133 XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
wolfSSL 11:cee25a834751 3134 idx += SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 3135 wc_Md5Update(md5, md5Input, idx);
wolfSSL 11:cee25a834751 3136 wc_Md5Final(md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]);
wolfSSL 11:cee25a834751 3137 }
wolfSSL 11:cee25a834751 3138
wolfSSL 11:cee25a834751 3139 #ifdef SHOW_SECRETS
wolfSSL 11:cee25a834751 3140 {
wolfSSL 11:cee25a834751 3141 word32 j;
wolfSSL 11:cee25a834751 3142 printf("master secret: ");
wolfSSL 11:cee25a834751 3143 for (j = 0; j < SECRET_LEN; j++)
wolfSSL 11:cee25a834751 3144 printf("%02x", ssl->arrays->masterSecret[j]);
wolfSSL 11:cee25a834751 3145 printf("\n");
wolfSSL 11:cee25a834751 3146 }
wolfSSL 11:cee25a834751 3147 #endif
wolfSSL 11:cee25a834751 3148
wolfSSL 11:cee25a834751 3149 if (ret == 0)
wolfSSL 11:cee25a834751 3150 ret = DeriveKeys(ssl);
wolfSSL 11:cee25a834751 3151 }
wolfSSL 11:cee25a834751 3152
wolfSSL 11:cee25a834751 3153 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3154 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3155 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3156 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3157 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3158 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3159 #endif
wolfSSL 11:cee25a834751 3160
wolfSSL 11:cee25a834751 3161 if (ret == 0)
wolfSSL 11:cee25a834751 3162 ret = CleanPreMaster(ssl);
wolfSSL 11:cee25a834751 3163 else
wolfSSL 11:cee25a834751 3164 CleanPreMaster(ssl);
wolfSSL 11:cee25a834751 3165
wolfSSL 11:cee25a834751 3166 return ret;
wolfSSL 11:cee25a834751 3167 }
wolfSSL 11:cee25a834751 3168 #endif
wolfSSL 11:cee25a834751 3169
wolfSSL 11:cee25a834751 3170
wolfSSL 11:cee25a834751 3171 /* Master wrapper, doesn't use SSL stack space in TLS mode */
wolfSSL 11:cee25a834751 3172 int MakeMasterSecret(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 3173 {
wolfSSL 11:cee25a834751 3174 /* append secret to premaster : premaster | SerSi | CliSi */
wolfSSL 11:cee25a834751 3175 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 3176 word32 offset = 0;
wolfSSL 11:cee25a834751 3177
wolfSSL 11:cee25a834751 3178 if (ssl->peerQSHKeyPresent) {
wolfSSL 11:cee25a834751 3179 offset += ssl->arrays->preMasterSz;
wolfSSL 11:cee25a834751 3180 ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length +
wolfSSL 11:cee25a834751 3181 ssl->QSH_secret->SerSi->length;
wolfSSL 11:cee25a834751 3182 /* test and set flag if QSH has been used */
wolfSSL 11:cee25a834751 3183 if (ssl->QSH_secret->CliSi->length > 0 ||
wolfSSL 11:cee25a834751 3184 ssl->QSH_secret->SerSi->length > 0)
wolfSSL 11:cee25a834751 3185 ssl->isQSH = 1;
wolfSSL 11:cee25a834751 3186
wolfSSL 11:cee25a834751 3187 /* append secrets to the premaster */
wolfSSL 11:cee25a834751 3188 if (ssl->QSH_secret->SerSi != NULL) {
wolfSSL 11:cee25a834751 3189 XMEMCPY(ssl->arrays->preMasterSecret + offset,
wolfSSL 11:cee25a834751 3190 ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length);
wolfSSL 11:cee25a834751 3191 }
wolfSSL 11:cee25a834751 3192 offset += ssl->QSH_secret->SerSi->length;
wolfSSL 11:cee25a834751 3193 if (ssl->QSH_secret->CliSi != NULL) {
wolfSSL 11:cee25a834751 3194 XMEMCPY(ssl->arrays->preMasterSecret + offset,
wolfSSL 11:cee25a834751 3195 ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length);
wolfSSL 11:cee25a834751 3196 }
wolfSSL 11:cee25a834751 3197
wolfSSL 11:cee25a834751 3198 /* show secret SerSi and CliSi */
wolfSSL 11:cee25a834751 3199 #ifdef SHOW_SECRETS
wolfSSL 11:cee25a834751 3200 {
wolfSSL 11:cee25a834751 3201 word32 j;
wolfSSL 11:cee25a834751 3202 printf("QSH generated secret material\n");
wolfSSL 11:cee25a834751 3203 printf("SerSi : ");
wolfSSL 11:cee25a834751 3204 for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) {
wolfSSL 11:cee25a834751 3205 printf("%02x", ssl->QSH_secret->SerSi->buffer[j]);
wolfSSL 11:cee25a834751 3206 }
wolfSSL 11:cee25a834751 3207 printf("\n");
wolfSSL 11:cee25a834751 3208 printf("CliSi : ");
wolfSSL 11:cee25a834751 3209 for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) {
wolfSSL 11:cee25a834751 3210 printf("%02x", ssl->QSH_secret->CliSi->buffer[j]);
wolfSSL 11:cee25a834751 3211 }
wolfSSL 11:cee25a834751 3212 printf("\n");
wolfSSL 11:cee25a834751 3213 }
wolfSSL 11:cee25a834751 3214 #endif
wolfSSL 11:cee25a834751 3215 }
wolfSSL 11:cee25a834751 3216 #endif
wolfSSL 11:cee25a834751 3217
wolfSSL 11:cee25a834751 3218 #ifdef NO_OLD_TLS
wolfSSL 11:cee25a834751 3219 return MakeTlsMasterSecret(ssl);
wolfSSL 11:cee25a834751 3220 #elif !defined(NO_TLS)
wolfSSL 11:cee25a834751 3221 if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
wolfSSL 11:cee25a834751 3222 #endif
wolfSSL 11:cee25a834751 3223
wolfSSL 11:cee25a834751 3224 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 3225 return MakeSslMasterSecret(ssl);
wolfSSL 11:cee25a834751 3226 #endif
wolfSSL 11:cee25a834751 3227 }
wolfSSL 11:cee25a834751 3228
wolfSSL 11:cee25a834751 3229 #endif /* WOLFCRYPT_ONLY */
wolfSSL 11:cee25a834751 3230
wolfSSL 11:cee25a834751 3231