source: UsbWattMeter/trunk/wolfssl-3.7.0/src/keys.c@ 165

Last change on this file since 165 was 164, checked in by coas-nagasima, 8 years ago

TOPPERS/ECNLサンプルアプリ「USB充電器電力計」を追加
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
  • Property svn:mime-type set to text/x-csrc
File size: 109.5 KB
Line 
1/* keys.c
2 *
3 * Copyright (C) 2006-2015 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL. (formerly known as CyaSSL)
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
20 */
21
22/* Name change compatibility layer no longer needs to be included here */
23
24#ifdef HAVE_CONFIG_H
25 #include <config.h>
26#endif
27
28#include <wolfssl/wolfcrypt/settings.h>
29
30#ifndef WOLFCRYPT_ONLY
31
32#include <wolfssl/internal.h>
33#include <wolfssl/error-ssl.h>
34#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
35 #ifdef FREESCALE_MQX
36 #if MQX_USE_IO_OLD
37 #include <fio.h>
38 #else
39 #include <nio.h>
40 #endif
41 #else
42 #include <stdio.h>
43 #endif
44#endif
45
46
47int SetCipherSpecs(WOLFSSL* ssl)
48{
49#ifndef NO_WOLFSSL_CLIENT
50 if (ssl->options.side == WOLFSSL_CLIENT_END) {
51 /* server side verified before SetCipherSpecs call */
52 if (VerifyClientSuite(ssl) != 1) {
53 WOLFSSL_MSG("SetCipherSpecs() client has an unusuable suite");
54 return UNSUPPORTED_SUITE;
55 }
56 }
57#endif /* NO_WOLFSSL_CLIENT */
58
59 /* Chacha extensions, 0xcc */
60 if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
61
62 switch (ssl->options.cipherSuite) {
63#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
64 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
65 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
66 ssl->specs.cipher_type = aead;
67 ssl->specs.mac_algorithm = sha256_mac;
68 ssl->specs.kea = ecc_diffie_hellman_kea;
69 ssl->specs.sig_algo = rsa_sa_algo;
70 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
71 ssl->specs.pad_size = PAD_SHA;
72 ssl->specs.static_ecdh = 0;
73 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
74 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
75 ssl->specs.iv_size = CHACHA20_IV_SIZE;
76 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
77
78 break;
79#endif
80
81#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
82 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
83 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
84 ssl->specs.cipher_type = aead;
85 ssl->specs.mac_algorithm = sha256_mac;
86 ssl->specs.kea = ecc_diffie_hellman_kea;
87 ssl->specs.sig_algo = ecc_dsa_sa_algo;
88 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
89 ssl->specs.pad_size = PAD_SHA;
90 ssl->specs.static_ecdh = 0;
91 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
92 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
93 ssl->specs.iv_size = CHACHA20_IV_SIZE;
94 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
95
96 break;
97#endif
98
99#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
100 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
101 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
102 ssl->specs.cipher_type = aead;
103 ssl->specs.mac_algorithm = sha256_mac;
104 ssl->specs.kea = diffie_hellman_kea;
105 ssl->specs.sig_algo = rsa_sa_algo;
106 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
107 ssl->specs.pad_size = PAD_SHA;
108 ssl->specs.static_ecdh = 0;
109 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
110 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
111 ssl->specs.iv_size = CHACHA20_IV_SIZE;
112 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
113
114 break;
115#endif
116 default:
117 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
118 return UNSUPPORTED_SUITE;
119 }
120 }
121
122 /* ECC extensions, or AES-CCM */
123 if (ssl->options.cipherSuite0 == ECC_BYTE) {
124
125 switch (ssl->options.cipherSuite) {
126
127#ifdef HAVE_ECC
128
129#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
130 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
131 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
132 ssl->specs.cipher_type = block;
133 ssl->specs.mac_algorithm = sha256_mac;
134 ssl->specs.kea = ecc_diffie_hellman_kea;
135 ssl->specs.sig_algo = rsa_sa_algo;
136 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
137 ssl->specs.pad_size = PAD_SHA;
138 ssl->specs.static_ecdh = 0;
139 ssl->specs.key_size = AES_128_KEY_SIZE;
140 ssl->specs.iv_size = AES_IV_SIZE;
141 ssl->specs.block_size = AES_BLOCK_SIZE;
142 break;
143#endif
144
145#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
146 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
147 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
148 ssl->specs.cipher_type = block;
149 ssl->specs.mac_algorithm = sha256_mac;
150 ssl->specs.kea = ecc_diffie_hellman_kea;
151 ssl->specs.sig_algo = ecc_dsa_sa_algo;
152 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
153 ssl->specs.pad_size = PAD_SHA;
154 ssl->specs.static_ecdh = 0;
155 ssl->specs.key_size = AES_128_KEY_SIZE;
156 ssl->specs.iv_size = AES_IV_SIZE;
157 ssl->specs.block_size = AES_BLOCK_SIZE;
158 break;
159#endif
160
161#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
162 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
163 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
164 ssl->specs.cipher_type = block;
165 ssl->specs.mac_algorithm = sha256_mac;
166 ssl->specs.kea = ecc_diffie_hellman_kea;
167 ssl->specs.sig_algo = rsa_sa_algo;
168 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
169 ssl->specs.pad_size = PAD_SHA;
170 ssl->specs.static_ecdh = 1;
171 ssl->specs.key_size = AES_128_KEY_SIZE;
172 ssl->specs.iv_size = AES_IV_SIZE;
173 ssl->specs.block_size = AES_BLOCK_SIZE;
174 break;
175#endif
176
177#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
178 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
179 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
180 ssl->specs.cipher_type = block;
181 ssl->specs.mac_algorithm = sha256_mac;
182 ssl->specs.kea = ecc_diffie_hellman_kea;
183 ssl->specs.sig_algo = ecc_dsa_sa_algo;
184 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
185 ssl->specs.pad_size = PAD_SHA;
186 ssl->specs.static_ecdh = 1;
187 ssl->specs.key_size = AES_128_KEY_SIZE;
188 ssl->specs.iv_size = AES_IV_SIZE;
189 ssl->specs.block_size = AES_BLOCK_SIZE;
190 break;
191#endif
192
193#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
194 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
195 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
196 ssl->specs.cipher_type = block;
197 ssl->specs.mac_algorithm = sha384_mac;
198 ssl->specs.kea = ecc_diffie_hellman_kea;
199 ssl->specs.sig_algo = rsa_sa_algo;
200 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
201 ssl->specs.pad_size = PAD_SHA;
202 ssl->specs.static_ecdh = 0;
203 ssl->specs.key_size = AES_256_KEY_SIZE;
204 ssl->specs.iv_size = AES_IV_SIZE;
205 ssl->specs.block_size = AES_BLOCK_SIZE;
206 break;
207#endif
208
209#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
210 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
211 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
212 ssl->specs.cipher_type = block;
213 ssl->specs.mac_algorithm = sha384_mac;
214 ssl->specs.kea = ecc_diffie_hellman_kea;
215 ssl->specs.sig_algo = ecc_dsa_sa_algo;
216 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
217 ssl->specs.pad_size = PAD_SHA;
218 ssl->specs.static_ecdh = 0;
219 ssl->specs.key_size = AES_256_KEY_SIZE;
220 ssl->specs.iv_size = AES_IV_SIZE;
221 ssl->specs.block_size = AES_BLOCK_SIZE;
222 break;
223#endif
224
225#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
226 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
227 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
228 ssl->specs.cipher_type = block;
229 ssl->specs.mac_algorithm = sha384_mac;
230 ssl->specs.kea = ecc_diffie_hellman_kea;
231 ssl->specs.sig_algo = rsa_sa_algo;
232 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
233 ssl->specs.pad_size = PAD_SHA;
234 ssl->specs.static_ecdh = 1;
235 ssl->specs.key_size = AES_256_KEY_SIZE;
236 ssl->specs.iv_size = AES_IV_SIZE;
237 ssl->specs.block_size = AES_BLOCK_SIZE;
238 break;
239#endif
240
241#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
242 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
243 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
244 ssl->specs.cipher_type = block;
245 ssl->specs.mac_algorithm = sha384_mac;
246 ssl->specs.kea = ecc_diffie_hellman_kea;
247 ssl->specs.sig_algo = ecc_dsa_sa_algo;
248 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
249 ssl->specs.pad_size = PAD_SHA;
250 ssl->specs.static_ecdh = 1;
251 ssl->specs.key_size = AES_256_KEY_SIZE;
252 ssl->specs.iv_size = AES_IV_SIZE;
253 ssl->specs.block_size = AES_BLOCK_SIZE;
254 break;
255#endif
256
257#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
258 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
259 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
260 ssl->specs.cipher_type = block;
261 ssl->specs.mac_algorithm = sha_mac;
262 ssl->specs.kea = ecc_diffie_hellman_kea;
263 ssl->specs.sig_algo = rsa_sa_algo;
264 ssl->specs.hash_size = SHA_DIGEST_SIZE;
265 ssl->specs.pad_size = PAD_SHA;
266 ssl->specs.static_ecdh = 0;
267 ssl->specs.key_size = AES_128_KEY_SIZE;
268 ssl->specs.block_size = AES_BLOCK_SIZE;
269 ssl->specs.iv_size = AES_IV_SIZE;
270
271 break;
272#endif
273
274#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
275 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
276 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
277 ssl->specs.cipher_type = block;
278 ssl->specs.mac_algorithm = sha_mac;
279 ssl->specs.kea = ecc_diffie_hellman_kea;
280 ssl->specs.sig_algo = rsa_sa_algo;
281 ssl->specs.hash_size = SHA_DIGEST_SIZE;
282 ssl->specs.pad_size = PAD_SHA;
283 ssl->specs.static_ecdh = 1;
284 ssl->specs.key_size = AES_128_KEY_SIZE;
285 ssl->specs.block_size = AES_BLOCK_SIZE;
286 ssl->specs.iv_size = AES_IV_SIZE;
287
288 break;
289#endif
290
291#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
292 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
293 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
294 ssl->specs.cipher_type = block;
295 ssl->specs.mac_algorithm = sha_mac;
296 ssl->specs.kea = ecc_diffie_hellman_kea;
297 ssl->specs.sig_algo = rsa_sa_algo;
298 ssl->specs.hash_size = SHA_DIGEST_SIZE;
299 ssl->specs.pad_size = PAD_SHA;
300 ssl->specs.static_ecdh = 0;
301 ssl->specs.key_size = DES3_KEY_SIZE;
302 ssl->specs.block_size = DES_BLOCK_SIZE;
303 ssl->specs.iv_size = DES_IV_SIZE;
304
305 break;
306#endif
307
308#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
309 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
310 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
311 ssl->specs.cipher_type = block;
312 ssl->specs.mac_algorithm = sha_mac;
313 ssl->specs.kea = ecc_diffie_hellman_kea;
314 ssl->specs.sig_algo = rsa_sa_algo;
315 ssl->specs.hash_size = SHA_DIGEST_SIZE;
316 ssl->specs.pad_size = PAD_SHA;
317 ssl->specs.static_ecdh = 1;
318 ssl->specs.key_size = DES3_KEY_SIZE;
319 ssl->specs.block_size = DES_BLOCK_SIZE;
320 ssl->specs.iv_size = DES_IV_SIZE;
321
322 break;
323#endif
324
325#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
326 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
327 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
328 ssl->specs.cipher_type = stream;
329 ssl->specs.mac_algorithm = sha_mac;
330 ssl->specs.kea = ecc_diffie_hellman_kea;
331 ssl->specs.sig_algo = rsa_sa_algo;
332 ssl->specs.hash_size = SHA_DIGEST_SIZE;
333 ssl->specs.pad_size = PAD_SHA;
334 ssl->specs.static_ecdh = 0;
335 ssl->specs.key_size = RC4_KEY_SIZE;
336 ssl->specs.iv_size = 0;
337 ssl->specs.block_size = 0;
338
339 break;
340#endif
341
342#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
343 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
344 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
345 ssl->specs.cipher_type = stream;
346 ssl->specs.mac_algorithm = sha_mac;
347 ssl->specs.kea = ecc_diffie_hellman_kea;
348 ssl->specs.sig_algo = rsa_sa_algo;
349 ssl->specs.hash_size = SHA_DIGEST_SIZE;
350 ssl->specs.pad_size = PAD_SHA;
351 ssl->specs.static_ecdh = 1;
352 ssl->specs.key_size = RC4_KEY_SIZE;
353 ssl->specs.iv_size = 0;
354 ssl->specs.block_size = 0;
355
356 break;
357#endif
358
359#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
360 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
361 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
362 ssl->specs.cipher_type = block;
363 ssl->specs.mac_algorithm = sha_mac;
364 ssl->specs.kea = ecc_diffie_hellman_kea;
365 ssl->specs.sig_algo = ecc_dsa_sa_algo;
366 ssl->specs.hash_size = SHA_DIGEST_SIZE;
367 ssl->specs.pad_size = PAD_SHA;
368 ssl->specs.static_ecdh = 0;
369 ssl->specs.key_size = DES3_KEY_SIZE;
370 ssl->specs.block_size = DES_BLOCK_SIZE;
371 ssl->specs.iv_size = DES_IV_SIZE;
372
373 break;
374#endif
375
376#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
377 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
378 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
379 ssl->specs.cipher_type = block;
380 ssl->specs.mac_algorithm = sha_mac;
381 ssl->specs.kea = ecc_diffie_hellman_kea;
382 ssl->specs.sig_algo = ecc_dsa_sa_algo;
383 ssl->specs.hash_size = SHA_DIGEST_SIZE;
384 ssl->specs.pad_size = PAD_SHA;
385 ssl->specs.static_ecdh = 1;
386 ssl->specs.key_size = DES3_KEY_SIZE;
387 ssl->specs.block_size = DES_BLOCK_SIZE;
388 ssl->specs.iv_size = DES_IV_SIZE;
389
390 break;
391#endif
392
393#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
394 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
395 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
396 ssl->specs.cipher_type = stream;
397 ssl->specs.mac_algorithm = sha_mac;
398 ssl->specs.kea = ecc_diffie_hellman_kea;
399 ssl->specs.sig_algo = ecc_dsa_sa_algo;
400 ssl->specs.hash_size = SHA_DIGEST_SIZE;
401 ssl->specs.pad_size = PAD_SHA;
402 ssl->specs.static_ecdh = 0;
403 ssl->specs.key_size = RC4_KEY_SIZE;
404 ssl->specs.iv_size = 0;
405 ssl->specs.block_size = 0;
406
407 break;
408#endif
409
410#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
411 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
412 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
413 ssl->specs.cipher_type = stream;
414 ssl->specs.mac_algorithm = sha_mac;
415 ssl->specs.kea = ecc_diffie_hellman_kea;
416 ssl->specs.sig_algo = ecc_dsa_sa_algo;
417 ssl->specs.hash_size = SHA_DIGEST_SIZE;
418 ssl->specs.pad_size = PAD_SHA;
419 ssl->specs.static_ecdh = 1;
420 ssl->specs.key_size = RC4_KEY_SIZE;
421 ssl->specs.iv_size = 0;
422 ssl->specs.block_size = 0;
423
424 break;
425#endif
426
427#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
428 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
429 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
430 ssl->specs.cipher_type = block;
431 ssl->specs.mac_algorithm = sha_mac;
432 ssl->specs.kea = ecc_diffie_hellman_kea;
433 ssl->specs.sig_algo = rsa_sa_algo;
434 ssl->specs.hash_size = SHA_DIGEST_SIZE;
435 ssl->specs.pad_size = PAD_SHA;
436 ssl->specs.static_ecdh = 0;
437 ssl->specs.key_size = AES_256_KEY_SIZE;
438 ssl->specs.block_size = AES_BLOCK_SIZE;
439 ssl->specs.iv_size = AES_IV_SIZE;
440
441 break;
442#endif
443
444#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
445 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
446 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
447 ssl->specs.cipher_type = block;
448 ssl->specs.mac_algorithm = sha_mac;
449 ssl->specs.kea = ecc_diffie_hellman_kea;
450 ssl->specs.sig_algo = rsa_sa_algo;
451 ssl->specs.hash_size = SHA_DIGEST_SIZE;
452 ssl->specs.pad_size = PAD_SHA;
453 ssl->specs.static_ecdh = 1;
454 ssl->specs.key_size = AES_256_KEY_SIZE;
455 ssl->specs.block_size = AES_BLOCK_SIZE;
456 ssl->specs.iv_size = AES_IV_SIZE;
457
458 break;
459#endif
460
461#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
462 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
463 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
464 ssl->specs.cipher_type = block;
465 ssl->specs.mac_algorithm = sha_mac;
466 ssl->specs.kea = ecc_diffie_hellman_kea;
467 ssl->specs.sig_algo = ecc_dsa_sa_algo;
468 ssl->specs.hash_size = SHA_DIGEST_SIZE;
469 ssl->specs.pad_size = PAD_SHA;
470 ssl->specs.static_ecdh = 0;
471 ssl->specs.key_size = AES_128_KEY_SIZE;
472 ssl->specs.block_size = AES_BLOCK_SIZE;
473 ssl->specs.iv_size = AES_IV_SIZE;
474
475 break;
476#endif
477
478#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
479 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
480 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
481 ssl->specs.cipher_type = block;
482 ssl->specs.mac_algorithm = sha_mac;
483 ssl->specs.kea = ecc_diffie_hellman_kea;
484 ssl->specs.sig_algo = ecc_dsa_sa_algo;
485 ssl->specs.hash_size = SHA_DIGEST_SIZE;
486 ssl->specs.pad_size = PAD_SHA;
487 ssl->specs.static_ecdh = 1;
488 ssl->specs.key_size = AES_128_KEY_SIZE;
489 ssl->specs.block_size = AES_BLOCK_SIZE;
490 ssl->specs.iv_size = AES_IV_SIZE;
491
492 break;
493#endif
494
495#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
496 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
497 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
498 ssl->specs.cipher_type = block;
499 ssl->specs.mac_algorithm = sha_mac;
500 ssl->specs.kea = ecc_diffie_hellman_kea;
501 ssl->specs.sig_algo = ecc_dsa_sa_algo;
502 ssl->specs.hash_size = SHA_DIGEST_SIZE;
503 ssl->specs.pad_size = PAD_SHA;
504 ssl->specs.static_ecdh = 0;
505 ssl->specs.key_size = AES_256_KEY_SIZE;
506 ssl->specs.block_size = AES_BLOCK_SIZE;
507 ssl->specs.iv_size = AES_IV_SIZE;
508
509 break;
510#endif
511
512#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
513 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
514 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
515 ssl->specs.cipher_type = block;
516 ssl->specs.mac_algorithm = sha_mac;
517 ssl->specs.kea = ecc_diffie_hellman_kea;
518 ssl->specs.sig_algo = ecc_dsa_sa_algo;
519 ssl->specs.hash_size = SHA_DIGEST_SIZE;
520 ssl->specs.pad_size = PAD_SHA;
521 ssl->specs.static_ecdh = 1;
522 ssl->specs.key_size = AES_256_KEY_SIZE;
523 ssl->specs.block_size = AES_BLOCK_SIZE;
524 ssl->specs.iv_size = AES_IV_SIZE;
525
526 break;
527#endif
528
529#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
530 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
531 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
532 ssl->specs.cipher_type = aead;
533 ssl->specs.mac_algorithm = sha256_mac;
534 ssl->specs.kea = ecc_diffie_hellman_kea;
535 ssl->specs.sig_algo = rsa_sa_algo;
536 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
537 ssl->specs.pad_size = PAD_SHA;
538 ssl->specs.static_ecdh = 0;
539 ssl->specs.key_size = AES_128_KEY_SIZE;
540 ssl->specs.block_size = AES_BLOCK_SIZE;
541 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
542 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
543
544 break;
545#endif
546
547#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
548 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
549 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
550 ssl->specs.cipher_type = aead;
551 ssl->specs.mac_algorithm = sha384_mac;
552 ssl->specs.kea = ecc_diffie_hellman_kea;
553 ssl->specs.sig_algo = rsa_sa_algo;
554 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
555 ssl->specs.pad_size = PAD_SHA;
556 ssl->specs.static_ecdh = 0;
557 ssl->specs.key_size = AES_256_KEY_SIZE;
558 ssl->specs.block_size = AES_BLOCK_SIZE;
559 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
560 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
561
562 break;
563#endif
564
565#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
566 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
567 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
568 ssl->specs.cipher_type = aead;
569 ssl->specs.mac_algorithm = sha256_mac;
570 ssl->specs.kea = ecc_diffie_hellman_kea;
571 ssl->specs.sig_algo = ecc_dsa_sa_algo;
572 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
573 ssl->specs.pad_size = PAD_SHA;
574 ssl->specs.static_ecdh = 0;
575 ssl->specs.key_size = AES_128_KEY_SIZE;
576 ssl->specs.block_size = AES_BLOCK_SIZE;
577 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
578 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
579
580 break;
581#endif
582
583#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
584 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
585 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
586 ssl->specs.cipher_type = aead;
587 ssl->specs.mac_algorithm = sha384_mac;
588 ssl->specs.kea = ecc_diffie_hellman_kea;
589 ssl->specs.sig_algo = ecc_dsa_sa_algo;
590 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
591 ssl->specs.pad_size = PAD_SHA;
592 ssl->specs.static_ecdh = 0;
593 ssl->specs.key_size = AES_256_KEY_SIZE;
594 ssl->specs.block_size = AES_BLOCK_SIZE;
595 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
596 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
597
598 break;
599#endif
600
601#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
602 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
603 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
604 ssl->specs.cipher_type = aead;
605 ssl->specs.mac_algorithm = sha256_mac;
606 ssl->specs.kea = ecc_diffie_hellman_kea;
607 ssl->specs.sig_algo = rsa_sa_algo;
608 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
609 ssl->specs.pad_size = PAD_SHA;
610 ssl->specs.static_ecdh = 1;
611 ssl->specs.key_size = AES_128_KEY_SIZE;
612 ssl->specs.block_size = AES_BLOCK_SIZE;
613 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
614 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
615
616 break;
617#endif
618
619#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
620 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
621 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
622 ssl->specs.cipher_type = aead;
623 ssl->specs.mac_algorithm = sha384_mac;
624 ssl->specs.kea = ecc_diffie_hellman_kea;
625 ssl->specs.sig_algo = rsa_sa_algo;
626 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
627 ssl->specs.pad_size = PAD_SHA;
628 ssl->specs.static_ecdh = 1;
629 ssl->specs.key_size = AES_256_KEY_SIZE;
630 ssl->specs.block_size = AES_BLOCK_SIZE;
631 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
632 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
633
634 break;
635#endif
636
637#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
638 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
639 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
640 ssl->specs.cipher_type = aead;
641 ssl->specs.mac_algorithm = sha256_mac;
642 ssl->specs.kea = ecc_diffie_hellman_kea;
643 ssl->specs.sig_algo = ecc_dsa_sa_algo;
644 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
645 ssl->specs.pad_size = PAD_SHA;
646 ssl->specs.static_ecdh = 1;
647 ssl->specs.key_size = AES_128_KEY_SIZE;
648 ssl->specs.block_size = AES_BLOCK_SIZE;
649 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
650 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
651
652 break;
653#endif
654
655#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
656 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
657 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
658 ssl->specs.cipher_type = aead;
659 ssl->specs.mac_algorithm = sha384_mac;
660 ssl->specs.kea = ecc_diffie_hellman_kea;
661 ssl->specs.sig_algo = ecc_dsa_sa_algo;
662 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
663 ssl->specs.pad_size = PAD_SHA;
664 ssl->specs.static_ecdh = 1;
665 ssl->specs.key_size = AES_256_KEY_SIZE;
666 ssl->specs.block_size = AES_BLOCK_SIZE;
667 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
668 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
669
670 break;
671#endif
672
673#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
674 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
675 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
676 ssl->specs.cipher_type = aead;
677 ssl->specs.mac_algorithm = sha256_mac;
678 ssl->specs.kea = ecc_diffie_hellman_kea;
679 ssl->specs.sig_algo = ecc_dsa_sa_algo;
680 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
681 ssl->specs.pad_size = PAD_SHA;
682 ssl->specs.static_ecdh = 0;
683 ssl->specs.key_size = AES_128_KEY_SIZE;
684 ssl->specs.block_size = AES_BLOCK_SIZE;
685 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
686 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
687
688 break;
689#endif
690
691#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
692 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
693 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
694 ssl->specs.cipher_type = aead;
695 ssl->specs.mac_algorithm = sha256_mac;
696 ssl->specs.kea = ecc_diffie_hellman_kea;
697 ssl->specs.sig_algo = ecc_dsa_sa_algo;
698 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
699 ssl->specs.pad_size = PAD_SHA;
700 ssl->specs.static_ecdh = 0;
701 ssl->specs.key_size = AES_256_KEY_SIZE;
702 ssl->specs.block_size = AES_BLOCK_SIZE;
703 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
704 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
705
706 break;
707#endif
708#endif /* HAVE_ECC */
709
710#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
711 case TLS_RSA_WITH_AES_128_CCM_8 :
712 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
713 ssl->specs.cipher_type = aead;
714 ssl->specs.mac_algorithm = sha256_mac;
715 ssl->specs.kea = rsa_kea;
716 ssl->specs.sig_algo = rsa_sa_algo;
717 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
718 ssl->specs.pad_size = PAD_SHA;
719 ssl->specs.static_ecdh = 0;
720 ssl->specs.key_size = AES_128_KEY_SIZE;
721 ssl->specs.block_size = AES_BLOCK_SIZE;
722 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
723 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
724
725 break;
726#endif
727
728#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
729 case TLS_RSA_WITH_AES_256_CCM_8 :
730 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
731 ssl->specs.cipher_type = aead;
732 ssl->specs.mac_algorithm = sha256_mac;
733 ssl->specs.kea = rsa_kea;
734 ssl->specs.sig_algo = rsa_sa_algo;
735 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
736 ssl->specs.pad_size = PAD_SHA;
737 ssl->specs.static_ecdh = 0;
738 ssl->specs.key_size = AES_256_KEY_SIZE;
739 ssl->specs.block_size = AES_BLOCK_SIZE;
740 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
741 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
742
743 break;
744#endif
745
746#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
747 case TLS_PSK_WITH_AES_128_CCM_8 :
748 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
749 ssl->specs.cipher_type = aead;
750 ssl->specs.mac_algorithm = sha256_mac;
751 ssl->specs.kea = psk_kea;
752 ssl->specs.sig_algo = anonymous_sa_algo;
753 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
754 ssl->specs.pad_size = PAD_SHA;
755 ssl->specs.static_ecdh = 0;
756 ssl->specs.key_size = AES_128_KEY_SIZE;
757 ssl->specs.block_size = AES_BLOCK_SIZE;
758 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
759 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
760
761 ssl->options.usingPSK_cipher = 1;
762 break;
763#endif
764
765#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
766 case TLS_PSK_WITH_AES_256_CCM_8 :
767 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
768 ssl->specs.cipher_type = aead;
769 ssl->specs.mac_algorithm = sha256_mac;
770 ssl->specs.kea = psk_kea;
771 ssl->specs.sig_algo = anonymous_sa_algo;
772 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
773 ssl->specs.pad_size = PAD_SHA;
774 ssl->specs.static_ecdh = 0;
775 ssl->specs.key_size = AES_256_KEY_SIZE;
776 ssl->specs.block_size = AES_BLOCK_SIZE;
777 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
778 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
779
780 ssl->options.usingPSK_cipher = 1;
781 break;
782#endif
783
784#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
785 case TLS_PSK_WITH_AES_128_CCM :
786 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
787 ssl->specs.cipher_type = aead;
788 ssl->specs.mac_algorithm = sha256_mac;
789 ssl->specs.kea = psk_kea;
790 ssl->specs.sig_algo = anonymous_sa_algo;
791 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
792 ssl->specs.pad_size = PAD_SHA;
793 ssl->specs.static_ecdh = 0;
794 ssl->specs.key_size = AES_128_KEY_SIZE;
795 ssl->specs.block_size = AES_BLOCK_SIZE;
796 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
797 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
798
799 ssl->options.usingPSK_cipher = 1;
800 break;
801#endif
802
803#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
804 case TLS_PSK_WITH_AES_256_CCM :
805 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
806 ssl->specs.cipher_type = aead;
807 ssl->specs.mac_algorithm = sha256_mac;
808 ssl->specs.kea = psk_kea;
809 ssl->specs.sig_algo = anonymous_sa_algo;
810 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
811 ssl->specs.pad_size = PAD_SHA;
812 ssl->specs.static_ecdh = 0;
813 ssl->specs.key_size = AES_256_KEY_SIZE;
814 ssl->specs.block_size = AES_BLOCK_SIZE;
815 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
816 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
817
818 ssl->options.usingPSK_cipher = 1;
819 break;
820#endif
821
822#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
823 case TLS_DHE_PSK_WITH_AES_128_CCM :
824 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
825 ssl->specs.cipher_type = aead;
826 ssl->specs.mac_algorithm = sha256_mac;
827 ssl->specs.kea = dhe_psk_kea;
828 ssl->specs.sig_algo = anonymous_sa_algo;
829 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
830 ssl->specs.pad_size = PAD_SHA;
831 ssl->specs.static_ecdh = 0;
832 ssl->specs.key_size = AES_128_KEY_SIZE;
833 ssl->specs.block_size = AES_BLOCK_SIZE;
834 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
835 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
836
837 ssl->options.usingPSK_cipher = 1;
838 break;
839#endif
840
841#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
842 case TLS_DHE_PSK_WITH_AES_256_CCM :
843 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
844 ssl->specs.cipher_type = aead;
845 ssl->specs.mac_algorithm = sha256_mac;
846 ssl->specs.kea = dhe_psk_kea;
847 ssl->specs.sig_algo = anonymous_sa_algo;
848 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
849 ssl->specs.pad_size = PAD_SHA;
850 ssl->specs.static_ecdh = 0;
851 ssl->specs.key_size = AES_256_KEY_SIZE;
852 ssl->specs.block_size = AES_BLOCK_SIZE;
853 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
854 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
855
856 ssl->options.usingPSK_cipher = 1;
857 break;
858#endif
859
860 default:
861 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
862 return UNSUPPORTED_SUITE;
863 } /* switch */
864 } /* if */
865 if (ssl->options.cipherSuite0 != ECC_BYTE &&
866 ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */
867 switch (ssl->options.cipherSuite) {
868
869#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
870 case SSL_RSA_WITH_RC4_128_SHA :
871 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
872 ssl->specs.cipher_type = stream;
873 ssl->specs.mac_algorithm = sha_mac;
874 ssl->specs.kea = rsa_kea;
875 ssl->specs.sig_algo = rsa_sa_algo;
876 ssl->specs.hash_size = SHA_DIGEST_SIZE;
877 ssl->specs.pad_size = PAD_SHA;
878 ssl->specs.static_ecdh = 0;
879 ssl->specs.key_size = RC4_KEY_SIZE;
880 ssl->specs.iv_size = 0;
881 ssl->specs.block_size = 0;
882
883 break;
884#endif
885
886#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
887 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
888 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
889 ssl->specs.cipher_type = stream;
890 ssl->specs.mac_algorithm = sha_mac;
891 ssl->specs.kea = ntru_kea;
892 ssl->specs.sig_algo = rsa_sa_algo;
893 ssl->specs.hash_size = SHA_DIGEST_SIZE;
894 ssl->specs.pad_size = PAD_SHA;
895 ssl->specs.static_ecdh = 0;
896 ssl->specs.key_size = RC4_KEY_SIZE;
897 ssl->specs.iv_size = 0;
898 ssl->specs.block_size = 0;
899
900 break;
901#endif
902
903#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
904 case SSL_RSA_WITH_RC4_128_MD5 :
905 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
906 ssl->specs.cipher_type = stream;
907 ssl->specs.mac_algorithm = md5_mac;
908 ssl->specs.kea = rsa_kea;
909 ssl->specs.sig_algo = rsa_sa_algo;
910 ssl->specs.hash_size = MD5_DIGEST_SIZE;
911 ssl->specs.pad_size = PAD_MD5;
912 ssl->specs.static_ecdh = 0;
913 ssl->specs.key_size = RC4_KEY_SIZE;
914 ssl->specs.iv_size = 0;
915 ssl->specs.block_size = 0;
916
917 break;
918#endif
919
920#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
921 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
922 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
923 ssl->specs.cipher_type = block;
924 ssl->specs.mac_algorithm = sha_mac;
925 ssl->specs.kea = rsa_kea;
926 ssl->specs.sig_algo = rsa_sa_algo;
927 ssl->specs.hash_size = SHA_DIGEST_SIZE;
928 ssl->specs.pad_size = PAD_SHA;
929 ssl->specs.static_ecdh = 0;
930 ssl->specs.key_size = DES3_KEY_SIZE;
931 ssl->specs.block_size = DES_BLOCK_SIZE;
932 ssl->specs.iv_size = DES_IV_SIZE;
933
934 break;
935#endif
936
937#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
938 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
939 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
940 ssl->specs.cipher_type = block;
941 ssl->specs.mac_algorithm = sha_mac;
942 ssl->specs.kea = ntru_kea;
943 ssl->specs.sig_algo = rsa_sa_algo;
944 ssl->specs.hash_size = SHA_DIGEST_SIZE;
945 ssl->specs.pad_size = PAD_SHA;
946 ssl->specs.static_ecdh = 0;
947 ssl->specs.key_size = DES3_KEY_SIZE;
948 ssl->specs.block_size = DES_BLOCK_SIZE;
949 ssl->specs.iv_size = DES_IV_SIZE;
950
951 break;
952#endif
953
954#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
955 case TLS_RSA_WITH_AES_128_CBC_SHA :
956 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
957 ssl->specs.cipher_type = block;
958 ssl->specs.mac_algorithm = sha_mac;
959 ssl->specs.kea = rsa_kea;
960 ssl->specs.sig_algo = rsa_sa_algo;
961 ssl->specs.hash_size = SHA_DIGEST_SIZE;
962 ssl->specs.pad_size = PAD_SHA;
963 ssl->specs.static_ecdh = 0;
964 ssl->specs.key_size = AES_128_KEY_SIZE;
965 ssl->specs.block_size = AES_BLOCK_SIZE;
966 ssl->specs.iv_size = AES_IV_SIZE;
967
968 break;
969#endif
970
971#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
972 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
973 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
974 ssl->specs.cipher_type = block;
975 ssl->specs.mac_algorithm = sha256_mac;
976 ssl->specs.kea = rsa_kea;
977 ssl->specs.sig_algo = rsa_sa_algo;
978 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
979 ssl->specs.pad_size = PAD_SHA;
980 ssl->specs.static_ecdh = 0;
981 ssl->specs.key_size = AES_128_KEY_SIZE;
982 ssl->specs.block_size = AES_BLOCK_SIZE;
983 ssl->specs.iv_size = AES_IV_SIZE;
984
985 break;
986#endif
987
988#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
989 case TLS_RSA_WITH_NULL_SHA :
990 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
991 ssl->specs.cipher_type = stream;
992 ssl->specs.mac_algorithm = sha_mac;
993 ssl->specs.kea = rsa_kea;
994 ssl->specs.sig_algo = rsa_sa_algo;
995 ssl->specs.hash_size = SHA_DIGEST_SIZE;
996 ssl->specs.pad_size = PAD_SHA;
997 ssl->specs.static_ecdh = 0;
998 ssl->specs.key_size = 0;
999 ssl->specs.block_size = 0;
1000 ssl->specs.iv_size = 0;
1001
1002 break;
1003#endif
1004
1005#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
1006 case TLS_RSA_WITH_NULL_SHA256 :
1007 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1008 ssl->specs.cipher_type = stream;
1009 ssl->specs.mac_algorithm = sha256_mac;
1010 ssl->specs.kea = rsa_kea;
1011 ssl->specs.sig_algo = rsa_sa_algo;
1012 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1013 ssl->specs.pad_size = PAD_SHA;
1014 ssl->specs.static_ecdh = 0;
1015 ssl->specs.key_size = 0;
1016 ssl->specs.block_size = 0;
1017 ssl->specs.iv_size = 0;
1018
1019 break;
1020#endif
1021
1022#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
1023 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
1024 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1025 ssl->specs.cipher_type = block;
1026 ssl->specs.mac_algorithm = sha_mac;
1027 ssl->specs.kea = ntru_kea;
1028 ssl->specs.sig_algo = rsa_sa_algo;
1029 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1030 ssl->specs.pad_size = PAD_SHA;
1031 ssl->specs.static_ecdh = 0;
1032 ssl->specs.key_size = AES_128_KEY_SIZE;
1033 ssl->specs.block_size = AES_BLOCK_SIZE;
1034 ssl->specs.iv_size = AES_IV_SIZE;
1035
1036 break;
1037#endif
1038
1039#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
1040 case TLS_RSA_WITH_AES_256_CBC_SHA :
1041 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1042 ssl->specs.cipher_type = block;
1043 ssl->specs.mac_algorithm = sha_mac;
1044 ssl->specs.kea = rsa_kea;
1045 ssl->specs.sig_algo = rsa_sa_algo;
1046 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1047 ssl->specs.pad_size = PAD_SHA;
1048 ssl->specs.static_ecdh = 0;
1049 ssl->specs.key_size = AES_256_KEY_SIZE;
1050 ssl->specs.block_size = AES_BLOCK_SIZE;
1051 ssl->specs.iv_size = AES_IV_SIZE;
1052
1053 break;
1054#endif
1055
1056#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
1057 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
1058 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1059 ssl->specs.cipher_type = block;
1060 ssl->specs.mac_algorithm = sha256_mac;
1061 ssl->specs.kea = rsa_kea;
1062 ssl->specs.sig_algo = rsa_sa_algo;
1063 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1064 ssl->specs.pad_size = PAD_SHA;
1065 ssl->specs.static_ecdh = 0;
1066 ssl->specs.key_size = AES_256_KEY_SIZE;
1067 ssl->specs.block_size = AES_BLOCK_SIZE;
1068 ssl->specs.iv_size = AES_IV_SIZE;
1069
1070 break;
1071#endif
1072
1073#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
1074 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
1075 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1076 ssl->specs.cipher_type = block;
1077 ssl->specs.mac_algorithm = sha_mac;
1078 ssl->specs.kea = ntru_kea;
1079 ssl->specs.sig_algo = rsa_sa_algo;
1080 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1081 ssl->specs.pad_size = PAD_SHA;
1082 ssl->specs.static_ecdh = 0;
1083 ssl->specs.key_size = AES_256_KEY_SIZE;
1084 ssl->specs.block_size = AES_BLOCK_SIZE;
1085 ssl->specs.iv_size = AES_IV_SIZE;
1086
1087 break;
1088#endif
1089
1090#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
1091 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
1092 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1093 ssl->specs.cipher_type = aead;
1094 ssl->specs.mac_algorithm = sha256_mac;
1095 ssl->specs.kea = psk_kea;
1096 ssl->specs.sig_algo = anonymous_sa_algo;
1097 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1098 ssl->specs.pad_size = PAD_SHA;
1099 ssl->specs.static_ecdh = 0;
1100 ssl->specs.key_size = AES_128_KEY_SIZE;
1101 ssl->specs.block_size = AES_BLOCK_SIZE;
1102 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1103 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1104
1105 ssl->options.usingPSK_cipher = 1;
1106 break;
1107#endif
1108
1109#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
1110 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
1111 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1112 ssl->specs.cipher_type = aead;
1113 ssl->specs.mac_algorithm = sha384_mac;
1114 ssl->specs.kea = psk_kea;
1115 ssl->specs.sig_algo = anonymous_sa_algo;
1116 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1117 ssl->specs.pad_size = PAD_SHA;
1118 ssl->specs.static_ecdh = 0;
1119 ssl->specs.key_size = AES_256_KEY_SIZE;
1120 ssl->specs.block_size = AES_BLOCK_SIZE;
1121 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1122 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1123
1124 ssl->options.usingPSK_cipher = 1;
1125 break;
1126#endif
1127
1128#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1129 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
1130 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1131 ssl->specs.cipher_type = aead;
1132 ssl->specs.mac_algorithm = sha256_mac;
1133 ssl->specs.kea = dhe_psk_kea;
1134 ssl->specs.sig_algo = anonymous_sa_algo;
1135 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1136 ssl->specs.pad_size = PAD_SHA;
1137 ssl->specs.static_ecdh = 0;
1138 ssl->specs.key_size = AES_128_KEY_SIZE;
1139 ssl->specs.block_size = AES_BLOCK_SIZE;
1140 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1141 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1142
1143 ssl->options.usingPSK_cipher = 1;
1144 break;
1145#endif
1146
1147#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1148 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
1149 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1150 ssl->specs.cipher_type = aead;
1151 ssl->specs.mac_algorithm = sha384_mac;
1152 ssl->specs.kea = dhe_psk_kea;
1153 ssl->specs.sig_algo = anonymous_sa_algo;
1154 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1155 ssl->specs.pad_size = PAD_SHA;
1156 ssl->specs.static_ecdh = 0;
1157 ssl->specs.key_size = AES_256_KEY_SIZE;
1158 ssl->specs.block_size = AES_BLOCK_SIZE;
1159 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1160 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1161
1162 ssl->options.usingPSK_cipher = 1;
1163 break;
1164#endif
1165
1166#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
1167 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
1168 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1169 ssl->specs.cipher_type = block;
1170 ssl->specs.mac_algorithm = sha256_mac;
1171 ssl->specs.kea = psk_kea;
1172 ssl->specs.sig_algo = anonymous_sa_algo;
1173 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1174 ssl->specs.pad_size = PAD_SHA;
1175 ssl->specs.static_ecdh = 0;
1176 ssl->specs.key_size = AES_128_KEY_SIZE;
1177 ssl->specs.block_size = AES_BLOCK_SIZE;
1178 ssl->specs.iv_size = AES_IV_SIZE;
1179
1180 ssl->options.usingPSK_cipher = 1;
1181 break;
1182#endif
1183
1184#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
1185 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
1186 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1187 ssl->specs.cipher_type = block;
1188 ssl->specs.mac_algorithm = sha384_mac;
1189 ssl->specs.kea = psk_kea;
1190 ssl->specs.sig_algo = anonymous_sa_algo;
1191 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1192 ssl->specs.pad_size = PAD_SHA;
1193 ssl->specs.static_ecdh = 0;
1194 ssl->specs.key_size = AES_256_KEY_SIZE;
1195 ssl->specs.block_size = AES_BLOCK_SIZE;
1196 ssl->specs.iv_size = AES_IV_SIZE;
1197
1198 ssl->options.usingPSK_cipher = 1;
1199 break;
1200#endif
1201
1202#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1203 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
1204 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1205 ssl->specs.cipher_type = block;
1206 ssl->specs.mac_algorithm = sha256_mac;
1207 ssl->specs.kea = dhe_psk_kea;
1208 ssl->specs.sig_algo = anonymous_sa_algo;
1209 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1210 ssl->specs.pad_size = PAD_SHA;
1211 ssl->specs.static_ecdh = 0;
1212 ssl->specs.key_size = AES_128_KEY_SIZE;
1213 ssl->specs.block_size = AES_BLOCK_SIZE;
1214 ssl->specs.iv_size = AES_IV_SIZE;
1215
1216 ssl->options.usingPSK_cipher = 1;
1217 break;
1218#endif
1219
1220#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1221 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
1222 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1223 ssl->specs.cipher_type = block;
1224 ssl->specs.mac_algorithm = sha384_mac;
1225 ssl->specs.kea = dhe_psk_kea;
1226 ssl->specs.sig_algo = anonymous_sa_algo;
1227 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1228 ssl->specs.pad_size = PAD_SHA;
1229 ssl->specs.static_ecdh = 0;
1230 ssl->specs.key_size = AES_256_KEY_SIZE;
1231 ssl->specs.block_size = AES_BLOCK_SIZE;
1232 ssl->specs.iv_size = AES_IV_SIZE;
1233
1234 ssl->options.usingPSK_cipher = 1;
1235 break;
1236#endif
1237
1238#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
1239 case TLS_PSK_WITH_AES_128_CBC_SHA :
1240 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1241 ssl->specs.cipher_type = block;
1242 ssl->specs.mac_algorithm = sha_mac;
1243 ssl->specs.kea = psk_kea;
1244 ssl->specs.sig_algo = anonymous_sa_algo;
1245 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1246 ssl->specs.pad_size = PAD_SHA;
1247 ssl->specs.static_ecdh = 0;
1248 ssl->specs.key_size = AES_128_KEY_SIZE;
1249 ssl->specs.block_size = AES_BLOCK_SIZE;
1250 ssl->specs.iv_size = AES_IV_SIZE;
1251
1252 ssl->options.usingPSK_cipher = 1;
1253 break;
1254#endif
1255
1256#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
1257 case TLS_PSK_WITH_AES_256_CBC_SHA :
1258 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1259 ssl->specs.cipher_type = block;
1260 ssl->specs.mac_algorithm = sha_mac;
1261 ssl->specs.kea = psk_kea;
1262 ssl->specs.sig_algo = anonymous_sa_algo;
1263 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1264 ssl->specs.pad_size = PAD_SHA;
1265 ssl->specs.static_ecdh = 0;
1266 ssl->specs.key_size = AES_256_KEY_SIZE;
1267 ssl->specs.block_size = AES_BLOCK_SIZE;
1268 ssl->specs.iv_size = AES_IV_SIZE;
1269
1270 ssl->options.usingPSK_cipher = 1;
1271 break;
1272#endif
1273
1274#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
1275 case TLS_PSK_WITH_NULL_SHA256 :
1276 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1277 ssl->specs.cipher_type = stream;
1278 ssl->specs.mac_algorithm = sha256_mac;
1279 ssl->specs.kea = psk_kea;
1280 ssl->specs.sig_algo = anonymous_sa_algo;
1281 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1282 ssl->specs.pad_size = PAD_SHA;
1283 ssl->specs.static_ecdh = 0;
1284 ssl->specs.key_size = 0;
1285 ssl->specs.block_size = 0;
1286 ssl->specs.iv_size = 0;
1287
1288 ssl->options.usingPSK_cipher = 1;
1289 break;
1290#endif
1291
1292#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
1293 case TLS_PSK_WITH_NULL_SHA384 :
1294 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1295 ssl->specs.cipher_type = stream;
1296 ssl->specs.mac_algorithm = sha384_mac;
1297 ssl->specs.kea = psk_kea;
1298 ssl->specs.sig_algo = anonymous_sa_algo;
1299 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1300 ssl->specs.pad_size = PAD_SHA;
1301 ssl->specs.static_ecdh = 0;
1302 ssl->specs.key_size = 0;
1303 ssl->specs.block_size = 0;
1304 ssl->specs.iv_size = 0;
1305
1306 ssl->options.usingPSK_cipher = 1;
1307 break;
1308#endif
1309
1310#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
1311 case TLS_PSK_WITH_NULL_SHA :
1312 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1313 ssl->specs.cipher_type = stream;
1314 ssl->specs.mac_algorithm = sha_mac;
1315 ssl->specs.kea = psk_kea;
1316 ssl->specs.sig_algo = anonymous_sa_algo;
1317 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1318 ssl->specs.pad_size = PAD_SHA;
1319 ssl->specs.static_ecdh = 0;
1320 ssl->specs.key_size = 0;
1321 ssl->specs.block_size = 0;
1322 ssl->specs.iv_size = 0;
1323
1324 ssl->options.usingPSK_cipher = 1;
1325 break;
1326#endif
1327
1328#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
1329 case TLS_DHE_PSK_WITH_NULL_SHA256 :
1330 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1331 ssl->specs.cipher_type = stream;
1332 ssl->specs.mac_algorithm = sha256_mac;
1333 ssl->specs.kea = dhe_psk_kea;
1334 ssl->specs.sig_algo = anonymous_sa_algo;
1335 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1336 ssl->specs.pad_size = PAD_SHA;
1337 ssl->specs.static_ecdh = 0;
1338 ssl->specs.key_size = 0;
1339 ssl->specs.block_size = 0;
1340 ssl->specs.iv_size = 0;
1341
1342 ssl->options.usingPSK_cipher = 1;
1343 break;
1344#endif
1345
1346#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
1347 case TLS_DHE_PSK_WITH_NULL_SHA384 :
1348 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1349 ssl->specs.cipher_type = stream;
1350 ssl->specs.mac_algorithm = sha384_mac;
1351 ssl->specs.kea = dhe_psk_kea;
1352 ssl->specs.sig_algo = anonymous_sa_algo;
1353 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1354 ssl->specs.pad_size = PAD_SHA;
1355 ssl->specs.static_ecdh = 0;
1356 ssl->specs.key_size = 0;
1357 ssl->specs.block_size = 0;
1358 ssl->specs.iv_size = 0;
1359
1360 ssl->options.usingPSK_cipher = 1;
1361 break;
1362#endif
1363
1364#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1365 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
1366 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1367 ssl->specs.cipher_type = block;
1368 ssl->specs.mac_algorithm = sha256_mac;
1369 ssl->specs.kea = diffie_hellman_kea;
1370 ssl->specs.sig_algo = rsa_sa_algo;
1371 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1372 ssl->specs.pad_size = PAD_SHA;
1373 ssl->specs.static_ecdh = 0;
1374 ssl->specs.key_size = AES_128_KEY_SIZE;
1375 ssl->specs.block_size = AES_BLOCK_SIZE;
1376 ssl->specs.iv_size = AES_IV_SIZE;
1377
1378 break;
1379#endif
1380
1381#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1382 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
1383 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1384 ssl->specs.cipher_type = block;
1385 ssl->specs.mac_algorithm = sha256_mac;
1386 ssl->specs.kea = diffie_hellman_kea;
1387 ssl->specs.sig_algo = rsa_sa_algo;
1388 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1389 ssl->specs.pad_size = PAD_SHA;
1390 ssl->specs.static_ecdh = 0;
1391 ssl->specs.key_size = AES_256_KEY_SIZE;
1392 ssl->specs.block_size = AES_BLOCK_SIZE;
1393 ssl->specs.iv_size = AES_IV_SIZE;
1394
1395 break;
1396#endif
1397
1398#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1399 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
1400 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1401 ssl->specs.cipher_type = block;
1402 ssl->specs.mac_algorithm = sha_mac;
1403 ssl->specs.kea = diffie_hellman_kea;
1404 ssl->specs.sig_algo = rsa_sa_algo;
1405 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1406 ssl->specs.pad_size = PAD_SHA;
1407 ssl->specs.static_ecdh = 0;
1408 ssl->specs.key_size = AES_128_KEY_SIZE;
1409 ssl->specs.block_size = AES_BLOCK_SIZE;
1410 ssl->specs.iv_size = AES_IV_SIZE;
1411
1412 break;
1413#endif
1414
1415#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1416 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
1417 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1418 ssl->specs.cipher_type = block;
1419 ssl->specs.mac_algorithm = sha_mac;
1420 ssl->specs.kea = diffie_hellman_kea;
1421 ssl->specs.sig_algo = rsa_sa_algo;
1422 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1423 ssl->specs.pad_size = PAD_SHA;
1424 ssl->specs.static_ecdh = 0;
1425 ssl->specs.key_size = AES_256_KEY_SIZE;
1426 ssl->specs.block_size = AES_BLOCK_SIZE;
1427 ssl->specs.iv_size = AES_IV_SIZE;
1428
1429 break;
1430#endif
1431
1432#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
1433 case TLS_RSA_WITH_HC_128_MD5 :
1434 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1435 ssl->specs.cipher_type = stream;
1436 ssl->specs.mac_algorithm = md5_mac;
1437 ssl->specs.kea = rsa_kea;
1438 ssl->specs.sig_algo = rsa_sa_algo;
1439 ssl->specs.hash_size = MD5_DIGEST_SIZE;
1440 ssl->specs.pad_size = PAD_MD5;
1441 ssl->specs.static_ecdh = 0;
1442 ssl->specs.key_size = HC_128_KEY_SIZE;
1443 ssl->specs.block_size = 0;
1444 ssl->specs.iv_size = HC_128_IV_SIZE;
1445
1446 break;
1447#endif
1448
1449#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
1450 case TLS_RSA_WITH_HC_128_SHA :
1451 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1452 ssl->specs.cipher_type = stream;
1453 ssl->specs.mac_algorithm = sha_mac;
1454 ssl->specs.kea = rsa_kea;
1455 ssl->specs.sig_algo = rsa_sa_algo;
1456 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1457 ssl->specs.pad_size = PAD_SHA;
1458 ssl->specs.static_ecdh = 0;
1459 ssl->specs.key_size = HC_128_KEY_SIZE;
1460 ssl->specs.block_size = 0;
1461 ssl->specs.iv_size = HC_128_IV_SIZE;
1462
1463 break;
1464#endif
1465
1466#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
1467 case TLS_RSA_WITH_HC_128_B2B256:
1468 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1469 ssl->specs.cipher_type = stream;
1470 ssl->specs.mac_algorithm = blake2b_mac;
1471 ssl->specs.kea = rsa_kea;
1472 ssl->specs.sig_algo = rsa_sa_algo;
1473 ssl->specs.hash_size = BLAKE2B_256;
1474 ssl->specs.pad_size = PAD_SHA;
1475 ssl->specs.static_ecdh = 0;
1476 ssl->specs.key_size = HC_128_KEY_SIZE;
1477 ssl->specs.block_size = 0;
1478 ssl->specs.iv_size = HC_128_IV_SIZE;
1479
1480 break;
1481#endif
1482
1483#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
1484 case TLS_RSA_WITH_AES_128_CBC_B2B256:
1485 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1486 ssl->specs.cipher_type = block;
1487 ssl->specs.mac_algorithm = blake2b_mac;
1488 ssl->specs.kea = rsa_kea;
1489 ssl->specs.sig_algo = rsa_sa_algo;
1490 ssl->specs.hash_size = BLAKE2B_256;
1491 ssl->specs.pad_size = PAD_SHA;
1492 ssl->specs.static_ecdh = 0;
1493 ssl->specs.key_size = AES_128_KEY_SIZE;
1494 ssl->specs.iv_size = AES_IV_SIZE;
1495 ssl->specs.block_size = AES_BLOCK_SIZE;
1496
1497 break;
1498#endif
1499
1500#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
1501 case TLS_RSA_WITH_AES_256_CBC_B2B256:
1502 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1503 ssl->specs.cipher_type = block;
1504 ssl->specs.mac_algorithm = blake2b_mac;
1505 ssl->specs.kea = rsa_kea;
1506 ssl->specs.sig_algo = rsa_sa_algo;
1507 ssl->specs.hash_size = BLAKE2B_256;
1508 ssl->specs.pad_size = PAD_SHA;
1509 ssl->specs.static_ecdh = 0;
1510 ssl->specs.key_size = AES_256_KEY_SIZE;
1511 ssl->specs.iv_size = AES_IV_SIZE;
1512 ssl->specs.block_size = AES_BLOCK_SIZE;
1513
1514 break;
1515#endif
1516
1517#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
1518 case TLS_RSA_WITH_RABBIT_SHA :
1519 ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit;
1520 ssl->specs.cipher_type = stream;
1521 ssl->specs.mac_algorithm = sha_mac;
1522 ssl->specs.kea = rsa_kea;
1523 ssl->specs.sig_algo = rsa_sa_algo;
1524 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1525 ssl->specs.pad_size = PAD_SHA;
1526 ssl->specs.static_ecdh = 0;
1527 ssl->specs.key_size = RABBIT_KEY_SIZE;
1528 ssl->specs.block_size = 0;
1529 ssl->specs.iv_size = RABBIT_IV_SIZE;
1530
1531 break;
1532#endif
1533
1534#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
1535 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
1536 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1537 ssl->specs.cipher_type = aead;
1538 ssl->specs.mac_algorithm = sha256_mac;
1539 ssl->specs.kea = rsa_kea;
1540 ssl->specs.sig_algo = rsa_sa_algo;
1541 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1542 ssl->specs.pad_size = PAD_SHA;
1543 ssl->specs.static_ecdh = 0;
1544 ssl->specs.key_size = AES_128_KEY_SIZE;
1545 ssl->specs.block_size = AES_BLOCK_SIZE;
1546 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1547 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1548
1549 break;
1550#endif
1551
1552#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
1553 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
1554 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1555 ssl->specs.cipher_type = aead;
1556 ssl->specs.mac_algorithm = sha384_mac;
1557 ssl->specs.kea = rsa_kea;
1558 ssl->specs.sig_algo = rsa_sa_algo;
1559 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1560 ssl->specs.pad_size = PAD_SHA;
1561 ssl->specs.static_ecdh = 0;
1562 ssl->specs.key_size = AES_256_KEY_SIZE;
1563 ssl->specs.block_size = AES_BLOCK_SIZE;
1564 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1565 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1566
1567 break;
1568#endif
1569
1570#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1571 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
1572 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1573 ssl->specs.cipher_type = aead;
1574 ssl->specs.mac_algorithm = sha256_mac;
1575 ssl->specs.kea = diffie_hellman_kea;
1576 ssl->specs.sig_algo = rsa_sa_algo;
1577 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1578 ssl->specs.pad_size = PAD_SHA;
1579 ssl->specs.static_ecdh = 0;
1580 ssl->specs.key_size = AES_128_KEY_SIZE;
1581 ssl->specs.block_size = AES_BLOCK_SIZE;
1582 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1583 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1584
1585 break;
1586#endif
1587
1588#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1589 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
1590 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1591 ssl->specs.cipher_type = aead;
1592 ssl->specs.mac_algorithm = sha384_mac;
1593 ssl->specs.kea = diffie_hellman_kea;
1594 ssl->specs.sig_algo = rsa_sa_algo;
1595 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1596 ssl->specs.pad_size = PAD_SHA;
1597 ssl->specs.static_ecdh = 0;
1598 ssl->specs.key_size = AES_256_KEY_SIZE;
1599 ssl->specs.block_size = AES_BLOCK_SIZE;
1600 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1601 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1602
1603 break;
1604#endif
1605
1606#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1607 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
1608 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1609 ssl->specs.cipher_type = block;
1610 ssl->specs.mac_algorithm = sha_mac;
1611 ssl->specs.kea = rsa_kea;
1612 ssl->specs.sig_algo = rsa_sa_algo;
1613 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1614 ssl->specs.pad_size = PAD_SHA;
1615 ssl->specs.static_ecdh = 0;
1616 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1617 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1618 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1619
1620 break;
1621#endif
1622
1623#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1624 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
1625 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1626 ssl->specs.cipher_type = block;
1627 ssl->specs.mac_algorithm = sha_mac;
1628 ssl->specs.kea = rsa_kea;
1629 ssl->specs.sig_algo = rsa_sa_algo;
1630 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1631 ssl->specs.pad_size = PAD_SHA;
1632 ssl->specs.static_ecdh = 0;
1633 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1634 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1635 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1636
1637 break;
1638#endif
1639
1640#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1641 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1642 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1643 ssl->specs.cipher_type = block;
1644 ssl->specs.mac_algorithm = sha256_mac;
1645 ssl->specs.kea = rsa_kea;
1646 ssl->specs.sig_algo = rsa_sa_algo;
1647 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1648 ssl->specs.pad_size = PAD_SHA;
1649 ssl->specs.static_ecdh = 0;
1650 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1651 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1652 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1653
1654 break;
1655#endif
1656
1657#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
1658 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
1659 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1660 ssl->specs.cipher_type = block;
1661 ssl->specs.mac_algorithm = sha256_mac;
1662 ssl->specs.kea = rsa_kea;
1663 ssl->specs.sig_algo = rsa_sa_algo;
1664 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1665 ssl->specs.pad_size = PAD_SHA;
1666 ssl->specs.static_ecdh = 0;
1667 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1668 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1669 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1670
1671 break;
1672#endif
1673
1674#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
1675 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
1676 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1677 ssl->specs.cipher_type = block;
1678 ssl->specs.mac_algorithm = sha_mac;
1679 ssl->specs.kea = diffie_hellman_kea;
1680 ssl->specs.sig_algo = rsa_sa_algo;
1681 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1682 ssl->specs.pad_size = PAD_SHA;
1683 ssl->specs.static_ecdh = 0;
1684 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1685 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1686 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1687
1688 break;
1689#endif
1690
1691#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1692 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
1693 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1694 ssl->specs.cipher_type = block;
1695 ssl->specs.mac_algorithm = sha_mac;
1696 ssl->specs.kea = diffie_hellman_kea;
1697 ssl->specs.sig_algo = rsa_sa_algo;
1698 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1699 ssl->specs.pad_size = PAD_SHA;
1700 ssl->specs.static_ecdh = 0;
1701 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1702 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1703 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1704
1705 break;
1706#endif
1707
1708#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1709 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1710 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1711 ssl->specs.cipher_type = block;
1712 ssl->specs.mac_algorithm = sha256_mac;
1713 ssl->specs.kea = diffie_hellman_kea;
1714 ssl->specs.sig_algo = rsa_sa_algo;
1715 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1716 ssl->specs.pad_size = PAD_SHA;
1717 ssl->specs.static_ecdh = 0;
1718 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1719 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1720 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1721
1722 break;
1723#endif
1724
1725#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
1726 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
1727 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1728 ssl->specs.cipher_type = block;
1729 ssl->specs.mac_algorithm = sha256_mac;
1730 ssl->specs.kea = diffie_hellman_kea;
1731 ssl->specs.sig_algo = rsa_sa_algo;
1732 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1733 ssl->specs.pad_size = PAD_SHA;
1734 ssl->specs.static_ecdh = 0;
1735 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1736 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1737 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1738
1739 break;
1740#endif
1741
1742#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
1743 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
1744 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1745 ssl->specs.cipher_type = block;
1746 ssl->specs.mac_algorithm = sha_mac;
1747 ssl->specs.kea = diffie_hellman_kea;
1748 ssl->specs.sig_algo = anonymous_sa_algo;
1749 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1750 ssl->specs.pad_size = PAD_SHA;
1751 ssl->specs.static_ecdh = 0;
1752 ssl->specs.key_size = AES_128_KEY_SIZE;
1753 ssl->specs.block_size = AES_BLOCK_SIZE;
1754 ssl->specs.iv_size = AES_IV_SIZE;
1755
1756 ssl->options.usingAnon_cipher = 1;
1757 break;
1758#endif
1759
1760#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
1761 case SSL_RSA_WITH_IDEA_CBC_SHA :
1762 ssl->specs.bulk_cipher_algorithm = wolfssl_idea;
1763 ssl->specs.cipher_type = block;
1764 ssl->specs.mac_algorithm = sha_mac;
1765 ssl->specs.kea = rsa_kea;
1766 ssl->specs.sig_algo = rsa_sa_algo;
1767 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1768 ssl->specs.pad_size = PAD_SHA;
1769 ssl->specs.static_ecdh = 0;
1770 ssl->specs.key_size = IDEA_KEY_SIZE;
1771 ssl->specs.block_size = IDEA_BLOCK_SIZE;
1772 ssl->specs.iv_size = IDEA_IV_SIZE;
1773
1774 break;
1775#endif
1776
1777 default:
1778 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
1779 return UNSUPPORTED_SUITE;
1780 } /* switch */
1781 } /* if ECC / Normal suites else */
1782
1783 /* set TLS if it hasn't been turned off */
1784 if (ssl->version.major == 3 && ssl->version.minor >= 1) {
1785#ifndef NO_TLS
1786 ssl->options.tls = 1;
1787 ssl->hmac = TLS_hmac;
1788 if (ssl->version.minor >= 2)
1789 ssl->options.tls1_1 = 1;
1790#endif
1791 }
1792
1793#ifdef WOLFSSL_DTLS
1794 if (ssl->options.dtls)
1795 ssl->hmac = TLS_hmac;
1796#endif
1797
1798 return 0;
1799}
1800
1801
1802enum KeyStuff {
1803 MASTER_ROUNDS = 3,
1804 PREFIX = 3, /* up to three letters for master prefix */
1805 KEY_PREFIX = 7 /* up to 7 prefix letters for key rounds */
1806
1807
1808};
1809
1810#ifndef NO_OLD_TLS
1811/* true or false, zero for error */
1812static int SetPrefix(byte* sha_input, int idx)
1813{
1814 switch (idx) {
1815 case 0:
1816 XMEMCPY(sha_input, "A", 1);
1817 break;
1818 case 1:
1819 XMEMCPY(sha_input, "BB", 2);
1820 break;
1821 case 2:
1822 XMEMCPY(sha_input, "CCC", 3);
1823 break;
1824 case 3:
1825 XMEMCPY(sha_input, "DDDD", 4);
1826 break;
1827 case 4:
1828 XMEMCPY(sha_input, "EEEEE", 5);
1829 break;
1830 case 5:
1831 XMEMCPY(sha_input, "FFFFFF", 6);
1832 break;
1833 case 6:
1834 XMEMCPY(sha_input, "GGGGGGG", 7);
1835 break;
1836 default:
1837 WOLFSSL_MSG("Set Prefix error, bad input");
1838 return 0;
1839 }
1840 return 1;
1841}
1842#endif
1843
1844
1845static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
1846 int side, void* heap, int devId)
1847{
1848#ifdef BUILD_ARC4
1849 word32 sz = specs->key_size;
1850 if (specs->bulk_cipher_algorithm == wolfssl_rc4) {
1851 if (enc && enc->arc4 == NULL)
1852 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
1853 if (enc && enc->arc4 == NULL)
1854 return MEMORY_E;
1855 if (dec && dec->arc4 == NULL)
1856 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
1857 if (dec && dec->arc4 == NULL)
1858 return MEMORY_E;
1859#ifdef HAVE_CAVIUM
1860 if (devId != NO_CAVIUM_DEVICE) {
1861 if (enc) {
1862 if (Arc4InitCavium(enc->arc4, devId) != 0) {
1863 WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
1864 return CAVIUM_INIT_E;
1865 }
1866 }
1867 if (dec) {
1868 if (Arc4InitCavium(dec->arc4, devId) != 0) {
1869 WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
1870 return CAVIUM_INIT_E;
1871 }
1872 }
1873 }
1874#endif
1875 if (side == WOLFSSL_CLIENT_END) {
1876 if (enc)
1877 wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
1878 if (dec)
1879 wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz);
1880 }
1881 else {
1882 if (enc)
1883 wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz);
1884 if (dec)
1885 wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz);
1886 }
1887 if (enc)
1888 enc->setup = 1;
1889 if (dec)
1890 dec->setup = 1;
1891 }
1892#endif
1893
1894
1895#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
1896 if (specs->bulk_cipher_algorithm == wolfssl_chacha) {
1897 int chachaRet;
1898 if (enc && enc->chacha == NULL)
1899 enc->chacha =
1900 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
1901 if (enc && enc->chacha == NULL)
1902 return MEMORY_E;
1903 if (dec && dec->chacha == NULL)
1904 dec->chacha =
1905 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
1906 if (dec && dec->chacha == NULL)
1907 return MEMORY_E;
1908 if (side == WOLFSSL_CLIENT_END) {
1909 if (enc) {
1910 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key,
1911 specs->key_size);
1912 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
1913 AEAD_IMP_IV_SZ);
1914 if (chachaRet != 0) return chachaRet;
1915 }
1916 if (dec) {
1917 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key,
1918 specs->key_size);
1919 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
1920 AEAD_IMP_IV_SZ);
1921 if (chachaRet != 0) return chachaRet;
1922 }
1923 }
1924 else {
1925 if (enc) {
1926 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key,
1927 specs->key_size);
1928 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
1929 AEAD_IMP_IV_SZ);
1930 if (chachaRet != 0) return chachaRet;
1931 }
1932 if (dec) {
1933 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key,
1934 specs->key_size);
1935 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
1936 AEAD_IMP_IV_SZ);
1937 if (chachaRet != 0) return chachaRet;
1938 }
1939 }
1940
1941 if (enc)
1942 enc->setup = 1;
1943 if (dec)
1944 dec->setup = 1;
1945 }
1946#endif
1947
1948#ifdef HAVE_HC128
1949 if (specs->bulk_cipher_algorithm == wolfssl_hc128) {
1950 int hcRet;
1951 if (enc && enc->hc128 == NULL)
1952 enc->hc128 =
1953 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
1954 if (enc && enc->hc128 == NULL)
1955 return MEMORY_E;
1956 if (dec && dec->hc128 == NULL)
1957 dec->hc128 =
1958 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
1959 if (dec && dec->hc128 == NULL)
1960 return MEMORY_E;
1961 if (side == WOLFSSL_CLIENT_END) {
1962 if (enc) {
1963 hcRet = wc_Hc128_SetKey(enc->hc128, keys->client_write_key,
1964 keys->client_write_IV);
1965 if (hcRet != 0) return hcRet;
1966 }
1967 if (dec) {
1968 hcRet = wc_Hc128_SetKey(dec->hc128, keys->server_write_key,
1969 keys->server_write_IV);
1970 if (hcRet != 0) return hcRet;
1971 }
1972 }
1973 else {
1974 if (enc) {
1975 hcRet = wc_Hc128_SetKey(enc->hc128, keys->server_write_key,
1976 keys->server_write_IV);
1977 if (hcRet != 0) return hcRet;
1978 }
1979 if (dec) {
1980 hcRet = wc_Hc128_SetKey(dec->hc128, keys->client_write_key,
1981 keys->client_write_IV);
1982 if (hcRet != 0) return hcRet;
1983 }
1984 }
1985 if (enc)
1986 enc->setup = 1;
1987 if (dec)
1988 dec->setup = 1;
1989 }
1990#endif
1991
1992#ifdef BUILD_RABBIT
1993 if (specs->bulk_cipher_algorithm == wolfssl_rabbit) {
1994 int rabRet;
1995 if (enc && enc->rabbit == NULL)
1996 enc->rabbit =
1997 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
1998 if (enc && enc->rabbit == NULL)
1999 return MEMORY_E;
2000 if (dec && dec->rabbit == NULL)
2001 dec->rabbit =
2002 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
2003 if (dec && dec->rabbit == NULL)
2004 return MEMORY_E;
2005 if (side == WOLFSSL_CLIENT_END) {
2006 if (enc) {
2007 rabRet = wc_RabbitSetKey(enc->rabbit, keys->client_write_key,
2008 keys->client_write_IV);
2009 if (rabRet != 0) return rabRet;
2010 }
2011 if (dec) {
2012 rabRet = wc_RabbitSetKey(dec->rabbit, keys->server_write_key,
2013 keys->server_write_IV);
2014 if (rabRet != 0) return rabRet;
2015 }
2016 }
2017 else {
2018 if (enc) {
2019 rabRet = wc_RabbitSetKey(enc->rabbit, keys->server_write_key,
2020 keys->server_write_IV);
2021 if (rabRet != 0) return rabRet;
2022 }
2023 if (dec) {
2024 rabRet = wc_RabbitSetKey(dec->rabbit, keys->client_write_key,
2025 keys->client_write_IV);
2026 if (rabRet != 0) return rabRet;
2027 }
2028 }
2029 if (enc)
2030 enc->setup = 1;
2031 if (dec)
2032 dec->setup = 1;
2033 }
2034#endif
2035
2036#ifdef BUILD_DES3
2037 if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
2038 int desRet = 0;
2039
2040 if (enc && enc->des3 == NULL)
2041 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2042 if (enc && enc->des3 == NULL)
2043 return MEMORY_E;
2044 if (dec && dec->des3 == NULL)
2045 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2046 if (dec && dec->des3 == NULL)
2047 return MEMORY_E;
2048#ifdef HAVE_CAVIUM
2049 if (devId != NO_CAVIUM_DEVICE) {
2050 if (enc) {
2051 if (Des3_InitCavium(enc->des3, devId) != 0) {
2052 WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
2053 return CAVIUM_INIT_E;
2054 }
2055 }
2056 if (dec) {
2057 if (Des3_InitCavium(dec->des3, devId) != 0) {
2058 WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
2059 return CAVIUM_INIT_E;
2060 }
2061 }
2062 }
2063#endif
2064 if (side == WOLFSSL_CLIENT_END) {
2065 if (enc) {
2066 desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
2067 keys->client_write_IV, DES_ENCRYPTION);
2068 if (desRet != 0) return desRet;
2069 }
2070 if (dec) {
2071 desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key,
2072 keys->server_write_IV, DES_DECRYPTION);
2073 if (desRet != 0) return desRet;
2074 }
2075 }
2076 else {
2077 if (enc) {
2078 desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key,
2079 keys->server_write_IV, DES_ENCRYPTION);
2080 if (desRet != 0) return desRet;
2081 }
2082 if (dec) {
2083 desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key,
2084 keys->client_write_IV, DES_DECRYPTION);
2085 if (desRet != 0) return desRet;
2086 }
2087 }
2088 if (enc)
2089 enc->setup = 1;
2090 if (dec)
2091 dec->setup = 1;
2092 }
2093#endif
2094
2095#ifdef BUILD_AES
2096 if (specs->bulk_cipher_algorithm == wolfssl_aes) {
2097 int aesRet = 0;
2098
2099 if (enc && enc->aes == NULL)
2100 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2101 if (enc && enc->aes == NULL)
2102 return MEMORY_E;
2103 if (dec && dec->aes == NULL)
2104 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2105 if (dec && dec->aes == NULL)
2106 return MEMORY_E;
2107#ifdef HAVE_CAVIUM
2108 if (devId != NO_CAVIUM_DEVICE) {
2109 if (enc) {
2110 if (wc_AesInitCavium(enc->aes, devId) != 0) {
2111 WOLFSSL_MSG("AesInitCavium failed in SetKeys");
2112 return CAVIUM_INIT_E;
2113 }
2114 }
2115 if (dec) {
2116 if (wc_AesInitCavium(dec->aes, devId) != 0) {
2117 WOLFSSL_MSG("AesInitCavium failed in SetKeys");
2118 return CAVIUM_INIT_E;
2119 }
2120 }
2121 }
2122#endif
2123 if (side == WOLFSSL_CLIENT_END) {
2124 if (enc) {
2125 aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
2126 specs->key_size, keys->client_write_IV,
2127 AES_ENCRYPTION);
2128 if (aesRet != 0) return aesRet;
2129 }
2130 if (dec) {
2131 aesRet = wc_AesSetKey(dec->aes, keys->server_write_key,
2132 specs->key_size, keys->server_write_IV,
2133 AES_DECRYPTION);
2134 if (aesRet != 0) return aesRet;
2135 }
2136 }
2137 else {
2138 if (enc) {
2139 aesRet = wc_AesSetKey(enc->aes, keys->server_write_key,
2140 specs->key_size, keys->server_write_IV,
2141 AES_ENCRYPTION);
2142 if (aesRet != 0) return aesRet;
2143 }
2144 if (dec) {
2145 aesRet = wc_AesSetKey(dec->aes, keys->client_write_key,
2146 specs->key_size, keys->client_write_IV,
2147 AES_DECRYPTION);
2148 if (aesRet != 0) return aesRet;
2149 }
2150 }
2151 if (enc)
2152 enc->setup = 1;
2153 if (dec)
2154 dec->setup = 1;
2155 }
2156#endif
2157
2158#ifdef BUILD_AESGCM
2159 if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
2160 int gcmRet;
2161
2162 if (enc && enc->aes == NULL)
2163 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2164 if (enc && enc->aes == NULL)
2165 return MEMORY_E;
2166 if (dec && dec->aes == NULL)
2167 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2168 if (dec && dec->aes == NULL)
2169 return MEMORY_E;
2170
2171 if (side == WOLFSSL_CLIENT_END) {
2172 if (enc) {
2173 gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key,
2174 specs->key_size);
2175 if (gcmRet != 0) return gcmRet;
2176 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2177 AEAD_IMP_IV_SZ);
2178 }
2179 if (dec) {
2180 gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
2181 specs->key_size);
2182 if (gcmRet != 0) return gcmRet;
2183 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2184 AEAD_IMP_IV_SZ);
2185 }
2186 }
2187 else {
2188 if (enc) {
2189 gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key,
2190 specs->key_size);
2191 if (gcmRet != 0) return gcmRet;
2192 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2193 AEAD_IMP_IV_SZ);
2194 }
2195 if (dec) {
2196 gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
2197 specs->key_size);
2198 if (gcmRet != 0) return gcmRet;
2199 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2200 AEAD_IMP_IV_SZ);
2201 }
2202 }
2203 if (enc)
2204 enc->setup = 1;
2205 if (dec)
2206 dec->setup = 1;
2207 }
2208#endif
2209
2210#ifdef HAVE_AESCCM
2211 if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
2212 if (enc && enc->aes == NULL)
2213 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2214 if (enc && enc->aes == NULL)
2215 return MEMORY_E;
2216 if (dec && dec->aes == NULL)
2217 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2218 if (dec && dec->aes == NULL)
2219 return MEMORY_E;
2220
2221 if (side == WOLFSSL_CLIENT_END) {
2222 if (enc) {
2223 wc_AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
2224 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2225 AEAD_IMP_IV_SZ);
2226 }
2227 if (dec) {
2228 wc_AesCcmSetKey(dec->aes, keys->server_write_key, specs->key_size);
2229 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2230 AEAD_IMP_IV_SZ);
2231 }
2232 }
2233 else {
2234 if (enc) {
2235 wc_AesCcmSetKey(enc->aes, keys->server_write_key, specs->key_size);
2236 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2237 AEAD_IMP_IV_SZ);
2238 }
2239 if (dec) {
2240 wc_AesCcmSetKey(dec->aes, keys->client_write_key, specs->key_size);
2241 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2242 AEAD_IMP_IV_SZ);
2243 }
2244 }
2245 if (enc)
2246 enc->setup = 1;
2247 if (dec)
2248 dec->setup = 1;
2249 }
2250#endif
2251
2252#ifdef HAVE_CAMELLIA
2253 if (specs->bulk_cipher_algorithm == wolfssl_camellia) {
2254 int camRet;
2255
2256 if (enc && enc->cam == NULL)
2257 enc->cam =
2258 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2259 if (enc && enc->cam == NULL)
2260 return MEMORY_E;
2261
2262 if (dec && dec->cam == NULL)
2263 dec->cam =
2264 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2265 if (dec && dec->cam == NULL)
2266 return MEMORY_E;
2267
2268 if (side == WOLFSSL_CLIENT_END) {
2269 if (enc) {
2270 camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key,
2271 specs->key_size, keys->client_write_IV);
2272 if (camRet != 0) return camRet;
2273 }
2274 if (dec) {
2275 camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key,
2276 specs->key_size, keys->server_write_IV);
2277 if (camRet != 0) return camRet;
2278 }
2279 }
2280 else {
2281 if (enc) {
2282 camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key,
2283 specs->key_size, keys->server_write_IV);
2284 if (camRet != 0) return camRet;
2285 }
2286 if (dec) {
2287 camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key,
2288 specs->key_size, keys->client_write_IV);
2289 if (camRet != 0) return camRet;
2290 }
2291 }
2292 if (enc)
2293 enc->setup = 1;
2294 if (dec)
2295 dec->setup = 1;
2296 }
2297#endif
2298
2299#ifdef HAVE_IDEA
2300 if (specs->bulk_cipher_algorithm == wolfssl_idea) {
2301 int ideaRet;
2302
2303 if (enc && enc->idea == NULL)
2304 enc->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
2305 if (enc && enc->idea == NULL)
2306 return MEMORY_E;
2307
2308 if (dec && dec->idea == NULL)
2309 dec->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
2310 if (dec && dec->idea == NULL)
2311 return MEMORY_E;
2312
2313 if (side == WOLFSSL_CLIENT_END) {
2314 if (enc) {
2315 ideaRet = wc_IdeaSetKey(enc->idea, keys->client_write_key,
2316 specs->key_size, keys->client_write_IV,
2317 IDEA_ENCRYPTION);
2318 if (ideaRet != 0) return ideaRet;
2319 }
2320 if (dec) {
2321 ideaRet = wc_IdeaSetKey(dec->idea, keys->server_write_key,
2322 specs->key_size, keys->server_write_IV,
2323 IDEA_DECRYPTION);
2324 if (ideaRet != 0) return ideaRet;
2325 }
2326 }
2327 else {
2328 if (enc) {
2329 ideaRet = wc_IdeaSetKey(enc->idea, keys->server_write_key,
2330 specs->key_size, keys->server_write_IV,
2331 IDEA_ENCRYPTION);
2332 if (ideaRet != 0) return ideaRet;
2333 }
2334 if (dec) {
2335 ideaRet = wc_IdeaSetKey(dec->idea, keys->client_write_key,
2336 specs->key_size, keys->client_write_IV,
2337 IDEA_DECRYPTION);
2338 if (ideaRet != 0) return ideaRet;
2339 }
2340 }
2341 if (enc)
2342 enc->setup = 1;
2343 if (dec)
2344 dec->setup = 1;
2345 }
2346#endif
2347
2348#ifdef HAVE_NULL_CIPHER
2349 if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
2350 if (enc)
2351 enc->setup = 1;
2352 if (dec)
2353 dec->setup = 1;
2354 }
2355#endif
2356
2357 if (enc)
2358 keys->sequence_number = 0;
2359 if (dec)
2360 keys->peer_sequence_number = 0;
2361 (void)side;
2362 (void)heap;
2363 (void)enc;
2364 (void)dec;
2365 (void)specs;
2366 (void)devId;
2367
2368 return 0;
2369}
2370
2371
2372#ifdef HAVE_ONE_TIME_AUTH
2373/* set one time authentication keys */
2374static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
2375 CipherSpecs* specs, void* heap, int devId)
2376{
2377
2378#ifdef HAVE_POLY1305
2379 /* set up memory space for poly1305 */
2380 if (authentication && authentication->poly1305 == NULL)
2381 authentication->poly1305 =
2382 (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER);
2383 if (authentication && authentication->poly1305 == NULL)
2384 return MEMORY_E;
2385 if (authentication)
2386 authentication->setup = 1;
2387#endif
2388 (void)heap;
2389 (void)keys;
2390 (void)specs;
2391 (void)devId;
2392
2393 return 0;
2394}
2395#endif /* HAVE_ONE_TIME_AUTH */
2396
2397
2398/* Set wc_encrypt/wc_decrypt or both sides of key setup
2399 * note: use wc_encrypt to avoid shadowing global encrypt
2400 * declared in unistd.h
2401 */
2402int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
2403{
2404 int devId = NO_CAVIUM_DEVICE, ret, copy = 0;
2405 Ciphers* wc_encrypt = NULL;
2406 Ciphers* wc_decrypt = NULL;
2407 Keys* keys = &ssl->keys;
2408
2409 (void)copy;
2410
2411#ifdef HAVE_CAVIUM
2412 devId = ssl->devId;
2413#endif
2414
2415#ifdef HAVE_SECURE_RENEGOTIATION
2416 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) {
2417 keys = &ssl->secure_renegotiation->tmp_keys;
2418 copy = 1;
2419 }
2420#endif /* HAVE_SECURE_RENEGOTIATION */
2421
2422 switch (side) {
2423 case ENCRYPT_SIDE_ONLY:
2424 wc_encrypt = &ssl->encrypt;
2425 break;
2426
2427 case DECRYPT_SIDE_ONLY:
2428 wc_decrypt = &ssl->decrypt;
2429 break;
2430
2431 case ENCRYPT_AND_DECRYPT_SIDE:
2432 wc_encrypt = &ssl->encrypt;
2433 wc_decrypt = &ssl->decrypt;
2434 break;
2435
2436 default:
2437 return BAD_FUNC_ARG;
2438 }
2439
2440#ifdef HAVE_ONE_TIME_AUTH
2441 if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){
2442 ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, devId);
2443 if (ret != 0)
2444 return ret;
2445 }
2446#endif
2447
2448 ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
2449 ssl->heap, devId);
2450
2451#ifdef HAVE_SECURE_RENEGOTIATION
2452 if (copy) {
2453 int clientCopy = 0;
2454
2455 if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt)
2456 clientCopy = 1;
2457 else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt)
2458 clientCopy = 1;
2459
2460 if (clientCopy) {
2461 XMEMCPY(ssl->keys.client_write_MAC_secret,
2462 keys->client_write_MAC_secret, MAX_DIGEST_SIZE);
2463 XMEMCPY(ssl->keys.client_write_key,
2464 keys->client_write_key, AES_256_KEY_SIZE);
2465 XMEMCPY(ssl->keys.client_write_IV,
2466 keys->client_write_IV, AES_IV_SIZE);
2467 } else {
2468 XMEMCPY(ssl->keys.server_write_MAC_secret,
2469 keys->server_write_MAC_secret, MAX_DIGEST_SIZE);
2470 XMEMCPY(ssl->keys.server_write_key,
2471 keys->server_write_key, AES_256_KEY_SIZE);
2472 XMEMCPY(ssl->keys.server_write_IV,
2473 keys->server_write_IV, AES_IV_SIZE);
2474 }
2475 if (wc_encrypt) {
2476 ssl->keys.sequence_number = keys->sequence_number;
2477 #ifdef HAVE_AEAD
2478 if (ssl->specs.cipher_type == aead) {
2479 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
2480 XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
2481 AEAD_EXP_IV_SZ);
2482
2483 /* Initialize encrypt implicit IV by encrypt side */
2484 if (ssl->options.side == WOLFSSL_CLIENT_END) {
2485 XMEMCPY(ssl->keys.aead_enc_imp_IV,
2486 keys->client_write_IV, AEAD_IMP_IV_SZ);
2487 } else {
2488 XMEMCPY(ssl->keys.aead_enc_imp_IV,
2489 keys->server_write_IV, AEAD_IMP_IV_SZ);
2490 }
2491 }
2492 #endif
2493 }
2494 if (wc_decrypt) {
2495 ssl->keys.peer_sequence_number = keys->peer_sequence_number;
2496 #ifdef HAVE_AEAD
2497 if (ssl->specs.cipher_type == aead) {
2498 /* Initialize decrypt implicit IV by decrypt side */
2499 if (ssl->options.side == WOLFSSL_SERVER_END) {
2500 XMEMCPY(ssl->keys.aead_dec_imp_IV,
2501 keys->client_write_IV, AEAD_IMP_IV_SZ);
2502 } else {
2503 XMEMCPY(ssl->keys.aead_dec_imp_IV,
2504 keys->server_write_IV, AEAD_IMP_IV_SZ);
2505 }
2506 }
2507 #endif
2508 }
2509 ssl->secure_renegotiation->cache_status++;
2510 }
2511#endif /* HAVE_SECURE_RENEGOTIATION */
2512
2513 return ret;
2514}
2515
2516
2517/* TLS can call too */
2518int StoreKeys(WOLFSSL* ssl, const byte* keyData)
2519{
2520 int sz, i = 0;
2521 Keys* keys = &ssl->keys;
2522
2523#ifdef HAVE_SECURE_RENEGOTIATION
2524 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status ==
2525 SCR_CACHE_NEEDED) {
2526 keys = &ssl->secure_renegotiation->tmp_keys;
2527 ssl->secure_renegotiation->cache_status++;
2528 }
2529#endif /* HAVE_SECURE_RENEGOTIATION */
2530
2531 if (ssl->specs.cipher_type != aead) {
2532 sz = ssl->specs.hash_size;
2533 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
2534 i += sz;
2535 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
2536 i += sz;
2537 }
2538 sz = ssl->specs.key_size;
2539 XMEMCPY(keys->client_write_key, &keyData[i], sz);
2540 i += sz;
2541 XMEMCPY(keys->server_write_key, &keyData[i], sz);
2542 i += sz;
2543
2544 sz = ssl->specs.iv_size;
2545 XMEMCPY(keys->client_write_IV, &keyData[i], sz);
2546 i += sz;
2547 XMEMCPY(keys->server_write_IV, &keyData[i], sz);
2548
2549#ifdef HAVE_AEAD
2550 if (ssl->specs.cipher_type == aead) {
2551 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
2552 XMEMSET(keys->aead_exp_IV, 0, AEAD_EXP_IV_SZ);
2553 }
2554#endif
2555
2556 return 0;
2557}
2558
2559#ifndef NO_OLD_TLS
2560int DeriveKeys(WOLFSSL* ssl)
2561{
2562 int length = 2 * ssl->specs.hash_size +
2563 2 * ssl->specs.key_size +
2564 2 * ssl->specs.iv_size;
2565 int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
2566 int ret = 0;
2567
2568#ifdef WOLFSSL_SMALL_STACK
2569 byte* shaOutput;
2570 byte* md5Input;
2571 byte* shaInput;
2572 byte* keyData;
2573 Md5* md5;
2574 Sha* sha;
2575#else
2576 byte shaOutput[SHA_DIGEST_SIZE];
2577 byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE];
2578 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
2579 byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE];
2580 Md5 md5[1];
2581 Sha sha[1];
2582#endif
2583
2584#ifdef WOLFSSL_SMALL_STACK
2585 shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
2586 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2587 md5Input = (byte*)XMALLOC(SECRET_LEN + SHA_DIGEST_SIZE,
2588 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2589 shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN,
2590 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2591 keyData = (byte*)XMALLOC(KEY_PREFIX * MD5_DIGEST_SIZE,
2592 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2593 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
2594 sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
2595
2596 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
2597 keyData == NULL || md5 == NULL || sha == NULL) {
2598 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2599 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2600 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2601 if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2602 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2603 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2604
2605 return MEMORY_E;
2606 }
2607#endif
2608
2609 wc_InitMd5(md5);
2610
2611 ret = wc_InitSha(sha);
2612
2613 if (ret == 0) {
2614 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
2615
2616 for (i = 0; i < rounds; ++i) {
2617 int j = i + 1;
2618 int idx = j;
2619
2620 if (!SetPrefix(shaInput, i)) {
2621 ret = PREFIX_ERROR;
2622 break;
2623 }
2624
2625 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
2626 idx += SECRET_LEN;
2627 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
2628 idx += RAN_LEN;
2629 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
2630
2631 wc_ShaUpdate(sha, shaInput, (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN)
2632 - KEY_PREFIX + j);
2633 wc_ShaFinal(sha, shaOutput);
2634
2635 XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE);
2636 wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE);
2637 wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE);
2638 }
2639
2640 if (ret == 0)
2641 ret = StoreKeys(ssl, keyData);
2642 }
2643
2644#ifdef WOLFSSL_SMALL_STACK
2645 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2646 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2647 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2648 XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2649 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2650 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2651#endif
2652
2653 return ret;
2654}
2655
2656
2657static int CleanPreMaster(WOLFSSL* ssl)
2658{
2659 int i, ret, sz = ssl->arrays->preMasterSz;
2660
2661 for (i = 0; i < sz; i++)
2662 ssl->arrays->preMasterSecret[i] = 0;
2663
2664 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
2665 if (ret != 0)
2666 return ret;
2667
2668 for (i = 0; i < sz; i++)
2669 ssl->arrays->preMasterSecret[i] = 0;
2670
2671 return 0;
2672}
2673
2674
2675/* Create and store the master secret see page 32, 6.1 */
2676static int MakeSslMasterSecret(WOLFSSL* ssl)
2677{
2678 int i, ret;
2679 word32 idx;
2680 word32 pmsSz = ssl->arrays->preMasterSz;
2681
2682#ifdef WOLFSSL_SMALL_STACK
2683 byte* shaOutput;
2684 byte* md5Input;
2685 byte* shaInput;
2686 Md5* md5;
2687 Sha* sha;
2688#else
2689 byte shaOutput[SHA_DIGEST_SIZE];
2690 byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
2691 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
2692 Md5 md5[1];
2693 Sha sha[1];
2694#endif
2695
2696#ifdef SHOW_SECRETS
2697 {
2698 word32 j;
2699 printf("pre master secret: ");
2700 for (j = 0; j < pmsSz; j++)
2701 printf("%02x", ssl->arrays->preMasterSecret[j]);
2702 printf("\n");
2703 }
2704#endif
2705
2706#ifdef WOLFSSL_SMALL_STACK
2707 shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
2708 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2709 md5Input = (byte*)XMALLOC(ENCRYPT_LEN + SHA_DIGEST_SIZE,
2710 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2711 shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN,
2712 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2713 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
2714 sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
2715
2716 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
2717 md5 == NULL || sha == NULL) {
2718 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2719 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2720 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2721 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2722 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2723
2724 return MEMORY_E;
2725 }
2726#endif
2727
2728 wc_InitMd5(md5);
2729
2730 ret = wc_InitSha(sha);
2731
2732 if (ret == 0) {
2733 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
2734
2735 for (i = 0; i < MASTER_ROUNDS; ++i) {
2736 byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */
2737 if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */
2738 ret = PREFIX_ERROR;
2739 break;
2740 }
2741
2742 idx = 0;
2743 XMEMCPY(shaInput, prefix, i + 1);
2744 idx += i + 1;
2745
2746 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
2747 idx += pmsSz;
2748 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
2749 idx += RAN_LEN;
2750 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
2751 idx += RAN_LEN;
2752 wc_ShaUpdate(sha, shaInput, idx);
2753 wc_ShaFinal(sha, shaOutput);
2754
2755 idx = pmsSz; /* preSz */
2756 XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
2757 idx += SHA_DIGEST_SIZE;
2758 wc_Md5Update(md5, md5Input, idx);
2759 wc_Md5Final(md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]);
2760 }
2761
2762#ifdef SHOW_SECRETS
2763 {
2764 word32 j;
2765 printf("master secret: ");
2766 for (j = 0; j < SECRET_LEN; j++)
2767 printf("%02x", ssl->arrays->masterSecret[j]);
2768 printf("\n");
2769 }
2770#endif
2771
2772 if (ret == 0)
2773 ret = DeriveKeys(ssl);
2774 }
2775
2776#ifdef WOLFSSL_SMALL_STACK
2777 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2778 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2779 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2780 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2781 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2782#endif
2783
2784 if (ret == 0)
2785 ret = CleanPreMaster(ssl);
2786 else
2787 CleanPreMaster(ssl);
2788
2789 return ret;
2790}
2791#endif
2792
2793
2794/* Master wrapper, doesn't use SSL stack space in TLS mode */
2795int MakeMasterSecret(WOLFSSL* ssl)
2796{
2797 /* append secret to premaster : premaster | SerSi | CliSi */
2798#ifdef HAVE_QSH
2799 word32 offset = 0;
2800
2801 if (ssl->peerQSHKeyPresent) {
2802 offset += ssl->arrays->preMasterSz;
2803 ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length +
2804 ssl->QSH_secret->SerSi->length;
2805 /* test and set flag if QSH has been used */
2806 if (ssl->QSH_secret->CliSi->length > 0 ||
2807 ssl->QSH_secret->SerSi->length > 0)
2808 ssl->isQSH = 1;
2809
2810 /* append secrets to the premaster */
2811 if (ssl->QSH_secret->SerSi != NULL) {
2812 XMEMCPY(ssl->arrays->preMasterSecret + offset,
2813 ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length);
2814 }
2815 offset += ssl->QSH_secret->SerSi->length;
2816 if (ssl->QSH_secret->CliSi != NULL) {
2817 XMEMCPY(ssl->arrays->preMasterSecret + offset,
2818 ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length);
2819 }
2820
2821 /* show secret SerSi and CliSi */
2822 #ifdef SHOW_SECRETS
2823 word32 j;
2824 printf("QSH generated secret material\n");
2825 printf("SerSi : ");
2826 for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) {
2827 printf("%02x", ssl->QSH_secret->SerSi->buffer[j]);
2828 }
2829 printf("\n");
2830 printf("CliSi : ");
2831 for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) {
2832 printf("%02x", ssl->QSH_secret->CliSi->buffer[j]);
2833 }
2834 printf("\n");
2835 #endif
2836 }
2837#endif
2838
2839#ifdef NO_OLD_TLS
2840 return MakeTlsMasterSecret(ssl);
2841#elif !defined(NO_TLS)
2842 if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
2843#endif
2844
2845#ifndef NO_OLD_TLS
2846 return MakeSslMasterSecret(ssl);
2847#endif
2848}
2849
2850#endif /* WOLFCRYPT_ONLY */
2851
Note: See TracBrowser for help on using the repository browser.