source: azure_iot_hub/trunk/wolfssl-3.15.7/src/keys.c@ 388

Last change on this file since 388 was 388, checked in by coas-nagasima, 5 years ago

Azure IoT Hub Device C SDK を使ったサンプルの追加
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
  • Property svn:mime-type set to text/x-csrc
File size: 133.8 KB
Line 
1/* keys.c
2 *
3 * Copyright (C) 2006-2017 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23/* Name change compatibility layer no longer needs to be included here */
24
25#ifdef HAVE_CONFIG_H
26 #include <config.h>
27#endif
28
29#include <wolfssl/wolfcrypt/settings.h>
30
31#ifndef WOLFCRYPT_ONLY
32
33#include <wolfssl/internal.h>
34#include <wolfssl/error-ssl.h>
35#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
36 #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
37 #if MQX_USE_IO_OLD
38 #include <fio.h>
39 #else
40 #include <nio.h>
41 #endif
42 #else
43 #include <stdio.h>
44 #endif
45#endif
46
47
48int SetCipherSpecs(WOLFSSL* ssl)
49{
50#ifndef NO_WOLFSSL_CLIENT
51 if (ssl->options.side == WOLFSSL_CLIENT_END) {
52 /* server side verified before SetCipherSpecs call */
53 if (VerifyClientSuite(ssl) != 1) {
54 WOLFSSL_MSG("SetCipherSpecs() client has an unusuable suite");
55 return UNSUPPORTED_SUITE;
56 }
57 }
58#endif /* NO_WOLFSSL_CLIENT */
59
60 /* Chacha extensions, 0xcc */
61 if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
62
63 switch (ssl->options.cipherSuite) {
64#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
65 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
66 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
67 ssl->specs.cipher_type = aead;
68 ssl->specs.mac_algorithm = sha256_mac;
69 ssl->specs.kea = ecc_diffie_hellman_kea;
70 ssl->specs.sig_algo = rsa_sa_algo;
71 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
72 ssl->specs.pad_size = PAD_SHA;
73 ssl->specs.static_ecdh = 0;
74 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
75 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
76 ssl->specs.iv_size = CHACHA20_IV_SIZE;
77 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
78 ssl->options.oldPoly = 1; /* use old poly1305 padding */
79
80 break;
81#endif
82
83#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
84 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
85 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
86 ssl->specs.cipher_type = aead;
87 ssl->specs.mac_algorithm = sha256_mac;
88 ssl->specs.kea = ecc_diffie_hellman_kea;
89 ssl->specs.sig_algo = ecc_dsa_sa_algo;
90 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
91 ssl->specs.pad_size = PAD_SHA;
92 ssl->specs.static_ecdh = 0;
93 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
94 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
95 ssl->specs.iv_size = CHACHA20_IV_SIZE;
96 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
97 ssl->options.oldPoly = 1; /* use old poly1305 padding */
98
99 break;
100#endif
101
102#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
103 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
104 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
105 ssl->specs.cipher_type = aead;
106 ssl->specs.mac_algorithm = sha256_mac;
107 ssl->specs.kea = diffie_hellman_kea;
108 ssl->specs.sig_algo = rsa_sa_algo;
109 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
110 ssl->specs.pad_size = PAD_SHA;
111 ssl->specs.static_ecdh = 0;
112 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
113 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
114 ssl->specs.iv_size = CHACHA20_IV_SIZE;
115 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
116 ssl->options.oldPoly = 1; /* use old poly1305 padding */
117
118 break;
119#endif
120#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
121 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
122 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
123 ssl->specs.cipher_type = aead;
124 ssl->specs.mac_algorithm = sha256_mac;
125 ssl->specs.kea = ecc_diffie_hellman_kea;
126 ssl->specs.sig_algo = rsa_sa_algo;
127 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
128 ssl->specs.pad_size = PAD_SHA;
129 ssl->specs.static_ecdh = 0;
130 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
131 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
132 ssl->specs.iv_size = CHACHA20_IV_SIZE;
133 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
134 ssl->options.oldPoly = 0; /* use recent padding RFC */
135
136 break;
137#endif
138
139#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
140 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
141 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
142 ssl->specs.cipher_type = aead;
143 ssl->specs.mac_algorithm = sha256_mac;
144 ssl->specs.kea = ecc_diffie_hellman_kea;
145 ssl->specs.sig_algo = ecc_dsa_sa_algo;
146 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
147 ssl->specs.pad_size = PAD_SHA;
148 ssl->specs.static_ecdh = 0;
149 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
150 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
151 ssl->specs.iv_size = CHACHA20_IV_SIZE;
152 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
153 ssl->options.oldPoly = 0; /* use recent padding RFC */
154
155 break;
156#endif
157
158#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
159 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
160 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
161 ssl->specs.cipher_type = aead;
162 ssl->specs.mac_algorithm = sha256_mac;
163 ssl->specs.kea = diffie_hellman_kea;
164 ssl->specs.sig_algo = rsa_sa_algo;
165 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
166 ssl->specs.pad_size = PAD_SHA;
167 ssl->specs.static_ecdh = 0;
168 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
169 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
170 ssl->specs.iv_size = CHACHA20_IV_SIZE;
171 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
172 ssl->options.oldPoly = 0; /* use recent padding RFC */
173
174 break;
175#endif
176
177#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
178 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256:
179 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
180 ssl->specs.cipher_type = aead;
181 ssl->specs.mac_algorithm = sha256_mac;
182 ssl->specs.kea = psk_kea;
183 ssl->specs.sig_algo = anonymous_sa_algo;
184 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
185 ssl->specs.pad_size = PAD_SHA;
186 ssl->specs.static_ecdh = 0;
187 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
188 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
189 ssl->specs.iv_size = CHACHA20_IV_SIZE;
190 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
191
192 ssl->options.oldPoly = 0; /* use recent padding RFC */
193 ssl->options.usingPSK_cipher = 1;
194 break;
195#endif
196
197#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
198 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
199 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
200 ssl->specs.cipher_type = aead;
201 ssl->specs.mac_algorithm = sha256_mac;
202 ssl->specs.kea = ecdhe_psk_kea;
203 ssl->specs.sig_algo = anonymous_sa_algo;
204 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
205 ssl->specs.pad_size = PAD_SHA;
206 ssl->specs.static_ecdh = 0;
207 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
208 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
209 ssl->specs.iv_size = CHACHA20_IV_SIZE;
210 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
211
212 ssl->options.oldPoly = 0; /* use recent padding RFC */
213 ssl->options.usingPSK_cipher = 1;
214 break;
215#endif
216
217#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
218 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
219 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
220 ssl->specs.cipher_type = aead;
221 ssl->specs.mac_algorithm = sha256_mac;
222 ssl->specs.kea = dhe_psk_kea;
223 ssl->specs.sig_algo = anonymous_sa_algo;
224 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
225 ssl->specs.pad_size = PAD_SHA;
226 ssl->specs.static_ecdh = 0;
227 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
228 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
229 ssl->specs.iv_size = CHACHA20_IV_SIZE;
230 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
231
232 ssl->options.oldPoly = 0; /* use recent padding RFC */
233 ssl->options.usingPSK_cipher = 1;
234 break;
235#endif
236 default:
237 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
238 return UNSUPPORTED_SUITE;
239 }
240 }
241
242 /* ECC extensions, or AES-CCM */
243 if (ssl->options.cipherSuite0 == ECC_BYTE) {
244
245 switch (ssl->options.cipherSuite) {
246
247#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
248
249#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
250 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
251 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
252 ssl->specs.cipher_type = block;
253 ssl->specs.mac_algorithm = sha256_mac;
254 ssl->specs.kea = ecc_diffie_hellman_kea;
255 ssl->specs.sig_algo = rsa_sa_algo;
256 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
257 ssl->specs.pad_size = PAD_SHA;
258 ssl->specs.static_ecdh = 0;
259 ssl->specs.key_size = AES_128_KEY_SIZE;
260 ssl->specs.iv_size = AES_IV_SIZE;
261 ssl->specs.block_size = AES_BLOCK_SIZE;
262
263 break;
264#endif
265
266#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
267 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
268 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
269 ssl->specs.cipher_type = block;
270 ssl->specs.mac_algorithm = sha384_mac;
271 ssl->specs.kea = ecc_diffie_hellman_kea;
272 ssl->specs.sig_algo = rsa_sa_algo;
273 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
274 ssl->specs.pad_size = PAD_SHA;
275 ssl->specs.static_ecdh = 0;
276 ssl->specs.key_size = AES_256_KEY_SIZE;
277 ssl->specs.iv_size = AES_IV_SIZE;
278 ssl->specs.block_size = AES_BLOCK_SIZE;
279
280 break;
281#endif
282
283#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
284 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
285 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
286 ssl->specs.cipher_type = block;
287 ssl->specs.mac_algorithm = sha_mac;
288 ssl->specs.kea = ecc_diffie_hellman_kea;
289 ssl->specs.sig_algo = rsa_sa_algo;
290 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
291 ssl->specs.pad_size = PAD_SHA;
292 ssl->specs.static_ecdh = 0;
293 ssl->specs.key_size = AES_128_KEY_SIZE;
294 ssl->specs.block_size = AES_BLOCK_SIZE;
295 ssl->specs.iv_size = AES_IV_SIZE;
296
297 break;
298#endif
299
300#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
301 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
302 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
303 ssl->specs.cipher_type = block;
304 ssl->specs.mac_algorithm = sha_mac;
305 ssl->specs.kea = ecc_diffie_hellman_kea;
306 ssl->specs.sig_algo = rsa_sa_algo;
307 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
308 ssl->specs.pad_size = PAD_SHA;
309 ssl->specs.static_ecdh = 0;
310 ssl->specs.key_size = DES3_KEY_SIZE;
311 ssl->specs.block_size = DES_BLOCK_SIZE;
312 ssl->specs.iv_size = DES_IV_SIZE;
313
314 break;
315#endif
316
317#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
318 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
319 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
320 ssl->specs.cipher_type = stream;
321 ssl->specs.mac_algorithm = sha_mac;
322 ssl->specs.kea = ecc_diffie_hellman_kea;
323 ssl->specs.sig_algo = rsa_sa_algo;
324 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
325 ssl->specs.pad_size = PAD_SHA;
326 ssl->specs.static_ecdh = 0;
327 ssl->specs.key_size = RC4_KEY_SIZE;
328 ssl->specs.iv_size = 0;
329 ssl->specs.block_size = 0;
330
331 break;
332#endif
333
334#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
335 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
336 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
337 ssl->specs.cipher_type = block;
338 ssl->specs.mac_algorithm = sha_mac;
339 ssl->specs.kea = ecc_diffie_hellman_kea;
340 ssl->specs.sig_algo = rsa_sa_algo;
341 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
342 ssl->specs.pad_size = PAD_SHA;
343 ssl->specs.static_ecdh = 0;
344 ssl->specs.key_size = AES_256_KEY_SIZE;
345 ssl->specs.block_size = AES_BLOCK_SIZE;
346 ssl->specs.iv_size = AES_IV_SIZE;
347
348 break;
349#endif
350
351#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
352 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
353 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
354 ssl->specs.cipher_type = aead;
355 ssl->specs.mac_algorithm = sha256_mac;
356 ssl->specs.kea = ecc_diffie_hellman_kea;
357 ssl->specs.sig_algo = rsa_sa_algo;
358 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
359 ssl->specs.pad_size = PAD_SHA;
360 ssl->specs.static_ecdh = 0;
361 ssl->specs.key_size = AES_128_KEY_SIZE;
362 ssl->specs.block_size = AES_BLOCK_SIZE;
363 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
364 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
365
366 break;
367#endif
368
369#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
370 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
371 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
372 ssl->specs.cipher_type = aead;
373 ssl->specs.mac_algorithm = sha384_mac;
374 ssl->specs.kea = ecc_diffie_hellman_kea;
375 ssl->specs.sig_algo = rsa_sa_algo;
376 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
377 ssl->specs.pad_size = PAD_SHA;
378 ssl->specs.static_ecdh = 0;
379 ssl->specs.key_size = AES_256_KEY_SIZE;
380 ssl->specs.block_size = AES_BLOCK_SIZE;
381 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
382 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
383
384 break;
385#endif
386
387#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
388 case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
389 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
390 ssl->specs.cipher_type = stream;
391 ssl->specs.mac_algorithm = sha256_mac;
392 ssl->specs.kea = ecdhe_psk_kea;
393 ssl->specs.sig_algo = anonymous_sa_algo;
394 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
395 ssl->specs.pad_size = PAD_SHA;
396 ssl->specs.static_ecdh = 0;
397 ssl->specs.key_size = 0;
398 ssl->specs.block_size = 0;
399 ssl->specs.iv_size = 0;
400
401 ssl->options.usingPSK_cipher = 1;
402 break;
403#endif
404
405#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
406 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
407 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
408 ssl->specs.cipher_type = block;
409 ssl->specs.mac_algorithm = sha256_mac;
410 ssl->specs.kea = ecdhe_psk_kea;
411 ssl->specs.sig_algo = anonymous_sa_algo;
412 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
413 ssl->specs.pad_size = PAD_SHA;
414 ssl->specs.static_ecdh = 0;
415 ssl->specs.key_size = AES_128_KEY_SIZE;
416 ssl->specs.block_size = AES_BLOCK_SIZE;
417 ssl->specs.iv_size = AES_IV_SIZE;
418
419 ssl->options.usingPSK_cipher = 1;
420 break;
421#endif
422
423#endif /* HAVE_ECC || HAVE_CURVE25519 */
424
425#if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && defined(HAVE_ED25519))
426
427#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
428 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
429 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
430 ssl->specs.cipher_type = block;
431 ssl->specs.mac_algorithm = sha256_mac;
432 ssl->specs.kea = ecc_diffie_hellman_kea;
433 ssl->specs.sig_algo = ecc_dsa_sa_algo;
434 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
435 ssl->specs.pad_size = PAD_SHA;
436 ssl->specs.static_ecdh = 0;
437 ssl->specs.key_size = AES_128_KEY_SIZE;
438 ssl->specs.iv_size = AES_IV_SIZE;
439 ssl->specs.block_size = AES_BLOCK_SIZE;
440
441 break;
442#endif
443
444#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
445 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
446 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
447 ssl->specs.cipher_type = block;
448 ssl->specs.mac_algorithm = sha384_mac;
449 ssl->specs.kea = ecc_diffie_hellman_kea;
450 ssl->specs.sig_algo = ecc_dsa_sa_algo;
451 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
452 ssl->specs.pad_size = PAD_SHA;
453 ssl->specs.static_ecdh = 0;
454 ssl->specs.key_size = AES_256_KEY_SIZE;
455 ssl->specs.iv_size = AES_IV_SIZE;
456 ssl->specs.block_size = AES_BLOCK_SIZE;
457
458 break;
459#endif
460
461#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
462 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
463 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
464 ssl->specs.cipher_type = block;
465 ssl->specs.mac_algorithm = sha_mac;
466 ssl->specs.kea = ecc_diffie_hellman_kea;
467 ssl->specs.sig_algo = ecc_dsa_sa_algo;
468 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
469 ssl->specs.pad_size = PAD_SHA;
470 ssl->specs.static_ecdh = 0;
471 ssl->specs.key_size = DES3_KEY_SIZE;
472 ssl->specs.block_size = DES_BLOCK_SIZE;
473 ssl->specs.iv_size = DES_IV_SIZE;
474
475 break;
476#endif
477
478#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
479 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
480 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
481 ssl->specs.cipher_type = stream;
482 ssl->specs.mac_algorithm = sha_mac;
483 ssl->specs.kea = ecc_diffie_hellman_kea;
484 ssl->specs.sig_algo = ecc_dsa_sa_algo;
485 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
486 ssl->specs.pad_size = PAD_SHA;
487 ssl->specs.static_ecdh = 0;
488 ssl->specs.key_size = RC4_KEY_SIZE;
489 ssl->specs.iv_size = 0;
490 ssl->specs.block_size = 0;
491
492 break;
493#endif
494
495#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
496 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
497 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
498 ssl->specs.cipher_type = block;
499 ssl->specs.mac_algorithm = sha_mac;
500 ssl->specs.kea = ecc_diffie_hellman_kea;
501 ssl->specs.sig_algo = ecc_dsa_sa_algo;
502 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
503 ssl->specs.pad_size = PAD_SHA;
504 ssl->specs.static_ecdh = 0;
505 ssl->specs.key_size = AES_128_KEY_SIZE;
506 ssl->specs.block_size = AES_BLOCK_SIZE;
507 ssl->specs.iv_size = AES_IV_SIZE;
508
509 break;
510#endif
511
512#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
513 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
514 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
515 ssl->specs.cipher_type = block;
516 ssl->specs.mac_algorithm = sha_mac;
517 ssl->specs.kea = ecc_diffie_hellman_kea;
518 ssl->specs.sig_algo = ecc_dsa_sa_algo;
519 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
520 ssl->specs.pad_size = PAD_SHA;
521 ssl->specs.static_ecdh = 0;
522 ssl->specs.key_size = AES_256_KEY_SIZE;
523 ssl->specs.block_size = AES_BLOCK_SIZE;
524 ssl->specs.iv_size = AES_IV_SIZE;
525
526 break;
527#endif
528
529#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
530 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
531 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
532 ssl->specs.cipher_type = aead;
533 ssl->specs.mac_algorithm = sha256_mac;
534 ssl->specs.kea = ecc_diffie_hellman_kea;
535 ssl->specs.sig_algo = ecc_dsa_sa_algo;
536 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
537 ssl->specs.pad_size = PAD_SHA;
538 ssl->specs.static_ecdh = 0;
539 ssl->specs.key_size = AES_128_KEY_SIZE;
540 ssl->specs.block_size = AES_BLOCK_SIZE;
541 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
542 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
543
544 break;
545#endif
546
547#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
548 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
549 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
550 ssl->specs.cipher_type = aead;
551 ssl->specs.mac_algorithm = sha384_mac;
552 ssl->specs.kea = ecc_diffie_hellman_kea;
553 ssl->specs.sig_algo = ecc_dsa_sa_algo;
554 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
555 ssl->specs.pad_size = PAD_SHA;
556 ssl->specs.static_ecdh = 0;
557 ssl->specs.key_size = AES_256_KEY_SIZE;
558 ssl->specs.block_size = AES_BLOCK_SIZE;
559 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
560 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
561
562 break;
563#endif
564
565#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
566 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
567 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
568 ssl->specs.cipher_type = aead;
569 ssl->specs.mac_algorithm = sha256_mac;
570 ssl->specs.kea = ecc_diffie_hellman_kea;
571 ssl->specs.sig_algo = ecc_dsa_sa_algo;
572 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
573 ssl->specs.pad_size = PAD_SHA;
574 ssl->specs.static_ecdh = 0;
575 ssl->specs.key_size = AES_128_KEY_SIZE;
576 ssl->specs.block_size = AES_BLOCK_SIZE;
577 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
578 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
579
580 break;
581#endif
582
583#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
584 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
585 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
586 ssl->specs.cipher_type = aead;
587 ssl->specs.mac_algorithm = sha256_mac;
588 ssl->specs.kea = ecc_diffie_hellman_kea;
589 ssl->specs.sig_algo = ecc_dsa_sa_algo;
590 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
591 ssl->specs.pad_size = PAD_SHA;
592 ssl->specs.static_ecdh = 0;
593 ssl->specs.key_size = AES_128_KEY_SIZE;
594 ssl->specs.block_size = AES_BLOCK_SIZE;
595 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
596 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
597
598 break;
599#endif
600
601#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
602 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
603 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
604 ssl->specs.cipher_type = aead;
605 ssl->specs.mac_algorithm = sha256_mac;
606 ssl->specs.kea = ecc_diffie_hellman_kea;
607 ssl->specs.sig_algo = ecc_dsa_sa_algo;
608 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
609 ssl->specs.pad_size = PAD_SHA;
610 ssl->specs.static_ecdh = 0;
611 ssl->specs.key_size = AES_256_KEY_SIZE;
612 ssl->specs.block_size = AES_BLOCK_SIZE;
613 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
614 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
615
616 break;
617#endif
618
619#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
620 case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
621 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
622 ssl->specs.cipher_type = stream;
623 ssl->specs.mac_algorithm = sha_mac;
624 ssl->specs.kea = ecc_diffie_hellman_kea;
625 ssl->specs.sig_algo = ecc_dsa_sa_algo;
626 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
627 ssl->specs.pad_size = PAD_SHA;
628 ssl->specs.static_ecdh = 0;
629 ssl->specs.key_size = 0;
630 ssl->specs.block_size = 0;
631 ssl->specs.iv_size = 0;
632
633 break;
634#endif
635
636#endif /* HAVE_ECC || (HAVE_CURVE25519 && HAVE_ED25519) */
637
638#if defined(HAVE_ECC)
639
640#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
641 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
642 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
643 ssl->specs.cipher_type = block;
644 ssl->specs.mac_algorithm = sha256_mac;
645 ssl->specs.kea = ecc_diffie_hellman_kea;
646 ssl->specs.sig_algo = rsa_sa_algo;
647 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
648 ssl->specs.pad_size = PAD_SHA;
649 ssl->specs.static_ecdh = 1;
650 ssl->specs.key_size = AES_128_KEY_SIZE;
651 ssl->specs.iv_size = AES_IV_SIZE;
652 ssl->specs.block_size = AES_BLOCK_SIZE;
653
654 break;
655#endif
656
657#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
658 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
659 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
660 ssl->specs.cipher_type = block;
661 ssl->specs.mac_algorithm = sha256_mac;
662 ssl->specs.kea = ecc_diffie_hellman_kea;
663 ssl->specs.sig_algo = ecc_dsa_sa_algo;
664 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
665 ssl->specs.pad_size = PAD_SHA;
666 ssl->specs.static_ecdh = 1;
667 ssl->specs.key_size = AES_128_KEY_SIZE;
668 ssl->specs.iv_size = AES_IV_SIZE;
669 ssl->specs.block_size = AES_BLOCK_SIZE;
670
671 break;
672#endif
673
674#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
675 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
676 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
677 ssl->specs.cipher_type = block;
678 ssl->specs.mac_algorithm = sha384_mac;
679 ssl->specs.kea = ecc_diffie_hellman_kea;
680 ssl->specs.sig_algo = rsa_sa_algo;
681 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
682 ssl->specs.pad_size = PAD_SHA;
683 ssl->specs.static_ecdh = 1;
684 ssl->specs.key_size = AES_256_KEY_SIZE;
685 ssl->specs.iv_size = AES_IV_SIZE;
686 ssl->specs.block_size = AES_BLOCK_SIZE;
687
688 break;
689#endif
690
691#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
692 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
693 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
694 ssl->specs.cipher_type = block;
695 ssl->specs.mac_algorithm = sha384_mac;
696 ssl->specs.kea = ecc_diffie_hellman_kea;
697 ssl->specs.sig_algo = ecc_dsa_sa_algo;
698 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
699 ssl->specs.pad_size = PAD_SHA;
700 ssl->specs.static_ecdh = 1;
701 ssl->specs.key_size = AES_256_KEY_SIZE;
702 ssl->specs.iv_size = AES_IV_SIZE;
703 ssl->specs.block_size = AES_BLOCK_SIZE;
704
705 break;
706#endif
707
708#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
709 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
710 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
711 ssl->specs.cipher_type = block;
712 ssl->specs.mac_algorithm = sha_mac;
713 ssl->specs.kea = ecc_diffie_hellman_kea;
714 ssl->specs.sig_algo = rsa_sa_algo;
715 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
716 ssl->specs.pad_size = PAD_SHA;
717 ssl->specs.static_ecdh = 1;
718 ssl->specs.key_size = AES_128_KEY_SIZE;
719 ssl->specs.block_size = AES_BLOCK_SIZE;
720 ssl->specs.iv_size = AES_IV_SIZE;
721
722 break;
723#endif
724
725#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
726 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
727 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
728 ssl->specs.cipher_type = block;
729 ssl->specs.mac_algorithm = sha_mac;
730 ssl->specs.kea = ecc_diffie_hellman_kea;
731 ssl->specs.sig_algo = rsa_sa_algo;
732 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
733 ssl->specs.pad_size = PAD_SHA;
734 ssl->specs.static_ecdh = 1;
735 ssl->specs.key_size = DES3_KEY_SIZE;
736 ssl->specs.block_size = DES_BLOCK_SIZE;
737 ssl->specs.iv_size = DES_IV_SIZE;
738
739 break;
740#endif
741
742#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
743 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
744 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
745 ssl->specs.cipher_type = stream;
746 ssl->specs.mac_algorithm = sha_mac;
747 ssl->specs.kea = ecc_diffie_hellman_kea;
748 ssl->specs.sig_algo = rsa_sa_algo;
749 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
750 ssl->specs.pad_size = PAD_SHA;
751 ssl->specs.static_ecdh = 1;
752 ssl->specs.key_size = RC4_KEY_SIZE;
753 ssl->specs.iv_size = 0;
754 ssl->specs.block_size = 0;
755
756 break;
757#endif
758
759#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
760 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
761 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
762 ssl->specs.cipher_type = block;
763 ssl->specs.mac_algorithm = sha_mac;
764 ssl->specs.kea = ecc_diffie_hellman_kea;
765 ssl->specs.sig_algo = ecc_dsa_sa_algo;
766 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
767 ssl->specs.pad_size = PAD_SHA;
768 ssl->specs.static_ecdh = 1;
769 ssl->specs.key_size = DES3_KEY_SIZE;
770 ssl->specs.block_size = DES_BLOCK_SIZE;
771 ssl->specs.iv_size = DES_IV_SIZE;
772
773 break;
774#endif
775
776#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
777 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
778 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
779 ssl->specs.cipher_type = stream;
780 ssl->specs.mac_algorithm = sha_mac;
781 ssl->specs.kea = ecc_diffie_hellman_kea;
782 ssl->specs.sig_algo = ecc_dsa_sa_algo;
783 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
784 ssl->specs.pad_size = PAD_SHA;
785 ssl->specs.static_ecdh = 1;
786 ssl->specs.key_size = RC4_KEY_SIZE;
787 ssl->specs.iv_size = 0;
788 ssl->specs.block_size = 0;
789
790 break;
791#endif
792
793#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
794 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
795 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
796 ssl->specs.cipher_type = block;
797 ssl->specs.mac_algorithm = sha_mac;
798 ssl->specs.kea = ecc_diffie_hellman_kea;
799 ssl->specs.sig_algo = rsa_sa_algo;
800 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
801 ssl->specs.pad_size = PAD_SHA;
802 ssl->specs.static_ecdh = 1;
803 ssl->specs.key_size = AES_256_KEY_SIZE;
804 ssl->specs.block_size = AES_BLOCK_SIZE;
805 ssl->specs.iv_size = AES_IV_SIZE;
806
807 break;
808#endif
809
810#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
811 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
812 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
813 ssl->specs.cipher_type = block;
814 ssl->specs.mac_algorithm = sha_mac;
815 ssl->specs.kea = ecc_diffie_hellman_kea;
816 ssl->specs.sig_algo = ecc_dsa_sa_algo;
817 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
818 ssl->specs.pad_size = PAD_SHA;
819 ssl->specs.static_ecdh = 1;
820 ssl->specs.key_size = AES_128_KEY_SIZE;
821 ssl->specs.block_size = AES_BLOCK_SIZE;
822 ssl->specs.iv_size = AES_IV_SIZE;
823
824 break;
825#endif
826
827#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
828 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
829 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
830 ssl->specs.cipher_type = block;
831 ssl->specs.mac_algorithm = sha_mac;
832 ssl->specs.kea = ecc_diffie_hellman_kea;
833 ssl->specs.sig_algo = ecc_dsa_sa_algo;
834 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
835 ssl->specs.pad_size = PAD_SHA;
836 ssl->specs.static_ecdh = 1;
837 ssl->specs.key_size = AES_256_KEY_SIZE;
838 ssl->specs.block_size = AES_BLOCK_SIZE;
839 ssl->specs.iv_size = AES_IV_SIZE;
840
841 break;
842#endif
843
844#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
845 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
846 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
847 ssl->specs.cipher_type = aead;
848 ssl->specs.mac_algorithm = sha256_mac;
849 ssl->specs.kea = ecc_diffie_hellman_kea;
850 ssl->specs.sig_algo = rsa_sa_algo;
851 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
852 ssl->specs.pad_size = PAD_SHA;
853 ssl->specs.static_ecdh = 1;
854 ssl->specs.key_size = AES_128_KEY_SIZE;
855 ssl->specs.block_size = AES_BLOCK_SIZE;
856 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
857 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
858
859 break;
860#endif
861
862#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
863 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
864 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
865 ssl->specs.cipher_type = aead;
866 ssl->specs.mac_algorithm = sha384_mac;
867 ssl->specs.kea = ecc_diffie_hellman_kea;
868 ssl->specs.sig_algo = rsa_sa_algo;
869 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
870 ssl->specs.pad_size = PAD_SHA;
871 ssl->specs.static_ecdh = 1;
872 ssl->specs.key_size = AES_256_KEY_SIZE;
873 ssl->specs.block_size = AES_BLOCK_SIZE;
874 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
875 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
876
877 break;
878#endif
879
880#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
881 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
882 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
883 ssl->specs.cipher_type = aead;
884 ssl->specs.mac_algorithm = sha256_mac;
885 ssl->specs.kea = ecc_diffie_hellman_kea;
886 ssl->specs.sig_algo = ecc_dsa_sa_algo;
887 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
888 ssl->specs.pad_size = PAD_SHA;
889 ssl->specs.static_ecdh = 1;
890 ssl->specs.key_size = AES_128_KEY_SIZE;
891 ssl->specs.block_size = AES_BLOCK_SIZE;
892 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
893 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
894
895 break;
896#endif
897
898#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
899 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
900 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
901 ssl->specs.cipher_type = aead;
902 ssl->specs.mac_algorithm = sha384_mac;
903 ssl->specs.kea = ecc_diffie_hellman_kea;
904 ssl->specs.sig_algo = ecc_dsa_sa_algo;
905 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
906 ssl->specs.pad_size = PAD_SHA;
907 ssl->specs.static_ecdh = 1;
908 ssl->specs.key_size = AES_256_KEY_SIZE;
909 ssl->specs.block_size = AES_BLOCK_SIZE;
910 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
911 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
912
913 break;
914#endif
915
916#endif /* HAVE_ECC */
917
918#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
919 case TLS_RSA_WITH_AES_128_CCM_8 :
920 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
921 ssl->specs.cipher_type = aead;
922 ssl->specs.mac_algorithm = sha256_mac;
923 ssl->specs.kea = rsa_kea;
924 ssl->specs.sig_algo = rsa_sa_algo;
925 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
926 ssl->specs.pad_size = PAD_SHA;
927 ssl->specs.static_ecdh = 0;
928 ssl->specs.key_size = AES_128_KEY_SIZE;
929 ssl->specs.block_size = AES_BLOCK_SIZE;
930 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
931 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
932
933 break;
934#endif
935
936#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
937 case TLS_RSA_WITH_AES_256_CCM_8 :
938 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
939 ssl->specs.cipher_type = aead;
940 ssl->specs.mac_algorithm = sha256_mac;
941 ssl->specs.kea = rsa_kea;
942 ssl->specs.sig_algo = rsa_sa_algo;
943 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
944 ssl->specs.pad_size = PAD_SHA;
945 ssl->specs.static_ecdh = 0;
946 ssl->specs.key_size = AES_256_KEY_SIZE;
947 ssl->specs.block_size = AES_BLOCK_SIZE;
948 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
949 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
950
951 break;
952#endif
953
954#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
955 case TLS_PSK_WITH_AES_128_CCM_8 :
956 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
957 ssl->specs.cipher_type = aead;
958 ssl->specs.mac_algorithm = sha256_mac;
959 ssl->specs.kea = psk_kea;
960 ssl->specs.sig_algo = anonymous_sa_algo;
961 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
962 ssl->specs.pad_size = PAD_SHA;
963 ssl->specs.static_ecdh = 0;
964 ssl->specs.key_size = AES_128_KEY_SIZE;
965 ssl->specs.block_size = AES_BLOCK_SIZE;
966 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
967 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
968
969 ssl->options.usingPSK_cipher = 1;
970 break;
971#endif
972
973#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
974 case TLS_PSK_WITH_AES_256_CCM_8 :
975 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
976 ssl->specs.cipher_type = aead;
977 ssl->specs.mac_algorithm = sha256_mac;
978 ssl->specs.kea = psk_kea;
979 ssl->specs.sig_algo = anonymous_sa_algo;
980 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
981 ssl->specs.pad_size = PAD_SHA;
982 ssl->specs.static_ecdh = 0;
983 ssl->specs.key_size = AES_256_KEY_SIZE;
984 ssl->specs.block_size = AES_BLOCK_SIZE;
985 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
986 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
987
988 ssl->options.usingPSK_cipher = 1;
989 break;
990#endif
991
992#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
993 case TLS_PSK_WITH_AES_128_CCM :
994 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
995 ssl->specs.cipher_type = aead;
996 ssl->specs.mac_algorithm = sha256_mac;
997 ssl->specs.kea = psk_kea;
998 ssl->specs.sig_algo = anonymous_sa_algo;
999 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1000 ssl->specs.pad_size = PAD_SHA;
1001 ssl->specs.static_ecdh = 0;
1002 ssl->specs.key_size = AES_128_KEY_SIZE;
1003 ssl->specs.block_size = AES_BLOCK_SIZE;
1004 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1005 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1006
1007 ssl->options.usingPSK_cipher = 1;
1008 break;
1009#endif
1010
1011#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
1012 case TLS_PSK_WITH_AES_256_CCM :
1013 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1014 ssl->specs.cipher_type = aead;
1015 ssl->specs.mac_algorithm = sha256_mac;
1016 ssl->specs.kea = psk_kea;
1017 ssl->specs.sig_algo = anonymous_sa_algo;
1018 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1019 ssl->specs.pad_size = PAD_SHA;
1020 ssl->specs.static_ecdh = 0;
1021 ssl->specs.key_size = AES_256_KEY_SIZE;
1022 ssl->specs.block_size = AES_BLOCK_SIZE;
1023 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1024 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1025
1026 ssl->options.usingPSK_cipher = 1;
1027 break;
1028#endif
1029
1030#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
1031 case TLS_DHE_PSK_WITH_AES_128_CCM :
1032 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1033 ssl->specs.cipher_type = aead;
1034 ssl->specs.mac_algorithm = sha256_mac;
1035 ssl->specs.kea = dhe_psk_kea;
1036 ssl->specs.sig_algo = anonymous_sa_algo;
1037 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1038 ssl->specs.pad_size = PAD_SHA;
1039 ssl->specs.static_ecdh = 0;
1040 ssl->specs.key_size = AES_128_KEY_SIZE;
1041 ssl->specs.block_size = AES_BLOCK_SIZE;
1042 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1043 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1044
1045 ssl->options.usingPSK_cipher = 1;
1046 break;
1047#endif
1048
1049#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
1050 case TLS_DHE_PSK_WITH_AES_256_CCM :
1051 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1052 ssl->specs.cipher_type = aead;
1053 ssl->specs.mac_algorithm = sha256_mac;
1054 ssl->specs.kea = dhe_psk_kea;
1055 ssl->specs.sig_algo = anonymous_sa_algo;
1056 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1057 ssl->specs.pad_size = PAD_SHA;
1058 ssl->specs.static_ecdh = 0;
1059 ssl->specs.key_size = AES_256_KEY_SIZE;
1060 ssl->specs.block_size = AES_BLOCK_SIZE;
1061 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1062 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1063
1064 ssl->options.usingPSK_cipher = 1;
1065 break;
1066#endif
1067
1068 default:
1069 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
1070 return UNSUPPORTED_SUITE;
1071 } /* switch */
1072 } /* if */
1073
1074 /* TLSi v1.3 cipher suites, 0x13 */
1075 if (ssl->options.cipherSuite0 == TLS13_BYTE) {
1076 switch (ssl->options.cipherSuite) {
1077
1078#ifdef WOLFSSL_TLS13
1079 #ifdef BUILD_TLS_AES_128_GCM_SHA256
1080 case TLS_AES_128_GCM_SHA256 :
1081 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1082 ssl->specs.cipher_type = aead;
1083 ssl->specs.mac_algorithm = sha256_mac;
1084 ssl->specs.kea = 0;
1085 ssl->specs.sig_algo = 0;
1086 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1087 ssl->specs.pad_size = PAD_SHA;
1088 ssl->specs.static_ecdh = 0;
1089 ssl->specs.key_size = AES_128_KEY_SIZE;
1090 ssl->specs.block_size = AES_BLOCK_SIZE;
1091 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1092 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1093
1094 break;
1095 #endif
1096
1097 #ifdef BUILD_TLS_AES_256_GCM_SHA384
1098 case TLS_AES_256_GCM_SHA384 :
1099 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1100 ssl->specs.cipher_type = aead;
1101 ssl->specs.mac_algorithm = sha384_mac;
1102 ssl->specs.kea = 0;
1103 ssl->specs.sig_algo = 0;
1104 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1105 ssl->specs.pad_size = PAD_SHA;
1106 ssl->specs.static_ecdh = 0;
1107 ssl->specs.key_size = AES_256_KEY_SIZE;
1108 ssl->specs.block_size = AES_BLOCK_SIZE;
1109 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1110 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1111
1112 break;
1113 #endif
1114
1115 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
1116 case TLS_CHACHA20_POLY1305_SHA256 :
1117 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
1118 ssl->specs.cipher_type = aead;
1119 ssl->specs.mac_algorithm = sha256_mac;
1120 ssl->specs.kea = 0;
1121 ssl->specs.sig_algo = 0;
1122 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1123 ssl->specs.pad_size = PAD_SHA;
1124 ssl->specs.static_ecdh = 0;
1125 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
1126 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
1127 ssl->specs.iv_size = CHACHA20_IV_SIZE;
1128 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
1129 ssl->options.oldPoly = 0; /* use recent padding RFC */
1130
1131 break;
1132 #endif
1133
1134 #ifdef BUILD_TLS_AES_128_CCM_SHA256
1135 case TLS_AES_128_CCM_SHA256 :
1136 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1137 ssl->specs.cipher_type = aead;
1138 ssl->specs.mac_algorithm = sha256_mac;
1139 ssl->specs.kea = 0;
1140 ssl->specs.sig_algo = 0;
1141 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1142 ssl->specs.pad_size = PAD_SHA;
1143 ssl->specs.static_ecdh = 0;
1144 ssl->specs.key_size = AES_128_KEY_SIZE;
1145 ssl->specs.block_size = AES_BLOCK_SIZE;
1146 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1147 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1148
1149 break;
1150 #endif
1151
1152 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
1153 case TLS_AES_128_CCM_8_SHA256 :
1154 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1155 ssl->specs.cipher_type = aead;
1156 ssl->specs.mac_algorithm = sha256_mac;
1157 ssl->specs.kea = 0;
1158 ssl->specs.sig_algo = 0;
1159 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1160 ssl->specs.pad_size = PAD_SHA;
1161 ssl->specs.static_ecdh = 0;
1162 ssl->specs.key_size = AES_128_KEY_SIZE;
1163 ssl->specs.block_size = AES_BLOCK_SIZE;
1164 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1165 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
1166
1167 break;
1168 #endif
1169#endif /* WOLFSSL_TLS13 */
1170 }
1171 }
1172
1173 if (ssl->options.cipherSuite0 != ECC_BYTE &&
1174 ssl->options.cipherSuite0 != CHACHA_BYTE &&
1175 ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */
1176 switch (ssl->options.cipherSuite) {
1177
1178#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
1179 case SSL_RSA_WITH_RC4_128_SHA :
1180 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1181 ssl->specs.cipher_type = stream;
1182 ssl->specs.mac_algorithm = sha_mac;
1183 ssl->specs.kea = rsa_kea;
1184 ssl->specs.sig_algo = rsa_sa_algo;
1185 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1186 ssl->specs.pad_size = PAD_SHA;
1187 ssl->specs.static_ecdh = 0;
1188 ssl->specs.key_size = RC4_KEY_SIZE;
1189 ssl->specs.iv_size = 0;
1190 ssl->specs.block_size = 0;
1191
1192 break;
1193#endif
1194
1195#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
1196 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
1197 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1198 ssl->specs.cipher_type = stream;
1199 ssl->specs.mac_algorithm = sha_mac;
1200 ssl->specs.kea = ntru_kea;
1201 ssl->specs.sig_algo = rsa_sa_algo;
1202 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1203 ssl->specs.pad_size = PAD_SHA;
1204 ssl->specs.static_ecdh = 0;
1205 ssl->specs.key_size = RC4_KEY_SIZE;
1206 ssl->specs.iv_size = 0;
1207 ssl->specs.block_size = 0;
1208
1209 break;
1210#endif
1211
1212#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
1213 case SSL_RSA_WITH_RC4_128_MD5 :
1214 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1215 ssl->specs.cipher_type = stream;
1216 ssl->specs.mac_algorithm = md5_mac;
1217 ssl->specs.kea = rsa_kea;
1218 ssl->specs.sig_algo = rsa_sa_algo;
1219 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
1220 ssl->specs.pad_size = PAD_MD5;
1221 ssl->specs.static_ecdh = 0;
1222 ssl->specs.key_size = RC4_KEY_SIZE;
1223 ssl->specs.iv_size = 0;
1224 ssl->specs.block_size = 0;
1225
1226 break;
1227#endif
1228
1229#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
1230 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
1231 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1232 ssl->specs.cipher_type = block;
1233 ssl->specs.mac_algorithm = sha_mac;
1234 ssl->specs.kea = rsa_kea;
1235 ssl->specs.sig_algo = rsa_sa_algo;
1236 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1237 ssl->specs.pad_size = PAD_SHA;
1238 ssl->specs.static_ecdh = 0;
1239 ssl->specs.key_size = DES3_KEY_SIZE;
1240 ssl->specs.block_size = DES_BLOCK_SIZE;
1241 ssl->specs.iv_size = DES_IV_SIZE;
1242
1243 break;
1244#endif
1245
1246#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
1247 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
1248 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1249 ssl->specs.cipher_type = block;
1250 ssl->specs.mac_algorithm = sha_mac;
1251 ssl->specs.kea = ntru_kea;
1252 ssl->specs.sig_algo = rsa_sa_algo;
1253 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1254 ssl->specs.pad_size = PAD_SHA;
1255 ssl->specs.static_ecdh = 0;
1256 ssl->specs.key_size = DES3_KEY_SIZE;
1257 ssl->specs.block_size = DES_BLOCK_SIZE;
1258 ssl->specs.iv_size = DES_IV_SIZE;
1259
1260 break;
1261#endif
1262
1263#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
1264 case TLS_RSA_WITH_AES_128_CBC_SHA :
1265 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1266 ssl->specs.cipher_type = block;
1267 ssl->specs.mac_algorithm = sha_mac;
1268 ssl->specs.kea = rsa_kea;
1269 ssl->specs.sig_algo = rsa_sa_algo;
1270 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1271 ssl->specs.pad_size = PAD_SHA;
1272 ssl->specs.static_ecdh = 0;
1273 ssl->specs.key_size = AES_128_KEY_SIZE;
1274 ssl->specs.block_size = AES_BLOCK_SIZE;
1275 ssl->specs.iv_size = AES_IV_SIZE;
1276
1277 break;
1278#endif
1279
1280#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
1281 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
1282 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1283 ssl->specs.cipher_type = block;
1284 ssl->specs.mac_algorithm = sha256_mac;
1285 ssl->specs.kea = rsa_kea;
1286 ssl->specs.sig_algo = rsa_sa_algo;
1287 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1288 ssl->specs.pad_size = PAD_SHA;
1289 ssl->specs.static_ecdh = 0;
1290 ssl->specs.key_size = AES_128_KEY_SIZE;
1291 ssl->specs.block_size = AES_BLOCK_SIZE;
1292 ssl->specs.iv_size = AES_IV_SIZE;
1293
1294 break;
1295#endif
1296
1297#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
1298 case TLS_RSA_WITH_NULL_SHA :
1299 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1300 ssl->specs.cipher_type = stream;
1301 ssl->specs.mac_algorithm = sha_mac;
1302 ssl->specs.kea = rsa_kea;
1303 ssl->specs.sig_algo = rsa_sa_algo;
1304 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1305 ssl->specs.pad_size = PAD_SHA;
1306 ssl->specs.static_ecdh = 0;
1307 ssl->specs.key_size = 0;
1308 ssl->specs.block_size = 0;
1309 ssl->specs.iv_size = 0;
1310
1311 break;
1312#endif
1313
1314#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
1315 case TLS_RSA_WITH_NULL_SHA256 :
1316 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1317 ssl->specs.cipher_type = stream;
1318 ssl->specs.mac_algorithm = sha256_mac;
1319 ssl->specs.kea = rsa_kea;
1320 ssl->specs.sig_algo = rsa_sa_algo;
1321 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1322 ssl->specs.pad_size = PAD_SHA;
1323 ssl->specs.static_ecdh = 0;
1324 ssl->specs.key_size = 0;
1325 ssl->specs.block_size = 0;
1326 ssl->specs.iv_size = 0;
1327
1328 break;
1329#endif
1330
1331#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
1332 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
1333 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1334 ssl->specs.cipher_type = block;
1335 ssl->specs.mac_algorithm = sha_mac;
1336 ssl->specs.kea = ntru_kea;
1337 ssl->specs.sig_algo = rsa_sa_algo;
1338 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1339 ssl->specs.pad_size = PAD_SHA;
1340 ssl->specs.static_ecdh = 0;
1341 ssl->specs.key_size = AES_128_KEY_SIZE;
1342 ssl->specs.block_size = AES_BLOCK_SIZE;
1343 ssl->specs.iv_size = AES_IV_SIZE;
1344
1345 break;
1346#endif
1347
1348#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
1349 case TLS_RSA_WITH_AES_256_CBC_SHA :
1350 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1351 ssl->specs.cipher_type = block;
1352 ssl->specs.mac_algorithm = sha_mac;
1353 ssl->specs.kea = rsa_kea;
1354 ssl->specs.sig_algo = rsa_sa_algo;
1355 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1356 ssl->specs.pad_size = PAD_SHA;
1357 ssl->specs.static_ecdh = 0;
1358 ssl->specs.key_size = AES_256_KEY_SIZE;
1359 ssl->specs.block_size = AES_BLOCK_SIZE;
1360 ssl->specs.iv_size = AES_IV_SIZE;
1361
1362 break;
1363#endif
1364
1365#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
1366 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
1367 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1368 ssl->specs.cipher_type = block;
1369 ssl->specs.mac_algorithm = sha256_mac;
1370 ssl->specs.kea = rsa_kea;
1371 ssl->specs.sig_algo = rsa_sa_algo;
1372 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1373 ssl->specs.pad_size = PAD_SHA;
1374 ssl->specs.static_ecdh = 0;
1375 ssl->specs.key_size = AES_256_KEY_SIZE;
1376 ssl->specs.block_size = AES_BLOCK_SIZE;
1377 ssl->specs.iv_size = AES_IV_SIZE;
1378
1379 break;
1380#endif
1381
1382#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
1383 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
1384 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1385 ssl->specs.cipher_type = block;
1386 ssl->specs.mac_algorithm = sha_mac;
1387 ssl->specs.kea = ntru_kea;
1388 ssl->specs.sig_algo = rsa_sa_algo;
1389 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1390 ssl->specs.pad_size = PAD_SHA;
1391 ssl->specs.static_ecdh = 0;
1392 ssl->specs.key_size = AES_256_KEY_SIZE;
1393 ssl->specs.block_size = AES_BLOCK_SIZE;
1394 ssl->specs.iv_size = AES_IV_SIZE;
1395
1396 break;
1397#endif
1398
1399#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
1400 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
1401 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1402 ssl->specs.cipher_type = aead;
1403 ssl->specs.mac_algorithm = sha256_mac;
1404 ssl->specs.kea = psk_kea;
1405 ssl->specs.sig_algo = anonymous_sa_algo;
1406 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1407 ssl->specs.pad_size = PAD_SHA;
1408 ssl->specs.static_ecdh = 0;
1409 ssl->specs.key_size = AES_128_KEY_SIZE;
1410 ssl->specs.block_size = AES_BLOCK_SIZE;
1411 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1412 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1413
1414 ssl->options.usingPSK_cipher = 1;
1415 break;
1416#endif
1417
1418#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
1419 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
1420 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1421 ssl->specs.cipher_type = aead;
1422 ssl->specs.mac_algorithm = sha384_mac;
1423 ssl->specs.kea = psk_kea;
1424 ssl->specs.sig_algo = anonymous_sa_algo;
1425 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1426 ssl->specs.pad_size = PAD_SHA;
1427 ssl->specs.static_ecdh = 0;
1428 ssl->specs.key_size = AES_256_KEY_SIZE;
1429 ssl->specs.block_size = AES_BLOCK_SIZE;
1430 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1431 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1432
1433 ssl->options.usingPSK_cipher = 1;
1434 break;
1435#endif
1436
1437#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
1438 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
1439 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1440 ssl->specs.cipher_type = aead;
1441 ssl->specs.mac_algorithm = sha384_mac;
1442 ssl->specs.kea = diffie_hellman_kea;
1443 ssl->specs.sig_algo = anonymous_sa_algo;
1444 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1445 ssl->specs.pad_size = PAD_SHA;
1446 ssl->specs.static_ecdh = 0;
1447 ssl->specs.key_size = AES_256_KEY_SIZE;
1448 ssl->specs.block_size = AES_BLOCK_SIZE;
1449 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1450 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1451
1452 ssl->options.usingAnon_cipher = 1;
1453 break;
1454#endif
1455
1456#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1457 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
1458 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1459 ssl->specs.cipher_type = aead;
1460 ssl->specs.mac_algorithm = sha256_mac;
1461 ssl->specs.kea = dhe_psk_kea;
1462 ssl->specs.sig_algo = anonymous_sa_algo;
1463 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1464 ssl->specs.pad_size = PAD_SHA;
1465 ssl->specs.static_ecdh = 0;
1466 ssl->specs.key_size = AES_128_KEY_SIZE;
1467 ssl->specs.block_size = AES_BLOCK_SIZE;
1468 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1469 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1470
1471 ssl->options.usingPSK_cipher = 1;
1472 break;
1473#endif
1474
1475#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1476 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
1477 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1478 ssl->specs.cipher_type = aead;
1479 ssl->specs.mac_algorithm = sha384_mac;
1480 ssl->specs.kea = dhe_psk_kea;
1481 ssl->specs.sig_algo = anonymous_sa_algo;
1482 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1483 ssl->specs.pad_size = PAD_SHA;
1484 ssl->specs.static_ecdh = 0;
1485 ssl->specs.key_size = AES_256_KEY_SIZE;
1486 ssl->specs.block_size = AES_BLOCK_SIZE;
1487 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1488 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1489
1490 ssl->options.usingPSK_cipher = 1;
1491 break;
1492#endif
1493
1494#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
1495 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
1496 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1497 ssl->specs.cipher_type = block;
1498 ssl->specs.mac_algorithm = sha256_mac;
1499 ssl->specs.kea = psk_kea;
1500 ssl->specs.sig_algo = anonymous_sa_algo;
1501 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1502 ssl->specs.pad_size = PAD_SHA;
1503 ssl->specs.static_ecdh = 0;
1504 ssl->specs.key_size = AES_128_KEY_SIZE;
1505 ssl->specs.block_size = AES_BLOCK_SIZE;
1506 ssl->specs.iv_size = AES_IV_SIZE;
1507
1508 ssl->options.usingPSK_cipher = 1;
1509 break;
1510#endif
1511
1512#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
1513 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
1514 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1515 ssl->specs.cipher_type = block;
1516 ssl->specs.mac_algorithm = sha384_mac;
1517 ssl->specs.kea = psk_kea;
1518 ssl->specs.sig_algo = anonymous_sa_algo;
1519 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1520 ssl->specs.pad_size = PAD_SHA;
1521 ssl->specs.static_ecdh = 0;
1522 ssl->specs.key_size = AES_256_KEY_SIZE;
1523 ssl->specs.block_size = AES_BLOCK_SIZE;
1524 ssl->specs.iv_size = AES_IV_SIZE;
1525
1526 ssl->options.usingPSK_cipher = 1;
1527 break;
1528#endif
1529
1530#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1531 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
1532 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1533 ssl->specs.cipher_type = block;
1534 ssl->specs.mac_algorithm = sha256_mac;
1535 ssl->specs.kea = dhe_psk_kea;
1536 ssl->specs.sig_algo = anonymous_sa_algo;
1537 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1538 ssl->specs.pad_size = PAD_SHA;
1539 ssl->specs.static_ecdh = 0;
1540 ssl->specs.key_size = AES_128_KEY_SIZE;
1541 ssl->specs.block_size = AES_BLOCK_SIZE;
1542 ssl->specs.iv_size = AES_IV_SIZE;
1543
1544 ssl->options.usingPSK_cipher = 1;
1545 break;
1546#endif
1547
1548#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1549 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
1550 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1551 ssl->specs.cipher_type = block;
1552 ssl->specs.mac_algorithm = sha384_mac;
1553 ssl->specs.kea = dhe_psk_kea;
1554 ssl->specs.sig_algo = anonymous_sa_algo;
1555 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1556 ssl->specs.pad_size = PAD_SHA;
1557 ssl->specs.static_ecdh = 0;
1558 ssl->specs.key_size = AES_256_KEY_SIZE;
1559 ssl->specs.block_size = AES_BLOCK_SIZE;
1560 ssl->specs.iv_size = AES_IV_SIZE;
1561
1562 ssl->options.usingPSK_cipher = 1;
1563 break;
1564#endif
1565
1566#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
1567 case TLS_PSK_WITH_AES_128_CBC_SHA :
1568 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1569 ssl->specs.cipher_type = block;
1570 ssl->specs.mac_algorithm = sha_mac;
1571 ssl->specs.kea = psk_kea;
1572 ssl->specs.sig_algo = anonymous_sa_algo;
1573 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1574 ssl->specs.pad_size = PAD_SHA;
1575 ssl->specs.static_ecdh = 0;
1576 ssl->specs.key_size = AES_128_KEY_SIZE;
1577 ssl->specs.block_size = AES_BLOCK_SIZE;
1578 ssl->specs.iv_size = AES_IV_SIZE;
1579
1580 ssl->options.usingPSK_cipher = 1;
1581 break;
1582#endif
1583
1584#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
1585 case TLS_PSK_WITH_AES_256_CBC_SHA :
1586 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1587 ssl->specs.cipher_type = block;
1588 ssl->specs.mac_algorithm = sha_mac;
1589 ssl->specs.kea = psk_kea;
1590 ssl->specs.sig_algo = anonymous_sa_algo;
1591 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1592 ssl->specs.pad_size = PAD_SHA;
1593 ssl->specs.static_ecdh = 0;
1594 ssl->specs.key_size = AES_256_KEY_SIZE;
1595 ssl->specs.block_size = AES_BLOCK_SIZE;
1596 ssl->specs.iv_size = AES_IV_SIZE;
1597
1598 ssl->options.usingPSK_cipher = 1;
1599 break;
1600#endif
1601
1602#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
1603 case TLS_PSK_WITH_NULL_SHA256 :
1604 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1605 ssl->specs.cipher_type = stream;
1606 ssl->specs.mac_algorithm = sha256_mac;
1607 ssl->specs.kea = psk_kea;
1608 ssl->specs.sig_algo = anonymous_sa_algo;
1609 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1610 ssl->specs.pad_size = PAD_SHA;
1611 ssl->specs.static_ecdh = 0;
1612 ssl->specs.key_size = 0;
1613 ssl->specs.block_size = 0;
1614 ssl->specs.iv_size = 0;
1615
1616 ssl->options.usingPSK_cipher = 1;
1617 break;
1618#endif
1619
1620#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
1621 case TLS_PSK_WITH_NULL_SHA384 :
1622 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1623 ssl->specs.cipher_type = stream;
1624 ssl->specs.mac_algorithm = sha384_mac;
1625 ssl->specs.kea = psk_kea;
1626 ssl->specs.sig_algo = anonymous_sa_algo;
1627 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1628 ssl->specs.pad_size = PAD_SHA;
1629 ssl->specs.static_ecdh = 0;
1630 ssl->specs.key_size = 0;
1631 ssl->specs.block_size = 0;
1632 ssl->specs.iv_size = 0;
1633
1634 ssl->options.usingPSK_cipher = 1;
1635 break;
1636#endif
1637
1638#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
1639 case TLS_PSK_WITH_NULL_SHA :
1640 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1641 ssl->specs.cipher_type = stream;
1642 ssl->specs.mac_algorithm = sha_mac;
1643 ssl->specs.kea = psk_kea;
1644 ssl->specs.sig_algo = anonymous_sa_algo;
1645 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1646 ssl->specs.pad_size = PAD_SHA;
1647 ssl->specs.static_ecdh = 0;
1648 ssl->specs.key_size = 0;
1649 ssl->specs.block_size = 0;
1650 ssl->specs.iv_size = 0;
1651
1652 ssl->options.usingPSK_cipher = 1;
1653 break;
1654#endif
1655
1656#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
1657 case TLS_DHE_PSK_WITH_NULL_SHA256 :
1658 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1659 ssl->specs.cipher_type = stream;
1660 ssl->specs.mac_algorithm = sha256_mac;
1661 ssl->specs.kea = dhe_psk_kea;
1662 ssl->specs.sig_algo = anonymous_sa_algo;
1663 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1664 ssl->specs.pad_size = PAD_SHA;
1665 ssl->specs.static_ecdh = 0;
1666 ssl->specs.key_size = 0;
1667 ssl->specs.block_size = 0;
1668 ssl->specs.iv_size = 0;
1669
1670 ssl->options.usingPSK_cipher = 1;
1671 break;
1672#endif
1673
1674#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
1675 case TLS_DHE_PSK_WITH_NULL_SHA384 :
1676 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1677 ssl->specs.cipher_type = stream;
1678 ssl->specs.mac_algorithm = sha384_mac;
1679 ssl->specs.kea = dhe_psk_kea;
1680 ssl->specs.sig_algo = anonymous_sa_algo;
1681 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1682 ssl->specs.pad_size = PAD_SHA;
1683 ssl->specs.static_ecdh = 0;
1684 ssl->specs.key_size = 0;
1685 ssl->specs.block_size = 0;
1686 ssl->specs.iv_size = 0;
1687
1688 ssl->options.usingPSK_cipher = 1;
1689 break;
1690#endif
1691
1692#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1693 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
1694 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1695 ssl->specs.cipher_type = block;
1696 ssl->specs.mac_algorithm = sha256_mac;
1697 ssl->specs.kea = diffie_hellman_kea;
1698 ssl->specs.sig_algo = rsa_sa_algo;
1699 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1700 ssl->specs.pad_size = PAD_SHA;
1701 ssl->specs.static_ecdh = 0;
1702 ssl->specs.key_size = AES_128_KEY_SIZE;
1703 ssl->specs.block_size = AES_BLOCK_SIZE;
1704 ssl->specs.iv_size = AES_IV_SIZE;
1705
1706 break;
1707#endif
1708
1709#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
1710 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA :
1711 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1712 ssl->specs.cipher_type = block;
1713 ssl->specs.mac_algorithm = sha_mac;
1714 ssl->specs.kea = diffie_hellman_kea;
1715 ssl->specs.sig_algo = rsa_sa_algo;
1716 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1717 ssl->specs.pad_size = PAD_SHA;
1718 ssl->specs.static_ecdh = 0;
1719 ssl->specs.key_size = DES3_KEY_SIZE;
1720 ssl->specs.block_size = DES_BLOCK_SIZE;
1721 ssl->specs.iv_size = DES_IV_SIZE;
1722
1723 break;
1724#endif
1725
1726#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1727 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
1728 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1729 ssl->specs.cipher_type = block;
1730 ssl->specs.mac_algorithm = sha256_mac;
1731 ssl->specs.kea = diffie_hellman_kea;
1732 ssl->specs.sig_algo = rsa_sa_algo;
1733 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1734 ssl->specs.pad_size = PAD_SHA;
1735 ssl->specs.static_ecdh = 0;
1736 ssl->specs.key_size = AES_256_KEY_SIZE;
1737 ssl->specs.block_size = AES_BLOCK_SIZE;
1738 ssl->specs.iv_size = AES_IV_SIZE;
1739
1740 break;
1741#endif
1742
1743#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1744 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
1745 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1746 ssl->specs.cipher_type = block;
1747 ssl->specs.mac_algorithm = sha_mac;
1748 ssl->specs.kea = diffie_hellman_kea;
1749 ssl->specs.sig_algo = rsa_sa_algo;
1750 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1751 ssl->specs.pad_size = PAD_SHA;
1752 ssl->specs.static_ecdh = 0;
1753 ssl->specs.key_size = AES_128_KEY_SIZE;
1754 ssl->specs.block_size = AES_BLOCK_SIZE;
1755 ssl->specs.iv_size = AES_IV_SIZE;
1756
1757 break;
1758#endif
1759
1760#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1761 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
1762 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1763 ssl->specs.cipher_type = block;
1764 ssl->specs.mac_algorithm = sha_mac;
1765 ssl->specs.kea = diffie_hellman_kea;
1766 ssl->specs.sig_algo = rsa_sa_algo;
1767 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1768 ssl->specs.pad_size = PAD_SHA;
1769 ssl->specs.static_ecdh = 0;
1770 ssl->specs.key_size = AES_256_KEY_SIZE;
1771 ssl->specs.block_size = AES_BLOCK_SIZE;
1772 ssl->specs.iv_size = AES_IV_SIZE;
1773
1774 break;
1775#endif
1776
1777#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
1778 case TLS_RSA_WITH_HC_128_MD5 :
1779 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1780 ssl->specs.cipher_type = stream;
1781 ssl->specs.mac_algorithm = md5_mac;
1782 ssl->specs.kea = rsa_kea;
1783 ssl->specs.sig_algo = rsa_sa_algo;
1784 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
1785 ssl->specs.pad_size = PAD_MD5;
1786 ssl->specs.static_ecdh = 0;
1787 ssl->specs.key_size = HC_128_KEY_SIZE;
1788 ssl->specs.block_size = 0;
1789 ssl->specs.iv_size = HC_128_IV_SIZE;
1790
1791 break;
1792#endif
1793
1794#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
1795 case TLS_RSA_WITH_HC_128_SHA :
1796 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1797 ssl->specs.cipher_type = stream;
1798 ssl->specs.mac_algorithm = sha_mac;
1799 ssl->specs.kea = rsa_kea;
1800 ssl->specs.sig_algo = rsa_sa_algo;
1801 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1802 ssl->specs.pad_size = PAD_SHA;
1803 ssl->specs.static_ecdh = 0;
1804 ssl->specs.key_size = HC_128_KEY_SIZE;
1805 ssl->specs.block_size = 0;
1806 ssl->specs.iv_size = HC_128_IV_SIZE;
1807
1808 break;
1809#endif
1810
1811#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
1812 case TLS_RSA_WITH_HC_128_B2B256:
1813 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1814 ssl->specs.cipher_type = stream;
1815 ssl->specs.mac_algorithm = blake2b_mac;
1816 ssl->specs.kea = rsa_kea;
1817 ssl->specs.sig_algo = rsa_sa_algo;
1818 ssl->specs.hash_size = BLAKE2B_256;
1819 ssl->specs.pad_size = PAD_SHA;
1820 ssl->specs.static_ecdh = 0;
1821 ssl->specs.key_size = HC_128_KEY_SIZE;
1822 ssl->specs.block_size = 0;
1823 ssl->specs.iv_size = HC_128_IV_SIZE;
1824
1825 break;
1826#endif
1827
1828#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
1829 case TLS_RSA_WITH_AES_128_CBC_B2B256:
1830 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1831 ssl->specs.cipher_type = block;
1832 ssl->specs.mac_algorithm = blake2b_mac;
1833 ssl->specs.kea = rsa_kea;
1834 ssl->specs.sig_algo = rsa_sa_algo;
1835 ssl->specs.hash_size = BLAKE2B_256;
1836 ssl->specs.pad_size = PAD_SHA;
1837 ssl->specs.static_ecdh = 0;
1838 ssl->specs.key_size = AES_128_KEY_SIZE;
1839 ssl->specs.iv_size = AES_IV_SIZE;
1840 ssl->specs.block_size = AES_BLOCK_SIZE;
1841
1842 break;
1843#endif
1844
1845#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
1846 case TLS_RSA_WITH_AES_256_CBC_B2B256:
1847 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1848 ssl->specs.cipher_type = block;
1849 ssl->specs.mac_algorithm = blake2b_mac;
1850 ssl->specs.kea = rsa_kea;
1851 ssl->specs.sig_algo = rsa_sa_algo;
1852 ssl->specs.hash_size = BLAKE2B_256;
1853 ssl->specs.pad_size = PAD_SHA;
1854 ssl->specs.static_ecdh = 0;
1855 ssl->specs.key_size = AES_256_KEY_SIZE;
1856 ssl->specs.iv_size = AES_IV_SIZE;
1857 ssl->specs.block_size = AES_BLOCK_SIZE;
1858
1859 break;
1860#endif
1861
1862#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
1863 case TLS_RSA_WITH_RABBIT_SHA :
1864 ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit;
1865 ssl->specs.cipher_type = stream;
1866 ssl->specs.mac_algorithm = sha_mac;
1867 ssl->specs.kea = rsa_kea;
1868 ssl->specs.sig_algo = rsa_sa_algo;
1869 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1870 ssl->specs.pad_size = PAD_SHA;
1871 ssl->specs.static_ecdh = 0;
1872 ssl->specs.key_size = RABBIT_KEY_SIZE;
1873 ssl->specs.block_size = 0;
1874 ssl->specs.iv_size = RABBIT_IV_SIZE;
1875
1876 break;
1877#endif
1878
1879#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
1880 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
1881 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1882 ssl->specs.cipher_type = aead;
1883 ssl->specs.mac_algorithm = sha256_mac;
1884 ssl->specs.kea = rsa_kea;
1885 ssl->specs.sig_algo = rsa_sa_algo;
1886 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1887 ssl->specs.pad_size = PAD_SHA;
1888 ssl->specs.static_ecdh = 0;
1889 ssl->specs.key_size = AES_128_KEY_SIZE;
1890 ssl->specs.block_size = AES_BLOCK_SIZE;
1891 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1892 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1893
1894 break;
1895#endif
1896
1897#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
1898 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
1899 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1900 ssl->specs.cipher_type = aead;
1901 ssl->specs.mac_algorithm = sha384_mac;
1902 ssl->specs.kea = rsa_kea;
1903 ssl->specs.sig_algo = rsa_sa_algo;
1904 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1905 ssl->specs.pad_size = PAD_SHA;
1906 ssl->specs.static_ecdh = 0;
1907 ssl->specs.key_size = AES_256_KEY_SIZE;
1908 ssl->specs.block_size = AES_BLOCK_SIZE;
1909 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1910 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1911
1912 break;
1913#endif
1914
1915#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1916 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
1917 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1918 ssl->specs.cipher_type = aead;
1919 ssl->specs.mac_algorithm = sha256_mac;
1920 ssl->specs.kea = diffie_hellman_kea;
1921 ssl->specs.sig_algo = rsa_sa_algo;
1922 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1923 ssl->specs.pad_size = PAD_SHA;
1924 ssl->specs.static_ecdh = 0;
1925 ssl->specs.key_size = AES_128_KEY_SIZE;
1926 ssl->specs.block_size = AES_BLOCK_SIZE;
1927 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1928 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1929
1930 break;
1931#endif
1932
1933#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1934 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
1935 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1936 ssl->specs.cipher_type = aead;
1937 ssl->specs.mac_algorithm = sha384_mac;
1938 ssl->specs.kea = diffie_hellman_kea;
1939 ssl->specs.sig_algo = rsa_sa_algo;
1940 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1941 ssl->specs.pad_size = PAD_SHA;
1942 ssl->specs.static_ecdh = 0;
1943 ssl->specs.key_size = AES_256_KEY_SIZE;
1944 ssl->specs.block_size = AES_BLOCK_SIZE;
1945 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1946 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1947
1948 break;
1949#endif
1950
1951#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1952 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
1953 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1954 ssl->specs.cipher_type = block;
1955 ssl->specs.mac_algorithm = sha_mac;
1956 ssl->specs.kea = rsa_kea;
1957 ssl->specs.sig_algo = rsa_sa_algo;
1958 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1959 ssl->specs.pad_size = PAD_SHA;
1960 ssl->specs.static_ecdh = 0;
1961 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1962 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1963 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1964
1965 break;
1966#endif
1967
1968#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1969 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
1970 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1971 ssl->specs.cipher_type = block;
1972 ssl->specs.mac_algorithm = sha_mac;
1973 ssl->specs.kea = rsa_kea;
1974 ssl->specs.sig_algo = rsa_sa_algo;
1975 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1976 ssl->specs.pad_size = PAD_SHA;
1977 ssl->specs.static_ecdh = 0;
1978 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1979 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1980 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1981
1982 break;
1983#endif
1984
1985#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1986 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1987 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1988 ssl->specs.cipher_type = block;
1989 ssl->specs.mac_algorithm = sha256_mac;
1990 ssl->specs.kea = rsa_kea;
1991 ssl->specs.sig_algo = rsa_sa_algo;
1992 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1993 ssl->specs.pad_size = PAD_SHA;
1994 ssl->specs.static_ecdh = 0;
1995 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1996 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1997 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1998
1999 break;
2000#endif
2001
2002#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
2003 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
2004 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2005 ssl->specs.cipher_type = block;
2006 ssl->specs.mac_algorithm = sha256_mac;
2007 ssl->specs.kea = rsa_kea;
2008 ssl->specs.sig_algo = rsa_sa_algo;
2009 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2010 ssl->specs.pad_size = PAD_SHA;
2011 ssl->specs.static_ecdh = 0;
2012 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
2013 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2014 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2015
2016 break;
2017#endif
2018
2019#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
2020 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
2021 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2022 ssl->specs.cipher_type = block;
2023 ssl->specs.mac_algorithm = sha_mac;
2024 ssl->specs.kea = diffie_hellman_kea;
2025 ssl->specs.sig_algo = rsa_sa_algo;
2026 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2027 ssl->specs.pad_size = PAD_SHA;
2028 ssl->specs.static_ecdh = 0;
2029 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
2030 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2031 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2032
2033 break;
2034#endif
2035
2036#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
2037 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
2038 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2039 ssl->specs.cipher_type = block;
2040 ssl->specs.mac_algorithm = sha_mac;
2041 ssl->specs.kea = diffie_hellman_kea;
2042 ssl->specs.sig_algo = rsa_sa_algo;
2043 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2044 ssl->specs.pad_size = PAD_SHA;
2045 ssl->specs.static_ecdh = 0;
2046 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
2047 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2048 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2049
2050 break;
2051#endif
2052
2053#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2054 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
2055 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2056 ssl->specs.cipher_type = block;
2057 ssl->specs.mac_algorithm = sha256_mac;
2058 ssl->specs.kea = diffie_hellman_kea;
2059 ssl->specs.sig_algo = rsa_sa_algo;
2060 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2061 ssl->specs.pad_size = PAD_SHA;
2062 ssl->specs.static_ecdh = 0;
2063 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
2064 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2065 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2066
2067 break;
2068#endif
2069
2070#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2071 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
2072 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2073 ssl->specs.cipher_type = block;
2074 ssl->specs.mac_algorithm = sha256_mac;
2075 ssl->specs.kea = diffie_hellman_kea;
2076 ssl->specs.sig_algo = rsa_sa_algo;
2077 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2078 ssl->specs.pad_size = PAD_SHA;
2079 ssl->specs.static_ecdh = 0;
2080 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
2081 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2082 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2083
2084 break;
2085#endif
2086
2087#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
2088 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
2089 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
2090 ssl->specs.cipher_type = block;
2091 ssl->specs.mac_algorithm = sha_mac;
2092 ssl->specs.kea = diffie_hellman_kea;
2093 ssl->specs.sig_algo = anonymous_sa_algo;
2094 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2095 ssl->specs.pad_size = PAD_SHA;
2096 ssl->specs.static_ecdh = 0;
2097 ssl->specs.key_size = AES_128_KEY_SIZE;
2098 ssl->specs.block_size = AES_BLOCK_SIZE;
2099 ssl->specs.iv_size = AES_IV_SIZE;
2100
2101 ssl->options.usingAnon_cipher = 1;
2102 break;
2103#endif
2104
2105#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
2106 case SSL_RSA_WITH_IDEA_CBC_SHA :
2107 ssl->specs.bulk_cipher_algorithm = wolfssl_idea;
2108 ssl->specs.cipher_type = block;
2109 ssl->specs.mac_algorithm = sha_mac;
2110 ssl->specs.kea = rsa_kea;
2111 ssl->specs.sig_algo = rsa_sa_algo;
2112 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2113 ssl->specs.pad_size = PAD_SHA;
2114 ssl->specs.static_ecdh = 0;
2115 ssl->specs.key_size = IDEA_KEY_SIZE;
2116 ssl->specs.block_size = IDEA_BLOCK_SIZE;
2117 ssl->specs.iv_size = IDEA_IV_SIZE;
2118
2119 break;
2120#endif
2121
2122#ifdef BUILD_WDM_WITH_NULL_SHA256
2123 case WDM_WITH_NULL_SHA256 :
2124 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
2125 ssl->specs.cipher_type = stream;
2126 ssl->specs.mac_algorithm = sha256_mac;
2127 ssl->specs.kea = no_kea;
2128 ssl->specs.sig_algo = anonymous_sa_algo;
2129 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2130 ssl->specs.pad_size = PAD_SHA;
2131
2132 break;
2133#endif
2134
2135 default:
2136 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
2137 return UNSUPPORTED_SUITE;
2138 } /* switch */
2139 } /* if ECC / Normal suites else */
2140
2141 /* set TLS if it hasn't been turned off */
2142 if (ssl->version.major == 3 && ssl->version.minor >= 1) {
2143#ifndef NO_TLS
2144 ssl->options.tls = 1;
2145 #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
2146 ssl->hmac = TLS_hmac;
2147 #endif
2148 if (ssl->version.minor >= 2) {
2149 ssl->options.tls1_1 = 1;
2150 if (ssl->version.minor >= 4)
2151 ssl->options.tls1_3 = 1;
2152 }
2153#endif
2154 }
2155
2156#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_AEAD_ONLY)
2157 if (ssl->options.dtls)
2158 ssl->hmac = TLS_hmac;
2159#endif
2160
2161 return 0;
2162}
2163
2164
2165enum KeyStuff {
2166 MASTER_ROUNDS = 3,
2167 PREFIX = 3, /* up to three letters for master prefix */
2168 KEY_PREFIX = 9 /* up to 9 prefix letters for key rounds */
2169
2170
2171};
2172
2173#ifndef NO_OLD_TLS
2174/* true or false, zero for error */
2175static int SetPrefix(byte* sha_input, int idx)
2176{
2177 switch (idx) {
2178 case 0:
2179 XMEMCPY(sha_input, "A", 1);
2180 break;
2181 case 1:
2182 XMEMCPY(sha_input, "BB", 2);
2183 break;
2184 case 2:
2185 XMEMCPY(sha_input, "CCC", 3);
2186 break;
2187 case 3:
2188 XMEMCPY(sha_input, "DDDD", 4);
2189 break;
2190 case 4:
2191 XMEMCPY(sha_input, "EEEEE", 5);
2192 break;
2193 case 5:
2194 XMEMCPY(sha_input, "FFFFFF", 6);
2195 break;
2196 case 6:
2197 XMEMCPY(sha_input, "GGGGGGG", 7);
2198 break;
2199 case 7:
2200 XMEMCPY(sha_input, "HHHHHHHH", 8);
2201 break;
2202 case 8:
2203 XMEMCPY(sha_input, "IIIIIIIII", 9);
2204 break;
2205 default:
2206 WOLFSSL_MSG("Set Prefix error, bad input");
2207 return 0;
2208 }
2209 return 1;
2210}
2211#endif
2212
2213
2214static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
2215 int side, void* heap, int devId)
2216{
2217#ifdef BUILD_ARC4
2218 word32 sz = specs->key_size;
2219 if (specs->bulk_cipher_algorithm == wolfssl_rc4) {
2220 if (enc && enc->arc4 == NULL)
2221 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2222 if (enc && enc->arc4 == NULL)
2223 return MEMORY_E;
2224 if (dec && dec->arc4 == NULL)
2225 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2226 if (dec && dec->arc4 == NULL)
2227 return MEMORY_E;
2228
2229 if (enc) {
2230 if (wc_Arc4Init(enc->arc4, heap, devId) != 0) {
2231 WOLFSSL_MSG("Arc4Init failed in SetKeys");
2232 return ASYNC_INIT_E;
2233 }
2234 }
2235 if (dec) {
2236 if (wc_Arc4Init(dec->arc4, heap, devId) != 0) {
2237 WOLFSSL_MSG("Arc4Init failed in SetKeys");
2238 return ASYNC_INIT_E;
2239 }
2240 }
2241
2242 if (side == WOLFSSL_CLIENT_END) {
2243 if (enc)
2244 wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
2245 if (dec)
2246 wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz);
2247 }
2248 else {
2249 if (enc)
2250 wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz);
2251 if (dec)
2252 wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz);
2253 }
2254 if (enc)
2255 enc->setup = 1;
2256 if (dec)
2257 dec->setup = 1;
2258 }
2259#endif /* BUILD_ARC4 */
2260
2261
2262#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
2263 /* Check that the max implicit iv size is suffecient */
2264 #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2265 #error AEAD_MAX_IMP_SZ is too small for ChaCha20
2266 #endif
2267 #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2268 #error MAX_WRITE_IV_SZ is too small for ChaCha20
2269 #endif
2270
2271 if (specs->bulk_cipher_algorithm == wolfssl_chacha) {
2272 int chachaRet;
2273 if (enc && enc->chacha == NULL)
2274 enc->chacha =
2275 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2276 if (enc && enc->chacha == NULL)
2277 return MEMORY_E;
2278 if (dec && dec->chacha == NULL)
2279 dec->chacha =
2280 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2281 if (dec && dec->chacha == NULL)
2282 return MEMORY_E;
2283 if (side == WOLFSSL_CLIENT_END) {
2284 if (enc) {
2285 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key,
2286 specs->key_size);
2287 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2288 CHACHA20_IMP_IV_SZ);
2289 if (chachaRet != 0) return chachaRet;
2290 }
2291 if (dec) {
2292 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key,
2293 specs->key_size);
2294 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2295 CHACHA20_IMP_IV_SZ);
2296 if (chachaRet != 0) return chachaRet;
2297 }
2298 }
2299 else {
2300 if (enc) {
2301 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key,
2302 specs->key_size);
2303 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2304 CHACHA20_IMP_IV_SZ);
2305 if (chachaRet != 0) return chachaRet;
2306 }
2307 if (dec) {
2308 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key,
2309 specs->key_size);
2310 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2311 CHACHA20_IMP_IV_SZ);
2312 if (chachaRet != 0) return chachaRet;
2313 }
2314 }
2315
2316 if (enc)
2317 enc->setup = 1;
2318 if (dec)
2319 dec->setup = 1;
2320 }
2321#endif /* HAVE_CHACHA && HAVE_POLY1305 */
2322
2323
2324#ifdef HAVE_HC128
2325 /* check that buffer sizes are sufficient */
2326 #if (MAX_WRITE_IV_SZ < 16) /* HC_128_IV_SIZE */
2327 #error MAX_WRITE_IV_SZ too small for HC128
2328 #endif
2329
2330 if (specs->bulk_cipher_algorithm == wolfssl_hc128) {
2331 int hcRet;
2332 if (enc && enc->hc128 == NULL)
2333 enc->hc128 =
2334 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
2335 if (enc && enc->hc128 == NULL)
2336 return MEMORY_E;
2337 if (dec && dec->hc128 == NULL)
2338 dec->hc128 =
2339 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
2340 if (dec && dec->hc128 == NULL)
2341 return MEMORY_E;
2342 if (side == WOLFSSL_CLIENT_END) {
2343 if (enc) {
2344 hcRet = wc_Hc128_SetKey(enc->hc128, keys->client_write_key,
2345 keys->client_write_IV);
2346 if (hcRet != 0) return hcRet;
2347 }
2348 if (dec) {
2349 hcRet = wc_Hc128_SetKey(dec->hc128, keys->server_write_key,
2350 keys->server_write_IV);
2351 if (hcRet != 0) return hcRet;
2352 }
2353 }
2354 else {
2355 if (enc) {
2356 hcRet = wc_Hc128_SetKey(enc->hc128, keys->server_write_key,
2357 keys->server_write_IV);
2358 if (hcRet != 0) return hcRet;
2359 }
2360 if (dec) {
2361 hcRet = wc_Hc128_SetKey(dec->hc128, keys->client_write_key,
2362 keys->client_write_IV);
2363 if (hcRet != 0) return hcRet;
2364 }
2365 }
2366 if (enc)
2367 enc->setup = 1;
2368 if (dec)
2369 dec->setup = 1;
2370 }
2371#endif /* HAVE_HC128 */
2372
2373#ifdef BUILD_RABBIT
2374 /* check that buffer sizes are sufficient */
2375 #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */
2376 #error MAX_WRITE_IV_SZ too small for RABBIT
2377 #endif
2378
2379 if (specs->bulk_cipher_algorithm == wolfssl_rabbit) {
2380 int rabRet;
2381 if (enc && enc->rabbit == NULL)
2382 enc->rabbit =
2383 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
2384 if (enc && enc->rabbit == NULL)
2385 return MEMORY_E;
2386 if (dec && dec->rabbit == NULL)
2387 dec->rabbit =
2388 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
2389 if (dec && dec->rabbit == NULL)
2390 return MEMORY_E;
2391 if (side == WOLFSSL_CLIENT_END) {
2392 if (enc) {
2393 rabRet = wc_RabbitSetKey(enc->rabbit, keys->client_write_key,
2394 keys->client_write_IV);
2395 if (rabRet != 0) return rabRet;
2396 }
2397 if (dec) {
2398 rabRet = wc_RabbitSetKey(dec->rabbit, keys->server_write_key,
2399 keys->server_write_IV);
2400 if (rabRet != 0) return rabRet;
2401 }
2402 }
2403 else {
2404 if (enc) {
2405 rabRet = wc_RabbitSetKey(enc->rabbit, keys->server_write_key,
2406 keys->server_write_IV);
2407 if (rabRet != 0) return rabRet;
2408 }
2409 if (dec) {
2410 rabRet = wc_RabbitSetKey(dec->rabbit, keys->client_write_key,
2411 keys->client_write_IV);
2412 if (rabRet != 0) return rabRet;
2413 }
2414 }
2415 if (enc)
2416 enc->setup = 1;
2417 if (dec)
2418 dec->setup = 1;
2419 }
2420#endif /* BUILD_RABBIT */
2421
2422#ifdef BUILD_DES3
2423 /* check that buffer sizes are sufficient */
2424 #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */
2425 #error MAX_WRITE_IV_SZ too small for 3DES
2426 #endif
2427
2428 if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
2429 int desRet = 0;
2430
2431 if (enc) {
2432 if (enc->des3 == NULL)
2433 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2434 if (enc->des3 == NULL)
2435 return MEMORY_E;
2436 XMEMSET(enc->des3, 0, sizeof(Des3));
2437 }
2438 if (dec) {
2439 if (dec->des3 == NULL)
2440 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2441 if (dec->des3 == NULL)
2442 return MEMORY_E;
2443 XMEMSET(dec->des3, 0, sizeof(Des3));
2444 }
2445
2446 if (enc) {
2447 if (wc_Des3Init(enc->des3, heap, devId) != 0) {
2448 WOLFSSL_MSG("Des3Init failed in SetKeys");
2449 return ASYNC_INIT_E;
2450 }
2451 }
2452 if (dec) {
2453 if (wc_Des3Init(dec->des3, heap, devId) != 0) {
2454 WOLFSSL_MSG("Des3Init failed in SetKeys");
2455 return ASYNC_INIT_E;
2456 }
2457 }
2458
2459 if (side == WOLFSSL_CLIENT_END) {
2460 if (enc) {
2461 desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
2462 keys->client_write_IV, DES_ENCRYPTION);
2463 if (desRet != 0) return desRet;
2464 }
2465 if (dec) {
2466 desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key,
2467 keys->server_write_IV, DES_DECRYPTION);
2468 if (desRet != 0) return desRet;
2469 }
2470 }
2471 else {
2472 if (enc) {
2473 desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key,
2474 keys->server_write_IV, DES_ENCRYPTION);
2475 if (desRet != 0) return desRet;
2476 }
2477 if (dec) {
2478 desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key,
2479 keys->client_write_IV, DES_DECRYPTION);
2480 if (desRet != 0) return desRet;
2481 }
2482 }
2483 if (enc)
2484 enc->setup = 1;
2485 if (dec)
2486 dec->setup = 1;
2487 }
2488#endif /* BUILD_DES3 */
2489
2490#ifdef BUILD_AES
2491 /* check that buffer sizes are sufficient */
2492 #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */
2493 #error MAX_WRITE_IV_SZ too small for AES
2494 #endif
2495
2496 if (specs->bulk_cipher_algorithm == wolfssl_aes) {
2497 int aesRet = 0;
2498
2499 if (enc) {
2500 if (enc->aes == NULL)
2501 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2502 if (enc->aes == NULL)
2503 return MEMORY_E;
2504 XMEMSET(enc->aes, 0, sizeof(Aes));
2505 }
2506 if (dec) {
2507 if (dec->aes == NULL)
2508 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2509 if (dec->aes == NULL)
2510 return MEMORY_E;
2511 XMEMSET(dec->aes, 0, sizeof(Aes));
2512 }
2513 if (enc) {
2514 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2515 WOLFSSL_MSG("AesInit failed in SetKeys");
2516 return ASYNC_INIT_E;
2517 }
2518 }
2519 if (dec) {
2520 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2521 WOLFSSL_MSG("AesInit failed in SetKeys");
2522 return ASYNC_INIT_E;
2523 }
2524 }
2525
2526 if (side == WOLFSSL_CLIENT_END) {
2527 if (enc) {
2528 aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
2529 specs->key_size, keys->client_write_IV,
2530 AES_ENCRYPTION);
2531 if (aesRet != 0) return aesRet;
2532 }
2533 if (dec) {
2534 aesRet = wc_AesSetKey(dec->aes, keys->server_write_key,
2535 specs->key_size, keys->server_write_IV,
2536 AES_DECRYPTION);
2537 if (aesRet != 0) return aesRet;
2538 }
2539 }
2540 else {
2541 if (enc) {
2542 aesRet = wc_AesSetKey(enc->aes, keys->server_write_key,
2543 specs->key_size, keys->server_write_IV,
2544 AES_ENCRYPTION);
2545 if (aesRet != 0) return aesRet;
2546 }
2547 if (dec) {
2548 aesRet = wc_AesSetKey(dec->aes, keys->client_write_key,
2549 specs->key_size, keys->client_write_IV,
2550 AES_DECRYPTION);
2551 if (aesRet != 0) return aesRet;
2552 }
2553 }
2554 if (enc)
2555 enc->setup = 1;
2556 if (dec)
2557 dec->setup = 1;
2558 }
2559#endif /* BUILD_AES */
2560
2561#ifdef BUILD_AESGCM
2562 /* check that buffer sizes are sufficient */
2563 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2564 #error AEAD_MAX_IMP_SZ too small for AESGCM
2565 #endif
2566 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2567 #error AEAD_MAX_EXP_SZ too small for AESGCM
2568 #endif
2569 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2570 #error MAX_WRITE_IV_SZ too small for AESGCM
2571 #endif
2572
2573 if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
2574 int gcmRet;
2575
2576 if (enc) {
2577 if (enc->aes == NULL)
2578 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2579 if (enc->aes == NULL)
2580 return MEMORY_E;
2581 XMEMSET(enc->aes, 0, sizeof(Aes));
2582 }
2583 if (dec) {
2584 if (dec->aes == NULL)
2585 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2586 if (dec->aes == NULL)
2587 return MEMORY_E;
2588 XMEMSET(dec->aes, 0, sizeof(Aes));
2589 }
2590
2591 if (enc) {
2592 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2593 WOLFSSL_MSG("AesInit failed in SetKeys");
2594 return ASYNC_INIT_E;
2595 }
2596 }
2597 if (dec) {
2598 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2599 WOLFSSL_MSG("AesInit failed in SetKeys");
2600 return ASYNC_INIT_E;
2601 }
2602 }
2603
2604 if (side == WOLFSSL_CLIENT_END) {
2605 if (enc) {
2606 gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key,
2607 specs->key_size);
2608 if (gcmRet != 0) return gcmRet;
2609 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2610 AEAD_MAX_IMP_SZ);
2611 }
2612 if (dec) {
2613 gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
2614 specs->key_size);
2615 if (gcmRet != 0) return gcmRet;
2616 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2617 AEAD_MAX_IMP_SZ);
2618 }
2619 }
2620 else {
2621 if (enc) {
2622 gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key,
2623 specs->key_size);
2624 if (gcmRet != 0) return gcmRet;
2625 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2626 AEAD_MAX_IMP_SZ);
2627 }
2628 if (dec) {
2629 gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
2630 specs->key_size);
2631 if (gcmRet != 0) return gcmRet;
2632 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2633 AEAD_MAX_IMP_SZ);
2634 }
2635 }
2636 if (enc)
2637 enc->setup = 1;
2638 if (dec)
2639 dec->setup = 1;
2640 }
2641#endif /* BUILD_AESGCM */
2642
2643#ifdef HAVE_AESCCM
2644 /* check that buffer sizes are sufficient (CCM is same size as GCM) */
2645 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2646 #error AEAD_MAX_IMP_SZ too small for AESCCM
2647 #endif
2648 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2649 #error AEAD_MAX_EXP_SZ too small for AESCCM
2650 #endif
2651 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2652 #error MAX_WRITE_IV_SZ too small for AESCCM
2653 #endif
2654
2655 if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
2656 int CcmRet;
2657
2658 if (enc) {
2659 if (enc->aes == NULL)
2660 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2661 if (enc->aes == NULL)
2662 return MEMORY_E;
2663 XMEMSET(enc->aes, 0, sizeof(Aes));
2664 }
2665 if (dec) {
2666 if (dec->aes == NULL)
2667 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2668 if (dec->aes == NULL)
2669 return MEMORY_E;
2670 XMEMSET(dec->aes, 0, sizeof(Aes));
2671 }
2672
2673 if (enc) {
2674 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2675 WOLFSSL_MSG("AesInit failed in SetKeys");
2676 return ASYNC_INIT_E;
2677 }
2678 }
2679 if (dec) {
2680 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2681 WOLFSSL_MSG("AesInit failed in SetKeys");
2682 return ASYNC_INIT_E;
2683 }
2684 }
2685
2686 if (side == WOLFSSL_CLIENT_END) {
2687 if (enc) {
2688 CcmRet = wc_AesCcmSetKey(enc->aes, keys->client_write_key,
2689 specs->key_size);
2690 if (CcmRet != 0) {
2691 return CcmRet;
2692 }
2693 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2694 AEAD_MAX_IMP_SZ);
2695 }
2696 if (dec) {
2697 CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key,
2698 specs->key_size);
2699 if (CcmRet != 0) {
2700 return CcmRet;
2701 }
2702 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2703 AEAD_MAX_IMP_SZ);
2704 }
2705 }
2706 else {
2707 if (enc) {
2708 CcmRet = wc_AesCcmSetKey(enc->aes, keys->server_write_key,
2709 specs->key_size);
2710 if (CcmRet != 0) {
2711 return CcmRet;
2712 }
2713 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2714 AEAD_MAX_IMP_SZ);
2715 }
2716 if (dec) {
2717 CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key,
2718 specs->key_size);
2719 if (CcmRet != 0) {
2720 return CcmRet;
2721 }
2722 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2723 AEAD_MAX_IMP_SZ);
2724 }
2725 }
2726 if (enc)
2727 enc->setup = 1;
2728 if (dec)
2729 dec->setup = 1;
2730 }
2731#endif /* HAVE_AESCCM */
2732
2733#ifdef HAVE_CAMELLIA
2734 /* check that buffer sizes are sufficient */
2735 #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */
2736 #error MAX_WRITE_IV_SZ too small for CAMELLIA
2737 #endif
2738
2739 if (specs->bulk_cipher_algorithm == wolfssl_camellia) {
2740 int camRet;
2741
2742 if (enc && enc->cam == NULL)
2743 enc->cam =
2744 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2745 if (enc && enc->cam == NULL)
2746 return MEMORY_E;
2747
2748 if (dec && dec->cam == NULL)
2749 dec->cam =
2750 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2751 if (dec && dec->cam == NULL)
2752 return MEMORY_E;
2753
2754 if (side == WOLFSSL_CLIENT_END) {
2755 if (enc) {
2756 camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key,
2757 specs->key_size, keys->client_write_IV);
2758 if (camRet != 0) return camRet;
2759 }
2760 if (dec) {
2761 camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key,
2762 specs->key_size, keys->server_write_IV);
2763 if (camRet != 0) return camRet;
2764 }
2765 }
2766 else {
2767 if (enc) {
2768 camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key,
2769 specs->key_size, keys->server_write_IV);
2770 if (camRet != 0) return camRet;
2771 }
2772 if (dec) {
2773 camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key,
2774 specs->key_size, keys->client_write_IV);
2775 if (camRet != 0) return camRet;
2776 }
2777 }
2778 if (enc)
2779 enc->setup = 1;
2780 if (dec)
2781 dec->setup = 1;
2782 }
2783#endif /* HAVE_CAMELLIA */
2784
2785#ifdef HAVE_IDEA
2786 /* check that buffer sizes are sufficient */
2787 #if (MAX_WRITE_IV_SZ < 8) /* IDEA_IV_SIZE */
2788 #error MAX_WRITE_IV_SZ too small for IDEA
2789 #endif
2790
2791 if (specs->bulk_cipher_algorithm == wolfssl_idea) {
2792 int ideaRet;
2793
2794 if (enc && enc->idea == NULL)
2795 enc->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
2796 if (enc && enc->idea == NULL)
2797 return MEMORY_E;
2798
2799 if (dec && dec->idea == NULL)
2800 dec->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
2801 if (dec && dec->idea == NULL)
2802 return MEMORY_E;
2803
2804 if (side == WOLFSSL_CLIENT_END) {
2805 if (enc) {
2806 ideaRet = wc_IdeaSetKey(enc->idea, keys->client_write_key,
2807 specs->key_size, keys->client_write_IV,
2808 IDEA_ENCRYPTION);
2809 if (ideaRet != 0) return ideaRet;
2810 }
2811 if (dec) {
2812 ideaRet = wc_IdeaSetKey(dec->idea, keys->server_write_key,
2813 specs->key_size, keys->server_write_IV,
2814 IDEA_DECRYPTION);
2815 if (ideaRet != 0) return ideaRet;
2816 }
2817 }
2818 else {
2819 if (enc) {
2820 ideaRet = wc_IdeaSetKey(enc->idea, keys->server_write_key,
2821 specs->key_size, keys->server_write_IV,
2822 IDEA_ENCRYPTION);
2823 if (ideaRet != 0) return ideaRet;
2824 }
2825 if (dec) {
2826 ideaRet = wc_IdeaSetKey(dec->idea, keys->client_write_key,
2827 specs->key_size, keys->client_write_IV,
2828 IDEA_DECRYPTION);
2829 if (ideaRet != 0) return ideaRet;
2830 }
2831 }
2832 if (enc)
2833 enc->setup = 1;
2834 if (dec)
2835 dec->setup = 1;
2836 }
2837#endif /* HAVE_IDEA */
2838
2839#ifdef HAVE_NULL_CIPHER
2840 if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
2841 if (enc)
2842 enc->setup = 1;
2843 if (dec)
2844 dec->setup = 1;
2845 }
2846#endif
2847
2848 if (enc) {
2849 keys->sequence_number_hi = 0;
2850 keys->sequence_number_lo = 0;
2851 }
2852 if (dec) {
2853 keys->peer_sequence_number_hi = 0;
2854 keys->peer_sequence_number_lo = 0;
2855 }
2856 (void)side;
2857 (void)heap;
2858 (void)enc;
2859 (void)dec;
2860 (void)specs;
2861 (void)devId;
2862
2863 return 0;
2864}
2865
2866
2867#ifdef HAVE_ONE_TIME_AUTH
2868/* set one time authentication keys */
2869static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
2870 CipherSpecs* specs, void* heap, int devId)
2871{
2872
2873#ifdef HAVE_POLY1305
2874 /* set up memory space for poly1305 */
2875 if (authentication && authentication->poly1305 == NULL)
2876 authentication->poly1305 =
2877 (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER);
2878 if (authentication && authentication->poly1305 == NULL)
2879 return MEMORY_E;
2880 if (authentication)
2881 authentication->setup = 1;
2882#endif
2883 (void)authentication;
2884 (void)heap;
2885 (void)keys;
2886 (void)specs;
2887 (void)devId;
2888
2889 return 0;
2890}
2891#endif /* HAVE_ONE_TIME_AUTH */
2892
2893#ifdef HAVE_SECURE_RENEGOTIATION
2894/* function name is for cache_status++
2895 * This function was added because of error incrementing enum type when
2896 * compiling with a C++ compiler.
2897 */
2898static void CacheStatusPP(SecureRenegotiation* cache)
2899{
2900 switch (cache->cache_status) {
2901 case SCR_CACHE_NULL:
2902 cache->cache_status = SCR_CACHE_NEEDED;
2903 break;
2904
2905 case SCR_CACHE_NEEDED:
2906 cache->cache_status = SCR_CACHE_COPY;
2907 break;
2908
2909 case SCR_CACHE_COPY:
2910 cache->cache_status = SCR_CACHE_PARTIAL;
2911 break;
2912
2913 case SCR_CACHE_PARTIAL:
2914 cache->cache_status = SCR_CACHE_COMPLETE;
2915 break;
2916
2917 case SCR_CACHE_COMPLETE:
2918 WOLFSSL_MSG("SCR Cache state Complete");
2919 break;
2920
2921 default:
2922 WOLFSSL_MSG("Unknown cache state!!");
2923 }
2924}
2925#endif /* HAVE_SECURE_RENEGOTIATION */
2926
2927
2928/* Set wc_encrypt/wc_decrypt or both sides of key setup
2929 * note: use wc_encrypt to avoid shadowing global encrypt
2930 * declared in unistd.h
2931 */
2932int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
2933{
2934 int devId = INVALID_DEVID, ret, copy = 0;
2935 Ciphers* wc_encrypt = NULL;
2936 Ciphers* wc_decrypt = NULL;
2937 Keys* keys = &ssl->keys;
2938
2939 (void)copy;
2940
2941#ifdef WOLFSSL_ASYNC_CRYPT
2942 devId = ssl->devId;
2943#endif
2944
2945#ifdef HAVE_SECURE_RENEGOTIATION
2946 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) {
2947 keys = &ssl->secure_renegotiation->tmp_keys;
2948 copy = 1;
2949 }
2950#endif /* HAVE_SECURE_RENEGOTIATION */
2951
2952 switch (side) {
2953 case ENCRYPT_SIDE_ONLY:
2954#ifdef WOLFSSL_DEBUG_TLS
2955 WOLFSSL_MSG("Provisioning ENCRYPT key");
2956 if (ssl->options.side == WOLFSSL_CLIENT_END) {
2957 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE);
2958 }
2959 else {
2960 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE);
2961 }
2962#endif
2963 wc_encrypt = &ssl->encrypt;
2964 break;
2965
2966 case DECRYPT_SIDE_ONLY:
2967#ifdef WOLFSSL_DEBUG_TLS
2968 WOLFSSL_MSG("Provisioning DECRYPT key");
2969 if (ssl->options.side == WOLFSSL_CLIENT_END) {
2970 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE);
2971 }
2972 else {
2973 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE);
2974 }
2975#endif
2976 wc_decrypt = &ssl->decrypt;
2977 break;
2978
2979 case ENCRYPT_AND_DECRYPT_SIDE:
2980#ifdef WOLFSSL_DEBUG_TLS
2981 WOLFSSL_MSG("Provisioning ENCRYPT key");
2982 if (ssl->options.side == WOLFSSL_CLIENT_END) {
2983 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE);
2984 }
2985 else {
2986 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE);
2987 }
2988 WOLFSSL_MSG("Provisioning DECRYPT key");
2989 if (ssl->options.side == WOLFSSL_CLIENT_END) {
2990 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE);
2991 }
2992 else {
2993 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE);
2994 }
2995#endif
2996 wc_encrypt = &ssl->encrypt;
2997 wc_decrypt = &ssl->decrypt;
2998 break;
2999
3000 default:
3001 return BAD_FUNC_ARG;
3002 }
3003
3004#ifdef HAVE_ONE_TIME_AUTH
3005 if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){
3006 ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, devId);
3007 if (ret != 0)
3008 return ret;
3009 }
3010#endif
3011
3012 ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
3013 ssl->heap, devId);
3014
3015#ifdef HAVE_SECURE_RENEGOTIATION
3016 if (copy) {
3017 int clientCopy = 0;
3018
3019 if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt)
3020 clientCopy = 1;
3021 else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt)
3022 clientCopy = 1;
3023
3024 if (clientCopy) {
3025 #ifndef WOLFSSL_AEAD_ONLY
3026 XMEMCPY(ssl->keys.client_write_MAC_secret,
3027 keys->client_write_MAC_secret, WC_MAX_DIGEST_SIZE);
3028 #endif
3029 XMEMCPY(ssl->keys.client_write_key,
3030 keys->client_write_key, AES_256_KEY_SIZE);
3031 XMEMCPY(ssl->keys.client_write_IV,
3032 keys->client_write_IV, MAX_WRITE_IV_SZ);
3033 } else {
3034 #ifndef WOLFSSL_AEAD_ONLY
3035 XMEMCPY(ssl->keys.server_write_MAC_secret,
3036 keys->server_write_MAC_secret, WC_MAX_DIGEST_SIZE);
3037 #endif
3038 XMEMCPY(ssl->keys.server_write_key,
3039 keys->server_write_key, AES_256_KEY_SIZE);
3040 XMEMCPY(ssl->keys.server_write_IV,
3041 keys->server_write_IV, MAX_WRITE_IV_SZ);
3042 }
3043 if (wc_encrypt) {
3044 ssl->keys.sequence_number_hi = keys->sequence_number_hi;
3045 ssl->keys.sequence_number_lo = keys->sequence_number_lo;
3046 #ifdef HAVE_AEAD
3047 if (ssl->specs.cipher_type == aead) {
3048 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3049 XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
3050 AEAD_MAX_EXP_SZ);
3051
3052 /* Initialize encrypt implicit IV by encrypt side */
3053 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3054 XMEMCPY(ssl->keys.aead_enc_imp_IV,
3055 keys->client_write_IV, AEAD_MAX_IMP_SZ);
3056 } else {
3057 XMEMCPY(ssl->keys.aead_enc_imp_IV,
3058 keys->server_write_IV, AEAD_MAX_IMP_SZ);
3059 }
3060 }
3061 #endif
3062 }
3063 if (wc_decrypt) {
3064 ssl->keys.peer_sequence_number_hi = keys->peer_sequence_number_hi;
3065 ssl->keys.peer_sequence_number_lo = keys->peer_sequence_number_lo;
3066 #ifdef HAVE_AEAD
3067 if (ssl->specs.cipher_type == aead) {
3068 /* Initialize decrypt implicit IV by decrypt side */
3069 if (ssl->options.side == WOLFSSL_SERVER_END) {
3070 XMEMCPY(ssl->keys.aead_dec_imp_IV,
3071 keys->client_write_IV, AEAD_MAX_IMP_SZ);
3072 } else {
3073 XMEMCPY(ssl->keys.aead_dec_imp_IV,
3074 keys->server_write_IV, AEAD_MAX_IMP_SZ);
3075 }
3076 }
3077 #endif
3078 }
3079 CacheStatusPP(ssl->secure_renegotiation);
3080 }
3081#endif /* HAVE_SECURE_RENEGOTIATION */
3082
3083 return ret;
3084}
3085
3086
3087/* TLS can call too */
3088int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
3089{
3090 int sz, i = 0;
3091 Keys* keys = &ssl->keys;
3092
3093#ifdef HAVE_SECURE_RENEGOTIATION
3094 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status ==
3095 SCR_CACHE_NEEDED) {
3096 keys = &ssl->secure_renegotiation->tmp_keys;
3097 CacheStatusPP(ssl->secure_renegotiation);
3098 }
3099#endif /* HAVE_SECURE_RENEGOTIATION */
3100
3101#ifdef WOLFSSL_MULTICAST
3102 if (ssl->options.haveMcast) {
3103 /* Use the same keys for encrypt and decrypt. */
3104 if (ssl->specs.cipher_type != aead) {
3105 sz = ssl->specs.hash_size;
3106 #ifndef WOLFSSL_AEAD_ONLY
3107 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3108 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3109 #endif
3110 i += sz;
3111 }
3112 sz = ssl->specs.key_size;
3113 XMEMCPY(keys->client_write_key, &keyData[i], sz);
3114 XMEMCPY(keys->server_write_key, &keyData[i], sz);
3115 i += sz;
3116
3117 sz = ssl->specs.iv_size;
3118 XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3119 XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3120
3121#ifdef HAVE_AEAD
3122 if (ssl->specs.cipher_type == aead) {
3123 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3124 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3125 }
3126#endif /* HAVE_AEAD */
3127
3128 return 0;
3129 }
3130#endif /* WOLFSSL_MULTICAST */
3131
3132 if (ssl->specs.cipher_type != aead) {
3133 sz = ssl->specs.hash_size;
3134 if (side & PROVISION_CLIENT) {
3135 #ifndef WOLFSSL_AEAD_ONLY
3136 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3137 #endif
3138 i += sz;
3139 }
3140 if (side & PROVISION_SERVER) {
3141 #ifndef WOLFSSL_AEAD_ONLY
3142 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3143 #endif
3144 i += sz;
3145 }
3146 }
3147 sz = ssl->specs.key_size;
3148 if (side & PROVISION_CLIENT) {
3149 XMEMCPY(keys->client_write_key, &keyData[i], sz);
3150 i += sz;
3151 }
3152 if (side & PROVISION_SERVER) {
3153 XMEMCPY(keys->server_write_key, &keyData[i], sz);
3154 i += sz;
3155 }
3156
3157 sz = ssl->specs.iv_size;
3158 if (side & PROVISION_CLIENT) {
3159 XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3160 i += sz;
3161 }
3162 if (side & PROVISION_SERVER)
3163 XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3164
3165#ifdef HAVE_AEAD
3166 if (ssl->specs.cipher_type == aead) {
3167 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3168 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3169 }
3170#endif
3171
3172 return 0;
3173}
3174
3175#ifndef NO_OLD_TLS
3176int DeriveKeys(WOLFSSL* ssl)
3177{
3178 int length = 2 * ssl->specs.hash_size +
3179 2 * ssl->specs.key_size +
3180 2 * ssl->specs.iv_size;
3181 int rounds = (length + WC_MD5_DIGEST_SIZE - 1 ) / WC_MD5_DIGEST_SIZE, i;
3182 int ret = 0;
3183
3184#ifdef WOLFSSL_SMALL_STACK
3185 byte* shaOutput;
3186 byte* md5Input;
3187 byte* shaInput;
3188 byte* keyData;
3189 wc_Md5* md5;
3190 wc_Sha* sha;
3191#else
3192 byte shaOutput[WC_SHA_DIGEST_SIZE];
3193 byte md5Input[SECRET_LEN + WC_SHA_DIGEST_SIZE];
3194 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
3195 byte keyData[KEY_PREFIX * WC_MD5_DIGEST_SIZE];
3196 wc_Md5 md5[1];
3197 wc_Sha sha[1];
3198#endif
3199
3200#ifdef WOLFSSL_SMALL_STACK
3201 shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3202 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3203 md5Input = (byte*)XMALLOC(SECRET_LEN + WC_SHA_DIGEST_SIZE,
3204 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3205 shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN,
3206 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3207 keyData = (byte*)XMALLOC(KEY_PREFIX * WC_MD5_DIGEST_SIZE,
3208 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3209 md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3210 sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3211
3212 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3213 keyData == NULL || md5 == NULL || sha == NULL) {
3214 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3215 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3216 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3217 if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3218 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3219 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3220
3221 return MEMORY_E;
3222 }
3223#endif
3224
3225 ret = wc_InitMd5(md5);
3226 if (ret == 0) {
3227 ret = wc_InitSha(sha);
3228 }
3229 if (ret == 0) {
3230 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
3231
3232 for (i = 0; i < rounds; ++i) {
3233 int j = i + 1;
3234 int idx = j;
3235
3236 if (!SetPrefix(shaInput, i)) {
3237 ret = PREFIX_ERROR;
3238 break;
3239 }
3240
3241 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
3242 idx += SECRET_LEN;
3243 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3244 idx += RAN_LEN;
3245 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3246 if (ret == 0) {
3247 ret = wc_ShaUpdate(sha, shaInput,
3248 (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j);
3249 }
3250 if (ret == 0) {
3251 ret = wc_ShaFinal(sha, shaOutput);
3252 }
3253
3254 XMEMCPY(md5Input + SECRET_LEN, shaOutput, WC_SHA_DIGEST_SIZE);
3255 if (ret == 0) {
3256 ret = wc_Md5Update(md5, md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE);
3257 }
3258 if (ret == 0) {
3259 ret = wc_Md5Final(md5, keyData + i * WC_MD5_DIGEST_SIZE);
3260 }
3261 }
3262
3263 if (ret == 0)
3264 ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER);
3265 }
3266
3267#ifdef WOLFSSL_SMALL_STACK
3268 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3269 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3270 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3271 XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3272 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3273 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3274#endif
3275
3276 return ret;
3277}
3278
3279
3280static int CleanPreMaster(WOLFSSL* ssl)
3281{
3282 int i, ret, sz = ssl->arrays->preMasterSz;
3283
3284 for (i = 0; i < sz; i++)
3285 ssl->arrays->preMasterSecret[i] = 0;
3286
3287 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
3288 if (ret != 0)
3289 return ret;
3290
3291 for (i = 0; i < sz; i++)
3292 ssl->arrays->preMasterSecret[i] = 0;
3293
3294 XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
3295 ssl->arrays->preMasterSecret = NULL;
3296
3297 return 0;
3298}
3299
3300
3301/* Create and store the master secret see page 32, 6.1 */
3302static int MakeSslMasterSecret(WOLFSSL* ssl)
3303{
3304 int i, ret;
3305 word32 idx;
3306 word32 pmsSz = ssl->arrays->preMasterSz;
3307
3308#ifdef WOLFSSL_SMALL_STACK
3309 byte* shaOutput;
3310 byte* md5Input;
3311 byte* shaInput;
3312 wc_Md5* md5;
3313 wc_Sha* sha;
3314#else
3315 byte shaOutput[WC_SHA_DIGEST_SIZE];
3316 byte md5Input[ENCRYPT_LEN + WC_SHA_DIGEST_SIZE];
3317 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
3318 wc_Md5 md5[1];
3319 wc_Sha sha[1];
3320#endif
3321
3322#ifdef SHOW_SECRETS
3323 {
3324 word32 j;
3325 printf("pre master secret: ");
3326 for (j = 0; j < pmsSz; j++)
3327 printf("%02x", ssl->arrays->preMasterSecret[j]);
3328 printf("\n");
3329 }
3330#endif
3331
3332#ifdef WOLFSSL_SMALL_STACK
3333 shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3334 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3335 md5Input = (byte*)XMALLOC(ENCRYPT_LEN + WC_SHA_DIGEST_SIZE,
3336 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3337 shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN,
3338 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3339 md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3340 sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3341
3342 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3343 md5 == NULL || sha == NULL) {
3344 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3345 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3346 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3347 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3348 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3349
3350 return MEMORY_E;
3351 }
3352#endif
3353
3354 ret = wc_InitMd5(md5);
3355 if (ret == 0) {
3356 ret = wc_InitSha(sha);
3357 }
3358 if (ret == 0) {
3359 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
3360
3361 for (i = 0; i < MASTER_ROUNDS; ++i) {
3362 byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */
3363 if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */
3364 ret = PREFIX_ERROR;
3365 break;
3366 }
3367
3368 idx = 0;
3369 XMEMCPY(shaInput, prefix, i + 1);
3370 idx += i + 1;
3371
3372 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
3373 idx += pmsSz;
3374 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3375 idx += RAN_LEN;
3376 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3377 idx += RAN_LEN;
3378 if (ret == 0) {
3379 ret = wc_ShaUpdate(sha, shaInput, idx);
3380 }
3381 if (ret == 0) {
3382 ret = wc_ShaFinal(sha, shaOutput);
3383 }
3384 idx = pmsSz; /* preSz */
3385 XMEMCPY(md5Input + idx, shaOutput, WC_SHA_DIGEST_SIZE);
3386 idx += WC_SHA_DIGEST_SIZE;
3387 if (ret == 0) {
3388 ret = wc_Md5Update(md5, md5Input, idx);
3389 }
3390 if (ret == 0) {
3391 ret = wc_Md5Final(md5,
3392 &ssl->arrays->masterSecret[i * WC_MD5_DIGEST_SIZE]);
3393 }
3394 }
3395
3396#ifdef SHOW_SECRETS
3397 {
3398 word32 j;
3399 printf("master secret: ");
3400 for (j = 0; j < SECRET_LEN; j++)
3401 printf("%02x", ssl->arrays->masterSecret[j]);
3402 printf("\n");
3403 }
3404#endif
3405
3406 if (ret == 0)
3407 ret = DeriveKeys(ssl);
3408 }
3409
3410#ifdef WOLFSSL_SMALL_STACK
3411 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3412 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3413 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3414 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3415 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3416#endif
3417
3418 if (ret == 0)
3419 ret = CleanPreMaster(ssl);
3420 else
3421 CleanPreMaster(ssl);
3422
3423 return ret;
3424}
3425#endif
3426
3427
3428/* Master wrapper, doesn't use SSL stack space in TLS mode */
3429int MakeMasterSecret(WOLFSSL* ssl)
3430{
3431 /* append secret to premaster : premaster | SerSi | CliSi */
3432#ifdef HAVE_QSH
3433 word32 offset = 0;
3434
3435 if (ssl->peerQSHKeyPresent) {
3436 offset += ssl->arrays->preMasterSz;
3437 ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length +
3438 ssl->QSH_secret->SerSi->length;
3439 /* test and set flag if QSH has been used */
3440 if (ssl->QSH_secret->CliSi->length > 0 ||
3441 ssl->QSH_secret->SerSi->length > 0)
3442 ssl->isQSH = 1;
3443
3444 /* append secrets to the premaster */
3445 if (ssl->QSH_secret->SerSi != NULL) {
3446 XMEMCPY(ssl->arrays->preMasterSecret + offset,
3447 ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length);
3448 }
3449 offset += ssl->QSH_secret->SerSi->length;
3450 if (ssl->QSH_secret->CliSi != NULL) {
3451 XMEMCPY(ssl->arrays->preMasterSecret + offset,
3452 ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length);
3453 }
3454
3455 /* show secret SerSi and CliSi */
3456 #ifdef SHOW_SECRETS
3457 {
3458 word32 j;
3459 printf("QSH generated secret material\n");
3460 printf("SerSi : ");
3461 for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) {
3462 printf("%02x", ssl->QSH_secret->SerSi->buffer[j]);
3463 }
3464 printf("\n");
3465 printf("CliSi : ");
3466 for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) {
3467 printf("%02x", ssl->QSH_secret->CliSi->buffer[j]);
3468 }
3469 printf("\n");
3470 }
3471 #endif
3472 }
3473#endif
3474
3475#ifndef NO_OLD_TLS
3476 if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
3477 return MakeSslMasterSecret(ssl);
3478#elif !defined(WOLFSSL_NO_TLS12)
3479 return MakeTlsMasterSecret(ssl);
3480#else
3481 (void)ssl;
3482 return 0;
3483#endif
3484}
3485
3486#endif /* WOLFCRYPT_ONLY */
3487
Note: See TracBrowser for help on using the repository browser.