source: azure_iot_hub_f767zi/trunk/wolfssl-4.4.0/src/keys.c@ 457

Last change on this file since 457 was 457, checked in by coas-nagasima, 4 years ago

ファイルを追加
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc;charset=UTF-8
File size: 138.5 KB
Line 
1/* keys.c
2 *
3 * Copyright (C) 2006-2020 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23/* Name change compatibility layer no longer needs to be included here */
24
25#ifdef HAVE_CONFIG_H
26 #include <config.h>
27#endif
28
29#include <wolfssl/wolfcrypt/settings.h>
30
31#ifndef WOLFCRYPT_ONLY
32
33#include <wolfssl/internal.h>
34#include <wolfssl/error-ssl.h>
35#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
36 #ifndef NO_STDIO_FILESYSTEM
37 #include <stdio.h>
38 #endif
39#endif
40
41#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
42 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
43 int tsip_useable(const WOLFSSL *ssl);
44#endif
45int SetCipherSpecs(WOLFSSL* ssl)
46{
47#ifndef NO_WOLFSSL_CLIENT
48 if (ssl->options.side == WOLFSSL_CLIENT_END) {
49 /* server side verified before SetCipherSpecs call */
50 if (VerifyClientSuite(ssl) != 1) {
51 WOLFSSL_MSG("SetCipherSpecs() client has an unusable suite");
52 return UNSUPPORTED_SUITE;
53 }
54 }
55#endif /* NO_WOLFSSL_CLIENT */
56
57 /* Chacha extensions, 0xcc */
58 if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
59
60 switch (ssl->options.cipherSuite) {
61#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
62 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
63 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
64 ssl->specs.cipher_type = aead;
65 ssl->specs.mac_algorithm = sha256_mac;
66 ssl->specs.kea = ecc_diffie_hellman_kea;
67 ssl->specs.sig_algo = rsa_sa_algo;
68 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
69 ssl->specs.pad_size = PAD_SHA;
70 ssl->specs.static_ecdh = 0;
71 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
72 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
73 ssl->specs.iv_size = CHACHA20_IV_SIZE;
74 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
75 ssl->options.oldPoly = 1; /* use old poly1305 padding */
76
77 break;
78#endif
79
80#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
81 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
82 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
83 ssl->specs.cipher_type = aead;
84 ssl->specs.mac_algorithm = sha256_mac;
85 ssl->specs.kea = ecc_diffie_hellman_kea;
86 ssl->specs.sig_algo = ecc_dsa_sa_algo;
87 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
88 ssl->specs.pad_size = PAD_SHA;
89 ssl->specs.static_ecdh = 0;
90 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
91 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
92 ssl->specs.iv_size = CHACHA20_IV_SIZE;
93 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
94 ssl->options.oldPoly = 1; /* use old poly1305 padding */
95
96 break;
97#endif
98
99#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
100 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
101 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
102 ssl->specs.cipher_type = aead;
103 ssl->specs.mac_algorithm = sha256_mac;
104 ssl->specs.kea = diffie_hellman_kea;
105 ssl->specs.sig_algo = rsa_sa_algo;
106 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
107 ssl->specs.pad_size = PAD_SHA;
108 ssl->specs.static_ecdh = 0;
109 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
110 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
111 ssl->specs.iv_size = CHACHA20_IV_SIZE;
112 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
113 ssl->options.oldPoly = 1; /* use old poly1305 padding */
114
115 break;
116#endif
117#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
118 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
119 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
120 ssl->specs.cipher_type = aead;
121 ssl->specs.mac_algorithm = sha256_mac;
122 ssl->specs.kea = ecc_diffie_hellman_kea;
123 ssl->specs.sig_algo = rsa_sa_algo;
124 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
125 ssl->specs.pad_size = PAD_SHA;
126 ssl->specs.static_ecdh = 0;
127 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
128 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
129 ssl->specs.iv_size = CHACHA20_IV_SIZE;
130 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
131 ssl->options.oldPoly = 0; /* use recent padding RFC */
132
133 break;
134#endif
135
136#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
137 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
138 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
139 ssl->specs.cipher_type = aead;
140 ssl->specs.mac_algorithm = sha256_mac;
141 ssl->specs.kea = ecc_diffie_hellman_kea;
142 ssl->specs.sig_algo = ecc_dsa_sa_algo;
143 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
144 ssl->specs.pad_size = PAD_SHA;
145 ssl->specs.static_ecdh = 0;
146 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
147 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
148 ssl->specs.iv_size = CHACHA20_IV_SIZE;
149 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
150 ssl->options.oldPoly = 0; /* use recent padding RFC */
151
152 break;
153#endif
154
155#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
156 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
157 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
158 ssl->specs.cipher_type = aead;
159 ssl->specs.mac_algorithm = sha256_mac;
160 ssl->specs.kea = diffie_hellman_kea;
161 ssl->specs.sig_algo = rsa_sa_algo;
162 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
163 ssl->specs.pad_size = PAD_SHA;
164 ssl->specs.static_ecdh = 0;
165 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
166 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
167 ssl->specs.iv_size = CHACHA20_IV_SIZE;
168 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
169 ssl->options.oldPoly = 0; /* use recent padding RFC */
170
171 break;
172#endif
173
174#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
175 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256:
176 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
177 ssl->specs.cipher_type = aead;
178 ssl->specs.mac_algorithm = sha256_mac;
179 ssl->specs.kea = psk_kea;
180 ssl->specs.sig_algo = anonymous_sa_algo;
181 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
182 ssl->specs.pad_size = PAD_SHA;
183 ssl->specs.static_ecdh = 0;
184 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
185 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
186 ssl->specs.iv_size = CHACHA20_IV_SIZE;
187 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
188
189 ssl->options.oldPoly = 0; /* use recent padding RFC */
190 ssl->options.usingPSK_cipher = 1;
191 break;
192#endif
193
194#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
195 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
196 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
197 ssl->specs.cipher_type = aead;
198 ssl->specs.mac_algorithm = sha256_mac;
199 ssl->specs.kea = ecdhe_psk_kea;
200 ssl->specs.sig_algo = anonymous_sa_algo;
201 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
202 ssl->specs.pad_size = PAD_SHA;
203 ssl->specs.static_ecdh = 0;
204 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
205 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
206 ssl->specs.iv_size = CHACHA20_IV_SIZE;
207 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
208
209 ssl->options.oldPoly = 0; /* use recent padding RFC */
210 ssl->options.usingPSK_cipher = 1;
211 break;
212#endif
213
214#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
215 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
216 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
217 ssl->specs.cipher_type = aead;
218 ssl->specs.mac_algorithm = sha256_mac;
219 ssl->specs.kea = dhe_psk_kea;
220 ssl->specs.sig_algo = anonymous_sa_algo;
221 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
222 ssl->specs.pad_size = PAD_SHA;
223 ssl->specs.static_ecdh = 0;
224 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
225 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
226 ssl->specs.iv_size = CHACHA20_IV_SIZE;
227 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
228
229 ssl->options.oldPoly = 0; /* use recent padding RFC */
230 ssl->options.usingPSK_cipher = 1;
231 break;
232#endif
233 default:
234 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
235 return UNSUPPORTED_SUITE;
236 }
237 }
238
239 /* ECC extensions, AES-CCM or TLS 1.3 Integrity-only */
240 if (ssl->options.cipherSuite0 == ECC_BYTE) {
241
242 switch (ssl->options.cipherSuite) {
243
244#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
245
246#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
247 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
248 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
249 ssl->specs.cipher_type = block;
250 ssl->specs.mac_algorithm = sha256_mac;
251 ssl->specs.kea = ecc_diffie_hellman_kea;
252 ssl->specs.sig_algo = rsa_sa_algo;
253 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
254 ssl->specs.pad_size = PAD_SHA;
255 ssl->specs.static_ecdh = 0;
256 ssl->specs.key_size = AES_128_KEY_SIZE;
257 ssl->specs.iv_size = AES_IV_SIZE;
258 ssl->specs.block_size = AES_BLOCK_SIZE;
259
260 break;
261#endif
262
263#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
264 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
265 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
266 ssl->specs.cipher_type = block;
267 ssl->specs.mac_algorithm = sha384_mac;
268 ssl->specs.kea = ecc_diffie_hellman_kea;
269 ssl->specs.sig_algo = rsa_sa_algo;
270 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
271 ssl->specs.pad_size = PAD_SHA;
272 ssl->specs.static_ecdh = 0;
273 ssl->specs.key_size = AES_256_KEY_SIZE;
274 ssl->specs.iv_size = AES_IV_SIZE;
275 ssl->specs.block_size = AES_BLOCK_SIZE;
276
277 break;
278#endif
279
280#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
281 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
282 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
283 ssl->specs.cipher_type = block;
284 ssl->specs.mac_algorithm = sha_mac;
285 ssl->specs.kea = ecc_diffie_hellman_kea;
286 ssl->specs.sig_algo = rsa_sa_algo;
287 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
288 ssl->specs.pad_size = PAD_SHA;
289 ssl->specs.static_ecdh = 0;
290 ssl->specs.key_size = AES_128_KEY_SIZE;
291 ssl->specs.block_size = AES_BLOCK_SIZE;
292 ssl->specs.iv_size = AES_IV_SIZE;
293
294 break;
295#endif
296
297#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
298 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
299 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
300 ssl->specs.cipher_type = block;
301 ssl->specs.mac_algorithm = sha_mac;
302 ssl->specs.kea = ecc_diffie_hellman_kea;
303 ssl->specs.sig_algo = rsa_sa_algo;
304 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
305 ssl->specs.pad_size = PAD_SHA;
306 ssl->specs.static_ecdh = 0;
307 ssl->specs.key_size = DES3_KEY_SIZE;
308 ssl->specs.block_size = DES_BLOCK_SIZE;
309 ssl->specs.iv_size = DES_IV_SIZE;
310
311 break;
312#endif
313
314#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
315 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
316 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
317 ssl->specs.cipher_type = stream;
318 ssl->specs.mac_algorithm = sha_mac;
319 ssl->specs.kea = ecc_diffie_hellman_kea;
320 ssl->specs.sig_algo = rsa_sa_algo;
321 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
322 ssl->specs.pad_size = PAD_SHA;
323 ssl->specs.static_ecdh = 0;
324 ssl->specs.key_size = RC4_KEY_SIZE;
325 ssl->specs.iv_size = 0;
326 ssl->specs.block_size = 0;
327
328 break;
329#endif
330
331#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
332 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
333 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
334 ssl->specs.cipher_type = block;
335 ssl->specs.mac_algorithm = sha_mac;
336 ssl->specs.kea = ecc_diffie_hellman_kea;
337 ssl->specs.sig_algo = rsa_sa_algo;
338 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
339 ssl->specs.pad_size = PAD_SHA;
340 ssl->specs.static_ecdh = 0;
341 ssl->specs.key_size = AES_256_KEY_SIZE;
342 ssl->specs.block_size = AES_BLOCK_SIZE;
343 ssl->specs.iv_size = AES_IV_SIZE;
344
345 break;
346#endif
347
348#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
349 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
350 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
351 ssl->specs.cipher_type = aead;
352 ssl->specs.mac_algorithm = sha256_mac;
353 ssl->specs.kea = ecc_diffie_hellman_kea;
354 ssl->specs.sig_algo = rsa_sa_algo;
355 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
356 ssl->specs.pad_size = PAD_SHA;
357 ssl->specs.static_ecdh = 0;
358 ssl->specs.key_size = AES_128_KEY_SIZE;
359 ssl->specs.block_size = AES_BLOCK_SIZE;
360 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
361 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
362
363 break;
364#endif
365
366#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
367 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
368 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
369 ssl->specs.cipher_type = aead;
370 ssl->specs.mac_algorithm = sha384_mac;
371 ssl->specs.kea = ecc_diffie_hellman_kea;
372 ssl->specs.sig_algo = rsa_sa_algo;
373 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
374 ssl->specs.pad_size = PAD_SHA;
375 ssl->specs.static_ecdh = 0;
376 ssl->specs.key_size = AES_256_KEY_SIZE;
377 ssl->specs.block_size = AES_BLOCK_SIZE;
378 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
379 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
380
381 break;
382#endif
383
384#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
385 case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
386 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
387 ssl->specs.cipher_type = stream;
388 ssl->specs.mac_algorithm = sha256_mac;
389 ssl->specs.kea = ecdhe_psk_kea;
390 ssl->specs.sig_algo = anonymous_sa_algo;
391 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
392 ssl->specs.pad_size = PAD_SHA;
393 ssl->specs.static_ecdh = 0;
394 ssl->specs.key_size = 0;
395 ssl->specs.block_size = 0;
396 ssl->specs.iv_size = 0;
397
398 ssl->options.usingPSK_cipher = 1;
399 break;
400#endif
401
402#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
403 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
404 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
405 ssl->specs.cipher_type = block;
406 ssl->specs.mac_algorithm = sha256_mac;
407 ssl->specs.kea = ecdhe_psk_kea;
408 ssl->specs.sig_algo = anonymous_sa_algo;
409 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
410 ssl->specs.pad_size = PAD_SHA;
411 ssl->specs.static_ecdh = 0;
412 ssl->specs.key_size = AES_128_KEY_SIZE;
413 ssl->specs.block_size = AES_BLOCK_SIZE;
414 ssl->specs.iv_size = AES_IV_SIZE;
415
416 ssl->options.usingPSK_cipher = 1;
417 break;
418#endif
419
420#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
421
422#if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \
423 || (defined(HAVE_CURVE448) && defined(HAVE_ED448))
424
425#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
426 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
427 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
428 ssl->specs.cipher_type = block;
429 ssl->specs.mac_algorithm = sha256_mac;
430 ssl->specs.kea = ecc_diffie_hellman_kea;
431 ssl->specs.sig_algo = ecc_dsa_sa_algo;
432 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
433 ssl->specs.pad_size = PAD_SHA;
434 ssl->specs.static_ecdh = 0;
435 ssl->specs.key_size = AES_128_KEY_SIZE;
436 ssl->specs.iv_size = AES_IV_SIZE;
437 ssl->specs.block_size = AES_BLOCK_SIZE;
438
439 break;
440#endif
441
442#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
443 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
444 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
445 ssl->specs.cipher_type = block;
446 ssl->specs.mac_algorithm = sha384_mac;
447 ssl->specs.kea = ecc_diffie_hellman_kea;
448 ssl->specs.sig_algo = ecc_dsa_sa_algo;
449 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
450 ssl->specs.pad_size = PAD_SHA;
451 ssl->specs.static_ecdh = 0;
452 ssl->specs.key_size = AES_256_KEY_SIZE;
453 ssl->specs.iv_size = AES_IV_SIZE;
454 ssl->specs.block_size = AES_BLOCK_SIZE;
455
456 break;
457#endif
458
459#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
460 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
461 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
462 ssl->specs.cipher_type = block;
463 ssl->specs.mac_algorithm = sha_mac;
464 ssl->specs.kea = ecc_diffie_hellman_kea;
465 ssl->specs.sig_algo = ecc_dsa_sa_algo;
466 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
467 ssl->specs.pad_size = PAD_SHA;
468 ssl->specs.static_ecdh = 0;
469 ssl->specs.key_size = DES3_KEY_SIZE;
470 ssl->specs.block_size = DES_BLOCK_SIZE;
471 ssl->specs.iv_size = DES_IV_SIZE;
472
473 break;
474#endif
475
476#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
477 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
478 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
479 ssl->specs.cipher_type = stream;
480 ssl->specs.mac_algorithm = sha_mac;
481 ssl->specs.kea = ecc_diffie_hellman_kea;
482 ssl->specs.sig_algo = ecc_dsa_sa_algo;
483 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
484 ssl->specs.pad_size = PAD_SHA;
485 ssl->specs.static_ecdh = 0;
486 ssl->specs.key_size = RC4_KEY_SIZE;
487 ssl->specs.iv_size = 0;
488 ssl->specs.block_size = 0;
489
490 break;
491#endif
492
493#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
494 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
495 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
496 ssl->specs.cipher_type = block;
497 ssl->specs.mac_algorithm = sha_mac;
498 ssl->specs.kea = ecc_diffie_hellman_kea;
499 ssl->specs.sig_algo = ecc_dsa_sa_algo;
500 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
501 ssl->specs.pad_size = PAD_SHA;
502 ssl->specs.static_ecdh = 0;
503 ssl->specs.key_size = AES_128_KEY_SIZE;
504 ssl->specs.block_size = AES_BLOCK_SIZE;
505 ssl->specs.iv_size = AES_IV_SIZE;
506
507 break;
508#endif
509
510#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
511 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
512 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
513 ssl->specs.cipher_type = block;
514 ssl->specs.mac_algorithm = sha_mac;
515 ssl->specs.kea = ecc_diffie_hellman_kea;
516 ssl->specs.sig_algo = ecc_dsa_sa_algo;
517 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
518 ssl->specs.pad_size = PAD_SHA;
519 ssl->specs.static_ecdh = 0;
520 ssl->specs.key_size = AES_256_KEY_SIZE;
521 ssl->specs.block_size = AES_BLOCK_SIZE;
522 ssl->specs.iv_size = AES_IV_SIZE;
523
524 break;
525#endif
526
527#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
528 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
529 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
530 ssl->specs.cipher_type = aead;
531 ssl->specs.mac_algorithm = sha256_mac;
532 ssl->specs.kea = ecc_diffie_hellman_kea;
533 ssl->specs.sig_algo = ecc_dsa_sa_algo;
534 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
535 ssl->specs.pad_size = PAD_SHA;
536 ssl->specs.static_ecdh = 0;
537 ssl->specs.key_size = AES_128_KEY_SIZE;
538 ssl->specs.block_size = AES_BLOCK_SIZE;
539 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
540 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
541
542 break;
543#endif
544
545#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
546 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
547 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
548 ssl->specs.cipher_type = aead;
549 ssl->specs.mac_algorithm = sha384_mac;
550 ssl->specs.kea = ecc_diffie_hellman_kea;
551 ssl->specs.sig_algo = ecc_dsa_sa_algo;
552 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
553 ssl->specs.pad_size = PAD_SHA;
554 ssl->specs.static_ecdh = 0;
555 ssl->specs.key_size = AES_256_KEY_SIZE;
556 ssl->specs.block_size = AES_BLOCK_SIZE;
557 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
558 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
559
560 break;
561#endif
562
563#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
564 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
565 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
566 ssl->specs.cipher_type = aead;
567 ssl->specs.mac_algorithm = sha256_mac;
568 ssl->specs.kea = ecc_diffie_hellman_kea;
569 ssl->specs.sig_algo = ecc_dsa_sa_algo;
570 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
571 ssl->specs.pad_size = PAD_SHA;
572 ssl->specs.static_ecdh = 0;
573 ssl->specs.key_size = AES_128_KEY_SIZE;
574 ssl->specs.block_size = AES_BLOCK_SIZE;
575 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
576 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
577
578 break;
579#endif
580
581#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
582 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
583 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
584 ssl->specs.cipher_type = aead;
585 ssl->specs.mac_algorithm = sha256_mac;
586 ssl->specs.kea = ecc_diffie_hellman_kea;
587 ssl->specs.sig_algo = ecc_dsa_sa_algo;
588 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
589 ssl->specs.pad_size = PAD_SHA;
590 ssl->specs.static_ecdh = 0;
591 ssl->specs.key_size = AES_128_KEY_SIZE;
592 ssl->specs.block_size = AES_BLOCK_SIZE;
593 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
594 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
595
596 break;
597#endif
598
599#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
600 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
601 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
602 ssl->specs.cipher_type = aead;
603 ssl->specs.mac_algorithm = sha256_mac;
604 ssl->specs.kea = ecc_diffie_hellman_kea;
605 ssl->specs.sig_algo = ecc_dsa_sa_algo;
606 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
607 ssl->specs.pad_size = PAD_SHA;
608 ssl->specs.static_ecdh = 0;
609 ssl->specs.key_size = AES_256_KEY_SIZE;
610 ssl->specs.block_size = AES_BLOCK_SIZE;
611 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
612 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
613
614 break;
615#endif
616
617#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
618 case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
619 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
620 ssl->specs.cipher_type = stream;
621 ssl->specs.mac_algorithm = sha_mac;
622 ssl->specs.kea = ecc_diffie_hellman_kea;
623 ssl->specs.sig_algo = ecc_dsa_sa_algo;
624 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
625 ssl->specs.pad_size = PAD_SHA;
626 ssl->specs.static_ecdh = 0;
627 ssl->specs.key_size = 0;
628 ssl->specs.block_size = 0;
629 ssl->specs.iv_size = 0;
630
631 break;
632#endif
633
634#endif /* HAVE_ECC || (CURVE25519 && ED25519) || (CURVE448 && ED448) */
635
636#if defined(HAVE_ECC)
637
638#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
639 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
640 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
641 ssl->specs.cipher_type = block;
642 ssl->specs.mac_algorithm = sha256_mac;
643 ssl->specs.kea = ecc_diffie_hellman_kea;
644 ssl->specs.sig_algo = rsa_sa_algo;
645 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
646 ssl->specs.pad_size = PAD_SHA;
647 ssl->specs.static_ecdh = 1;
648 ssl->specs.key_size = AES_128_KEY_SIZE;
649 ssl->specs.iv_size = AES_IV_SIZE;
650 ssl->specs.block_size = AES_BLOCK_SIZE;
651
652 break;
653#endif
654
655#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
656 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
657 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
658 ssl->specs.cipher_type = block;
659 ssl->specs.mac_algorithm = sha256_mac;
660 ssl->specs.kea = ecc_diffie_hellman_kea;
661 ssl->specs.sig_algo = ecc_dsa_sa_algo;
662 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
663 ssl->specs.pad_size = PAD_SHA;
664 ssl->specs.static_ecdh = 1;
665 ssl->specs.key_size = AES_128_KEY_SIZE;
666 ssl->specs.iv_size = AES_IV_SIZE;
667 ssl->specs.block_size = AES_BLOCK_SIZE;
668
669 break;
670#endif
671
672#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
673 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
674 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
675 ssl->specs.cipher_type = block;
676 ssl->specs.mac_algorithm = sha384_mac;
677 ssl->specs.kea = ecc_diffie_hellman_kea;
678 ssl->specs.sig_algo = rsa_sa_algo;
679 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
680 ssl->specs.pad_size = PAD_SHA;
681 ssl->specs.static_ecdh = 1;
682 ssl->specs.key_size = AES_256_KEY_SIZE;
683 ssl->specs.iv_size = AES_IV_SIZE;
684 ssl->specs.block_size = AES_BLOCK_SIZE;
685
686 break;
687#endif
688
689#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
690 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
691 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
692 ssl->specs.cipher_type = block;
693 ssl->specs.mac_algorithm = sha384_mac;
694 ssl->specs.kea = ecc_diffie_hellman_kea;
695 ssl->specs.sig_algo = ecc_dsa_sa_algo;
696 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
697 ssl->specs.pad_size = PAD_SHA;
698 ssl->specs.static_ecdh = 1;
699 ssl->specs.key_size = AES_256_KEY_SIZE;
700 ssl->specs.iv_size = AES_IV_SIZE;
701 ssl->specs.block_size = AES_BLOCK_SIZE;
702
703 break;
704#endif
705
706#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
707 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
708 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
709 ssl->specs.cipher_type = block;
710 ssl->specs.mac_algorithm = sha_mac;
711 ssl->specs.kea = ecc_diffie_hellman_kea;
712 ssl->specs.sig_algo = rsa_sa_algo;
713 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
714 ssl->specs.pad_size = PAD_SHA;
715 ssl->specs.static_ecdh = 1;
716 ssl->specs.key_size = AES_128_KEY_SIZE;
717 ssl->specs.block_size = AES_BLOCK_SIZE;
718 ssl->specs.iv_size = AES_IV_SIZE;
719
720 break;
721#endif
722
723#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
724 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
725 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
726 ssl->specs.cipher_type = block;
727 ssl->specs.mac_algorithm = sha_mac;
728 ssl->specs.kea = ecc_diffie_hellman_kea;
729 ssl->specs.sig_algo = rsa_sa_algo;
730 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
731 ssl->specs.pad_size = PAD_SHA;
732 ssl->specs.static_ecdh = 1;
733 ssl->specs.key_size = DES3_KEY_SIZE;
734 ssl->specs.block_size = DES_BLOCK_SIZE;
735 ssl->specs.iv_size = DES_IV_SIZE;
736
737 break;
738#endif
739
740#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
741 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
742 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
743 ssl->specs.cipher_type = stream;
744 ssl->specs.mac_algorithm = sha_mac;
745 ssl->specs.kea = ecc_diffie_hellman_kea;
746 ssl->specs.sig_algo = rsa_sa_algo;
747 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
748 ssl->specs.pad_size = PAD_SHA;
749 ssl->specs.static_ecdh = 1;
750 ssl->specs.key_size = RC4_KEY_SIZE;
751 ssl->specs.iv_size = 0;
752 ssl->specs.block_size = 0;
753
754 break;
755#endif
756
757#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
758 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
759 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
760 ssl->specs.cipher_type = block;
761 ssl->specs.mac_algorithm = sha_mac;
762 ssl->specs.kea = ecc_diffie_hellman_kea;
763 ssl->specs.sig_algo = ecc_dsa_sa_algo;
764 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
765 ssl->specs.pad_size = PAD_SHA;
766 ssl->specs.static_ecdh = 1;
767 ssl->specs.key_size = DES3_KEY_SIZE;
768 ssl->specs.block_size = DES_BLOCK_SIZE;
769 ssl->specs.iv_size = DES_IV_SIZE;
770
771 break;
772#endif
773
774#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
775 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
776 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
777 ssl->specs.cipher_type = stream;
778 ssl->specs.mac_algorithm = sha_mac;
779 ssl->specs.kea = ecc_diffie_hellman_kea;
780 ssl->specs.sig_algo = ecc_dsa_sa_algo;
781 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
782 ssl->specs.pad_size = PAD_SHA;
783 ssl->specs.static_ecdh = 1;
784 ssl->specs.key_size = RC4_KEY_SIZE;
785 ssl->specs.iv_size = 0;
786 ssl->specs.block_size = 0;
787
788 break;
789#endif
790
791#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
792 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
793 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
794 ssl->specs.cipher_type = block;
795 ssl->specs.mac_algorithm = sha_mac;
796 ssl->specs.kea = ecc_diffie_hellman_kea;
797 ssl->specs.sig_algo = rsa_sa_algo;
798 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
799 ssl->specs.pad_size = PAD_SHA;
800 ssl->specs.static_ecdh = 1;
801 ssl->specs.key_size = AES_256_KEY_SIZE;
802 ssl->specs.block_size = AES_BLOCK_SIZE;
803 ssl->specs.iv_size = AES_IV_SIZE;
804
805 break;
806#endif
807
808#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
809 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
810 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
811 ssl->specs.cipher_type = block;
812 ssl->specs.mac_algorithm = sha_mac;
813 ssl->specs.kea = ecc_diffie_hellman_kea;
814 ssl->specs.sig_algo = ecc_dsa_sa_algo;
815 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
816 ssl->specs.pad_size = PAD_SHA;
817 ssl->specs.static_ecdh = 1;
818 ssl->specs.key_size = AES_128_KEY_SIZE;
819 ssl->specs.block_size = AES_BLOCK_SIZE;
820 ssl->specs.iv_size = AES_IV_SIZE;
821
822 break;
823#endif
824
825#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
826 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
827 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
828 ssl->specs.cipher_type = block;
829 ssl->specs.mac_algorithm = sha_mac;
830 ssl->specs.kea = ecc_diffie_hellman_kea;
831 ssl->specs.sig_algo = ecc_dsa_sa_algo;
832 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
833 ssl->specs.pad_size = PAD_SHA;
834 ssl->specs.static_ecdh = 1;
835 ssl->specs.key_size = AES_256_KEY_SIZE;
836 ssl->specs.block_size = AES_BLOCK_SIZE;
837 ssl->specs.iv_size = AES_IV_SIZE;
838
839 break;
840#endif
841
842#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
843 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
844 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
845 ssl->specs.cipher_type = aead;
846 ssl->specs.mac_algorithm = sha256_mac;
847 ssl->specs.kea = ecc_diffie_hellman_kea;
848 ssl->specs.sig_algo = rsa_sa_algo;
849 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
850 ssl->specs.pad_size = PAD_SHA;
851 ssl->specs.static_ecdh = 1;
852 ssl->specs.key_size = AES_128_KEY_SIZE;
853 ssl->specs.block_size = AES_BLOCK_SIZE;
854 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
855 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
856
857 break;
858#endif
859
860#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
861 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
862 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
863 ssl->specs.cipher_type = aead;
864 ssl->specs.mac_algorithm = sha384_mac;
865 ssl->specs.kea = ecc_diffie_hellman_kea;
866 ssl->specs.sig_algo = rsa_sa_algo;
867 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
868 ssl->specs.pad_size = PAD_SHA;
869 ssl->specs.static_ecdh = 1;
870 ssl->specs.key_size = AES_256_KEY_SIZE;
871 ssl->specs.block_size = AES_BLOCK_SIZE;
872 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
873 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
874
875 break;
876#endif
877
878#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
879 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
880 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
881 ssl->specs.cipher_type = aead;
882 ssl->specs.mac_algorithm = sha256_mac;
883 ssl->specs.kea = ecc_diffie_hellman_kea;
884 ssl->specs.sig_algo = ecc_dsa_sa_algo;
885 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
886 ssl->specs.pad_size = PAD_SHA;
887 ssl->specs.static_ecdh = 1;
888 ssl->specs.key_size = AES_128_KEY_SIZE;
889 ssl->specs.block_size = AES_BLOCK_SIZE;
890 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
891 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
892
893 break;
894#endif
895
896#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
897 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
898 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
899 ssl->specs.cipher_type = aead;
900 ssl->specs.mac_algorithm = sha384_mac;
901 ssl->specs.kea = ecc_diffie_hellman_kea;
902 ssl->specs.sig_algo = ecc_dsa_sa_algo;
903 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
904 ssl->specs.pad_size = PAD_SHA;
905 ssl->specs.static_ecdh = 1;
906 ssl->specs.key_size = AES_256_KEY_SIZE;
907 ssl->specs.block_size = AES_BLOCK_SIZE;
908 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
909 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
910
911 break;
912#endif
913
914#endif /* HAVE_ECC */
915
916#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
917 case TLS_RSA_WITH_AES_128_CCM_8 :
918 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
919 ssl->specs.cipher_type = aead;
920 ssl->specs.mac_algorithm = sha256_mac;
921 ssl->specs.kea = rsa_kea;
922 ssl->specs.sig_algo = rsa_sa_algo;
923 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
924 ssl->specs.pad_size = PAD_SHA;
925 ssl->specs.static_ecdh = 0;
926 ssl->specs.key_size = AES_128_KEY_SIZE;
927 ssl->specs.block_size = AES_BLOCK_SIZE;
928 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
929 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
930
931 break;
932#endif
933
934#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
935 case TLS_RSA_WITH_AES_256_CCM_8 :
936 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
937 ssl->specs.cipher_type = aead;
938 ssl->specs.mac_algorithm = sha256_mac;
939 ssl->specs.kea = rsa_kea;
940 ssl->specs.sig_algo = rsa_sa_algo;
941 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
942 ssl->specs.pad_size = PAD_SHA;
943 ssl->specs.static_ecdh = 0;
944 ssl->specs.key_size = AES_256_KEY_SIZE;
945 ssl->specs.block_size = AES_BLOCK_SIZE;
946 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
947 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
948
949 break;
950#endif
951
952#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
953 case TLS_PSK_WITH_AES_128_CCM_8 :
954 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
955 ssl->specs.cipher_type = aead;
956 ssl->specs.mac_algorithm = sha256_mac;
957 ssl->specs.kea = psk_kea;
958 ssl->specs.sig_algo = anonymous_sa_algo;
959 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
960 ssl->specs.pad_size = PAD_SHA;
961 ssl->specs.static_ecdh = 0;
962 ssl->specs.key_size = AES_128_KEY_SIZE;
963 ssl->specs.block_size = AES_BLOCK_SIZE;
964 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
965 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
966
967 ssl->options.usingPSK_cipher = 1;
968 break;
969#endif
970
971#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
972 case TLS_PSK_WITH_AES_256_CCM_8 :
973 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
974 ssl->specs.cipher_type = aead;
975 ssl->specs.mac_algorithm = sha256_mac;
976 ssl->specs.kea = psk_kea;
977 ssl->specs.sig_algo = anonymous_sa_algo;
978 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
979 ssl->specs.pad_size = PAD_SHA;
980 ssl->specs.static_ecdh = 0;
981 ssl->specs.key_size = AES_256_KEY_SIZE;
982 ssl->specs.block_size = AES_BLOCK_SIZE;
983 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
984 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
985
986 ssl->options.usingPSK_cipher = 1;
987 break;
988#endif
989
990#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
991 case TLS_PSK_WITH_AES_128_CCM :
992 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
993 ssl->specs.cipher_type = aead;
994 ssl->specs.mac_algorithm = sha256_mac;
995 ssl->specs.kea = psk_kea;
996 ssl->specs.sig_algo = anonymous_sa_algo;
997 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
998 ssl->specs.pad_size = PAD_SHA;
999 ssl->specs.static_ecdh = 0;
1000 ssl->specs.key_size = AES_128_KEY_SIZE;
1001 ssl->specs.block_size = AES_BLOCK_SIZE;
1002 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1003 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1004
1005 ssl->options.usingPSK_cipher = 1;
1006 break;
1007#endif
1008
1009#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
1010 case TLS_PSK_WITH_AES_256_CCM :
1011 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1012 ssl->specs.cipher_type = aead;
1013 ssl->specs.mac_algorithm = sha256_mac;
1014 ssl->specs.kea = psk_kea;
1015 ssl->specs.sig_algo = anonymous_sa_algo;
1016 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1017 ssl->specs.pad_size = PAD_SHA;
1018 ssl->specs.static_ecdh = 0;
1019 ssl->specs.key_size = AES_256_KEY_SIZE;
1020 ssl->specs.block_size = AES_BLOCK_SIZE;
1021 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1022 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1023
1024 ssl->options.usingPSK_cipher = 1;
1025 break;
1026#endif
1027
1028#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
1029 case TLS_DHE_PSK_WITH_AES_128_CCM :
1030 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1031 ssl->specs.cipher_type = aead;
1032 ssl->specs.mac_algorithm = sha256_mac;
1033 ssl->specs.kea = dhe_psk_kea;
1034 ssl->specs.sig_algo = anonymous_sa_algo;
1035 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1036 ssl->specs.pad_size = PAD_SHA;
1037 ssl->specs.static_ecdh = 0;
1038 ssl->specs.key_size = AES_128_KEY_SIZE;
1039 ssl->specs.block_size = AES_BLOCK_SIZE;
1040 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1041 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1042
1043 ssl->options.usingPSK_cipher = 1;
1044 break;
1045#endif
1046
1047#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
1048 case TLS_DHE_PSK_WITH_AES_256_CCM :
1049 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1050 ssl->specs.cipher_type = aead;
1051 ssl->specs.mac_algorithm = sha256_mac;
1052 ssl->specs.kea = dhe_psk_kea;
1053 ssl->specs.sig_algo = anonymous_sa_algo;
1054 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1055 ssl->specs.pad_size = PAD_SHA;
1056 ssl->specs.static_ecdh = 0;
1057 ssl->specs.key_size = AES_256_KEY_SIZE;
1058 ssl->specs.block_size = AES_BLOCK_SIZE;
1059 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1060 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1061
1062 ssl->options.usingPSK_cipher = 1;
1063 break;
1064#endif
1065
1066#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
1067 #ifdef BUILD_TLS_SHA256_SHA256
1068 case TLS_SHA256_SHA256 :
1069 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1070 ssl->specs.cipher_type = aead;
1071 ssl->specs.mac_algorithm = sha256_mac;
1072 ssl->specs.kea = 0;
1073 ssl->specs.sig_algo = 0;
1074 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1075 ssl->specs.pad_size = PAD_SHA;
1076 ssl->specs.static_ecdh = 0;
1077 ssl->specs.key_size = WC_SHA256_DIGEST_SIZE / 2;
1078 ssl->specs.block_size = 0;
1079 ssl->specs.iv_size = HMAC_NONCE_SZ;
1080 ssl->specs.aead_mac_size = WC_SHA256_DIGEST_SIZE;
1081
1082 break;
1083 #endif
1084
1085 #ifdef BUILD_TLS_SHA384_SHA384
1086 case TLS_SHA384_SHA384 :
1087 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1088 ssl->specs.cipher_type = aead;
1089 ssl->specs.mac_algorithm = sha384_mac;
1090 ssl->specs.kea = 0;
1091 ssl->specs.sig_algo = 0;
1092 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1093 ssl->specs.pad_size = PAD_SHA;
1094 ssl->specs.static_ecdh = 0;
1095 ssl->specs.key_size = WC_SHA384_DIGEST_SIZE / 2;
1096 ssl->specs.block_size = 0;
1097 ssl->specs.iv_size = HMAC_NONCE_SZ;
1098 ssl->specs.aead_mac_size = WC_SHA384_DIGEST_SIZE;
1099
1100 break;
1101 #endif
1102#endif
1103
1104 default:
1105 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
1106 return UNSUPPORTED_SUITE;
1107 } /* switch */
1108 } /* if */
1109
1110 /* TLSi v1.3 cipher suites, 0x13 */
1111 if (ssl->options.cipherSuite0 == TLS13_BYTE) {
1112 switch (ssl->options.cipherSuite) {
1113
1114#ifdef WOLFSSL_TLS13
1115 #ifdef BUILD_TLS_AES_128_GCM_SHA256
1116 case TLS_AES_128_GCM_SHA256 :
1117 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1118 ssl->specs.cipher_type = aead;
1119 ssl->specs.mac_algorithm = sha256_mac;
1120 ssl->specs.kea = 0;
1121 ssl->specs.sig_algo = 0;
1122 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1123 ssl->specs.pad_size = PAD_SHA;
1124 ssl->specs.static_ecdh = 0;
1125 ssl->specs.key_size = AES_128_KEY_SIZE;
1126 ssl->specs.block_size = AES_BLOCK_SIZE;
1127 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1128 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1129
1130 break;
1131 #endif
1132
1133 #ifdef BUILD_TLS_AES_256_GCM_SHA384
1134 case TLS_AES_256_GCM_SHA384 :
1135 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1136 ssl->specs.cipher_type = aead;
1137 ssl->specs.mac_algorithm = sha384_mac;
1138 ssl->specs.kea = 0;
1139 ssl->specs.sig_algo = 0;
1140 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1141 ssl->specs.pad_size = PAD_SHA;
1142 ssl->specs.static_ecdh = 0;
1143 ssl->specs.key_size = AES_256_KEY_SIZE;
1144 ssl->specs.block_size = AES_BLOCK_SIZE;
1145 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1146 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1147
1148 break;
1149 #endif
1150
1151 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
1152 case TLS_CHACHA20_POLY1305_SHA256 :
1153 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
1154 ssl->specs.cipher_type = aead;
1155 ssl->specs.mac_algorithm = sha256_mac;
1156 ssl->specs.kea = 0;
1157 ssl->specs.sig_algo = 0;
1158 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1159 ssl->specs.pad_size = PAD_SHA;
1160 ssl->specs.static_ecdh = 0;
1161 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
1162 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
1163 ssl->specs.iv_size = CHACHA20_IV_SIZE;
1164 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
1165 ssl->options.oldPoly = 0; /* use recent padding RFC */
1166
1167 break;
1168 #endif
1169
1170 #ifdef BUILD_TLS_AES_128_CCM_SHA256
1171 case TLS_AES_128_CCM_SHA256 :
1172 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1173 ssl->specs.cipher_type = aead;
1174 ssl->specs.mac_algorithm = sha256_mac;
1175 ssl->specs.kea = 0;
1176 ssl->specs.sig_algo = 0;
1177 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1178 ssl->specs.pad_size = PAD_SHA;
1179 ssl->specs.static_ecdh = 0;
1180 ssl->specs.key_size = AES_128_KEY_SIZE;
1181 ssl->specs.block_size = AES_BLOCK_SIZE;
1182 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1183 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1184
1185 break;
1186 #endif
1187
1188 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
1189 case TLS_AES_128_CCM_8_SHA256 :
1190 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1191 ssl->specs.cipher_type = aead;
1192 ssl->specs.mac_algorithm = sha256_mac;
1193 ssl->specs.kea = 0;
1194 ssl->specs.sig_algo = 0;
1195 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1196 ssl->specs.pad_size = PAD_SHA;
1197 ssl->specs.static_ecdh = 0;
1198 ssl->specs.key_size = AES_128_KEY_SIZE;
1199 ssl->specs.block_size = AES_BLOCK_SIZE;
1200 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1201 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
1202
1203 break;
1204 #endif
1205#endif /* WOLFSSL_TLS13 */
1206 }
1207 }
1208
1209 if (ssl->options.cipherSuite0 != ECC_BYTE &&
1210 ssl->options.cipherSuite0 != CHACHA_BYTE &&
1211 ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */
1212 switch (ssl->options.cipherSuite) {
1213
1214#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
1215 case SSL_RSA_WITH_RC4_128_SHA :
1216 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1217 ssl->specs.cipher_type = stream;
1218 ssl->specs.mac_algorithm = sha_mac;
1219 ssl->specs.kea = rsa_kea;
1220 ssl->specs.sig_algo = rsa_sa_algo;
1221 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1222 ssl->specs.pad_size = PAD_SHA;
1223 ssl->specs.static_ecdh = 0;
1224 ssl->specs.key_size = RC4_KEY_SIZE;
1225 ssl->specs.iv_size = 0;
1226 ssl->specs.block_size = 0;
1227
1228 break;
1229#endif
1230
1231#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
1232 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
1233 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1234 ssl->specs.cipher_type = stream;
1235 ssl->specs.mac_algorithm = sha_mac;
1236 ssl->specs.kea = ntru_kea;
1237 ssl->specs.sig_algo = rsa_sa_algo;
1238 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1239 ssl->specs.pad_size = PAD_SHA;
1240 ssl->specs.static_ecdh = 0;
1241 ssl->specs.key_size = RC4_KEY_SIZE;
1242 ssl->specs.iv_size = 0;
1243 ssl->specs.block_size = 0;
1244
1245 break;
1246#endif
1247
1248#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
1249 case SSL_RSA_WITH_RC4_128_MD5 :
1250 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1251 ssl->specs.cipher_type = stream;
1252 ssl->specs.mac_algorithm = md5_mac;
1253 ssl->specs.kea = rsa_kea;
1254 ssl->specs.sig_algo = rsa_sa_algo;
1255 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
1256 ssl->specs.pad_size = PAD_MD5;
1257 ssl->specs.static_ecdh = 0;
1258 ssl->specs.key_size = RC4_KEY_SIZE;
1259 ssl->specs.iv_size = 0;
1260 ssl->specs.block_size = 0;
1261
1262 break;
1263#endif
1264
1265#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
1266 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
1267 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1268 ssl->specs.cipher_type = block;
1269 ssl->specs.mac_algorithm = sha_mac;
1270 ssl->specs.kea = rsa_kea;
1271 ssl->specs.sig_algo = rsa_sa_algo;
1272 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1273 ssl->specs.pad_size = PAD_SHA;
1274 ssl->specs.static_ecdh = 0;
1275 ssl->specs.key_size = DES3_KEY_SIZE;
1276 ssl->specs.block_size = DES_BLOCK_SIZE;
1277 ssl->specs.iv_size = DES_IV_SIZE;
1278
1279 break;
1280#endif
1281
1282#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
1283 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
1284 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1285 ssl->specs.cipher_type = block;
1286 ssl->specs.mac_algorithm = sha_mac;
1287 ssl->specs.kea = ntru_kea;
1288 ssl->specs.sig_algo = rsa_sa_algo;
1289 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1290 ssl->specs.pad_size = PAD_SHA;
1291 ssl->specs.static_ecdh = 0;
1292 ssl->specs.key_size = DES3_KEY_SIZE;
1293 ssl->specs.block_size = DES_BLOCK_SIZE;
1294 ssl->specs.iv_size = DES_IV_SIZE;
1295
1296 break;
1297#endif
1298
1299#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
1300 case TLS_RSA_WITH_AES_128_CBC_SHA :
1301 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1302 ssl->specs.cipher_type = block;
1303 ssl->specs.mac_algorithm = sha_mac;
1304 ssl->specs.kea = rsa_kea;
1305 ssl->specs.sig_algo = rsa_sa_algo;
1306 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1307 ssl->specs.pad_size = PAD_SHA;
1308 ssl->specs.static_ecdh = 0;
1309 ssl->specs.key_size = AES_128_KEY_SIZE;
1310 ssl->specs.block_size = AES_BLOCK_SIZE;
1311 ssl->specs.iv_size = AES_IV_SIZE;
1312
1313 break;
1314#endif
1315
1316#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
1317 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
1318 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1319 ssl->specs.cipher_type = block;
1320 ssl->specs.mac_algorithm = sha256_mac;
1321 ssl->specs.kea = rsa_kea;
1322 ssl->specs.sig_algo = rsa_sa_algo;
1323 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1324 ssl->specs.pad_size = PAD_SHA;
1325 ssl->specs.static_ecdh = 0;
1326 ssl->specs.key_size = AES_128_KEY_SIZE;
1327 ssl->specs.block_size = AES_BLOCK_SIZE;
1328 ssl->specs.iv_size = AES_IV_SIZE;
1329
1330 break;
1331#endif
1332
1333#ifdef BUILD_TLS_RSA_WITH_NULL_MD5
1334 case TLS_RSA_WITH_NULL_MD5 :
1335 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1336 ssl->specs.cipher_type = stream;
1337 ssl->specs.mac_algorithm = md5_mac;
1338 ssl->specs.kea = rsa_kea;
1339 ssl->specs.sig_algo = rsa_sa_algo;
1340 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
1341 ssl->specs.pad_size = PAD_MD5;
1342 ssl->specs.static_ecdh = 0;
1343 ssl->specs.key_size = 0;
1344 ssl->specs.block_size = 0;
1345 ssl->specs.iv_size = 0;
1346
1347 break;
1348#endif
1349
1350#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
1351 case TLS_RSA_WITH_NULL_SHA :
1352 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1353 ssl->specs.cipher_type = stream;
1354 ssl->specs.mac_algorithm = sha_mac;
1355 ssl->specs.kea = rsa_kea;
1356 ssl->specs.sig_algo = rsa_sa_algo;
1357 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1358 ssl->specs.pad_size = PAD_SHA;
1359 ssl->specs.static_ecdh = 0;
1360 ssl->specs.key_size = 0;
1361 ssl->specs.block_size = 0;
1362 ssl->specs.iv_size = 0;
1363
1364 break;
1365#endif
1366
1367#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
1368 case TLS_RSA_WITH_NULL_SHA256 :
1369 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1370 ssl->specs.cipher_type = stream;
1371 ssl->specs.mac_algorithm = sha256_mac;
1372 ssl->specs.kea = rsa_kea;
1373 ssl->specs.sig_algo = rsa_sa_algo;
1374 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1375 ssl->specs.pad_size = PAD_SHA;
1376 ssl->specs.static_ecdh = 0;
1377 ssl->specs.key_size = 0;
1378 ssl->specs.block_size = 0;
1379 ssl->specs.iv_size = 0;
1380
1381 break;
1382#endif
1383
1384#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
1385 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
1386 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1387 ssl->specs.cipher_type = block;
1388 ssl->specs.mac_algorithm = sha_mac;
1389 ssl->specs.kea = ntru_kea;
1390 ssl->specs.sig_algo = rsa_sa_algo;
1391 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1392 ssl->specs.pad_size = PAD_SHA;
1393 ssl->specs.static_ecdh = 0;
1394 ssl->specs.key_size = AES_128_KEY_SIZE;
1395 ssl->specs.block_size = AES_BLOCK_SIZE;
1396 ssl->specs.iv_size = AES_IV_SIZE;
1397
1398 break;
1399#endif
1400
1401#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
1402 case TLS_RSA_WITH_AES_256_CBC_SHA :
1403 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1404 ssl->specs.cipher_type = block;
1405 ssl->specs.mac_algorithm = sha_mac;
1406 ssl->specs.kea = rsa_kea;
1407 ssl->specs.sig_algo = rsa_sa_algo;
1408 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1409 ssl->specs.pad_size = PAD_SHA;
1410 ssl->specs.static_ecdh = 0;
1411 ssl->specs.key_size = AES_256_KEY_SIZE;
1412 ssl->specs.block_size = AES_BLOCK_SIZE;
1413 ssl->specs.iv_size = AES_IV_SIZE;
1414
1415 break;
1416#endif
1417
1418#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
1419 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
1420 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1421 ssl->specs.cipher_type = block;
1422 ssl->specs.mac_algorithm = sha256_mac;
1423 ssl->specs.kea = rsa_kea;
1424 ssl->specs.sig_algo = rsa_sa_algo;
1425 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1426 ssl->specs.pad_size = PAD_SHA;
1427 ssl->specs.static_ecdh = 0;
1428 ssl->specs.key_size = AES_256_KEY_SIZE;
1429 ssl->specs.block_size = AES_BLOCK_SIZE;
1430 ssl->specs.iv_size = AES_IV_SIZE;
1431
1432 break;
1433#endif
1434
1435#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
1436 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
1437 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1438 ssl->specs.cipher_type = block;
1439 ssl->specs.mac_algorithm = sha_mac;
1440 ssl->specs.kea = ntru_kea;
1441 ssl->specs.sig_algo = rsa_sa_algo;
1442 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1443 ssl->specs.pad_size = PAD_SHA;
1444 ssl->specs.static_ecdh = 0;
1445 ssl->specs.key_size = AES_256_KEY_SIZE;
1446 ssl->specs.block_size = AES_BLOCK_SIZE;
1447 ssl->specs.iv_size = AES_IV_SIZE;
1448
1449 break;
1450#endif
1451
1452#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
1453 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
1454 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1455 ssl->specs.cipher_type = aead;
1456 ssl->specs.mac_algorithm = sha256_mac;
1457 ssl->specs.kea = psk_kea;
1458 ssl->specs.sig_algo = anonymous_sa_algo;
1459 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1460 ssl->specs.pad_size = PAD_SHA;
1461 ssl->specs.static_ecdh = 0;
1462 ssl->specs.key_size = AES_128_KEY_SIZE;
1463 ssl->specs.block_size = AES_BLOCK_SIZE;
1464 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1465 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1466
1467 ssl->options.usingPSK_cipher = 1;
1468 break;
1469#endif
1470
1471#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
1472 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
1473 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1474 ssl->specs.cipher_type = aead;
1475 ssl->specs.mac_algorithm = sha384_mac;
1476 ssl->specs.kea = psk_kea;
1477 ssl->specs.sig_algo = anonymous_sa_algo;
1478 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1479 ssl->specs.pad_size = PAD_SHA;
1480 ssl->specs.static_ecdh = 0;
1481 ssl->specs.key_size = AES_256_KEY_SIZE;
1482 ssl->specs.block_size = AES_BLOCK_SIZE;
1483 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1484 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1485
1486 ssl->options.usingPSK_cipher = 1;
1487 break;
1488#endif
1489
1490#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
1491 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
1492 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1493 ssl->specs.cipher_type = aead;
1494 ssl->specs.mac_algorithm = sha384_mac;
1495 ssl->specs.kea = diffie_hellman_kea;
1496 ssl->specs.sig_algo = anonymous_sa_algo;
1497 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1498 ssl->specs.pad_size = PAD_SHA;
1499 ssl->specs.static_ecdh = 0;
1500 ssl->specs.key_size = AES_256_KEY_SIZE;
1501 ssl->specs.block_size = AES_BLOCK_SIZE;
1502 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1503 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1504
1505 ssl->options.usingAnon_cipher = 1;
1506 break;
1507#endif
1508
1509#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1510 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
1511 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1512 ssl->specs.cipher_type = aead;
1513 ssl->specs.mac_algorithm = sha256_mac;
1514 ssl->specs.kea = dhe_psk_kea;
1515 ssl->specs.sig_algo = anonymous_sa_algo;
1516 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1517 ssl->specs.pad_size = PAD_SHA;
1518 ssl->specs.static_ecdh = 0;
1519 ssl->specs.key_size = AES_128_KEY_SIZE;
1520 ssl->specs.block_size = AES_BLOCK_SIZE;
1521 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1522 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1523
1524 ssl->options.usingPSK_cipher = 1;
1525 break;
1526#endif
1527
1528#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1529 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
1530 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1531 ssl->specs.cipher_type = aead;
1532 ssl->specs.mac_algorithm = sha384_mac;
1533 ssl->specs.kea = dhe_psk_kea;
1534 ssl->specs.sig_algo = anonymous_sa_algo;
1535 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1536 ssl->specs.pad_size = PAD_SHA;
1537 ssl->specs.static_ecdh = 0;
1538 ssl->specs.key_size = AES_256_KEY_SIZE;
1539 ssl->specs.block_size = AES_BLOCK_SIZE;
1540 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1541 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1542
1543 ssl->options.usingPSK_cipher = 1;
1544 break;
1545#endif
1546
1547#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
1548 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
1549 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1550 ssl->specs.cipher_type = block;
1551 ssl->specs.mac_algorithm = sha256_mac;
1552 ssl->specs.kea = psk_kea;
1553 ssl->specs.sig_algo = anonymous_sa_algo;
1554 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1555 ssl->specs.pad_size = PAD_SHA;
1556 ssl->specs.static_ecdh = 0;
1557 ssl->specs.key_size = AES_128_KEY_SIZE;
1558 ssl->specs.block_size = AES_BLOCK_SIZE;
1559 ssl->specs.iv_size = AES_IV_SIZE;
1560
1561 ssl->options.usingPSK_cipher = 1;
1562 break;
1563#endif
1564
1565#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
1566 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
1567 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1568 ssl->specs.cipher_type = block;
1569 ssl->specs.mac_algorithm = sha384_mac;
1570 ssl->specs.kea = psk_kea;
1571 ssl->specs.sig_algo = anonymous_sa_algo;
1572 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1573 ssl->specs.pad_size = PAD_SHA;
1574 ssl->specs.static_ecdh = 0;
1575 ssl->specs.key_size = AES_256_KEY_SIZE;
1576 ssl->specs.block_size = AES_BLOCK_SIZE;
1577 ssl->specs.iv_size = AES_IV_SIZE;
1578
1579 ssl->options.usingPSK_cipher = 1;
1580 break;
1581#endif
1582
1583#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1584 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
1585 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1586 ssl->specs.cipher_type = block;
1587 ssl->specs.mac_algorithm = sha256_mac;
1588 ssl->specs.kea = dhe_psk_kea;
1589 ssl->specs.sig_algo = anonymous_sa_algo;
1590 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1591 ssl->specs.pad_size = PAD_SHA;
1592 ssl->specs.static_ecdh = 0;
1593 ssl->specs.key_size = AES_128_KEY_SIZE;
1594 ssl->specs.block_size = AES_BLOCK_SIZE;
1595 ssl->specs.iv_size = AES_IV_SIZE;
1596
1597 ssl->options.usingPSK_cipher = 1;
1598 break;
1599#endif
1600
1601#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1602 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
1603 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1604 ssl->specs.cipher_type = block;
1605 ssl->specs.mac_algorithm = sha384_mac;
1606 ssl->specs.kea = dhe_psk_kea;
1607 ssl->specs.sig_algo = anonymous_sa_algo;
1608 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1609 ssl->specs.pad_size = PAD_SHA;
1610 ssl->specs.static_ecdh = 0;
1611 ssl->specs.key_size = AES_256_KEY_SIZE;
1612 ssl->specs.block_size = AES_BLOCK_SIZE;
1613 ssl->specs.iv_size = AES_IV_SIZE;
1614
1615 ssl->options.usingPSK_cipher = 1;
1616 break;
1617#endif
1618
1619#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
1620 case TLS_PSK_WITH_AES_128_CBC_SHA :
1621 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1622 ssl->specs.cipher_type = block;
1623 ssl->specs.mac_algorithm = sha_mac;
1624 ssl->specs.kea = psk_kea;
1625 ssl->specs.sig_algo = anonymous_sa_algo;
1626 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1627 ssl->specs.pad_size = PAD_SHA;
1628 ssl->specs.static_ecdh = 0;
1629 ssl->specs.key_size = AES_128_KEY_SIZE;
1630 ssl->specs.block_size = AES_BLOCK_SIZE;
1631 ssl->specs.iv_size = AES_IV_SIZE;
1632
1633 ssl->options.usingPSK_cipher = 1;
1634 break;
1635#endif
1636
1637#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
1638 case TLS_PSK_WITH_AES_256_CBC_SHA :
1639 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1640 ssl->specs.cipher_type = block;
1641 ssl->specs.mac_algorithm = sha_mac;
1642 ssl->specs.kea = psk_kea;
1643 ssl->specs.sig_algo = anonymous_sa_algo;
1644 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1645 ssl->specs.pad_size = PAD_SHA;
1646 ssl->specs.static_ecdh = 0;
1647 ssl->specs.key_size = AES_256_KEY_SIZE;
1648 ssl->specs.block_size = AES_BLOCK_SIZE;
1649 ssl->specs.iv_size = AES_IV_SIZE;
1650
1651 ssl->options.usingPSK_cipher = 1;
1652 break;
1653#endif
1654
1655#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
1656 case TLS_PSK_WITH_NULL_SHA256 :
1657 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1658 ssl->specs.cipher_type = stream;
1659 ssl->specs.mac_algorithm = sha256_mac;
1660 ssl->specs.kea = psk_kea;
1661 ssl->specs.sig_algo = anonymous_sa_algo;
1662 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1663 ssl->specs.pad_size = PAD_SHA;
1664 ssl->specs.static_ecdh = 0;
1665 ssl->specs.key_size = 0;
1666 ssl->specs.block_size = 0;
1667 ssl->specs.iv_size = 0;
1668
1669 ssl->options.usingPSK_cipher = 1;
1670 break;
1671#endif
1672
1673#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
1674 case TLS_PSK_WITH_NULL_SHA384 :
1675 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1676 ssl->specs.cipher_type = stream;
1677 ssl->specs.mac_algorithm = sha384_mac;
1678 ssl->specs.kea = psk_kea;
1679 ssl->specs.sig_algo = anonymous_sa_algo;
1680 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1681 ssl->specs.pad_size = PAD_SHA;
1682 ssl->specs.static_ecdh = 0;
1683 ssl->specs.key_size = 0;
1684 ssl->specs.block_size = 0;
1685 ssl->specs.iv_size = 0;
1686
1687 ssl->options.usingPSK_cipher = 1;
1688 break;
1689#endif
1690
1691#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
1692 case TLS_PSK_WITH_NULL_SHA :
1693 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1694 ssl->specs.cipher_type = stream;
1695 ssl->specs.mac_algorithm = sha_mac;
1696 ssl->specs.kea = psk_kea;
1697 ssl->specs.sig_algo = anonymous_sa_algo;
1698 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1699 ssl->specs.pad_size = PAD_SHA;
1700 ssl->specs.static_ecdh = 0;
1701 ssl->specs.key_size = 0;
1702 ssl->specs.block_size = 0;
1703 ssl->specs.iv_size = 0;
1704
1705 ssl->options.usingPSK_cipher = 1;
1706 break;
1707#endif
1708
1709#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
1710 case TLS_DHE_PSK_WITH_NULL_SHA256 :
1711 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1712 ssl->specs.cipher_type = stream;
1713 ssl->specs.mac_algorithm = sha256_mac;
1714 ssl->specs.kea = dhe_psk_kea;
1715 ssl->specs.sig_algo = anonymous_sa_algo;
1716 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1717 ssl->specs.pad_size = PAD_SHA;
1718 ssl->specs.static_ecdh = 0;
1719 ssl->specs.key_size = 0;
1720 ssl->specs.block_size = 0;
1721 ssl->specs.iv_size = 0;
1722
1723 ssl->options.usingPSK_cipher = 1;
1724 break;
1725#endif
1726
1727#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
1728 case TLS_DHE_PSK_WITH_NULL_SHA384 :
1729 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1730 ssl->specs.cipher_type = stream;
1731 ssl->specs.mac_algorithm = sha384_mac;
1732 ssl->specs.kea = dhe_psk_kea;
1733 ssl->specs.sig_algo = anonymous_sa_algo;
1734 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1735 ssl->specs.pad_size = PAD_SHA;
1736 ssl->specs.static_ecdh = 0;
1737 ssl->specs.key_size = 0;
1738 ssl->specs.block_size = 0;
1739 ssl->specs.iv_size = 0;
1740
1741 ssl->options.usingPSK_cipher = 1;
1742 break;
1743#endif
1744
1745#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1746 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
1747 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1748 ssl->specs.cipher_type = block;
1749 ssl->specs.mac_algorithm = sha256_mac;
1750 ssl->specs.kea = diffie_hellman_kea;
1751 ssl->specs.sig_algo = rsa_sa_algo;
1752 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1753 ssl->specs.pad_size = PAD_SHA;
1754 ssl->specs.static_ecdh = 0;
1755 ssl->specs.key_size = AES_128_KEY_SIZE;
1756 ssl->specs.block_size = AES_BLOCK_SIZE;
1757 ssl->specs.iv_size = AES_IV_SIZE;
1758
1759 break;
1760#endif
1761
1762#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
1763 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA :
1764 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1765 ssl->specs.cipher_type = block;
1766 ssl->specs.mac_algorithm = sha_mac;
1767 ssl->specs.kea = diffie_hellman_kea;
1768 ssl->specs.sig_algo = rsa_sa_algo;
1769 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1770 ssl->specs.pad_size = PAD_SHA;
1771 ssl->specs.static_ecdh = 0;
1772 ssl->specs.key_size = DES3_KEY_SIZE;
1773 ssl->specs.block_size = DES_BLOCK_SIZE;
1774 ssl->specs.iv_size = DES_IV_SIZE;
1775
1776 break;
1777#endif
1778
1779#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1780 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
1781 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1782 ssl->specs.cipher_type = block;
1783 ssl->specs.mac_algorithm = sha256_mac;
1784 ssl->specs.kea = diffie_hellman_kea;
1785 ssl->specs.sig_algo = rsa_sa_algo;
1786 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1787 ssl->specs.pad_size = PAD_SHA;
1788 ssl->specs.static_ecdh = 0;
1789 ssl->specs.key_size = AES_256_KEY_SIZE;
1790 ssl->specs.block_size = AES_BLOCK_SIZE;
1791 ssl->specs.iv_size = AES_IV_SIZE;
1792
1793 break;
1794#endif
1795
1796#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1797 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
1798 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1799 ssl->specs.cipher_type = block;
1800 ssl->specs.mac_algorithm = sha_mac;
1801 ssl->specs.kea = diffie_hellman_kea;
1802 ssl->specs.sig_algo = rsa_sa_algo;
1803 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1804 ssl->specs.pad_size = PAD_SHA;
1805 ssl->specs.static_ecdh = 0;
1806 ssl->specs.key_size = AES_128_KEY_SIZE;
1807 ssl->specs.block_size = AES_BLOCK_SIZE;
1808 ssl->specs.iv_size = AES_IV_SIZE;
1809
1810 break;
1811#endif
1812
1813#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1814 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
1815 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1816 ssl->specs.cipher_type = block;
1817 ssl->specs.mac_algorithm = sha_mac;
1818 ssl->specs.kea = diffie_hellman_kea;
1819 ssl->specs.sig_algo = rsa_sa_algo;
1820 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1821 ssl->specs.pad_size = PAD_SHA;
1822 ssl->specs.static_ecdh = 0;
1823 ssl->specs.key_size = AES_256_KEY_SIZE;
1824 ssl->specs.block_size = AES_BLOCK_SIZE;
1825 ssl->specs.iv_size = AES_IV_SIZE;
1826
1827 break;
1828#endif
1829
1830#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
1831 case TLS_RSA_WITH_HC_128_MD5 :
1832 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1833 ssl->specs.cipher_type = stream;
1834 ssl->specs.mac_algorithm = md5_mac;
1835 ssl->specs.kea = rsa_kea;
1836 ssl->specs.sig_algo = rsa_sa_algo;
1837 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
1838 ssl->specs.pad_size = PAD_MD5;
1839 ssl->specs.static_ecdh = 0;
1840 ssl->specs.key_size = HC_128_KEY_SIZE;
1841 ssl->specs.block_size = 0;
1842 ssl->specs.iv_size = HC_128_IV_SIZE;
1843
1844 break;
1845#endif
1846
1847#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
1848 case TLS_RSA_WITH_HC_128_SHA :
1849 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1850 ssl->specs.cipher_type = stream;
1851 ssl->specs.mac_algorithm = sha_mac;
1852 ssl->specs.kea = rsa_kea;
1853 ssl->specs.sig_algo = rsa_sa_algo;
1854 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1855 ssl->specs.pad_size = PAD_SHA;
1856 ssl->specs.static_ecdh = 0;
1857 ssl->specs.key_size = HC_128_KEY_SIZE;
1858 ssl->specs.block_size = 0;
1859 ssl->specs.iv_size = HC_128_IV_SIZE;
1860
1861 break;
1862#endif
1863
1864#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
1865 case TLS_RSA_WITH_RABBIT_SHA :
1866 ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit;
1867 ssl->specs.cipher_type = stream;
1868 ssl->specs.mac_algorithm = sha_mac;
1869 ssl->specs.kea = rsa_kea;
1870 ssl->specs.sig_algo = rsa_sa_algo;
1871 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1872 ssl->specs.pad_size = PAD_SHA;
1873 ssl->specs.static_ecdh = 0;
1874 ssl->specs.key_size = RABBIT_KEY_SIZE;
1875 ssl->specs.block_size = 0;
1876 ssl->specs.iv_size = RABBIT_IV_SIZE;
1877
1878 break;
1879#endif
1880
1881#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
1882 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
1883 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1884 ssl->specs.cipher_type = aead;
1885 ssl->specs.mac_algorithm = sha256_mac;
1886 ssl->specs.kea = rsa_kea;
1887 ssl->specs.sig_algo = rsa_sa_algo;
1888 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1889 ssl->specs.pad_size = PAD_SHA;
1890 ssl->specs.static_ecdh = 0;
1891 ssl->specs.key_size = AES_128_KEY_SIZE;
1892 ssl->specs.block_size = AES_BLOCK_SIZE;
1893 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1894 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1895
1896 break;
1897#endif
1898
1899#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
1900 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
1901 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1902 ssl->specs.cipher_type = aead;
1903 ssl->specs.mac_algorithm = sha384_mac;
1904 ssl->specs.kea = rsa_kea;
1905 ssl->specs.sig_algo = rsa_sa_algo;
1906 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1907 ssl->specs.pad_size = PAD_SHA;
1908 ssl->specs.static_ecdh = 0;
1909 ssl->specs.key_size = AES_256_KEY_SIZE;
1910 ssl->specs.block_size = AES_BLOCK_SIZE;
1911 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1912 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1913
1914 break;
1915#endif
1916
1917#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1918 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
1919 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1920 ssl->specs.cipher_type = aead;
1921 ssl->specs.mac_algorithm = sha256_mac;
1922 ssl->specs.kea = diffie_hellman_kea;
1923 ssl->specs.sig_algo = rsa_sa_algo;
1924 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1925 ssl->specs.pad_size = PAD_SHA;
1926 ssl->specs.static_ecdh = 0;
1927 ssl->specs.key_size = AES_128_KEY_SIZE;
1928 ssl->specs.block_size = AES_BLOCK_SIZE;
1929 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1930 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1931
1932 break;
1933#endif
1934
1935#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1936 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
1937 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1938 ssl->specs.cipher_type = aead;
1939 ssl->specs.mac_algorithm = sha384_mac;
1940 ssl->specs.kea = diffie_hellman_kea;
1941 ssl->specs.sig_algo = rsa_sa_algo;
1942 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1943 ssl->specs.pad_size = PAD_SHA;
1944 ssl->specs.static_ecdh = 0;
1945 ssl->specs.key_size = AES_256_KEY_SIZE;
1946 ssl->specs.block_size = AES_BLOCK_SIZE;
1947 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1948 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1949
1950 break;
1951#endif
1952
1953#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1954 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
1955 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1956 ssl->specs.cipher_type = block;
1957 ssl->specs.mac_algorithm = sha_mac;
1958 ssl->specs.kea = rsa_kea;
1959 ssl->specs.sig_algo = rsa_sa_algo;
1960 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1961 ssl->specs.pad_size = PAD_SHA;
1962 ssl->specs.static_ecdh = 0;
1963 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1964 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1965 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1966
1967 break;
1968#endif
1969
1970#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1971 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
1972 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1973 ssl->specs.cipher_type = block;
1974 ssl->specs.mac_algorithm = sha_mac;
1975 ssl->specs.kea = rsa_kea;
1976 ssl->specs.sig_algo = rsa_sa_algo;
1977 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1978 ssl->specs.pad_size = PAD_SHA;
1979 ssl->specs.static_ecdh = 0;
1980 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1981 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1982 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1983
1984 break;
1985#endif
1986
1987#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1988 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1989 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1990 ssl->specs.cipher_type = block;
1991 ssl->specs.mac_algorithm = sha256_mac;
1992 ssl->specs.kea = rsa_kea;
1993 ssl->specs.sig_algo = rsa_sa_algo;
1994 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1995 ssl->specs.pad_size = PAD_SHA;
1996 ssl->specs.static_ecdh = 0;
1997 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1998 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1999 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2000
2001 break;
2002#endif
2003
2004#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
2005 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
2006 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2007 ssl->specs.cipher_type = block;
2008 ssl->specs.mac_algorithm = sha256_mac;
2009 ssl->specs.kea = rsa_kea;
2010 ssl->specs.sig_algo = rsa_sa_algo;
2011 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2012 ssl->specs.pad_size = PAD_SHA;
2013 ssl->specs.static_ecdh = 0;
2014 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
2015 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2016 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2017
2018 break;
2019#endif
2020
2021#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
2022 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
2023 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2024 ssl->specs.cipher_type = block;
2025 ssl->specs.mac_algorithm = sha_mac;
2026 ssl->specs.kea = diffie_hellman_kea;
2027 ssl->specs.sig_algo = rsa_sa_algo;
2028 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2029 ssl->specs.pad_size = PAD_SHA;
2030 ssl->specs.static_ecdh = 0;
2031 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
2032 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2033 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2034
2035 break;
2036#endif
2037
2038#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
2039 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
2040 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2041 ssl->specs.cipher_type = block;
2042 ssl->specs.mac_algorithm = sha_mac;
2043 ssl->specs.kea = diffie_hellman_kea;
2044 ssl->specs.sig_algo = rsa_sa_algo;
2045 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2046 ssl->specs.pad_size = PAD_SHA;
2047 ssl->specs.static_ecdh = 0;
2048 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
2049 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2050 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2051
2052 break;
2053#endif
2054
2055#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2056 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
2057 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2058 ssl->specs.cipher_type = block;
2059 ssl->specs.mac_algorithm = sha256_mac;
2060 ssl->specs.kea = diffie_hellman_kea;
2061 ssl->specs.sig_algo = rsa_sa_algo;
2062 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2063 ssl->specs.pad_size = PAD_SHA;
2064 ssl->specs.static_ecdh = 0;
2065 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
2066 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2067 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2068
2069 break;
2070#endif
2071
2072#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2073 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
2074 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2075 ssl->specs.cipher_type = block;
2076 ssl->specs.mac_algorithm = sha256_mac;
2077 ssl->specs.kea = diffie_hellman_kea;
2078 ssl->specs.sig_algo = rsa_sa_algo;
2079 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2080 ssl->specs.pad_size = PAD_SHA;
2081 ssl->specs.static_ecdh = 0;
2082 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
2083 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2084 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2085
2086 break;
2087#endif
2088
2089#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
2090 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
2091 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
2092 ssl->specs.cipher_type = block;
2093 ssl->specs.mac_algorithm = sha_mac;
2094 ssl->specs.kea = diffie_hellman_kea;
2095 ssl->specs.sig_algo = anonymous_sa_algo;
2096 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2097 ssl->specs.pad_size = PAD_SHA;
2098 ssl->specs.static_ecdh = 0;
2099 ssl->specs.key_size = AES_128_KEY_SIZE;
2100 ssl->specs.block_size = AES_BLOCK_SIZE;
2101 ssl->specs.iv_size = AES_IV_SIZE;
2102
2103 ssl->options.usingAnon_cipher = 1;
2104 break;
2105#endif
2106
2107#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
2108 case SSL_RSA_WITH_IDEA_CBC_SHA :
2109 ssl->specs.bulk_cipher_algorithm = wolfssl_idea;
2110 ssl->specs.cipher_type = block;
2111 ssl->specs.mac_algorithm = sha_mac;
2112 ssl->specs.kea = rsa_kea;
2113 ssl->specs.sig_algo = rsa_sa_algo;
2114 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2115 ssl->specs.pad_size = PAD_SHA;
2116 ssl->specs.static_ecdh = 0;
2117 ssl->specs.key_size = IDEA_KEY_SIZE;
2118 ssl->specs.block_size = IDEA_BLOCK_SIZE;
2119 ssl->specs.iv_size = IDEA_IV_SIZE;
2120
2121 break;
2122#endif
2123
2124#ifdef BUILD_WDM_WITH_NULL_SHA256
2125 case WDM_WITH_NULL_SHA256 :
2126 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
2127 ssl->specs.cipher_type = stream;
2128 ssl->specs.mac_algorithm = sha256_mac;
2129 ssl->specs.kea = no_kea;
2130 ssl->specs.sig_algo = anonymous_sa_algo;
2131 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2132 ssl->specs.pad_size = PAD_SHA;
2133
2134 break;
2135#endif
2136
2137 default:
2138 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
2139 return UNSUPPORTED_SUITE;
2140 } /* switch */
2141 } /* if ECC / Normal suites else */
2142
2143 /* set TLS if it hasn't been turned off */
2144 if (ssl->version.major == 3 && ssl->version.minor >= 1) {
2145#ifndef NO_TLS
2146 ssl->options.tls = 1;
2147 #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
2148 ssl->hmac = TLS_hmac;
2149 #endif
2150 if (ssl->version.minor >= 2) {
2151 ssl->options.tls1_1 = 1;
2152 if (ssl->version.minor >= 4)
2153 ssl->options.tls1_3 = 1;
2154 }
2155#endif
2156 }
2157
2158#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
2159 if (IsAtLeastTLSv1_3(ssl->version) || ssl->specs.cipher_type != block)
2160 ssl->options.encThenMac = 0;
2161#endif
2162
2163#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_AEAD_ONLY)
2164 if (ssl->options.dtls)
2165 ssl->hmac = TLS_hmac;
2166#endif
2167
2168 return 0;
2169}
2170
2171
2172enum KeyStuff {
2173 MASTER_ROUNDS = 3,
2174 PREFIX = 3, /* up to three letters for master prefix */
2175 KEY_PREFIX = 9 /* up to 9 prefix letters for key rounds */
2176
2177
2178};
2179
2180#ifndef NO_OLD_TLS
2181/* true or false, zero for error */
2182static int SetPrefix(byte* sha_input, int idx)
2183{
2184 switch (idx) {
2185 case 0:
2186 XMEMCPY(sha_input, "A", 1);
2187 break;
2188 case 1:
2189 XMEMCPY(sha_input, "BB", 2);
2190 break;
2191 case 2:
2192 XMEMCPY(sha_input, "CCC", 3);
2193 break;
2194 case 3:
2195 XMEMCPY(sha_input, "DDDD", 4);
2196 break;
2197 case 4:
2198 XMEMCPY(sha_input, "EEEEE", 5);
2199 break;
2200 case 5:
2201 XMEMCPY(sha_input, "FFFFFF", 6);
2202 break;
2203 case 6:
2204 XMEMCPY(sha_input, "GGGGGGG", 7);
2205 break;
2206 case 7:
2207 XMEMCPY(sha_input, "HHHHHHHH", 8);
2208 break;
2209 case 8:
2210 XMEMCPY(sha_input, "IIIIIIIII", 9);
2211 break;
2212 default:
2213 WOLFSSL_MSG("Set Prefix error, bad input");
2214 return 0;
2215 }
2216 return 1;
2217}
2218#endif
2219
2220
2221static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
2222 int side, void* heap, int devId, WC_RNG* rng, int tls13)
2223{
2224 (void)rng;
2225 (void)tls13;
2226
2227#ifdef BUILD_ARC4
2228 if (specs->bulk_cipher_algorithm == wolfssl_rc4) {
2229 word32 sz = specs->key_size;
2230 if (enc && enc->arc4 == NULL) {
2231 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2232 if (enc->arc4 == NULL)
2233 return MEMORY_E;
2234 }
2235 if (dec && dec->arc4 == NULL) {
2236 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2237 if (dec->arc4 == NULL)
2238 return MEMORY_E;
2239 }
2240
2241 if (enc) {
2242 if (wc_Arc4Init(enc->arc4, heap, devId) != 0) {
2243 WOLFSSL_MSG("Arc4Init failed in SetKeys");
2244 return ASYNC_INIT_E;
2245 }
2246 }
2247 if (dec) {
2248 if (wc_Arc4Init(dec->arc4, heap, devId) != 0) {
2249 WOLFSSL_MSG("Arc4Init failed in SetKeys");
2250 return ASYNC_INIT_E;
2251 }
2252 }
2253
2254 if (side == WOLFSSL_CLIENT_END) {
2255 if (enc)
2256 wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
2257 if (dec)
2258 wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz);
2259 }
2260 else {
2261 if (enc)
2262 wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz);
2263 if (dec)
2264 wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz);
2265 }
2266 if (enc)
2267 enc->setup = 1;
2268 if (dec)
2269 dec->setup = 1;
2270 }
2271#endif /* BUILD_ARC4 */
2272
2273
2274#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
2275 /* Check that the max implicit iv size is suffecient */
2276 #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2277 #error AEAD_MAX_IMP_SZ is too small for ChaCha20
2278 #endif
2279 #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2280 #error MAX_WRITE_IV_SZ is too small for ChaCha20
2281 #endif
2282
2283 if (specs->bulk_cipher_algorithm == wolfssl_chacha) {
2284 int chachaRet;
2285 if (enc && enc->chacha == NULL)
2286 enc->chacha =
2287 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2288 if (enc && enc->chacha == NULL)
2289 return MEMORY_E;
2290 if (dec && dec->chacha == NULL)
2291 dec->chacha =
2292 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2293 if (dec && dec->chacha == NULL)
2294 return MEMORY_E;
2295 if (side == WOLFSSL_CLIENT_END) {
2296 if (enc) {
2297 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key,
2298 specs->key_size);
2299 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2300 CHACHA20_IMP_IV_SZ);
2301 if (chachaRet != 0) return chachaRet;
2302 }
2303 if (dec) {
2304 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key,
2305 specs->key_size);
2306 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2307 CHACHA20_IMP_IV_SZ);
2308 if (chachaRet != 0) return chachaRet;
2309 }
2310 }
2311 else {
2312 if (enc) {
2313 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key,
2314 specs->key_size);
2315 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2316 CHACHA20_IMP_IV_SZ);
2317 if (chachaRet != 0) return chachaRet;
2318 }
2319 if (dec) {
2320 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key,
2321 specs->key_size);
2322 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2323 CHACHA20_IMP_IV_SZ);
2324 if (chachaRet != 0) return chachaRet;
2325 }
2326 }
2327
2328 if (enc)
2329 enc->setup = 1;
2330 if (dec)
2331 dec->setup = 1;
2332 }
2333#endif /* HAVE_CHACHA && HAVE_POLY1305 */
2334
2335
2336#ifdef HAVE_HC128
2337 /* check that buffer sizes are sufficient */
2338 #if (MAX_WRITE_IV_SZ < 16) /* HC_128_IV_SIZE */
2339 #error MAX_WRITE_IV_SZ too small for HC128
2340 #endif
2341
2342 if (specs->bulk_cipher_algorithm == wolfssl_hc128) {
2343 int hcRet;
2344 if (enc && enc->hc128 == NULL)
2345 enc->hc128 =
2346 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
2347 if (enc && enc->hc128 == NULL)
2348 return MEMORY_E;
2349 if (dec && dec->hc128 == NULL)
2350 dec->hc128 =
2351 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
2352 if (dec && dec->hc128 == NULL)
2353 return MEMORY_E;
2354 if (side == WOLFSSL_CLIENT_END) {
2355 if (enc) {
2356 hcRet = wc_Hc128_SetKey(enc->hc128, keys->client_write_key,
2357 keys->client_write_IV);
2358 if (hcRet != 0) return hcRet;
2359 }
2360 if (dec) {
2361 hcRet = wc_Hc128_SetKey(dec->hc128, keys->server_write_key,
2362 keys->server_write_IV);
2363 if (hcRet != 0) return hcRet;
2364 }
2365 }
2366 else {
2367 if (enc) {
2368 hcRet = wc_Hc128_SetKey(enc->hc128, keys->server_write_key,
2369 keys->server_write_IV);
2370 if (hcRet != 0) return hcRet;
2371 }
2372 if (dec) {
2373 hcRet = wc_Hc128_SetKey(dec->hc128, keys->client_write_key,
2374 keys->client_write_IV);
2375 if (hcRet != 0) return hcRet;
2376 }
2377 }
2378 if (enc)
2379 enc->setup = 1;
2380 if (dec)
2381 dec->setup = 1;
2382 }
2383#endif /* HAVE_HC128 */
2384
2385#ifdef BUILD_RABBIT
2386 /* check that buffer sizes are sufficient */
2387 #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */
2388 #error MAX_WRITE_IV_SZ too small for RABBIT
2389 #endif
2390
2391 if (specs->bulk_cipher_algorithm == wolfssl_rabbit) {
2392 int rabRet;
2393 if (enc && enc->rabbit == NULL)
2394 enc->rabbit =
2395 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
2396 if (enc && enc->rabbit == NULL)
2397 return MEMORY_E;
2398 if (dec && dec->rabbit == NULL)
2399 dec->rabbit =
2400 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
2401 if (dec && dec->rabbit == NULL)
2402 return MEMORY_E;
2403 if (side == WOLFSSL_CLIENT_END) {
2404 if (enc) {
2405 rabRet = wc_RabbitSetKey(enc->rabbit, keys->client_write_key,
2406 keys->client_write_IV);
2407 if (rabRet != 0) return rabRet;
2408 }
2409 if (dec) {
2410 rabRet = wc_RabbitSetKey(dec->rabbit, keys->server_write_key,
2411 keys->server_write_IV);
2412 if (rabRet != 0) return rabRet;
2413 }
2414 }
2415 else {
2416 if (enc) {
2417 rabRet = wc_RabbitSetKey(enc->rabbit, keys->server_write_key,
2418 keys->server_write_IV);
2419 if (rabRet != 0) return rabRet;
2420 }
2421 if (dec) {
2422 rabRet = wc_RabbitSetKey(dec->rabbit, keys->client_write_key,
2423 keys->client_write_IV);
2424 if (rabRet != 0) return rabRet;
2425 }
2426 }
2427 if (enc)
2428 enc->setup = 1;
2429 if (dec)
2430 dec->setup = 1;
2431 }
2432#endif /* BUILD_RABBIT */
2433
2434#ifdef BUILD_DES3
2435 /* check that buffer sizes are sufficient */
2436 #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */
2437 #error MAX_WRITE_IV_SZ too small for 3DES
2438 #endif
2439
2440 if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
2441 int desRet = 0;
2442
2443 if (enc) {
2444 if (enc->des3 == NULL)
2445 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2446 if (enc->des3 == NULL)
2447 return MEMORY_E;
2448 XMEMSET(enc->des3, 0, sizeof(Des3));
2449 }
2450 if (dec) {
2451 if (dec->des3 == NULL)
2452 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2453 if (dec->des3 == NULL)
2454 return MEMORY_E;
2455 XMEMSET(dec->des3, 0, sizeof(Des3));
2456 }
2457
2458 if (enc) {
2459 if (wc_Des3Init(enc->des3, heap, devId) != 0) {
2460 WOLFSSL_MSG("Des3Init failed in SetKeys");
2461 return ASYNC_INIT_E;
2462 }
2463 }
2464 if (dec) {
2465 if (wc_Des3Init(dec->des3, heap, devId) != 0) {
2466 WOLFSSL_MSG("Des3Init failed in SetKeys");
2467 return ASYNC_INIT_E;
2468 }
2469 }
2470
2471 if (side == WOLFSSL_CLIENT_END) {
2472 if (enc) {
2473 desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
2474 keys->client_write_IV, DES_ENCRYPTION);
2475 if (desRet != 0) return desRet;
2476 }
2477 if (dec) {
2478 desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key,
2479 keys->server_write_IV, DES_DECRYPTION);
2480 if (desRet != 0) return desRet;
2481 }
2482 }
2483 else {
2484 if (enc) {
2485 desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key,
2486 keys->server_write_IV, DES_ENCRYPTION);
2487 if (desRet != 0) return desRet;
2488 }
2489 if (dec) {
2490 desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key,
2491 keys->client_write_IV, DES_DECRYPTION);
2492 if (desRet != 0) return desRet;
2493 }
2494 }
2495 if (enc)
2496 enc->setup = 1;
2497 if (dec)
2498 dec->setup = 1;
2499 }
2500#endif /* BUILD_DES3 */
2501
2502#ifdef BUILD_AES
2503 /* check that buffer sizes are sufficient */
2504 #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */
2505 #error MAX_WRITE_IV_SZ too small for AES
2506 #endif
2507
2508 if (specs->bulk_cipher_algorithm == wolfssl_aes) {
2509 int aesRet = 0;
2510
2511 if (enc) {
2512 if (enc->aes == NULL)
2513 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2514 if (enc->aes == NULL)
2515 return MEMORY_E;
2516 XMEMSET(enc->aes, 0, sizeof(Aes));
2517 }
2518 if (dec) {
2519 if (dec->aes == NULL)
2520 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2521 if (dec->aes == NULL)
2522 return MEMORY_E;
2523 XMEMSET(dec->aes, 0, sizeof(Aes));
2524 }
2525 if (enc) {
2526 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2527 WOLFSSL_MSG("AesInit failed in SetKeys");
2528 return ASYNC_INIT_E;
2529 }
2530 }
2531 if (dec) {
2532 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2533 WOLFSSL_MSG("AesInit failed in SetKeys");
2534 return ASYNC_INIT_E;
2535 }
2536 }
2537
2538 if (side == WOLFSSL_CLIENT_END) {
2539 if (enc) {
2540 aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
2541 specs->key_size, keys->client_write_IV,
2542 AES_ENCRYPTION);
2543 if (aesRet != 0) return aesRet;
2544 }
2545 if (dec) {
2546 aesRet = wc_AesSetKey(dec->aes, keys->server_write_key,
2547 specs->key_size, keys->server_write_IV,
2548 AES_DECRYPTION);
2549 if (aesRet != 0) return aesRet;
2550 }
2551 }
2552 else {
2553 if (enc) {
2554 aesRet = wc_AesSetKey(enc->aes, keys->server_write_key,
2555 specs->key_size, keys->server_write_IV,
2556 AES_ENCRYPTION);
2557 if (aesRet != 0) return aesRet;
2558 }
2559 if (dec) {
2560 aesRet = wc_AesSetKey(dec->aes, keys->client_write_key,
2561 specs->key_size, keys->client_write_IV,
2562 AES_DECRYPTION);
2563 if (aesRet != 0) return aesRet;
2564 }
2565 }
2566 if (enc)
2567 enc->setup = 1;
2568 if (dec)
2569 dec->setup = 1;
2570 }
2571#endif /* BUILD_AES */
2572
2573#ifdef BUILD_AESGCM
2574 /* check that buffer sizes are sufficient */
2575 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2576 #error AEAD_MAX_IMP_SZ too small for AESGCM
2577 #endif
2578 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2579 #error AEAD_MAX_EXP_SZ too small for AESGCM
2580 #endif
2581 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2582 #error MAX_WRITE_IV_SZ too small for AESGCM
2583 #endif
2584
2585 if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
2586 int gcmRet;
2587
2588 if (enc) {
2589 if (enc->aes == NULL)
2590 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2591 if (enc->aes == NULL)
2592 return MEMORY_E;
2593 XMEMSET(enc->aes, 0, sizeof(Aes));
2594 }
2595 if (dec) {
2596 if (dec->aes == NULL)
2597 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2598 if (dec->aes == NULL)
2599 return MEMORY_E;
2600 XMEMSET(dec->aes, 0, sizeof(Aes));
2601 }
2602
2603 if (enc) {
2604 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2605 WOLFSSL_MSG("AesInit failed in SetKeys");
2606 return ASYNC_INIT_E;
2607 }
2608 }
2609 if (dec) {
2610 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2611 WOLFSSL_MSG("AesInit failed in SetKeys");
2612 return ASYNC_INIT_E;
2613 }
2614 }
2615
2616 if (side == WOLFSSL_CLIENT_END) {
2617 if (enc) {
2618 gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key,
2619 specs->key_size);
2620 if (gcmRet != 0) return gcmRet;
2621 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2622 AEAD_MAX_IMP_SZ);
2623#if !defined(NO_PUBLIC_GCM_SET_IV) && \
2624 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2625 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2626 if (!tls13) {
2627 gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ,
2628 keys->client_write_IV, AESGCM_IMP_IV_SZ, rng);
2629 if (gcmRet != 0) return gcmRet;
2630 }
2631#endif
2632 }
2633 if (dec) {
2634 gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
2635 specs->key_size);
2636 if (gcmRet != 0) return gcmRet;
2637 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2638 AEAD_MAX_IMP_SZ);
2639 }
2640 }
2641 else {
2642 if (enc) {
2643 gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key,
2644 specs->key_size);
2645 if (gcmRet != 0) return gcmRet;
2646 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2647 AEAD_MAX_IMP_SZ);
2648#if !defined(NO_PUBLIC_GCM_SET_IV) && \
2649 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2650 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2651 if (!tls13) {
2652 gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ,
2653 keys->server_write_IV, AESGCM_IMP_IV_SZ, rng);
2654 if (gcmRet != 0) return gcmRet;
2655 }
2656#endif
2657 }
2658 if (dec) {
2659 gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
2660 specs->key_size);
2661 if (gcmRet != 0) return gcmRet;
2662 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2663 AEAD_MAX_IMP_SZ);
2664 }
2665 }
2666 if (enc)
2667 enc->setup = 1;
2668 if (dec)
2669 dec->setup = 1;
2670 }
2671#endif /* BUILD_AESGCM */
2672
2673#ifdef HAVE_AESCCM
2674 /* check that buffer sizes are sufficient (CCM is same size as GCM) */
2675 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2676 #error AEAD_MAX_IMP_SZ too small for AESCCM
2677 #endif
2678 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2679 #error AEAD_MAX_EXP_SZ too small for AESCCM
2680 #endif
2681 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2682 #error MAX_WRITE_IV_SZ too small for AESCCM
2683 #endif
2684
2685 if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
2686 int CcmRet;
2687
2688 if (enc) {
2689 if (enc->aes == NULL)
2690 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2691 if (enc->aes == NULL)
2692 return MEMORY_E;
2693 XMEMSET(enc->aes, 0, sizeof(Aes));
2694 }
2695 if (dec) {
2696 if (dec->aes == NULL)
2697 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2698 if (dec->aes == NULL)
2699 return MEMORY_E;
2700 XMEMSET(dec->aes, 0, sizeof(Aes));
2701 }
2702
2703 if (enc) {
2704 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2705 WOLFSSL_MSG("AesInit failed in SetKeys");
2706 return ASYNC_INIT_E;
2707 }
2708 }
2709 if (dec) {
2710 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2711 WOLFSSL_MSG("AesInit failed in SetKeys");
2712 return ASYNC_INIT_E;
2713 }
2714 }
2715
2716 if (side == WOLFSSL_CLIENT_END) {
2717 if (enc) {
2718 CcmRet = wc_AesCcmSetKey(enc->aes, keys->client_write_key,
2719 specs->key_size);
2720 if (CcmRet != 0) {
2721 return CcmRet;
2722 }
2723 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2724 AEAD_MAX_IMP_SZ);
2725#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \
2726 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2727 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2728 if (!tls13) {
2729 CcmRet = wc_AesCcmSetNonce(enc->aes, keys->client_write_IV,
2730 AEAD_MAX_IMP_SZ);
2731 if (CcmRet != 0) return CcmRet;
2732 }
2733#endif
2734 }
2735 if (dec) {
2736 CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key,
2737 specs->key_size);
2738 if (CcmRet != 0) {
2739 return CcmRet;
2740 }
2741 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2742 AEAD_MAX_IMP_SZ);
2743 }
2744 }
2745 else {
2746 if (enc) {
2747 CcmRet = wc_AesCcmSetKey(enc->aes, keys->server_write_key,
2748 specs->key_size);
2749 if (CcmRet != 0) {
2750 return CcmRet;
2751 }
2752 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2753 AEAD_MAX_IMP_SZ);
2754#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \
2755 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2756 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2757 if (!tls13) {
2758 CcmRet = wc_AesCcmSetNonce(enc->aes, keys->server_write_IV,
2759 AEAD_MAX_IMP_SZ);
2760 if (CcmRet != 0) return CcmRet;
2761 }
2762#endif
2763 }
2764 if (dec) {
2765 CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key,
2766 specs->key_size);
2767 if (CcmRet != 0) {
2768 return CcmRet;
2769 }
2770 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2771 AEAD_MAX_IMP_SZ);
2772 }
2773 }
2774 if (enc)
2775 enc->setup = 1;
2776 if (dec)
2777 dec->setup = 1;
2778 }
2779#endif /* HAVE_AESCCM */
2780
2781#ifdef HAVE_CAMELLIA
2782 /* check that buffer sizes are sufficient */
2783 #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */
2784 #error MAX_WRITE_IV_SZ too small for CAMELLIA
2785 #endif
2786
2787 if (specs->bulk_cipher_algorithm == wolfssl_camellia) {
2788 int camRet;
2789
2790 if (enc && enc->cam == NULL)
2791 enc->cam =
2792 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2793 if (enc && enc->cam == NULL)
2794 return MEMORY_E;
2795
2796 if (dec && dec->cam == NULL)
2797 dec->cam =
2798 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2799 if (dec && dec->cam == NULL)
2800 return MEMORY_E;
2801
2802 if (side == WOLFSSL_CLIENT_END) {
2803 if (enc) {
2804 camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key,
2805 specs->key_size, keys->client_write_IV);
2806 if (camRet != 0) return camRet;
2807 }
2808 if (dec) {
2809 camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key,
2810 specs->key_size, keys->server_write_IV);
2811 if (camRet != 0) return camRet;
2812 }
2813 }
2814 else {
2815 if (enc) {
2816 camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key,
2817 specs->key_size, keys->server_write_IV);
2818 if (camRet != 0) return camRet;
2819 }
2820 if (dec) {
2821 camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key,
2822 specs->key_size, keys->client_write_IV);
2823 if (camRet != 0) return camRet;
2824 }
2825 }
2826 if (enc)
2827 enc->setup = 1;
2828 if (dec)
2829 dec->setup = 1;
2830 }
2831#endif /* HAVE_CAMELLIA */
2832
2833#ifdef HAVE_IDEA
2834 /* check that buffer sizes are sufficient */
2835 #if (MAX_WRITE_IV_SZ < 8) /* IDEA_IV_SIZE */
2836 #error MAX_WRITE_IV_SZ too small for IDEA
2837 #endif
2838
2839 if (specs->bulk_cipher_algorithm == wolfssl_idea) {
2840 int ideaRet;
2841
2842 if (enc && enc->idea == NULL)
2843 enc->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
2844 if (enc && enc->idea == NULL)
2845 return MEMORY_E;
2846
2847 if (dec && dec->idea == NULL)
2848 dec->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
2849 if (dec && dec->idea == NULL)
2850 return MEMORY_E;
2851
2852 if (side == WOLFSSL_CLIENT_END) {
2853 if (enc) {
2854 ideaRet = wc_IdeaSetKey(enc->idea, keys->client_write_key,
2855 specs->key_size, keys->client_write_IV,
2856 IDEA_ENCRYPTION);
2857 if (ideaRet != 0) return ideaRet;
2858 }
2859 if (dec) {
2860 ideaRet = wc_IdeaSetKey(dec->idea, keys->server_write_key,
2861 specs->key_size, keys->server_write_IV,
2862 IDEA_DECRYPTION);
2863 if (ideaRet != 0) return ideaRet;
2864 }
2865 }
2866 else {
2867 if (enc) {
2868 ideaRet = wc_IdeaSetKey(enc->idea, keys->server_write_key,
2869 specs->key_size, keys->server_write_IV,
2870 IDEA_ENCRYPTION);
2871 if (ideaRet != 0) return ideaRet;
2872 }
2873 if (dec) {
2874 ideaRet = wc_IdeaSetKey(dec->idea, keys->client_write_key,
2875 specs->key_size, keys->client_write_IV,
2876 IDEA_DECRYPTION);
2877 if (ideaRet != 0) return ideaRet;
2878 }
2879 }
2880 if (enc)
2881 enc->setup = 1;
2882 if (dec)
2883 dec->setup = 1;
2884 }
2885#endif /* HAVE_IDEA */
2886
2887#ifdef HAVE_NULL_CIPHER
2888 if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
2889 #ifdef WOLFSSL_TLS13
2890 if (tls13) {
2891 int hmacRet;
2892 int hashType = WC_HASH_TYPE_NONE;
2893
2894 switch (specs->mac_algorithm) {
2895 case sha256_mac:
2896 hashType = WC_SHA256;
2897 break;
2898 case sha384_mac:
2899 hashType = WC_SHA384;
2900 break;
2901 default:
2902 break;
2903 }
2904
2905 if (enc && enc->hmac == NULL) {
2906 enc->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap,
2907 DYNAMIC_TYPE_CIPHER);
2908 if (enc->hmac == NULL)
2909 return MEMORY_E;
2910 }
2911
2912 if (dec && dec->hmac == NULL) {
2913 dec->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap,
2914 DYNAMIC_TYPE_CIPHER);
2915 if (dec->hmac == NULL)
2916 return MEMORY_E;
2917 }
2918
2919 if (enc) {
2920 if (wc_HmacInit(enc->hmac, heap, devId) != 0) {
2921 WOLFSSL_MSG("HmacInit failed in SetKeys");
2922 return ASYNC_INIT_E;
2923 }
2924 }
2925 if (dec) {
2926 if (wc_HmacInit(dec->hmac, heap, devId) != 0) {
2927 WOLFSSL_MSG("HmacInit failed in SetKeys");
2928 return ASYNC_INIT_E;
2929 }
2930 }
2931
2932 if (side == WOLFSSL_CLIENT_END) {
2933 if (enc) {
2934 hmacRet = wc_HmacSetKey(enc->hmac, hashType,
2935 keys->client_write_key, specs->key_size);
2936 if (hmacRet != 0) return hmacRet;
2937 }
2938 if (dec) {
2939 hmacRet = wc_HmacSetKey(dec->hmac, hashType,
2940 keys->server_write_key, specs->key_size);
2941 if (hmacRet != 0) return hmacRet;
2942 }
2943 }
2944 else {
2945 if (enc) {
2946 hmacRet = wc_HmacSetKey(enc->hmac, hashType,
2947 keys->server_write_key, specs->key_size);
2948 if (hmacRet != 0) return hmacRet;
2949 }
2950 if (dec) {
2951 hmacRet = wc_HmacSetKey(dec->hmac, hashType,
2952 keys->client_write_key, specs->key_size);
2953 if (hmacRet != 0) return hmacRet;
2954 }
2955 }
2956 }
2957 #endif
2958 if (enc)
2959 enc->setup = 1;
2960 if (dec)
2961 dec->setup = 1;
2962 }
2963#endif
2964
2965 if (enc) {
2966 keys->sequence_number_hi = 0;
2967 keys->sequence_number_lo = 0;
2968 }
2969 if (dec) {
2970 keys->peer_sequence_number_hi = 0;
2971 keys->peer_sequence_number_lo = 0;
2972 }
2973 (void)side;
2974 (void)heap;
2975 (void)enc;
2976 (void)dec;
2977 (void)specs;
2978 (void)devId;
2979
2980 return 0;
2981}
2982
2983
2984#ifdef HAVE_ONE_TIME_AUTH
2985/* set one time authentication keys */
2986static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
2987 CipherSpecs* specs, void* heap, int devId)
2988{
2989
2990#ifdef HAVE_POLY1305
2991 /* set up memory space for poly1305 */
2992 if (authentication && authentication->poly1305 == NULL)
2993 authentication->poly1305 =
2994 (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER);
2995 if (authentication && authentication->poly1305 == NULL)
2996 return MEMORY_E;
2997 if (authentication)
2998 authentication->setup = 1;
2999#endif
3000 (void)authentication;
3001 (void)heap;
3002 (void)keys;
3003 (void)specs;
3004 (void)devId;
3005
3006 return 0;
3007}
3008#endif /* HAVE_ONE_TIME_AUTH */
3009
3010#ifdef HAVE_SECURE_RENEGOTIATION
3011/* function name is for cache_status++
3012 * This function was added because of error incrementing enum type when
3013 * compiling with a C++ compiler.
3014 */
3015static void CacheStatusPP(SecureRenegotiation* cache)
3016{
3017 switch (cache->cache_status) {
3018 case SCR_CACHE_NULL:
3019 cache->cache_status = SCR_CACHE_NEEDED;
3020 break;
3021
3022 case SCR_CACHE_NEEDED:
3023 cache->cache_status = SCR_CACHE_COPY;
3024 break;
3025
3026 case SCR_CACHE_COPY:
3027 cache->cache_status = SCR_CACHE_PARTIAL;
3028 break;
3029
3030 case SCR_CACHE_PARTIAL:
3031 cache->cache_status = SCR_CACHE_COMPLETE;
3032 break;
3033
3034 case SCR_CACHE_COMPLETE:
3035 WOLFSSL_MSG("SCR Cache state Complete");
3036 break;
3037
3038 default:
3039 WOLFSSL_MSG("Unknown cache state!!");
3040 }
3041}
3042#endif /* HAVE_SECURE_RENEGOTIATION */
3043
3044
3045/* Set wc_encrypt/wc_decrypt or both sides of key setup
3046 * note: use wc_encrypt to avoid shadowing global encrypt
3047 * declared in unistd.h
3048 */
3049int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
3050{
3051 int ret, copy = 0;
3052 Ciphers* wc_encrypt = NULL;
3053 Ciphers* wc_decrypt = NULL;
3054 Keys* keys = &ssl->keys;
3055
3056 (void)copy;
3057
3058#ifdef HAVE_SECURE_RENEGOTIATION
3059 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) {
3060 keys = &ssl->secure_renegotiation->tmp_keys;
3061 copy = 1;
3062 }
3063#endif /* HAVE_SECURE_RENEGOTIATION */
3064
3065 switch (side) {
3066 case ENCRYPT_SIDE_ONLY:
3067#ifdef WOLFSSL_DEBUG_TLS
3068 WOLFSSL_MSG("Provisioning ENCRYPT key");
3069 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3070 WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
3071 }
3072 else {
3073 WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
3074 }
3075#endif
3076 wc_encrypt = &ssl->encrypt;
3077 break;
3078
3079 case DECRYPT_SIDE_ONLY:
3080#ifdef WOLFSSL_DEBUG_TLS
3081 WOLFSSL_MSG("Provisioning DECRYPT key");
3082 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3083 WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
3084 }
3085 else {
3086 WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
3087 }
3088#endif
3089 wc_decrypt = &ssl->decrypt;
3090 break;
3091
3092 case ENCRYPT_AND_DECRYPT_SIDE:
3093#ifdef WOLFSSL_DEBUG_TLS
3094 WOLFSSL_MSG("Provisioning ENCRYPT key");
3095 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3096 WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
3097 }
3098 else {
3099 WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
3100 }
3101 WOLFSSL_MSG("Provisioning DECRYPT key");
3102 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3103 WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
3104 }
3105 else {
3106 WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
3107 }
3108#endif
3109 wc_encrypt = &ssl->encrypt;
3110 wc_decrypt = &ssl->decrypt;
3111 break;
3112
3113 default:
3114 return BAD_FUNC_ARG;
3115 }
3116
3117#ifdef HAVE_ONE_TIME_AUTH
3118 if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){
3119 ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, ssl->devId);
3120 if (ret != 0)
3121 return ret;
3122 }
3123#endif
3124
3125#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
3126 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
3127 /* check if keys for TSIP has been created */
3128 if (tsip_useable(ssl) == 1)
3129 ret = 0;
3130 else
3131#endif
3132 ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
3133 ssl->heap, ssl->devId, ssl->rng, ssl->options.tls1_3);
3134
3135#ifdef HAVE_SECURE_RENEGOTIATION
3136 if (copy) {
3137 int clientCopy = 0;
3138
3139 if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt)
3140 clientCopy = 1;
3141 else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt)
3142 clientCopy = 1;
3143
3144 if (clientCopy) {
3145 #ifndef WOLFSSL_AEAD_ONLY
3146 XMEMCPY(ssl->keys.client_write_MAC_secret,
3147 keys->client_write_MAC_secret, WC_MAX_DIGEST_SIZE);
3148 #endif
3149 XMEMCPY(ssl->keys.client_write_key,
3150 keys->client_write_key, AES_256_KEY_SIZE);
3151 XMEMCPY(ssl->keys.client_write_IV,
3152 keys->client_write_IV, MAX_WRITE_IV_SZ);
3153 } else {
3154 #ifndef WOLFSSL_AEAD_ONLY
3155 XMEMCPY(ssl->keys.server_write_MAC_secret,
3156 keys->server_write_MAC_secret, WC_MAX_DIGEST_SIZE);
3157 #endif
3158 XMEMCPY(ssl->keys.server_write_key,
3159 keys->server_write_key, AES_256_KEY_SIZE);
3160 XMEMCPY(ssl->keys.server_write_IV,
3161 keys->server_write_IV, MAX_WRITE_IV_SZ);
3162 }
3163 if (wc_encrypt) {
3164 ssl->keys.sequence_number_hi = keys->sequence_number_hi;
3165 ssl->keys.sequence_number_lo = keys->sequence_number_lo;
3166 #ifdef HAVE_AEAD
3167 if (ssl->specs.cipher_type == aead) {
3168 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3169 XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
3170 AEAD_MAX_EXP_SZ);
3171
3172 /* Initialize encrypt implicit IV by encrypt side */
3173 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3174 XMEMCPY(ssl->keys.aead_enc_imp_IV,
3175 keys->client_write_IV, AEAD_MAX_IMP_SZ);
3176 } else {
3177 XMEMCPY(ssl->keys.aead_enc_imp_IV,
3178 keys->server_write_IV, AEAD_MAX_IMP_SZ);
3179 }
3180 }
3181 #endif
3182 }
3183 if (wc_decrypt) {
3184 ssl->keys.peer_sequence_number_hi = keys->peer_sequence_number_hi;
3185 ssl->keys.peer_sequence_number_lo = keys->peer_sequence_number_lo;
3186 #ifdef HAVE_AEAD
3187 if (ssl->specs.cipher_type == aead) {
3188 /* Initialize decrypt implicit IV by decrypt side */
3189 if (ssl->options.side == WOLFSSL_SERVER_END) {
3190 XMEMCPY(ssl->keys.aead_dec_imp_IV,
3191 keys->client_write_IV, AEAD_MAX_IMP_SZ);
3192 } else {
3193 XMEMCPY(ssl->keys.aead_dec_imp_IV,
3194 keys->server_write_IV, AEAD_MAX_IMP_SZ);
3195 }
3196 }
3197 #endif
3198 }
3199 CacheStatusPP(ssl->secure_renegotiation);
3200 }
3201#endif /* HAVE_SECURE_RENEGOTIATION */
3202
3203 return ret;
3204}
3205
3206
3207/* TLS can call too */
3208int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
3209{
3210 int sz, i = 0;
3211 Keys* keys = &ssl->keys;
3212
3213#ifdef HAVE_SECURE_RENEGOTIATION
3214 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status ==
3215 SCR_CACHE_NEEDED) {
3216 keys = &ssl->secure_renegotiation->tmp_keys;
3217 CacheStatusPP(ssl->secure_renegotiation);
3218 }
3219#endif /* HAVE_SECURE_RENEGOTIATION */
3220
3221#ifdef WOLFSSL_MULTICAST
3222 if (ssl->options.haveMcast) {
3223 /* Use the same keys for encrypt and decrypt. */
3224 if (ssl->specs.cipher_type != aead) {
3225 sz = ssl->specs.hash_size;
3226 #ifndef WOLFSSL_AEAD_ONLY
3227 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3228 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3229 #endif
3230 i += sz;
3231 }
3232 sz = ssl->specs.key_size;
3233 XMEMCPY(keys->client_write_key, &keyData[i], sz);
3234 XMEMCPY(keys->server_write_key, &keyData[i], sz);
3235 i += sz;
3236
3237 sz = ssl->specs.iv_size;
3238 XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3239 XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3240
3241#ifdef HAVE_AEAD
3242 if (ssl->specs.cipher_type == aead) {
3243 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3244 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3245 }
3246#endif /* HAVE_AEAD */
3247
3248 return 0;
3249 }
3250#endif /* WOLFSSL_MULTICAST */
3251
3252 if (ssl->specs.cipher_type != aead) {
3253 sz = ssl->specs.hash_size;
3254 if (side & PROVISION_CLIENT) {
3255 #ifndef WOLFSSL_AEAD_ONLY
3256 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3257 #endif
3258 i += sz;
3259 }
3260 if (side & PROVISION_SERVER) {
3261 #ifndef WOLFSSL_AEAD_ONLY
3262 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3263 #endif
3264 i += sz;
3265 }
3266 }
3267 sz = ssl->specs.key_size;
3268 if (side & PROVISION_CLIENT) {
3269 XMEMCPY(keys->client_write_key, &keyData[i], sz);
3270 i += sz;
3271 }
3272 if (side & PROVISION_SERVER) {
3273 XMEMCPY(keys->server_write_key, &keyData[i], sz);
3274 i += sz;
3275 }
3276
3277 sz = ssl->specs.iv_size;
3278 if (side & PROVISION_CLIENT) {
3279 XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3280 i += sz;
3281 }
3282 if (side & PROVISION_SERVER)
3283 XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3284
3285#ifdef HAVE_AEAD
3286 if (ssl->specs.cipher_type == aead) {
3287 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3288 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3289 }
3290#endif
3291
3292 return 0;
3293}
3294
3295#ifndef NO_OLD_TLS
3296int DeriveKeys(WOLFSSL* ssl)
3297{
3298 int length = 2 * ssl->specs.hash_size +
3299 2 * ssl->specs.key_size +
3300 2 * ssl->specs.iv_size;
3301 int rounds = (length + WC_MD5_DIGEST_SIZE - 1 ) / WC_MD5_DIGEST_SIZE, i;
3302 int ret = 0;
3303
3304#ifdef WOLFSSL_SMALL_STACK
3305 byte* shaOutput;
3306 byte* md5Input;
3307 byte* shaInput;
3308 byte* keyData;
3309 wc_Md5* md5;
3310 wc_Sha* sha;
3311#else
3312 byte shaOutput[WC_SHA_DIGEST_SIZE];
3313 byte md5Input[SECRET_LEN + WC_SHA_DIGEST_SIZE];
3314 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
3315 byte keyData[KEY_PREFIX * WC_MD5_DIGEST_SIZE];
3316 wc_Md5 md5[1];
3317 wc_Sha sha[1];
3318#endif
3319
3320#ifdef WOLFSSL_SMALL_STACK
3321 shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3322 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3323 md5Input = (byte*)XMALLOC(SECRET_LEN + WC_SHA_DIGEST_SIZE,
3324 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3325 shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN,
3326 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3327 keyData = (byte*)XMALLOC(KEY_PREFIX * WC_MD5_DIGEST_SIZE,
3328 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3329 md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3330 sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3331
3332 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3333 keyData == NULL || md5 == NULL || sha == NULL) {
3334 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3335 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3336 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3337 if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3338 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3339 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3340
3341 return MEMORY_E;
3342 }
3343#endif
3344
3345 ret = wc_InitMd5(md5);
3346 if (ret == 0) {
3347 ret = wc_InitSha(sha);
3348 }
3349 if (ret == 0) {
3350 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
3351
3352 for (i = 0; i < rounds; ++i) {
3353 int j = i + 1;
3354 int idx = j;
3355
3356 if (!SetPrefix(shaInput, i)) {
3357 ret = PREFIX_ERROR;
3358 break;
3359 }
3360
3361 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
3362 idx += SECRET_LEN;
3363 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3364 idx += RAN_LEN;
3365 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3366 if (ret == 0) {
3367 ret = wc_ShaUpdate(sha, shaInput,
3368 (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j);
3369 }
3370 if (ret == 0) {
3371 ret = wc_ShaFinal(sha, shaOutput);
3372 }
3373
3374 XMEMCPY(md5Input + SECRET_LEN, shaOutput, WC_SHA_DIGEST_SIZE);
3375 if (ret == 0) {
3376 ret = wc_Md5Update(md5, md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE);
3377 }
3378 if (ret == 0) {
3379 ret = wc_Md5Final(md5, keyData + i * WC_MD5_DIGEST_SIZE);
3380 }
3381 }
3382
3383 if (ret == 0)
3384 ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER);
3385 }
3386
3387#ifdef WOLFSSL_SMALL_STACK
3388 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3389 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3390 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3391 XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3392 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3393 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3394#endif
3395
3396 return ret;
3397}
3398
3399
3400static int CleanPreMaster(WOLFSSL* ssl)
3401{
3402 int i, ret, sz = ssl->arrays->preMasterSz;
3403
3404 for (i = 0; i < sz; i++)
3405 ssl->arrays->preMasterSecret[i] = 0;
3406
3407 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
3408 if (ret != 0)
3409 return ret;
3410
3411 for (i = 0; i < sz; i++)
3412 ssl->arrays->preMasterSecret[i] = 0;
3413
3414 XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
3415 ssl->arrays->preMasterSecret = NULL;
3416 ssl->arrays->preMasterSz = 0;
3417
3418 return 0;
3419}
3420
3421
3422/* Create and store the master secret see page 32, 6.1 */
3423static int MakeSslMasterSecret(WOLFSSL* ssl)
3424{
3425 int i, ret;
3426 word32 idx;
3427 word32 pmsSz = ssl->arrays->preMasterSz;
3428
3429#ifdef WOLFSSL_SMALL_STACK
3430 byte* shaOutput;
3431 byte* md5Input;
3432 byte* shaInput;
3433 wc_Md5* md5;
3434 wc_Sha* sha;
3435#else
3436 byte shaOutput[WC_SHA_DIGEST_SIZE];
3437 byte md5Input[ENCRYPT_LEN + WC_SHA_DIGEST_SIZE];
3438 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
3439 wc_Md5 md5[1];
3440 wc_Sha sha[1];
3441#endif
3442
3443#ifdef SHOW_SECRETS
3444 {
3445 word32 j;
3446 printf("pre master secret: ");
3447 for (j = 0; j < pmsSz; j++)
3448 printf("%02x", ssl->arrays->preMasterSecret[j]);
3449 printf("\n");
3450 }
3451#endif
3452
3453#ifdef WOLFSSL_SMALL_STACK
3454 shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3455 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3456 md5Input = (byte*)XMALLOC(ENCRYPT_LEN + WC_SHA_DIGEST_SIZE,
3457 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3458 shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN,
3459 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3460 md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3461 sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3462
3463 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3464 md5 == NULL || sha == NULL) {
3465 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3466 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3467 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3468 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3469 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3470
3471 return MEMORY_E;
3472 }
3473#endif
3474
3475 ret = wc_InitMd5(md5);
3476 if (ret == 0) {
3477 ret = wc_InitSha(sha);
3478 }
3479 if (ret == 0) {
3480 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
3481
3482 for (i = 0; i < MASTER_ROUNDS; ++i) {
3483 byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */
3484 if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */
3485 ret = PREFIX_ERROR;
3486 break;
3487 }
3488
3489 idx = 0;
3490 XMEMCPY(shaInput, prefix, i + 1);
3491 idx += i + 1;
3492
3493 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
3494 idx += pmsSz;
3495 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3496 idx += RAN_LEN;
3497 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3498 idx += RAN_LEN;
3499 if (ret == 0) {
3500 ret = wc_ShaUpdate(sha, shaInput, idx);
3501 }
3502 if (ret == 0) {
3503 ret = wc_ShaFinal(sha, shaOutput);
3504 }
3505 idx = pmsSz; /* preSz */
3506 XMEMCPY(md5Input + idx, shaOutput, WC_SHA_DIGEST_SIZE);
3507 idx += WC_SHA_DIGEST_SIZE;
3508 if (ret == 0) {
3509 ret = wc_Md5Update(md5, md5Input, idx);
3510 }
3511 if (ret == 0) {
3512 ret = wc_Md5Final(md5,
3513 &ssl->arrays->masterSecret[i * WC_MD5_DIGEST_SIZE]);
3514 }
3515 }
3516
3517#ifdef SHOW_SECRETS
3518 {
3519 word32 j;
3520 printf("master secret: ");
3521 for (j = 0; j < SECRET_LEN; j++)
3522 printf("%02x", ssl->arrays->masterSecret[j]);
3523 printf("\n");
3524 }
3525#endif
3526
3527 if (ret == 0)
3528 ret = DeriveKeys(ssl);
3529 }
3530
3531#ifdef WOLFSSL_SMALL_STACK
3532 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3533 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3534 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3535 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3536 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3537#endif
3538
3539 if (ret == 0)
3540 ret = CleanPreMaster(ssl);
3541 else
3542 CleanPreMaster(ssl);
3543
3544 return ret;
3545}
3546#endif
3547
3548
3549/* Master wrapper, doesn't use SSL stack space in TLS mode */
3550int MakeMasterSecret(WOLFSSL* ssl)
3551{
3552 /* append secret to premaster : premaster | SerSi | CliSi */
3553#ifdef HAVE_QSH
3554 word32 offset = 0;
3555
3556 if (ssl->peerQSHKeyPresent) {
3557 offset += ssl->arrays->preMasterSz;
3558 ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length +
3559 ssl->QSH_secret->SerSi->length;
3560 /* test and set flag if QSH has been used */
3561 if (ssl->QSH_secret->CliSi->length > 0 ||
3562 ssl->QSH_secret->SerSi->length > 0)
3563 ssl->isQSH = 1;
3564
3565 /* append secrets to the premaster */
3566 if (ssl->QSH_secret->SerSi != NULL) {
3567 XMEMCPY(ssl->arrays->preMasterSecret + offset,
3568 ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length);
3569 }
3570 offset += ssl->QSH_secret->SerSi->length;
3571 if (ssl->QSH_secret->CliSi != NULL) {
3572 XMEMCPY(ssl->arrays->preMasterSecret + offset,
3573 ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length);
3574 }
3575
3576 /* show secret SerSi and CliSi */
3577 #ifdef SHOW_SECRETS
3578 {
3579 word32 j;
3580 printf("QSH generated secret material\n");
3581 printf("SerSi : ");
3582 for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) {
3583 printf("%02x", ssl->QSH_secret->SerSi->buffer[j]);
3584 }
3585 printf("\n");
3586 printf("CliSi : ");
3587 for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) {
3588 printf("%02x", ssl->QSH_secret->CliSi->buffer[j]);
3589 }
3590 printf("\n");
3591 }
3592 #endif
3593 }
3594#endif
3595
3596#ifndef NO_OLD_TLS
3597 if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
3598 return MakeSslMasterSecret(ssl);
3599#elif !defined(WOLFSSL_NO_TLS12)
3600 return MakeTlsMasterSecret(ssl);
3601#else
3602 (void)ssl;
3603 return 0;
3604#endif
3605}
3606
3607#endif /* WOLFCRYPT_ONLY */
Note: See TracBrowser for help on using the repository browser.