source: azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/src/keys.c@ 464

Last change on this file since 464 was 464, checked in by coas-nagasima, 3 years ago

WolfSSLとAzure IoT SDKを更新
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc;charset=UTF-8
File size: 142.2 KB
Line 
1/* keys.c
2 *
3 * Copyright (C) 2006-2020 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23/* Name change compatibility layer no longer needs to be included here */
24
25#ifdef HAVE_CONFIG_H
26 #include <config.h>
27#endif
28
29#include <wolfssl/wolfcrypt/settings.h>
30
31#ifndef WOLFCRYPT_ONLY
32
33#include <wolfssl/internal.h>
34#include <wolfssl/error-ssl.h>
35#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
36 #ifndef NO_STDIO_FILESYSTEM
37 #include <stdio.h>
38 #endif
39#endif
40
41#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
42 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
43 int tsip_useable(const WOLFSSL *ssl);
44#endif
45int SetCipherSpecs(WOLFSSL* ssl)
46{
47#ifndef NO_WOLFSSL_CLIENT
48 if (ssl->options.side == WOLFSSL_CLIENT_END) {
49 /* server side verified before SetCipherSpecs call */
50 if (VerifyClientSuite(ssl) != 1) {
51 WOLFSSL_MSG("SetCipherSpecs() client has an unusable suite");
52 return UNSUPPORTED_SUITE;
53 }
54 }
55#endif /* NO_WOLFSSL_CLIENT */
56
57 /* Chacha extensions, 0xcc */
58 if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
59
60 switch (ssl->options.cipherSuite) {
61#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
62 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
63 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
64 ssl->specs.cipher_type = aead;
65 ssl->specs.mac_algorithm = sha256_mac;
66 ssl->specs.kea = ecc_diffie_hellman_kea;
67 ssl->specs.sig_algo = rsa_sa_algo;
68 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
69 ssl->specs.pad_size = PAD_SHA;
70 ssl->specs.static_ecdh = 0;
71 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
72 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
73 ssl->specs.iv_size = CHACHA20_IV_SIZE;
74 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
75 ssl->options.oldPoly = 1; /* use old poly1305 padding */
76
77 break;
78#endif
79
80#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
81 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
82 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
83 ssl->specs.cipher_type = aead;
84 ssl->specs.mac_algorithm = sha256_mac;
85 ssl->specs.kea = ecc_diffie_hellman_kea;
86 ssl->specs.sig_algo = ecc_dsa_sa_algo;
87 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
88 ssl->specs.pad_size = PAD_SHA;
89 ssl->specs.static_ecdh = 0;
90 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
91 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
92 ssl->specs.iv_size = CHACHA20_IV_SIZE;
93 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
94 ssl->options.oldPoly = 1; /* use old poly1305 padding */
95
96 break;
97#endif
98
99#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
100 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
101 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
102 ssl->specs.cipher_type = aead;
103 ssl->specs.mac_algorithm = sha256_mac;
104 ssl->specs.kea = diffie_hellman_kea;
105 ssl->specs.sig_algo = rsa_sa_algo;
106 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
107 ssl->specs.pad_size = PAD_SHA;
108 ssl->specs.static_ecdh = 0;
109 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
110 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
111 ssl->specs.iv_size = CHACHA20_IV_SIZE;
112 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
113 ssl->options.oldPoly = 1; /* use old poly1305 padding */
114
115 break;
116#endif
117#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
118 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
119 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
120 ssl->specs.cipher_type = aead;
121 ssl->specs.mac_algorithm = sha256_mac;
122 ssl->specs.kea = ecc_diffie_hellman_kea;
123 ssl->specs.sig_algo = rsa_sa_algo;
124 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
125 ssl->specs.pad_size = PAD_SHA;
126 ssl->specs.static_ecdh = 0;
127 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
128 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
129 ssl->specs.iv_size = CHACHA20_IV_SIZE;
130 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
131 ssl->options.oldPoly = 0; /* use recent padding RFC */
132
133 break;
134#endif
135
136#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
137 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
138 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
139 ssl->specs.cipher_type = aead;
140 ssl->specs.mac_algorithm = sha256_mac;
141 ssl->specs.kea = ecc_diffie_hellman_kea;
142 ssl->specs.sig_algo = ecc_dsa_sa_algo;
143 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
144 ssl->specs.pad_size = PAD_SHA;
145 ssl->specs.static_ecdh = 0;
146 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
147 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
148 ssl->specs.iv_size = CHACHA20_IV_SIZE;
149 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
150 ssl->options.oldPoly = 0; /* use recent padding RFC */
151
152 break;
153#endif
154
155#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
156 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
157 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
158 ssl->specs.cipher_type = aead;
159 ssl->specs.mac_algorithm = sha256_mac;
160 ssl->specs.kea = diffie_hellman_kea;
161 ssl->specs.sig_algo = rsa_sa_algo;
162 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
163 ssl->specs.pad_size = PAD_SHA;
164 ssl->specs.static_ecdh = 0;
165 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
166 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
167 ssl->specs.iv_size = CHACHA20_IV_SIZE;
168 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
169 ssl->options.oldPoly = 0; /* use recent padding RFC */
170
171 break;
172#endif
173
174#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
175 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256:
176 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
177 ssl->specs.cipher_type = aead;
178 ssl->specs.mac_algorithm = sha256_mac;
179 ssl->specs.kea = psk_kea;
180 ssl->specs.sig_algo = anonymous_sa_algo;
181 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
182 ssl->specs.pad_size = PAD_SHA;
183 ssl->specs.static_ecdh = 0;
184 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
185 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
186 ssl->specs.iv_size = CHACHA20_IV_SIZE;
187 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
188
189 ssl->options.oldPoly = 0; /* use recent padding RFC */
190 ssl->options.usingPSK_cipher = 1;
191 break;
192#endif
193
194#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
195 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
196 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
197 ssl->specs.cipher_type = aead;
198 ssl->specs.mac_algorithm = sha256_mac;
199 ssl->specs.kea = ecdhe_psk_kea;
200 ssl->specs.sig_algo = anonymous_sa_algo;
201 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
202 ssl->specs.pad_size = PAD_SHA;
203 ssl->specs.static_ecdh = 0;
204 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
205 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
206 ssl->specs.iv_size = CHACHA20_IV_SIZE;
207 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
208
209 ssl->options.oldPoly = 0; /* use recent padding RFC */
210 ssl->options.usingPSK_cipher = 1;
211 break;
212#endif
213
214#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
215 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
216 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
217 ssl->specs.cipher_type = aead;
218 ssl->specs.mac_algorithm = sha256_mac;
219 ssl->specs.kea = dhe_psk_kea;
220 ssl->specs.sig_algo = anonymous_sa_algo;
221 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
222 ssl->specs.pad_size = PAD_SHA;
223 ssl->specs.static_ecdh = 0;
224 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
225 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
226 ssl->specs.iv_size = CHACHA20_IV_SIZE;
227 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
228
229 ssl->options.oldPoly = 0; /* use recent padding RFC */
230 ssl->options.usingPSK_cipher = 1;
231 break;
232#endif
233 default:
234 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
235 return UNSUPPORTED_SUITE;
236 }
237 }
238
239 /* ECC extensions, AES-CCM or TLS 1.3 Integrity-only */
240 if (ssl->options.cipherSuite0 == ECC_BYTE) {
241
242 switch (ssl->options.cipherSuite) {
243
244#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
245
246#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
247 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
248 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
249 ssl->specs.cipher_type = block;
250 ssl->specs.mac_algorithm = sha256_mac;
251 ssl->specs.kea = ecc_diffie_hellman_kea;
252 ssl->specs.sig_algo = rsa_sa_algo;
253 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
254 ssl->specs.pad_size = PAD_SHA;
255 ssl->specs.static_ecdh = 0;
256 ssl->specs.key_size = AES_128_KEY_SIZE;
257 ssl->specs.iv_size = AES_IV_SIZE;
258 ssl->specs.block_size = AES_BLOCK_SIZE;
259
260 break;
261#endif
262
263#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
264 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
265 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
266 ssl->specs.cipher_type = block;
267 ssl->specs.mac_algorithm = sha384_mac;
268 ssl->specs.kea = ecc_diffie_hellman_kea;
269 ssl->specs.sig_algo = rsa_sa_algo;
270 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
271 ssl->specs.pad_size = PAD_SHA;
272 ssl->specs.static_ecdh = 0;
273 ssl->specs.key_size = AES_256_KEY_SIZE;
274 ssl->specs.iv_size = AES_IV_SIZE;
275 ssl->specs.block_size = AES_BLOCK_SIZE;
276
277 break;
278#endif
279
280#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
281 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
282 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
283 ssl->specs.cipher_type = block;
284 ssl->specs.mac_algorithm = sha_mac;
285 ssl->specs.kea = ecc_diffie_hellman_kea;
286 ssl->specs.sig_algo = rsa_sa_algo;
287 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
288 ssl->specs.pad_size = PAD_SHA;
289 ssl->specs.static_ecdh = 0;
290 ssl->specs.key_size = AES_128_KEY_SIZE;
291 ssl->specs.block_size = AES_BLOCK_SIZE;
292 ssl->specs.iv_size = AES_IV_SIZE;
293
294 break;
295#endif
296
297#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
298 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
299 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
300 ssl->specs.cipher_type = block;
301 ssl->specs.mac_algorithm = sha_mac;
302 ssl->specs.kea = ecc_diffie_hellman_kea;
303 ssl->specs.sig_algo = rsa_sa_algo;
304 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
305 ssl->specs.pad_size = PAD_SHA;
306 ssl->specs.static_ecdh = 0;
307 ssl->specs.key_size = DES3_KEY_SIZE;
308 ssl->specs.block_size = DES_BLOCK_SIZE;
309 ssl->specs.iv_size = DES_IV_SIZE;
310
311 break;
312#endif
313
314#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
315 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
316 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
317 ssl->specs.cipher_type = stream;
318 ssl->specs.mac_algorithm = sha_mac;
319 ssl->specs.kea = ecc_diffie_hellman_kea;
320 ssl->specs.sig_algo = rsa_sa_algo;
321 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
322 ssl->specs.pad_size = PAD_SHA;
323 ssl->specs.static_ecdh = 0;
324 ssl->specs.key_size = RC4_KEY_SIZE;
325 ssl->specs.iv_size = 0;
326 ssl->specs.block_size = 0;
327
328 break;
329#endif
330
331#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
332 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
333 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
334 ssl->specs.cipher_type = block;
335 ssl->specs.mac_algorithm = sha_mac;
336 ssl->specs.kea = ecc_diffie_hellman_kea;
337 ssl->specs.sig_algo = rsa_sa_algo;
338 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
339 ssl->specs.pad_size = PAD_SHA;
340 ssl->specs.static_ecdh = 0;
341 ssl->specs.key_size = AES_256_KEY_SIZE;
342 ssl->specs.block_size = AES_BLOCK_SIZE;
343 ssl->specs.iv_size = AES_IV_SIZE;
344
345 break;
346#endif
347
348#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
349 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
350 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
351 ssl->specs.cipher_type = aead;
352 ssl->specs.mac_algorithm = sha256_mac;
353 ssl->specs.kea = ecc_diffie_hellman_kea;
354 ssl->specs.sig_algo = rsa_sa_algo;
355 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
356 ssl->specs.pad_size = PAD_SHA;
357 ssl->specs.static_ecdh = 0;
358 ssl->specs.key_size = AES_128_KEY_SIZE;
359 ssl->specs.block_size = AES_BLOCK_SIZE;
360 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
361 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
362
363 break;
364#endif
365
366#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
367 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
368 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
369 ssl->specs.cipher_type = aead;
370 ssl->specs.mac_algorithm = sha384_mac;
371 ssl->specs.kea = ecc_diffie_hellman_kea;
372 ssl->specs.sig_algo = rsa_sa_algo;
373 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
374 ssl->specs.pad_size = PAD_SHA;
375 ssl->specs.static_ecdh = 0;
376 ssl->specs.key_size = AES_256_KEY_SIZE;
377 ssl->specs.block_size = AES_BLOCK_SIZE;
378 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
379 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
380
381 break;
382#endif
383
384#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
385 case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
386 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
387 ssl->specs.cipher_type = stream;
388 ssl->specs.mac_algorithm = sha256_mac;
389 ssl->specs.kea = ecdhe_psk_kea;
390 ssl->specs.sig_algo = anonymous_sa_algo;
391 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
392 ssl->specs.pad_size = PAD_SHA;
393 ssl->specs.static_ecdh = 0;
394 ssl->specs.key_size = 0;
395 ssl->specs.block_size = 0;
396 ssl->specs.iv_size = 0;
397
398 ssl->options.usingPSK_cipher = 1;
399 break;
400#endif
401
402#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
403 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
404 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
405 ssl->specs.cipher_type = block;
406 ssl->specs.mac_algorithm = sha256_mac;
407 ssl->specs.kea = ecdhe_psk_kea;
408 ssl->specs.sig_algo = anonymous_sa_algo;
409 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
410 ssl->specs.pad_size = PAD_SHA;
411 ssl->specs.static_ecdh = 0;
412 ssl->specs.key_size = AES_128_KEY_SIZE;
413 ssl->specs.block_size = AES_BLOCK_SIZE;
414 ssl->specs.iv_size = AES_IV_SIZE;
415
416 ssl->options.usingPSK_cipher = 1;
417 break;
418#endif
419
420#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
421
422#if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \
423 || (defined(HAVE_CURVE448) && defined(HAVE_ED448))
424
425#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
426 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
427 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
428 ssl->specs.cipher_type = block;
429 ssl->specs.mac_algorithm = sha256_mac;
430 ssl->specs.kea = ecc_diffie_hellman_kea;
431 ssl->specs.sig_algo = ecc_dsa_sa_algo;
432 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
433 ssl->specs.pad_size = PAD_SHA;
434 ssl->specs.static_ecdh = 0;
435 ssl->specs.key_size = AES_128_KEY_SIZE;
436 ssl->specs.iv_size = AES_IV_SIZE;
437 ssl->specs.block_size = AES_BLOCK_SIZE;
438
439 break;
440#endif
441
442#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
443 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
444 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
445 ssl->specs.cipher_type = block;
446 ssl->specs.mac_algorithm = sha384_mac;
447 ssl->specs.kea = ecc_diffie_hellman_kea;
448 ssl->specs.sig_algo = ecc_dsa_sa_algo;
449 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
450 ssl->specs.pad_size = PAD_SHA;
451 ssl->specs.static_ecdh = 0;
452 ssl->specs.key_size = AES_256_KEY_SIZE;
453 ssl->specs.iv_size = AES_IV_SIZE;
454 ssl->specs.block_size = AES_BLOCK_SIZE;
455
456 break;
457#endif
458
459#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
460 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
461 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
462 ssl->specs.cipher_type = block;
463 ssl->specs.mac_algorithm = sha_mac;
464 ssl->specs.kea = ecc_diffie_hellman_kea;
465 ssl->specs.sig_algo = ecc_dsa_sa_algo;
466 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
467 ssl->specs.pad_size = PAD_SHA;
468 ssl->specs.static_ecdh = 0;
469 ssl->specs.key_size = DES3_KEY_SIZE;
470 ssl->specs.block_size = DES_BLOCK_SIZE;
471 ssl->specs.iv_size = DES_IV_SIZE;
472
473 break;
474#endif
475
476#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
477 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
478 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
479 ssl->specs.cipher_type = stream;
480 ssl->specs.mac_algorithm = sha_mac;
481 ssl->specs.kea = ecc_diffie_hellman_kea;
482 ssl->specs.sig_algo = ecc_dsa_sa_algo;
483 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
484 ssl->specs.pad_size = PAD_SHA;
485 ssl->specs.static_ecdh = 0;
486 ssl->specs.key_size = RC4_KEY_SIZE;
487 ssl->specs.iv_size = 0;
488 ssl->specs.block_size = 0;
489
490 break;
491#endif
492
493#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
494 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
495 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
496 ssl->specs.cipher_type = block;
497 ssl->specs.mac_algorithm = sha_mac;
498 ssl->specs.kea = ecc_diffie_hellman_kea;
499 ssl->specs.sig_algo = ecc_dsa_sa_algo;
500 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
501 ssl->specs.pad_size = PAD_SHA;
502 ssl->specs.static_ecdh = 0;
503 ssl->specs.key_size = AES_128_KEY_SIZE;
504 ssl->specs.block_size = AES_BLOCK_SIZE;
505 ssl->specs.iv_size = AES_IV_SIZE;
506
507 break;
508#endif
509
510#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
511 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
512 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
513 ssl->specs.cipher_type = block;
514 ssl->specs.mac_algorithm = sha_mac;
515 ssl->specs.kea = ecc_diffie_hellman_kea;
516 ssl->specs.sig_algo = ecc_dsa_sa_algo;
517 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
518 ssl->specs.pad_size = PAD_SHA;
519 ssl->specs.static_ecdh = 0;
520 ssl->specs.key_size = AES_256_KEY_SIZE;
521 ssl->specs.block_size = AES_BLOCK_SIZE;
522 ssl->specs.iv_size = AES_IV_SIZE;
523
524 break;
525#endif
526
527#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
528 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
529 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
530 ssl->specs.cipher_type = aead;
531 ssl->specs.mac_algorithm = sha256_mac;
532 ssl->specs.kea = ecc_diffie_hellman_kea;
533 ssl->specs.sig_algo = ecc_dsa_sa_algo;
534 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
535 ssl->specs.pad_size = PAD_SHA;
536 ssl->specs.static_ecdh = 0;
537 ssl->specs.key_size = AES_128_KEY_SIZE;
538 ssl->specs.block_size = AES_BLOCK_SIZE;
539 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
540 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
541
542 break;
543#endif
544
545#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
546 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
547 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
548 ssl->specs.cipher_type = aead;
549 ssl->specs.mac_algorithm = sha384_mac;
550 ssl->specs.kea = ecc_diffie_hellman_kea;
551 ssl->specs.sig_algo = ecc_dsa_sa_algo;
552 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
553 ssl->specs.pad_size = PAD_SHA;
554 ssl->specs.static_ecdh = 0;
555 ssl->specs.key_size = AES_256_KEY_SIZE;
556 ssl->specs.block_size = AES_BLOCK_SIZE;
557 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
558 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
559
560 break;
561#endif
562
563#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
564 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
565 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
566 ssl->specs.cipher_type = aead;
567 ssl->specs.mac_algorithm = sha256_mac;
568 ssl->specs.kea = ecc_diffie_hellman_kea;
569 ssl->specs.sig_algo = ecc_dsa_sa_algo;
570 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
571 ssl->specs.pad_size = PAD_SHA;
572 ssl->specs.static_ecdh = 0;
573 ssl->specs.key_size = AES_128_KEY_SIZE;
574 ssl->specs.block_size = AES_BLOCK_SIZE;
575 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
576 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
577
578 break;
579#endif
580
581#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
582 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
583 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
584 ssl->specs.cipher_type = aead;
585 ssl->specs.mac_algorithm = sha256_mac;
586 ssl->specs.kea = ecc_diffie_hellman_kea;
587 ssl->specs.sig_algo = ecc_dsa_sa_algo;
588 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
589 ssl->specs.pad_size = PAD_SHA;
590 ssl->specs.static_ecdh = 0;
591 ssl->specs.key_size = AES_128_KEY_SIZE;
592 ssl->specs.block_size = AES_BLOCK_SIZE;
593 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
594 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
595
596 break;
597#endif
598
599#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
600 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
601 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
602 ssl->specs.cipher_type = aead;
603 ssl->specs.mac_algorithm = sha256_mac;
604 ssl->specs.kea = ecc_diffie_hellman_kea;
605 ssl->specs.sig_algo = ecc_dsa_sa_algo;
606 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
607 ssl->specs.pad_size = PAD_SHA;
608 ssl->specs.static_ecdh = 0;
609 ssl->specs.key_size = AES_256_KEY_SIZE;
610 ssl->specs.block_size = AES_BLOCK_SIZE;
611 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
612 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
613
614 break;
615#endif
616
617#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
618 case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
619 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
620 ssl->specs.cipher_type = stream;
621 ssl->specs.mac_algorithm = sha_mac;
622 ssl->specs.kea = ecc_diffie_hellman_kea;
623 ssl->specs.sig_algo = ecc_dsa_sa_algo;
624 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
625 ssl->specs.pad_size = PAD_SHA;
626 ssl->specs.static_ecdh = 0;
627 ssl->specs.key_size = 0;
628 ssl->specs.block_size = 0;
629 ssl->specs.iv_size = 0;
630
631 break;
632#endif
633
634#endif /* HAVE_ECC || (CURVE25519 && ED25519) || (CURVE448 && ED448) */
635
636#if defined(HAVE_ECC)
637
638#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
639 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
640 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
641 ssl->specs.cipher_type = block;
642 ssl->specs.mac_algorithm = sha256_mac;
643 ssl->specs.kea = ecc_diffie_hellman_kea;
644 ssl->specs.sig_algo = rsa_sa_algo;
645 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
646 ssl->specs.pad_size = PAD_SHA;
647 ssl->specs.static_ecdh = 1;
648 ssl->specs.key_size = AES_128_KEY_SIZE;
649 ssl->specs.iv_size = AES_IV_SIZE;
650 ssl->specs.block_size = AES_BLOCK_SIZE;
651
652 break;
653#endif
654
655#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
656 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
657 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
658 ssl->specs.cipher_type = block;
659 ssl->specs.mac_algorithm = sha256_mac;
660 ssl->specs.kea = ecc_diffie_hellman_kea;
661 ssl->specs.sig_algo = ecc_dsa_sa_algo;
662 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
663 ssl->specs.pad_size = PAD_SHA;
664 ssl->specs.static_ecdh = 1;
665 ssl->specs.key_size = AES_128_KEY_SIZE;
666 ssl->specs.iv_size = AES_IV_SIZE;
667 ssl->specs.block_size = AES_BLOCK_SIZE;
668
669 break;
670#endif
671
672#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
673 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
674 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
675 ssl->specs.cipher_type = block;
676 ssl->specs.mac_algorithm = sha384_mac;
677 ssl->specs.kea = ecc_diffie_hellman_kea;
678 ssl->specs.sig_algo = rsa_sa_algo;
679 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
680 ssl->specs.pad_size = PAD_SHA;
681 ssl->specs.static_ecdh = 1;
682 ssl->specs.key_size = AES_256_KEY_SIZE;
683 ssl->specs.iv_size = AES_IV_SIZE;
684 ssl->specs.block_size = AES_BLOCK_SIZE;
685
686 break;
687#endif
688
689#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
690 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
691 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
692 ssl->specs.cipher_type = block;
693 ssl->specs.mac_algorithm = sha384_mac;
694 ssl->specs.kea = ecc_diffie_hellman_kea;
695 ssl->specs.sig_algo = ecc_dsa_sa_algo;
696 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
697 ssl->specs.pad_size = PAD_SHA;
698 ssl->specs.static_ecdh = 1;
699 ssl->specs.key_size = AES_256_KEY_SIZE;
700 ssl->specs.iv_size = AES_IV_SIZE;
701 ssl->specs.block_size = AES_BLOCK_SIZE;
702
703 break;
704#endif
705
706#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
707 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
708 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
709 ssl->specs.cipher_type = block;
710 ssl->specs.mac_algorithm = sha_mac;
711 ssl->specs.kea = ecc_diffie_hellman_kea;
712 ssl->specs.sig_algo = rsa_sa_algo;
713 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
714 ssl->specs.pad_size = PAD_SHA;
715 ssl->specs.static_ecdh = 1;
716 ssl->specs.key_size = AES_128_KEY_SIZE;
717 ssl->specs.block_size = AES_BLOCK_SIZE;
718 ssl->specs.iv_size = AES_IV_SIZE;
719
720 break;
721#endif
722
723#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
724 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
725 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
726 ssl->specs.cipher_type = block;
727 ssl->specs.mac_algorithm = sha_mac;
728 ssl->specs.kea = ecc_diffie_hellman_kea;
729 ssl->specs.sig_algo = rsa_sa_algo;
730 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
731 ssl->specs.pad_size = PAD_SHA;
732 ssl->specs.static_ecdh = 1;
733 ssl->specs.key_size = DES3_KEY_SIZE;
734 ssl->specs.block_size = DES_BLOCK_SIZE;
735 ssl->specs.iv_size = DES_IV_SIZE;
736
737 break;
738#endif
739
740#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
741 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
742 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
743 ssl->specs.cipher_type = stream;
744 ssl->specs.mac_algorithm = sha_mac;
745 ssl->specs.kea = ecc_diffie_hellman_kea;
746 ssl->specs.sig_algo = rsa_sa_algo;
747 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
748 ssl->specs.pad_size = PAD_SHA;
749 ssl->specs.static_ecdh = 1;
750 ssl->specs.key_size = RC4_KEY_SIZE;
751 ssl->specs.iv_size = 0;
752 ssl->specs.block_size = 0;
753
754 break;
755#endif
756
757#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
758 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
759 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
760 ssl->specs.cipher_type = block;
761 ssl->specs.mac_algorithm = sha_mac;
762 ssl->specs.kea = ecc_diffie_hellman_kea;
763 ssl->specs.sig_algo = ecc_dsa_sa_algo;
764 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
765 ssl->specs.pad_size = PAD_SHA;
766 ssl->specs.static_ecdh = 1;
767 ssl->specs.key_size = DES3_KEY_SIZE;
768 ssl->specs.block_size = DES_BLOCK_SIZE;
769 ssl->specs.iv_size = DES_IV_SIZE;
770
771 break;
772#endif
773
774#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
775 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
776 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
777 ssl->specs.cipher_type = stream;
778 ssl->specs.mac_algorithm = sha_mac;
779 ssl->specs.kea = ecc_diffie_hellman_kea;
780 ssl->specs.sig_algo = ecc_dsa_sa_algo;
781 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
782 ssl->specs.pad_size = PAD_SHA;
783 ssl->specs.static_ecdh = 1;
784 ssl->specs.key_size = RC4_KEY_SIZE;
785 ssl->specs.iv_size = 0;
786 ssl->specs.block_size = 0;
787
788 break;
789#endif
790
791#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
792 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
793 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
794 ssl->specs.cipher_type = block;
795 ssl->specs.mac_algorithm = sha_mac;
796 ssl->specs.kea = ecc_diffie_hellman_kea;
797 ssl->specs.sig_algo = rsa_sa_algo;
798 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
799 ssl->specs.pad_size = PAD_SHA;
800 ssl->specs.static_ecdh = 1;
801 ssl->specs.key_size = AES_256_KEY_SIZE;
802 ssl->specs.block_size = AES_BLOCK_SIZE;
803 ssl->specs.iv_size = AES_IV_SIZE;
804
805 break;
806#endif
807
808#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
809 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
810 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
811 ssl->specs.cipher_type = block;
812 ssl->specs.mac_algorithm = sha_mac;
813 ssl->specs.kea = ecc_diffie_hellman_kea;
814 ssl->specs.sig_algo = ecc_dsa_sa_algo;
815 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
816 ssl->specs.pad_size = PAD_SHA;
817 ssl->specs.static_ecdh = 1;
818 ssl->specs.key_size = AES_128_KEY_SIZE;
819 ssl->specs.block_size = AES_BLOCK_SIZE;
820 ssl->specs.iv_size = AES_IV_SIZE;
821
822 break;
823#endif
824
825#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
826 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
827 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
828 ssl->specs.cipher_type = block;
829 ssl->specs.mac_algorithm = sha_mac;
830 ssl->specs.kea = ecc_diffie_hellman_kea;
831 ssl->specs.sig_algo = ecc_dsa_sa_algo;
832 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
833 ssl->specs.pad_size = PAD_SHA;
834 ssl->specs.static_ecdh = 1;
835 ssl->specs.key_size = AES_256_KEY_SIZE;
836 ssl->specs.block_size = AES_BLOCK_SIZE;
837 ssl->specs.iv_size = AES_IV_SIZE;
838
839 break;
840#endif
841
842#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
843 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
844 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
845 ssl->specs.cipher_type = aead;
846 ssl->specs.mac_algorithm = sha256_mac;
847 ssl->specs.kea = ecc_diffie_hellman_kea;
848 ssl->specs.sig_algo = rsa_sa_algo;
849 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
850 ssl->specs.pad_size = PAD_SHA;
851 ssl->specs.static_ecdh = 1;
852 ssl->specs.key_size = AES_128_KEY_SIZE;
853 ssl->specs.block_size = AES_BLOCK_SIZE;
854 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
855 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
856
857 break;
858#endif
859
860#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
861 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
862 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
863 ssl->specs.cipher_type = aead;
864 ssl->specs.mac_algorithm = sha384_mac;
865 ssl->specs.kea = ecc_diffie_hellman_kea;
866 ssl->specs.sig_algo = rsa_sa_algo;
867 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
868 ssl->specs.pad_size = PAD_SHA;
869 ssl->specs.static_ecdh = 1;
870 ssl->specs.key_size = AES_256_KEY_SIZE;
871 ssl->specs.block_size = AES_BLOCK_SIZE;
872 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
873 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
874
875 break;
876#endif
877
878#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
879 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
880 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
881 ssl->specs.cipher_type = aead;
882 ssl->specs.mac_algorithm = sha256_mac;
883 ssl->specs.kea = ecc_diffie_hellman_kea;
884 ssl->specs.sig_algo = ecc_dsa_sa_algo;
885 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
886 ssl->specs.pad_size = PAD_SHA;
887 ssl->specs.static_ecdh = 1;
888 ssl->specs.key_size = AES_128_KEY_SIZE;
889 ssl->specs.block_size = AES_BLOCK_SIZE;
890 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
891 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
892
893 break;
894#endif
895
896#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
897 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
898 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
899 ssl->specs.cipher_type = aead;
900 ssl->specs.mac_algorithm = sha384_mac;
901 ssl->specs.kea = ecc_diffie_hellman_kea;
902 ssl->specs.sig_algo = ecc_dsa_sa_algo;
903 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
904 ssl->specs.pad_size = PAD_SHA;
905 ssl->specs.static_ecdh = 1;
906 ssl->specs.key_size = AES_256_KEY_SIZE;
907 ssl->specs.block_size = AES_BLOCK_SIZE;
908 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
909 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
910
911 break;
912#endif
913
914#endif /* HAVE_ECC */
915
916#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
917 case TLS_RSA_WITH_AES_128_CCM_8 :
918 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
919 ssl->specs.cipher_type = aead;
920 ssl->specs.mac_algorithm = sha256_mac;
921 ssl->specs.kea = rsa_kea;
922 ssl->specs.sig_algo = rsa_sa_algo;
923 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
924 ssl->specs.pad_size = PAD_SHA;
925 ssl->specs.static_ecdh = 0;
926 ssl->specs.key_size = AES_128_KEY_SIZE;
927 ssl->specs.block_size = AES_BLOCK_SIZE;
928 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
929 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
930
931 break;
932#endif
933
934#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
935 case TLS_RSA_WITH_AES_256_CCM_8 :
936 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
937 ssl->specs.cipher_type = aead;
938 ssl->specs.mac_algorithm = sha256_mac;
939 ssl->specs.kea = rsa_kea;
940 ssl->specs.sig_algo = rsa_sa_algo;
941 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
942 ssl->specs.pad_size = PAD_SHA;
943 ssl->specs.static_ecdh = 0;
944 ssl->specs.key_size = AES_256_KEY_SIZE;
945 ssl->specs.block_size = AES_BLOCK_SIZE;
946 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
947 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
948
949 break;
950#endif
951
952#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
953 case TLS_PSK_WITH_AES_128_CCM_8 :
954 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
955 ssl->specs.cipher_type = aead;
956 ssl->specs.mac_algorithm = sha256_mac;
957 ssl->specs.kea = psk_kea;
958 ssl->specs.sig_algo = anonymous_sa_algo;
959 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
960 ssl->specs.pad_size = PAD_SHA;
961 ssl->specs.static_ecdh = 0;
962 ssl->specs.key_size = AES_128_KEY_SIZE;
963 ssl->specs.block_size = AES_BLOCK_SIZE;
964 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
965 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
966
967 ssl->options.usingPSK_cipher = 1;
968 break;
969#endif
970
971#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
972 case TLS_PSK_WITH_AES_256_CCM_8 :
973 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
974 ssl->specs.cipher_type = aead;
975 ssl->specs.mac_algorithm = sha256_mac;
976 ssl->specs.kea = psk_kea;
977 ssl->specs.sig_algo = anonymous_sa_algo;
978 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
979 ssl->specs.pad_size = PAD_SHA;
980 ssl->specs.static_ecdh = 0;
981 ssl->specs.key_size = AES_256_KEY_SIZE;
982 ssl->specs.block_size = AES_BLOCK_SIZE;
983 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
984 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
985
986 ssl->options.usingPSK_cipher = 1;
987 break;
988#endif
989
990#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
991 case TLS_PSK_WITH_AES_128_CCM :
992 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
993 ssl->specs.cipher_type = aead;
994 ssl->specs.mac_algorithm = sha256_mac;
995 ssl->specs.kea = psk_kea;
996 ssl->specs.sig_algo = anonymous_sa_algo;
997 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
998 ssl->specs.pad_size = PAD_SHA;
999 ssl->specs.static_ecdh = 0;
1000 ssl->specs.key_size = AES_128_KEY_SIZE;
1001 ssl->specs.block_size = AES_BLOCK_SIZE;
1002 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1003 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1004
1005 ssl->options.usingPSK_cipher = 1;
1006 break;
1007#endif
1008
1009#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
1010 case TLS_PSK_WITH_AES_256_CCM :
1011 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1012 ssl->specs.cipher_type = aead;
1013 ssl->specs.mac_algorithm = sha256_mac;
1014 ssl->specs.kea = psk_kea;
1015 ssl->specs.sig_algo = anonymous_sa_algo;
1016 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1017 ssl->specs.pad_size = PAD_SHA;
1018 ssl->specs.static_ecdh = 0;
1019 ssl->specs.key_size = AES_256_KEY_SIZE;
1020 ssl->specs.block_size = AES_BLOCK_SIZE;
1021 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1022 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1023
1024 ssl->options.usingPSK_cipher = 1;
1025 break;
1026#endif
1027
1028#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
1029 case TLS_DHE_PSK_WITH_AES_128_CCM :
1030 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1031 ssl->specs.cipher_type = aead;
1032 ssl->specs.mac_algorithm = sha256_mac;
1033 ssl->specs.kea = dhe_psk_kea;
1034 ssl->specs.sig_algo = anonymous_sa_algo;
1035 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1036 ssl->specs.pad_size = PAD_SHA;
1037 ssl->specs.static_ecdh = 0;
1038 ssl->specs.key_size = AES_128_KEY_SIZE;
1039 ssl->specs.block_size = AES_BLOCK_SIZE;
1040 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1041 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1042
1043 ssl->options.usingPSK_cipher = 1;
1044 break;
1045#endif
1046
1047#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
1048 case TLS_DHE_PSK_WITH_AES_256_CCM :
1049 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1050 ssl->specs.cipher_type = aead;
1051 ssl->specs.mac_algorithm = sha256_mac;
1052 ssl->specs.kea = dhe_psk_kea;
1053 ssl->specs.sig_algo = anonymous_sa_algo;
1054 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1055 ssl->specs.pad_size = PAD_SHA;
1056 ssl->specs.static_ecdh = 0;
1057 ssl->specs.key_size = AES_256_KEY_SIZE;
1058 ssl->specs.block_size = AES_BLOCK_SIZE;
1059 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1060 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1061
1062 ssl->options.usingPSK_cipher = 1;
1063 break;
1064#endif
1065
1066#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
1067 #ifdef BUILD_TLS_SHA256_SHA256
1068 case TLS_SHA256_SHA256 :
1069 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1070 ssl->specs.cipher_type = aead;
1071 ssl->specs.mac_algorithm = sha256_mac;
1072 ssl->specs.kea = 0;
1073 ssl->specs.sig_algo = 0;
1074 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1075 ssl->specs.pad_size = PAD_SHA;
1076 ssl->specs.static_ecdh = 0;
1077 ssl->specs.key_size = WC_SHA256_DIGEST_SIZE;
1078 ssl->specs.block_size = 0;
1079 ssl->specs.iv_size = HMAC_NONCE_SZ;
1080 ssl->specs.aead_mac_size = WC_SHA256_DIGEST_SIZE;
1081
1082 break;
1083 #endif
1084
1085 #ifdef BUILD_TLS_SHA384_SHA384
1086 case TLS_SHA384_SHA384 :
1087 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1088 ssl->specs.cipher_type = aead;
1089 ssl->specs.mac_algorithm = sha384_mac;
1090 ssl->specs.kea = 0;
1091 ssl->specs.sig_algo = 0;
1092 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1093 ssl->specs.pad_size = PAD_SHA;
1094 ssl->specs.static_ecdh = 0;
1095 ssl->specs.key_size = WC_SHA384_DIGEST_SIZE;
1096 ssl->specs.block_size = 0;
1097 ssl->specs.iv_size = HMAC_NONCE_SZ;
1098 ssl->specs.aead_mac_size = WC_SHA384_DIGEST_SIZE;
1099
1100 break;
1101 #endif
1102#endif
1103
1104 default:
1105 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
1106 return UNSUPPORTED_SUITE;
1107 } /* switch */
1108 } /* if */
1109
1110 /* TLSi v1.3 cipher suites, 0x13 */
1111 if (ssl->options.cipherSuite0 == TLS13_BYTE) {
1112 switch (ssl->options.cipherSuite) {
1113
1114#ifdef WOLFSSL_TLS13
1115 #ifdef BUILD_TLS_AES_128_GCM_SHA256
1116 case TLS_AES_128_GCM_SHA256 :
1117 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1118 ssl->specs.cipher_type = aead;
1119 ssl->specs.mac_algorithm = sha256_mac;
1120 ssl->specs.kea = 0;
1121 ssl->specs.sig_algo = 0;
1122 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1123 ssl->specs.pad_size = PAD_SHA;
1124 ssl->specs.static_ecdh = 0;
1125 ssl->specs.key_size = AES_128_KEY_SIZE;
1126 ssl->specs.block_size = AES_BLOCK_SIZE;
1127 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1128 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1129
1130 break;
1131 #endif
1132
1133 #ifdef BUILD_TLS_AES_256_GCM_SHA384
1134 case TLS_AES_256_GCM_SHA384 :
1135 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1136 ssl->specs.cipher_type = aead;
1137 ssl->specs.mac_algorithm = sha384_mac;
1138 ssl->specs.kea = 0;
1139 ssl->specs.sig_algo = 0;
1140 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1141 ssl->specs.pad_size = PAD_SHA;
1142 ssl->specs.static_ecdh = 0;
1143 ssl->specs.key_size = AES_256_KEY_SIZE;
1144 ssl->specs.block_size = AES_BLOCK_SIZE;
1145 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1146 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1147
1148 break;
1149 #endif
1150
1151 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
1152 case TLS_CHACHA20_POLY1305_SHA256 :
1153 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
1154 ssl->specs.cipher_type = aead;
1155 ssl->specs.mac_algorithm = sha256_mac;
1156 ssl->specs.kea = 0;
1157 ssl->specs.sig_algo = 0;
1158 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1159 ssl->specs.pad_size = PAD_SHA;
1160 ssl->specs.static_ecdh = 0;
1161 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
1162 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
1163 ssl->specs.iv_size = CHACHA20_IV_SIZE;
1164 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
1165 ssl->options.oldPoly = 0; /* use recent padding RFC */
1166
1167 break;
1168 #endif
1169
1170 #ifdef BUILD_TLS_AES_128_CCM_SHA256
1171 case TLS_AES_128_CCM_SHA256 :
1172 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1173 ssl->specs.cipher_type = aead;
1174 ssl->specs.mac_algorithm = sha256_mac;
1175 ssl->specs.kea = 0;
1176 ssl->specs.sig_algo = 0;
1177 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1178 ssl->specs.pad_size = PAD_SHA;
1179 ssl->specs.static_ecdh = 0;
1180 ssl->specs.key_size = AES_128_KEY_SIZE;
1181 ssl->specs.block_size = AES_BLOCK_SIZE;
1182 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1183 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1184
1185 break;
1186 #endif
1187
1188 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
1189 case TLS_AES_128_CCM_8_SHA256 :
1190 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1191 ssl->specs.cipher_type = aead;
1192 ssl->specs.mac_algorithm = sha256_mac;
1193 ssl->specs.kea = 0;
1194 ssl->specs.sig_algo = 0;
1195 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1196 ssl->specs.pad_size = PAD_SHA;
1197 ssl->specs.static_ecdh = 0;
1198 ssl->specs.key_size = AES_128_KEY_SIZE;
1199 ssl->specs.block_size = AES_BLOCK_SIZE;
1200 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1201 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
1202
1203 break;
1204 #endif
1205#endif /* WOLFSSL_TLS13 */
1206 }
1207 }
1208
1209 if (ssl->options.cipherSuite0 != ECC_BYTE &&
1210 ssl->options.cipherSuite0 != CHACHA_BYTE &&
1211 ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */
1212 switch (ssl->options.cipherSuite) {
1213
1214#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
1215 case SSL_RSA_WITH_RC4_128_SHA :
1216 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1217 ssl->specs.cipher_type = stream;
1218 ssl->specs.mac_algorithm = sha_mac;
1219 ssl->specs.kea = rsa_kea;
1220 ssl->specs.sig_algo = rsa_sa_algo;
1221 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1222 ssl->specs.pad_size = PAD_SHA;
1223 ssl->specs.static_ecdh = 0;
1224 ssl->specs.key_size = RC4_KEY_SIZE;
1225 ssl->specs.iv_size = 0;
1226 ssl->specs.block_size = 0;
1227
1228 break;
1229#endif
1230
1231#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
1232 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
1233 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1234 ssl->specs.cipher_type = stream;
1235 ssl->specs.mac_algorithm = sha_mac;
1236 ssl->specs.kea = ntru_kea;
1237 ssl->specs.sig_algo = rsa_sa_algo;
1238 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1239 ssl->specs.pad_size = PAD_SHA;
1240 ssl->specs.static_ecdh = 0;
1241 ssl->specs.key_size = RC4_KEY_SIZE;
1242 ssl->specs.iv_size = 0;
1243 ssl->specs.block_size = 0;
1244
1245 break;
1246#endif
1247
1248#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
1249 case SSL_RSA_WITH_RC4_128_MD5 :
1250 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1251 ssl->specs.cipher_type = stream;
1252 ssl->specs.mac_algorithm = md5_mac;
1253 ssl->specs.kea = rsa_kea;
1254 ssl->specs.sig_algo = rsa_sa_algo;
1255 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
1256 ssl->specs.pad_size = PAD_MD5;
1257 ssl->specs.static_ecdh = 0;
1258 ssl->specs.key_size = RC4_KEY_SIZE;
1259 ssl->specs.iv_size = 0;
1260 ssl->specs.block_size = 0;
1261
1262 break;
1263#endif
1264
1265#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
1266 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
1267 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1268 ssl->specs.cipher_type = block;
1269 ssl->specs.mac_algorithm = sha_mac;
1270 ssl->specs.kea = rsa_kea;
1271 ssl->specs.sig_algo = rsa_sa_algo;
1272 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1273 ssl->specs.pad_size = PAD_SHA;
1274 ssl->specs.static_ecdh = 0;
1275 ssl->specs.key_size = DES3_KEY_SIZE;
1276 ssl->specs.block_size = DES_BLOCK_SIZE;
1277 ssl->specs.iv_size = DES_IV_SIZE;
1278
1279 break;
1280#endif
1281
1282#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
1283 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
1284 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1285 ssl->specs.cipher_type = block;
1286 ssl->specs.mac_algorithm = sha_mac;
1287 ssl->specs.kea = ntru_kea;
1288 ssl->specs.sig_algo = rsa_sa_algo;
1289 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1290 ssl->specs.pad_size = PAD_SHA;
1291 ssl->specs.static_ecdh = 0;
1292 ssl->specs.key_size = DES3_KEY_SIZE;
1293 ssl->specs.block_size = DES_BLOCK_SIZE;
1294 ssl->specs.iv_size = DES_IV_SIZE;
1295
1296 break;
1297#endif
1298
1299#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
1300 case TLS_RSA_WITH_AES_128_CBC_SHA :
1301 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1302 ssl->specs.cipher_type = block;
1303 ssl->specs.mac_algorithm = sha_mac;
1304 ssl->specs.kea = rsa_kea;
1305 ssl->specs.sig_algo = rsa_sa_algo;
1306 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1307 ssl->specs.pad_size = PAD_SHA;
1308 ssl->specs.static_ecdh = 0;
1309 ssl->specs.key_size = AES_128_KEY_SIZE;
1310 ssl->specs.block_size = AES_BLOCK_SIZE;
1311 ssl->specs.iv_size = AES_IV_SIZE;
1312
1313 break;
1314#endif
1315
1316#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
1317 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
1318 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1319 ssl->specs.cipher_type = block;
1320 ssl->specs.mac_algorithm = sha256_mac;
1321 ssl->specs.kea = rsa_kea;
1322 ssl->specs.sig_algo = rsa_sa_algo;
1323 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1324 ssl->specs.pad_size = PAD_SHA;
1325 ssl->specs.static_ecdh = 0;
1326 ssl->specs.key_size = AES_128_KEY_SIZE;
1327 ssl->specs.block_size = AES_BLOCK_SIZE;
1328 ssl->specs.iv_size = AES_IV_SIZE;
1329
1330 break;
1331#endif
1332
1333#ifdef BUILD_TLS_RSA_WITH_NULL_MD5
1334 case TLS_RSA_WITH_NULL_MD5 :
1335 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1336 ssl->specs.cipher_type = stream;
1337 ssl->specs.mac_algorithm = md5_mac;
1338 ssl->specs.kea = rsa_kea;
1339 ssl->specs.sig_algo = rsa_sa_algo;
1340 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
1341 ssl->specs.pad_size = PAD_MD5;
1342 ssl->specs.static_ecdh = 0;
1343 ssl->specs.key_size = 0;
1344 ssl->specs.block_size = 0;
1345 ssl->specs.iv_size = 0;
1346
1347 break;
1348#endif
1349
1350#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
1351 case TLS_RSA_WITH_NULL_SHA :
1352 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1353 ssl->specs.cipher_type = stream;
1354 ssl->specs.mac_algorithm = sha_mac;
1355 ssl->specs.kea = rsa_kea;
1356 ssl->specs.sig_algo = rsa_sa_algo;
1357 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1358 ssl->specs.pad_size = PAD_SHA;
1359 ssl->specs.static_ecdh = 0;
1360 ssl->specs.key_size = 0;
1361 ssl->specs.block_size = 0;
1362 ssl->specs.iv_size = 0;
1363
1364 break;
1365#endif
1366
1367#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
1368 case TLS_RSA_WITH_NULL_SHA256 :
1369 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1370 ssl->specs.cipher_type = stream;
1371 ssl->specs.mac_algorithm = sha256_mac;
1372 ssl->specs.kea = rsa_kea;
1373 ssl->specs.sig_algo = rsa_sa_algo;
1374 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1375 ssl->specs.pad_size = PAD_SHA;
1376 ssl->specs.static_ecdh = 0;
1377 ssl->specs.key_size = 0;
1378 ssl->specs.block_size = 0;
1379 ssl->specs.iv_size = 0;
1380
1381 break;
1382#endif
1383
1384#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
1385 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
1386 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1387 ssl->specs.cipher_type = block;
1388 ssl->specs.mac_algorithm = sha_mac;
1389 ssl->specs.kea = ntru_kea;
1390 ssl->specs.sig_algo = rsa_sa_algo;
1391 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1392 ssl->specs.pad_size = PAD_SHA;
1393 ssl->specs.static_ecdh = 0;
1394 ssl->specs.key_size = AES_128_KEY_SIZE;
1395 ssl->specs.block_size = AES_BLOCK_SIZE;
1396 ssl->specs.iv_size = AES_IV_SIZE;
1397
1398 break;
1399#endif
1400
1401#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
1402 case TLS_RSA_WITH_AES_256_CBC_SHA :
1403 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1404 ssl->specs.cipher_type = block;
1405 ssl->specs.mac_algorithm = sha_mac;
1406 ssl->specs.kea = rsa_kea;
1407 ssl->specs.sig_algo = rsa_sa_algo;
1408 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1409 ssl->specs.pad_size = PAD_SHA;
1410 ssl->specs.static_ecdh = 0;
1411 ssl->specs.key_size = AES_256_KEY_SIZE;
1412 ssl->specs.block_size = AES_BLOCK_SIZE;
1413 ssl->specs.iv_size = AES_IV_SIZE;
1414
1415 break;
1416#endif
1417
1418#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
1419 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
1420 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1421 ssl->specs.cipher_type = block;
1422 ssl->specs.mac_algorithm = sha256_mac;
1423 ssl->specs.kea = rsa_kea;
1424 ssl->specs.sig_algo = rsa_sa_algo;
1425 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1426 ssl->specs.pad_size = PAD_SHA;
1427 ssl->specs.static_ecdh = 0;
1428 ssl->specs.key_size = AES_256_KEY_SIZE;
1429 ssl->specs.block_size = AES_BLOCK_SIZE;
1430 ssl->specs.iv_size = AES_IV_SIZE;
1431
1432 break;
1433#endif
1434
1435#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
1436 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
1437 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1438 ssl->specs.cipher_type = block;
1439 ssl->specs.mac_algorithm = sha_mac;
1440 ssl->specs.kea = ntru_kea;
1441 ssl->specs.sig_algo = rsa_sa_algo;
1442 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1443 ssl->specs.pad_size = PAD_SHA;
1444 ssl->specs.static_ecdh = 0;
1445 ssl->specs.key_size = AES_256_KEY_SIZE;
1446 ssl->specs.block_size = AES_BLOCK_SIZE;
1447 ssl->specs.iv_size = AES_IV_SIZE;
1448
1449 break;
1450#endif
1451
1452#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
1453 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
1454 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1455 ssl->specs.cipher_type = aead;
1456 ssl->specs.mac_algorithm = sha256_mac;
1457 ssl->specs.kea = psk_kea;
1458 ssl->specs.sig_algo = anonymous_sa_algo;
1459 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1460 ssl->specs.pad_size = PAD_SHA;
1461 ssl->specs.static_ecdh = 0;
1462 ssl->specs.key_size = AES_128_KEY_SIZE;
1463 ssl->specs.block_size = AES_BLOCK_SIZE;
1464 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1465 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1466
1467 ssl->options.usingPSK_cipher = 1;
1468 break;
1469#endif
1470
1471#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
1472 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
1473 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1474 ssl->specs.cipher_type = aead;
1475 ssl->specs.mac_algorithm = sha384_mac;
1476 ssl->specs.kea = psk_kea;
1477 ssl->specs.sig_algo = anonymous_sa_algo;
1478 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1479 ssl->specs.pad_size = PAD_SHA;
1480 ssl->specs.static_ecdh = 0;
1481 ssl->specs.key_size = AES_256_KEY_SIZE;
1482 ssl->specs.block_size = AES_BLOCK_SIZE;
1483 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1484 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1485
1486 ssl->options.usingPSK_cipher = 1;
1487 break;
1488#endif
1489
1490#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
1491 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
1492 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1493 ssl->specs.cipher_type = aead;
1494 ssl->specs.mac_algorithm = sha384_mac;
1495 ssl->specs.kea = diffie_hellman_kea;
1496 ssl->specs.sig_algo = anonymous_sa_algo;
1497 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1498 ssl->specs.pad_size = PAD_SHA;
1499 ssl->specs.static_ecdh = 0;
1500 ssl->specs.key_size = AES_256_KEY_SIZE;
1501 ssl->specs.block_size = AES_BLOCK_SIZE;
1502 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1503 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1504
1505 ssl->options.usingAnon_cipher = 1;
1506 break;
1507#endif
1508
1509#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1510 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
1511 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1512 ssl->specs.cipher_type = aead;
1513 ssl->specs.mac_algorithm = sha256_mac;
1514 ssl->specs.kea = dhe_psk_kea;
1515 ssl->specs.sig_algo = anonymous_sa_algo;
1516 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1517 ssl->specs.pad_size = PAD_SHA;
1518 ssl->specs.static_ecdh = 0;
1519 ssl->specs.key_size = AES_128_KEY_SIZE;
1520 ssl->specs.block_size = AES_BLOCK_SIZE;
1521 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1522 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1523
1524 ssl->options.usingPSK_cipher = 1;
1525 break;
1526#endif
1527
1528#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1529 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
1530 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1531 ssl->specs.cipher_type = aead;
1532 ssl->specs.mac_algorithm = sha384_mac;
1533 ssl->specs.kea = dhe_psk_kea;
1534 ssl->specs.sig_algo = anonymous_sa_algo;
1535 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1536 ssl->specs.pad_size = PAD_SHA;
1537 ssl->specs.static_ecdh = 0;
1538 ssl->specs.key_size = AES_256_KEY_SIZE;
1539 ssl->specs.block_size = AES_BLOCK_SIZE;
1540 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1541 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1542
1543 ssl->options.usingPSK_cipher = 1;
1544 break;
1545#endif
1546
1547#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
1548 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
1549 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1550 ssl->specs.cipher_type = block;
1551 ssl->specs.mac_algorithm = sha256_mac;
1552 ssl->specs.kea = psk_kea;
1553 ssl->specs.sig_algo = anonymous_sa_algo;
1554 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1555 ssl->specs.pad_size = PAD_SHA;
1556 ssl->specs.static_ecdh = 0;
1557 ssl->specs.key_size = AES_128_KEY_SIZE;
1558 ssl->specs.block_size = AES_BLOCK_SIZE;
1559 ssl->specs.iv_size = AES_IV_SIZE;
1560
1561 ssl->options.usingPSK_cipher = 1;
1562 break;
1563#endif
1564
1565#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
1566 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
1567 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1568 ssl->specs.cipher_type = block;
1569 ssl->specs.mac_algorithm = sha384_mac;
1570 ssl->specs.kea = psk_kea;
1571 ssl->specs.sig_algo = anonymous_sa_algo;
1572 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1573 ssl->specs.pad_size = PAD_SHA;
1574 ssl->specs.static_ecdh = 0;
1575 ssl->specs.key_size = AES_256_KEY_SIZE;
1576 ssl->specs.block_size = AES_BLOCK_SIZE;
1577 ssl->specs.iv_size = AES_IV_SIZE;
1578
1579 ssl->options.usingPSK_cipher = 1;
1580 break;
1581#endif
1582
1583#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1584 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
1585 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1586 ssl->specs.cipher_type = block;
1587 ssl->specs.mac_algorithm = sha256_mac;
1588 ssl->specs.kea = dhe_psk_kea;
1589 ssl->specs.sig_algo = anonymous_sa_algo;
1590 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1591 ssl->specs.pad_size = PAD_SHA;
1592 ssl->specs.static_ecdh = 0;
1593 ssl->specs.key_size = AES_128_KEY_SIZE;
1594 ssl->specs.block_size = AES_BLOCK_SIZE;
1595 ssl->specs.iv_size = AES_IV_SIZE;
1596
1597 ssl->options.usingPSK_cipher = 1;
1598 break;
1599#endif
1600
1601#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1602 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
1603 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1604 ssl->specs.cipher_type = block;
1605 ssl->specs.mac_algorithm = sha384_mac;
1606 ssl->specs.kea = dhe_psk_kea;
1607 ssl->specs.sig_algo = anonymous_sa_algo;
1608 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1609 ssl->specs.pad_size = PAD_SHA;
1610 ssl->specs.static_ecdh = 0;
1611 ssl->specs.key_size = AES_256_KEY_SIZE;
1612 ssl->specs.block_size = AES_BLOCK_SIZE;
1613 ssl->specs.iv_size = AES_IV_SIZE;
1614
1615 ssl->options.usingPSK_cipher = 1;
1616 break;
1617#endif
1618
1619#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
1620 case TLS_PSK_WITH_AES_128_CBC_SHA :
1621 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1622 ssl->specs.cipher_type = block;
1623 ssl->specs.mac_algorithm = sha_mac;
1624 ssl->specs.kea = psk_kea;
1625 ssl->specs.sig_algo = anonymous_sa_algo;
1626 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1627 ssl->specs.pad_size = PAD_SHA;
1628 ssl->specs.static_ecdh = 0;
1629 ssl->specs.key_size = AES_128_KEY_SIZE;
1630 ssl->specs.block_size = AES_BLOCK_SIZE;
1631 ssl->specs.iv_size = AES_IV_SIZE;
1632
1633 ssl->options.usingPSK_cipher = 1;
1634 break;
1635#endif
1636
1637#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
1638 case TLS_PSK_WITH_AES_256_CBC_SHA :
1639 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1640 ssl->specs.cipher_type = block;
1641 ssl->specs.mac_algorithm = sha_mac;
1642 ssl->specs.kea = psk_kea;
1643 ssl->specs.sig_algo = anonymous_sa_algo;
1644 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1645 ssl->specs.pad_size = PAD_SHA;
1646 ssl->specs.static_ecdh = 0;
1647 ssl->specs.key_size = AES_256_KEY_SIZE;
1648 ssl->specs.block_size = AES_BLOCK_SIZE;
1649 ssl->specs.iv_size = AES_IV_SIZE;
1650
1651 ssl->options.usingPSK_cipher = 1;
1652 break;
1653#endif
1654
1655#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
1656 case TLS_PSK_WITH_NULL_SHA256 :
1657 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1658 ssl->specs.cipher_type = stream;
1659 ssl->specs.mac_algorithm = sha256_mac;
1660 ssl->specs.kea = psk_kea;
1661 ssl->specs.sig_algo = anonymous_sa_algo;
1662 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1663 ssl->specs.pad_size = PAD_SHA;
1664 ssl->specs.static_ecdh = 0;
1665 ssl->specs.key_size = 0;
1666 ssl->specs.block_size = 0;
1667 ssl->specs.iv_size = 0;
1668
1669 ssl->options.usingPSK_cipher = 1;
1670 break;
1671#endif
1672
1673#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
1674 case TLS_PSK_WITH_NULL_SHA384 :
1675 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1676 ssl->specs.cipher_type = stream;
1677 ssl->specs.mac_algorithm = sha384_mac;
1678 ssl->specs.kea = psk_kea;
1679 ssl->specs.sig_algo = anonymous_sa_algo;
1680 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1681 ssl->specs.pad_size = PAD_SHA;
1682 ssl->specs.static_ecdh = 0;
1683 ssl->specs.key_size = 0;
1684 ssl->specs.block_size = 0;
1685 ssl->specs.iv_size = 0;
1686
1687 ssl->options.usingPSK_cipher = 1;
1688 break;
1689#endif
1690
1691#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
1692 case TLS_PSK_WITH_NULL_SHA :
1693 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1694 ssl->specs.cipher_type = stream;
1695 ssl->specs.mac_algorithm = sha_mac;
1696 ssl->specs.kea = psk_kea;
1697 ssl->specs.sig_algo = anonymous_sa_algo;
1698 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1699 ssl->specs.pad_size = PAD_SHA;
1700 ssl->specs.static_ecdh = 0;
1701 ssl->specs.key_size = 0;
1702 ssl->specs.block_size = 0;
1703 ssl->specs.iv_size = 0;
1704
1705 ssl->options.usingPSK_cipher = 1;
1706 break;
1707#endif
1708
1709#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
1710 case TLS_DHE_PSK_WITH_NULL_SHA256 :
1711 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1712 ssl->specs.cipher_type = stream;
1713 ssl->specs.mac_algorithm = sha256_mac;
1714 ssl->specs.kea = dhe_psk_kea;
1715 ssl->specs.sig_algo = anonymous_sa_algo;
1716 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1717 ssl->specs.pad_size = PAD_SHA;
1718 ssl->specs.static_ecdh = 0;
1719 ssl->specs.key_size = 0;
1720 ssl->specs.block_size = 0;
1721 ssl->specs.iv_size = 0;
1722
1723 ssl->options.usingPSK_cipher = 1;
1724 break;
1725#endif
1726
1727#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
1728 case TLS_DHE_PSK_WITH_NULL_SHA384 :
1729 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1730 ssl->specs.cipher_type = stream;
1731 ssl->specs.mac_algorithm = sha384_mac;
1732 ssl->specs.kea = dhe_psk_kea;
1733 ssl->specs.sig_algo = anonymous_sa_algo;
1734 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1735 ssl->specs.pad_size = PAD_SHA;
1736 ssl->specs.static_ecdh = 0;
1737 ssl->specs.key_size = 0;
1738 ssl->specs.block_size = 0;
1739 ssl->specs.iv_size = 0;
1740
1741 ssl->options.usingPSK_cipher = 1;
1742 break;
1743#endif
1744
1745#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1746 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
1747 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1748 ssl->specs.cipher_type = block;
1749 ssl->specs.mac_algorithm = sha256_mac;
1750 ssl->specs.kea = diffie_hellman_kea;
1751 ssl->specs.sig_algo = rsa_sa_algo;
1752 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1753 ssl->specs.pad_size = PAD_SHA;
1754 ssl->specs.static_ecdh = 0;
1755 ssl->specs.key_size = AES_128_KEY_SIZE;
1756 ssl->specs.block_size = AES_BLOCK_SIZE;
1757 ssl->specs.iv_size = AES_IV_SIZE;
1758
1759 break;
1760#endif
1761
1762#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
1763 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA :
1764 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1765 ssl->specs.cipher_type = block;
1766 ssl->specs.mac_algorithm = sha_mac;
1767 ssl->specs.kea = diffie_hellman_kea;
1768 ssl->specs.sig_algo = rsa_sa_algo;
1769 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1770 ssl->specs.pad_size = PAD_SHA;
1771 ssl->specs.static_ecdh = 0;
1772 ssl->specs.key_size = DES3_KEY_SIZE;
1773 ssl->specs.block_size = DES_BLOCK_SIZE;
1774 ssl->specs.iv_size = DES_IV_SIZE;
1775
1776 break;
1777#endif
1778
1779#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1780 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
1781 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1782 ssl->specs.cipher_type = block;
1783 ssl->specs.mac_algorithm = sha256_mac;
1784 ssl->specs.kea = diffie_hellman_kea;
1785 ssl->specs.sig_algo = rsa_sa_algo;
1786 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1787 ssl->specs.pad_size = PAD_SHA;
1788 ssl->specs.static_ecdh = 0;
1789 ssl->specs.key_size = AES_256_KEY_SIZE;
1790 ssl->specs.block_size = AES_BLOCK_SIZE;
1791 ssl->specs.iv_size = AES_IV_SIZE;
1792
1793 break;
1794#endif
1795
1796#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1797 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
1798 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1799 ssl->specs.cipher_type = block;
1800 ssl->specs.mac_algorithm = sha_mac;
1801 ssl->specs.kea = diffie_hellman_kea;
1802 ssl->specs.sig_algo = rsa_sa_algo;
1803 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1804 ssl->specs.pad_size = PAD_SHA;
1805 ssl->specs.static_ecdh = 0;
1806 ssl->specs.key_size = AES_128_KEY_SIZE;
1807 ssl->specs.block_size = AES_BLOCK_SIZE;
1808 ssl->specs.iv_size = AES_IV_SIZE;
1809
1810 break;
1811#endif
1812
1813#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1814 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
1815 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1816 ssl->specs.cipher_type = block;
1817 ssl->specs.mac_algorithm = sha_mac;
1818 ssl->specs.kea = diffie_hellman_kea;
1819 ssl->specs.sig_algo = rsa_sa_algo;
1820 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1821 ssl->specs.pad_size = PAD_SHA;
1822 ssl->specs.static_ecdh = 0;
1823 ssl->specs.key_size = AES_256_KEY_SIZE;
1824 ssl->specs.block_size = AES_BLOCK_SIZE;
1825 ssl->specs.iv_size = AES_IV_SIZE;
1826
1827 break;
1828#endif
1829
1830#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
1831 case TLS_RSA_WITH_HC_128_MD5 :
1832 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1833 ssl->specs.cipher_type = stream;
1834 ssl->specs.mac_algorithm = md5_mac;
1835 ssl->specs.kea = rsa_kea;
1836 ssl->specs.sig_algo = rsa_sa_algo;
1837 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
1838 ssl->specs.pad_size = PAD_MD5;
1839 ssl->specs.static_ecdh = 0;
1840 ssl->specs.key_size = HC_128_KEY_SIZE;
1841 ssl->specs.block_size = 0;
1842 ssl->specs.iv_size = HC_128_IV_SIZE;
1843
1844 break;
1845#endif
1846
1847#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
1848 case TLS_RSA_WITH_HC_128_SHA :
1849 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1850 ssl->specs.cipher_type = stream;
1851 ssl->specs.mac_algorithm = sha_mac;
1852 ssl->specs.kea = rsa_kea;
1853 ssl->specs.sig_algo = rsa_sa_algo;
1854 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1855 ssl->specs.pad_size = PAD_SHA;
1856 ssl->specs.static_ecdh = 0;
1857 ssl->specs.key_size = HC_128_KEY_SIZE;
1858 ssl->specs.block_size = 0;
1859 ssl->specs.iv_size = HC_128_IV_SIZE;
1860
1861 break;
1862#endif
1863
1864#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
1865 case TLS_RSA_WITH_RABBIT_SHA :
1866 ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit;
1867 ssl->specs.cipher_type = stream;
1868 ssl->specs.mac_algorithm = sha_mac;
1869 ssl->specs.kea = rsa_kea;
1870 ssl->specs.sig_algo = rsa_sa_algo;
1871 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1872 ssl->specs.pad_size = PAD_SHA;
1873 ssl->specs.static_ecdh = 0;
1874 ssl->specs.key_size = RABBIT_KEY_SIZE;
1875 ssl->specs.block_size = 0;
1876 ssl->specs.iv_size = RABBIT_IV_SIZE;
1877
1878 break;
1879#endif
1880
1881#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
1882 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
1883 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1884 ssl->specs.cipher_type = aead;
1885 ssl->specs.mac_algorithm = sha256_mac;
1886 ssl->specs.kea = rsa_kea;
1887 ssl->specs.sig_algo = rsa_sa_algo;
1888 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1889 ssl->specs.pad_size = PAD_SHA;
1890 ssl->specs.static_ecdh = 0;
1891 ssl->specs.key_size = AES_128_KEY_SIZE;
1892 ssl->specs.block_size = AES_BLOCK_SIZE;
1893 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1894 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1895
1896 break;
1897#endif
1898
1899#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
1900 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
1901 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1902 ssl->specs.cipher_type = aead;
1903 ssl->specs.mac_algorithm = sha384_mac;
1904 ssl->specs.kea = rsa_kea;
1905 ssl->specs.sig_algo = rsa_sa_algo;
1906 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1907 ssl->specs.pad_size = PAD_SHA;
1908 ssl->specs.static_ecdh = 0;
1909 ssl->specs.key_size = AES_256_KEY_SIZE;
1910 ssl->specs.block_size = AES_BLOCK_SIZE;
1911 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1912 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1913
1914 break;
1915#endif
1916
1917#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1918 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
1919 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1920 ssl->specs.cipher_type = aead;
1921 ssl->specs.mac_algorithm = sha256_mac;
1922 ssl->specs.kea = diffie_hellman_kea;
1923 ssl->specs.sig_algo = rsa_sa_algo;
1924 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1925 ssl->specs.pad_size = PAD_SHA;
1926 ssl->specs.static_ecdh = 0;
1927 ssl->specs.key_size = AES_128_KEY_SIZE;
1928 ssl->specs.block_size = AES_BLOCK_SIZE;
1929 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1930 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1931
1932 break;
1933#endif
1934
1935#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1936 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
1937 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1938 ssl->specs.cipher_type = aead;
1939 ssl->specs.mac_algorithm = sha384_mac;
1940 ssl->specs.kea = diffie_hellman_kea;
1941 ssl->specs.sig_algo = rsa_sa_algo;
1942 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1943 ssl->specs.pad_size = PAD_SHA;
1944 ssl->specs.static_ecdh = 0;
1945 ssl->specs.key_size = AES_256_KEY_SIZE;
1946 ssl->specs.block_size = AES_BLOCK_SIZE;
1947 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1948 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1949
1950 break;
1951#endif
1952
1953#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1954 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
1955 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1956 ssl->specs.cipher_type = block;
1957 ssl->specs.mac_algorithm = sha_mac;
1958 ssl->specs.kea = rsa_kea;
1959 ssl->specs.sig_algo = rsa_sa_algo;
1960 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1961 ssl->specs.pad_size = PAD_SHA;
1962 ssl->specs.static_ecdh = 0;
1963 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1964 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1965 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1966
1967 break;
1968#endif
1969
1970#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1971 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
1972 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1973 ssl->specs.cipher_type = block;
1974 ssl->specs.mac_algorithm = sha_mac;
1975 ssl->specs.kea = rsa_kea;
1976 ssl->specs.sig_algo = rsa_sa_algo;
1977 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1978 ssl->specs.pad_size = PAD_SHA;
1979 ssl->specs.static_ecdh = 0;
1980 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1981 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1982 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1983
1984 break;
1985#endif
1986
1987#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1988 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1989 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1990 ssl->specs.cipher_type = block;
1991 ssl->specs.mac_algorithm = sha256_mac;
1992 ssl->specs.kea = rsa_kea;
1993 ssl->specs.sig_algo = rsa_sa_algo;
1994 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1995 ssl->specs.pad_size = PAD_SHA;
1996 ssl->specs.static_ecdh = 0;
1997 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1998 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1999 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2000
2001 break;
2002#endif
2003
2004#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
2005 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
2006 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2007 ssl->specs.cipher_type = block;
2008 ssl->specs.mac_algorithm = sha256_mac;
2009 ssl->specs.kea = rsa_kea;
2010 ssl->specs.sig_algo = rsa_sa_algo;
2011 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2012 ssl->specs.pad_size = PAD_SHA;
2013 ssl->specs.static_ecdh = 0;
2014 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
2015 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2016 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2017
2018 break;
2019#endif
2020
2021#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
2022 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
2023 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2024 ssl->specs.cipher_type = block;
2025 ssl->specs.mac_algorithm = sha_mac;
2026 ssl->specs.kea = diffie_hellman_kea;
2027 ssl->specs.sig_algo = rsa_sa_algo;
2028 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2029 ssl->specs.pad_size = PAD_SHA;
2030 ssl->specs.static_ecdh = 0;
2031 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
2032 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2033 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2034
2035 break;
2036#endif
2037
2038#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
2039 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
2040 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2041 ssl->specs.cipher_type = block;
2042 ssl->specs.mac_algorithm = sha_mac;
2043 ssl->specs.kea = diffie_hellman_kea;
2044 ssl->specs.sig_algo = rsa_sa_algo;
2045 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2046 ssl->specs.pad_size = PAD_SHA;
2047 ssl->specs.static_ecdh = 0;
2048 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
2049 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2050 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2051
2052 break;
2053#endif
2054
2055#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2056 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
2057 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2058 ssl->specs.cipher_type = block;
2059 ssl->specs.mac_algorithm = sha256_mac;
2060 ssl->specs.kea = diffie_hellman_kea;
2061 ssl->specs.sig_algo = rsa_sa_algo;
2062 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2063 ssl->specs.pad_size = PAD_SHA;
2064 ssl->specs.static_ecdh = 0;
2065 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
2066 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2067 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2068
2069 break;
2070#endif
2071
2072#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2073 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
2074 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2075 ssl->specs.cipher_type = block;
2076 ssl->specs.mac_algorithm = sha256_mac;
2077 ssl->specs.kea = diffie_hellman_kea;
2078 ssl->specs.sig_algo = rsa_sa_algo;
2079 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2080 ssl->specs.pad_size = PAD_SHA;
2081 ssl->specs.static_ecdh = 0;
2082 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
2083 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2084 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2085
2086 break;
2087#endif
2088
2089#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
2090 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
2091 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
2092 ssl->specs.cipher_type = block;
2093 ssl->specs.mac_algorithm = sha_mac;
2094 ssl->specs.kea = diffie_hellman_kea;
2095 ssl->specs.sig_algo = anonymous_sa_algo;
2096 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2097 ssl->specs.pad_size = PAD_SHA;
2098 ssl->specs.static_ecdh = 0;
2099 ssl->specs.key_size = AES_128_KEY_SIZE;
2100 ssl->specs.block_size = AES_BLOCK_SIZE;
2101 ssl->specs.iv_size = AES_IV_SIZE;
2102
2103 ssl->options.usingAnon_cipher = 1;
2104 break;
2105#endif
2106
2107#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
2108 case SSL_RSA_WITH_IDEA_CBC_SHA :
2109 ssl->specs.bulk_cipher_algorithm = wolfssl_idea;
2110 ssl->specs.cipher_type = block;
2111 ssl->specs.mac_algorithm = sha_mac;
2112 ssl->specs.kea = rsa_kea;
2113 ssl->specs.sig_algo = rsa_sa_algo;
2114 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2115 ssl->specs.pad_size = PAD_SHA;
2116 ssl->specs.static_ecdh = 0;
2117 ssl->specs.key_size = IDEA_KEY_SIZE;
2118 ssl->specs.block_size = IDEA_BLOCK_SIZE;
2119 ssl->specs.iv_size = IDEA_IV_SIZE;
2120
2121 break;
2122#endif
2123
2124#ifdef BUILD_WDM_WITH_NULL_SHA256
2125 case WDM_WITH_NULL_SHA256 :
2126 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
2127 ssl->specs.cipher_type = stream;
2128 ssl->specs.mac_algorithm = sha256_mac;
2129 ssl->specs.kea = no_kea;
2130 ssl->specs.sig_algo = anonymous_sa_algo;
2131 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2132 ssl->specs.pad_size = PAD_SHA;
2133
2134 break;
2135#endif
2136
2137 default:
2138 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
2139 return UNSUPPORTED_SUITE;
2140 } /* switch */
2141 } /* if ECC / Normal suites else */
2142
2143 /* set TLS if it hasn't been turned off */
2144 if (ssl->version.major == 3 && ssl->version.minor >= 1) {
2145#ifndef NO_TLS
2146 ssl->options.tls = 1;
2147 #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
2148 ssl->hmac = TLS_hmac;
2149 #endif
2150 if (ssl->version.minor >= 2) {
2151 ssl->options.tls1_1 = 1;
2152 if (ssl->version.minor >= 4)
2153 ssl->options.tls1_3 = 1;
2154 }
2155#endif
2156 }
2157
2158#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
2159 if (IsAtLeastTLSv1_3(ssl->version) || ssl->specs.cipher_type != block)
2160 ssl->options.encThenMac = 0;
2161#endif
2162
2163#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_AEAD_ONLY)
2164 if (ssl->options.dtls)
2165 ssl->hmac = TLS_hmac;
2166#endif
2167
2168 return 0;
2169}
2170
2171
2172enum KeyStuff {
2173 MASTER_ROUNDS = 3,
2174 PREFIX = 3, /* up to three letters for master prefix */
2175 KEY_PREFIX = 9 /* up to 9 prefix letters for key rounds */
2176
2177
2178};
2179
2180#ifndef NO_OLD_TLS
2181/* true or false, zero for error */
2182static int SetPrefix(byte* sha_input, int idx)
2183{
2184 switch (idx) {
2185 case 0:
2186 XMEMCPY(sha_input, "A", 1);
2187 break;
2188 case 1:
2189 XMEMCPY(sha_input, "BB", 2);
2190 break;
2191 case 2:
2192 XMEMCPY(sha_input, "CCC", 3);
2193 break;
2194 case 3:
2195 XMEMCPY(sha_input, "DDDD", 4);
2196 break;
2197 case 4:
2198 XMEMCPY(sha_input, "EEEEE", 5);
2199 break;
2200 case 5:
2201 XMEMCPY(sha_input, "FFFFFF", 6);
2202 break;
2203 case 6:
2204 XMEMCPY(sha_input, "GGGGGGG", 7);
2205 break;
2206 case 7:
2207 XMEMCPY(sha_input, "HHHHHHHH", 8);
2208 break;
2209 case 8:
2210 XMEMCPY(sha_input, "IIIIIIIII", 9);
2211 break;
2212 default:
2213 WOLFSSL_MSG("Set Prefix error, bad input");
2214 return 0;
2215 }
2216 return 1;
2217}
2218#endif
2219
2220
2221static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
2222 int side, void* heap, int devId, WC_RNG* rng, int tls13)
2223{
2224 (void)rng;
2225 (void)tls13;
2226
2227#ifdef BUILD_ARC4
2228 if (specs->bulk_cipher_algorithm == wolfssl_rc4) {
2229 word32 sz = specs->key_size;
2230 if (enc && enc->arc4 == NULL) {
2231 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2232 if (enc->arc4 == NULL)
2233 return MEMORY_E;
2234 }
2235 if (dec && dec->arc4 == NULL) {
2236 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2237 if (dec->arc4 == NULL)
2238 return MEMORY_E;
2239 }
2240
2241 if (enc) {
2242 if (wc_Arc4Init(enc->arc4, heap, devId) != 0) {
2243 WOLFSSL_MSG("Arc4Init failed in SetKeys");
2244 return ASYNC_INIT_E;
2245 }
2246 }
2247 if (dec) {
2248 if (wc_Arc4Init(dec->arc4, heap, devId) != 0) {
2249 WOLFSSL_MSG("Arc4Init failed in SetKeys");
2250 return ASYNC_INIT_E;
2251 }
2252 }
2253
2254 if (side == WOLFSSL_CLIENT_END) {
2255 if (enc)
2256 wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
2257 if (dec)
2258 wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz);
2259 }
2260 else {
2261 if (enc)
2262 wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz);
2263 if (dec)
2264 wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz);
2265 }
2266 if (enc)
2267 enc->setup = 1;
2268 if (dec)
2269 dec->setup = 1;
2270 }
2271#endif /* BUILD_ARC4 */
2272
2273
2274#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
2275 /* Check that the max implicit iv size is suffecient */
2276 #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2277 #error AEAD_MAX_IMP_SZ is too small for ChaCha20
2278 #endif
2279 #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2280 #error MAX_WRITE_IV_SZ is too small for ChaCha20
2281 #endif
2282
2283 if (specs->bulk_cipher_algorithm == wolfssl_chacha) {
2284 int chachaRet;
2285 if (enc && enc->chacha == NULL)
2286 enc->chacha =
2287 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2288 if (enc && enc->chacha == NULL)
2289 return MEMORY_E;
2290 if (dec && dec->chacha == NULL)
2291 dec->chacha =
2292 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2293 if (dec && dec->chacha == NULL)
2294 return MEMORY_E;
2295 if (side == WOLFSSL_CLIENT_END) {
2296 if (enc) {
2297 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key,
2298 specs->key_size);
2299 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2300 CHACHA20_IMP_IV_SZ);
2301 if (chachaRet != 0) return chachaRet;
2302 }
2303 if (dec) {
2304 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key,
2305 specs->key_size);
2306 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2307 CHACHA20_IMP_IV_SZ);
2308 if (chachaRet != 0) return chachaRet;
2309 }
2310 }
2311 else {
2312 if (enc) {
2313 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key,
2314 specs->key_size);
2315 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2316 CHACHA20_IMP_IV_SZ);
2317 if (chachaRet != 0) return chachaRet;
2318 }
2319 if (dec) {
2320 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key,
2321 specs->key_size);
2322 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2323 CHACHA20_IMP_IV_SZ);
2324 if (chachaRet != 0) return chachaRet;
2325 }
2326 }
2327
2328 if (enc)
2329 enc->setup = 1;
2330 if (dec)
2331 dec->setup = 1;
2332 }
2333#endif /* HAVE_CHACHA && HAVE_POLY1305 */
2334
2335
2336#ifdef HAVE_HC128
2337 /* check that buffer sizes are sufficient */
2338 #if (MAX_WRITE_IV_SZ < 16) /* HC_128_IV_SIZE */
2339 #error MAX_WRITE_IV_SZ too small for HC128
2340 #endif
2341
2342 if (specs->bulk_cipher_algorithm == wolfssl_hc128) {
2343 int hcRet;
2344 if (enc && enc->hc128 == NULL)
2345 enc->hc128 =
2346 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
2347 if (enc && enc->hc128 == NULL)
2348 return MEMORY_E;
2349 if (dec && dec->hc128 == NULL)
2350 dec->hc128 =
2351 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
2352 if (dec && dec->hc128 == NULL)
2353 return MEMORY_E;
2354 if (side == WOLFSSL_CLIENT_END) {
2355 if (enc) {
2356 hcRet = wc_Hc128_SetKey(enc->hc128, keys->client_write_key,
2357 keys->client_write_IV);
2358 if (hcRet != 0) return hcRet;
2359 }
2360 if (dec) {
2361 hcRet = wc_Hc128_SetKey(dec->hc128, keys->server_write_key,
2362 keys->server_write_IV);
2363 if (hcRet != 0) return hcRet;
2364 }
2365 }
2366 else {
2367 if (enc) {
2368 hcRet = wc_Hc128_SetKey(enc->hc128, keys->server_write_key,
2369 keys->server_write_IV);
2370 if (hcRet != 0) return hcRet;
2371 }
2372 if (dec) {
2373 hcRet = wc_Hc128_SetKey(dec->hc128, keys->client_write_key,
2374 keys->client_write_IV);
2375 if (hcRet != 0) return hcRet;
2376 }
2377 }
2378 if (enc)
2379 enc->setup = 1;
2380 if (dec)
2381 dec->setup = 1;
2382 }
2383#endif /* HAVE_HC128 */
2384
2385#ifdef BUILD_RABBIT
2386 /* check that buffer sizes are sufficient */
2387 #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */
2388 #error MAX_WRITE_IV_SZ too small for RABBIT
2389 #endif
2390
2391 if (specs->bulk_cipher_algorithm == wolfssl_rabbit) {
2392 int rabRet;
2393 if (enc && enc->rabbit == NULL)
2394 enc->rabbit =
2395 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
2396 if (enc && enc->rabbit == NULL)
2397 return MEMORY_E;
2398 if (dec && dec->rabbit == NULL)
2399 dec->rabbit =
2400 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
2401 if (dec && dec->rabbit == NULL)
2402 return MEMORY_E;
2403 if (side == WOLFSSL_CLIENT_END) {
2404 if (enc) {
2405 rabRet = wc_RabbitSetKey(enc->rabbit, keys->client_write_key,
2406 keys->client_write_IV);
2407 if (rabRet != 0) return rabRet;
2408 }
2409 if (dec) {
2410 rabRet = wc_RabbitSetKey(dec->rabbit, keys->server_write_key,
2411 keys->server_write_IV);
2412 if (rabRet != 0) return rabRet;
2413 }
2414 }
2415 else {
2416 if (enc) {
2417 rabRet = wc_RabbitSetKey(enc->rabbit, keys->server_write_key,
2418 keys->server_write_IV);
2419 if (rabRet != 0) return rabRet;
2420 }
2421 if (dec) {
2422 rabRet = wc_RabbitSetKey(dec->rabbit, keys->client_write_key,
2423 keys->client_write_IV);
2424 if (rabRet != 0) return rabRet;
2425 }
2426 }
2427 if (enc)
2428 enc->setup = 1;
2429 if (dec)
2430 dec->setup = 1;
2431 }
2432#endif /* BUILD_RABBIT */
2433
2434#ifdef BUILD_DES3
2435 /* check that buffer sizes are sufficient */
2436 #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */
2437 #error MAX_WRITE_IV_SZ too small for 3DES
2438 #endif
2439
2440 if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
2441 int desRet = 0;
2442
2443 if (enc) {
2444 if (enc->des3 == NULL)
2445 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2446 if (enc->des3 == NULL)
2447 return MEMORY_E;
2448 XMEMSET(enc->des3, 0, sizeof(Des3));
2449 }
2450 if (dec) {
2451 if (dec->des3 == NULL)
2452 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2453 if (dec->des3 == NULL)
2454 return MEMORY_E;
2455 XMEMSET(dec->des3, 0, sizeof(Des3));
2456 }
2457
2458 if (enc) {
2459 if (wc_Des3Init(enc->des3, heap, devId) != 0) {
2460 WOLFSSL_MSG("Des3Init failed in SetKeys");
2461 return ASYNC_INIT_E;
2462 }
2463 }
2464 if (dec) {
2465 if (wc_Des3Init(dec->des3, heap, devId) != 0) {
2466 WOLFSSL_MSG("Des3Init failed in SetKeys");
2467 return ASYNC_INIT_E;
2468 }
2469 }
2470
2471 if (side == WOLFSSL_CLIENT_END) {
2472 if (enc) {
2473 desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
2474 keys->client_write_IV, DES_ENCRYPTION);
2475 if (desRet != 0) return desRet;
2476 }
2477 if (dec) {
2478 desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key,
2479 keys->server_write_IV, DES_DECRYPTION);
2480 if (desRet != 0) return desRet;
2481 }
2482 }
2483 else {
2484 if (enc) {
2485 desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key,
2486 keys->server_write_IV, DES_ENCRYPTION);
2487 if (desRet != 0) return desRet;
2488 }
2489 if (dec) {
2490 desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key,
2491 keys->client_write_IV, DES_DECRYPTION);
2492 if (desRet != 0) return desRet;
2493 }
2494 }
2495 if (enc)
2496 enc->setup = 1;
2497 if (dec)
2498 dec->setup = 1;
2499 }
2500#endif /* BUILD_DES3 */
2501
2502#ifdef BUILD_AES
2503 /* check that buffer sizes are sufficient */
2504 #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */
2505 #error MAX_WRITE_IV_SZ too small for AES
2506 #endif
2507
2508 if (specs->bulk_cipher_algorithm == wolfssl_aes) {
2509 int aesRet = 0;
2510
2511 if (enc) {
2512 if (enc->aes == NULL)
2513 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2514 if (enc->aes == NULL)
2515 return MEMORY_E;
2516 XMEMSET(enc->aes, 0, sizeof(Aes));
2517 }
2518 if (dec) {
2519 if (dec->aes == NULL)
2520 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2521 if (dec->aes == NULL)
2522 return MEMORY_E;
2523 XMEMSET(dec->aes, 0, sizeof(Aes));
2524 }
2525 if (enc) {
2526 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2527 WOLFSSL_MSG("AesInit failed in SetKeys");
2528 return ASYNC_INIT_E;
2529 }
2530 }
2531 if (dec) {
2532 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2533 WOLFSSL_MSG("AesInit failed in SetKeys");
2534 return ASYNC_INIT_E;
2535 }
2536 }
2537
2538 if (side == WOLFSSL_CLIENT_END) {
2539 if (enc) {
2540 aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
2541 specs->key_size, keys->client_write_IV,
2542 AES_ENCRYPTION);
2543 if (aesRet != 0) return aesRet;
2544 }
2545 if (dec) {
2546 aesRet = wc_AesSetKey(dec->aes, keys->server_write_key,
2547 specs->key_size, keys->server_write_IV,
2548 AES_DECRYPTION);
2549 if (aesRet != 0) return aesRet;
2550 }
2551 }
2552 else {
2553 if (enc) {
2554 aesRet = wc_AesSetKey(enc->aes, keys->server_write_key,
2555 specs->key_size, keys->server_write_IV,
2556 AES_ENCRYPTION);
2557 if (aesRet != 0) return aesRet;
2558 }
2559 if (dec) {
2560 aesRet = wc_AesSetKey(dec->aes, keys->client_write_key,
2561 specs->key_size, keys->client_write_IV,
2562 AES_DECRYPTION);
2563 if (aesRet != 0) return aesRet;
2564 }
2565 }
2566 if (enc)
2567 enc->setup = 1;
2568 if (dec)
2569 dec->setup = 1;
2570 }
2571#endif /* BUILD_AES */
2572
2573#ifdef BUILD_AESGCM
2574 /* check that buffer sizes are sufficient */
2575 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2576 #error AEAD_MAX_IMP_SZ too small for AESGCM
2577 #endif
2578 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2579 #error AEAD_MAX_EXP_SZ too small for AESGCM
2580 #endif
2581 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2582 #error MAX_WRITE_IV_SZ too small for AESGCM
2583 #endif
2584
2585 if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
2586 int gcmRet;
2587
2588 if (enc) {
2589 if (enc->aes == NULL)
2590 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2591 if (enc->aes == NULL)
2592 return MEMORY_E;
2593 XMEMSET(enc->aes, 0, sizeof(Aes));
2594 }
2595 if (dec) {
2596 if (dec->aes == NULL)
2597 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2598 if (dec->aes == NULL)
2599 return MEMORY_E;
2600 XMEMSET(dec->aes, 0, sizeof(Aes));
2601 }
2602
2603 if (enc) {
2604 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2605 WOLFSSL_MSG("AesInit failed in SetKeys");
2606 return ASYNC_INIT_E;
2607 }
2608 }
2609 if (dec) {
2610 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2611 WOLFSSL_MSG("AesInit failed in SetKeys");
2612 return ASYNC_INIT_E;
2613 }
2614 }
2615
2616 if (side == WOLFSSL_CLIENT_END) {
2617 if (enc) {
2618 gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key,
2619 specs->key_size);
2620 if (gcmRet != 0) return gcmRet;
2621 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2622 AEAD_MAX_IMP_SZ);
2623#if !defined(NO_PUBLIC_GCM_SET_IV) && \
2624 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2625 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2626 if (!tls13) {
2627 gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ,
2628 keys->client_write_IV, AESGCM_IMP_IV_SZ, rng);
2629 if (gcmRet != 0) return gcmRet;
2630 }
2631#endif
2632 }
2633 if (dec) {
2634 gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
2635 specs->key_size);
2636 if (gcmRet != 0) return gcmRet;
2637 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2638 AEAD_MAX_IMP_SZ);
2639 }
2640 }
2641 else {
2642 if (enc) {
2643 gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key,
2644 specs->key_size);
2645 if (gcmRet != 0) return gcmRet;
2646 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2647 AEAD_MAX_IMP_SZ);
2648#if !defined(NO_PUBLIC_GCM_SET_IV) && \
2649 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2650 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2651 if (!tls13) {
2652 gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ,
2653 keys->server_write_IV, AESGCM_IMP_IV_SZ, rng);
2654 if (gcmRet != 0) return gcmRet;
2655 }
2656#endif
2657 }
2658 if (dec) {
2659 gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
2660 specs->key_size);
2661 if (gcmRet != 0) return gcmRet;
2662 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2663 AEAD_MAX_IMP_SZ);
2664 }
2665 }
2666 if (enc)
2667 enc->setup = 1;
2668 if (dec)
2669 dec->setup = 1;
2670 }
2671#endif /* BUILD_AESGCM */
2672
2673#ifdef HAVE_AESCCM
2674 /* check that buffer sizes are sufficient (CCM is same size as GCM) */
2675 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2676 #error AEAD_MAX_IMP_SZ too small for AESCCM
2677 #endif
2678 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2679 #error AEAD_MAX_EXP_SZ too small for AESCCM
2680 #endif
2681 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2682 #error MAX_WRITE_IV_SZ too small for AESCCM
2683 #endif
2684
2685 if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
2686 int CcmRet;
2687
2688 if (enc) {
2689 if (enc->aes == NULL)
2690 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2691 if (enc->aes == NULL)
2692 return MEMORY_E;
2693 XMEMSET(enc->aes, 0, sizeof(Aes));
2694 }
2695 if (dec) {
2696 if (dec->aes == NULL)
2697 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2698 if (dec->aes == NULL)
2699 return MEMORY_E;
2700 XMEMSET(dec->aes, 0, sizeof(Aes));
2701 }
2702
2703 if (enc) {
2704 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2705 WOLFSSL_MSG("AesInit failed in SetKeys");
2706 return ASYNC_INIT_E;
2707 }
2708 }
2709 if (dec) {
2710 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2711 WOLFSSL_MSG("AesInit failed in SetKeys");
2712 return ASYNC_INIT_E;
2713 }
2714 }
2715
2716 if (side == WOLFSSL_CLIENT_END) {
2717 if (enc) {
2718 CcmRet = wc_AesCcmSetKey(enc->aes, keys->client_write_key,
2719 specs->key_size);
2720 if (CcmRet != 0) {
2721 return CcmRet;
2722 }
2723 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2724 AEAD_MAX_IMP_SZ);
2725#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \
2726 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2727 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2728 if (!tls13) {
2729 CcmRet = wc_AesCcmSetNonce(enc->aes, keys->client_write_IV,
2730 AEAD_MAX_IMP_SZ);
2731 if (CcmRet != 0) return CcmRet;
2732 }
2733#endif
2734 }
2735 if (dec) {
2736 CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key,
2737 specs->key_size);
2738 if (CcmRet != 0) {
2739 return CcmRet;
2740 }
2741 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2742 AEAD_MAX_IMP_SZ);
2743 }
2744 }
2745 else {
2746 if (enc) {
2747 CcmRet = wc_AesCcmSetKey(enc->aes, keys->server_write_key,
2748 specs->key_size);
2749 if (CcmRet != 0) {
2750 return CcmRet;
2751 }
2752 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2753 AEAD_MAX_IMP_SZ);
2754#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \
2755 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2756 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2757 if (!tls13) {
2758 CcmRet = wc_AesCcmSetNonce(enc->aes, keys->server_write_IV,
2759 AEAD_MAX_IMP_SZ);
2760 if (CcmRet != 0) return CcmRet;
2761 }
2762#endif
2763 }
2764 if (dec) {
2765 CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key,
2766 specs->key_size);
2767 if (CcmRet != 0) {
2768 return CcmRet;
2769 }
2770 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2771 AEAD_MAX_IMP_SZ);
2772 }
2773 }
2774 if (enc)
2775 enc->setup = 1;
2776 if (dec)
2777 dec->setup = 1;
2778 }
2779#endif /* HAVE_AESCCM */
2780
2781#ifdef HAVE_CAMELLIA
2782 /* check that buffer sizes are sufficient */
2783 #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */
2784 #error MAX_WRITE_IV_SZ too small for CAMELLIA
2785 #endif
2786
2787 if (specs->bulk_cipher_algorithm == wolfssl_camellia) {
2788 int camRet;
2789
2790 if (enc && enc->cam == NULL)
2791 enc->cam =
2792 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2793 if (enc && enc->cam == NULL)
2794 return MEMORY_E;
2795
2796 if (dec && dec->cam == NULL)
2797 dec->cam =
2798 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2799 if (dec && dec->cam == NULL)
2800 return MEMORY_E;
2801
2802 if (side == WOLFSSL_CLIENT_END) {
2803 if (enc) {
2804 camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key,
2805 specs->key_size, keys->client_write_IV);
2806 if (camRet != 0) return camRet;
2807 }
2808 if (dec) {
2809 camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key,
2810 specs->key_size, keys->server_write_IV);
2811 if (camRet != 0) return camRet;
2812 }
2813 }
2814 else {
2815 if (enc) {
2816 camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key,
2817 specs->key_size, keys->server_write_IV);
2818 if (camRet != 0) return camRet;
2819 }
2820 if (dec) {
2821 camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key,
2822 specs->key_size, keys->client_write_IV);
2823 if (camRet != 0) return camRet;
2824 }
2825 }
2826 if (enc)
2827 enc->setup = 1;
2828 if (dec)
2829 dec->setup = 1;
2830 }
2831#endif /* HAVE_CAMELLIA */
2832
2833#ifdef HAVE_IDEA
2834 /* check that buffer sizes are sufficient */
2835 #if (MAX_WRITE_IV_SZ < 8) /* IDEA_IV_SIZE */
2836 #error MAX_WRITE_IV_SZ too small for IDEA
2837 #endif
2838
2839 if (specs->bulk_cipher_algorithm == wolfssl_idea) {
2840 int ideaRet;
2841
2842 if (enc && enc->idea == NULL)
2843 enc->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
2844 if (enc && enc->idea == NULL)
2845 return MEMORY_E;
2846
2847 if (dec && dec->idea == NULL)
2848 dec->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
2849 if (dec && dec->idea == NULL)
2850 return MEMORY_E;
2851
2852 if (side == WOLFSSL_CLIENT_END) {
2853 if (enc) {
2854 ideaRet = wc_IdeaSetKey(enc->idea, keys->client_write_key,
2855 specs->key_size, keys->client_write_IV,
2856 IDEA_ENCRYPTION);
2857 if (ideaRet != 0) return ideaRet;
2858 }
2859 if (dec) {
2860 ideaRet = wc_IdeaSetKey(dec->idea, keys->server_write_key,
2861 specs->key_size, keys->server_write_IV,
2862 IDEA_DECRYPTION);
2863 if (ideaRet != 0) return ideaRet;
2864 }
2865 }
2866 else {
2867 if (enc) {
2868 ideaRet = wc_IdeaSetKey(enc->idea, keys->server_write_key,
2869 specs->key_size, keys->server_write_IV,
2870 IDEA_ENCRYPTION);
2871 if (ideaRet != 0) return ideaRet;
2872 }
2873 if (dec) {
2874 ideaRet = wc_IdeaSetKey(dec->idea, keys->client_write_key,
2875 specs->key_size, keys->client_write_IV,
2876 IDEA_DECRYPTION);
2877 if (ideaRet != 0) return ideaRet;
2878 }
2879 }
2880 if (enc)
2881 enc->setup = 1;
2882 if (dec)
2883 dec->setup = 1;
2884 }
2885#endif /* HAVE_IDEA */
2886
2887#ifdef HAVE_NULL_CIPHER
2888 if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
2889 #ifdef WOLFSSL_TLS13
2890 if (tls13) {
2891 int hmacRet;
2892 int hashType = WC_HASH_TYPE_NONE;
2893
2894 switch (specs->mac_algorithm) {
2895 case sha256_mac:
2896 hashType = WC_SHA256;
2897 break;
2898 case sha384_mac:
2899 hashType = WC_SHA384;
2900 break;
2901 default:
2902 break;
2903 }
2904
2905 if (enc && enc->hmac == NULL) {
2906 enc->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap,
2907 DYNAMIC_TYPE_CIPHER);
2908 if (enc->hmac == NULL)
2909 return MEMORY_E;
2910 }
2911
2912 if (enc) {
2913 if (wc_HmacInit(enc->hmac, heap, devId) != 0) {
2914 WOLFSSL_MSG("HmacInit failed in SetKeys");
2915 XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER);
2916 enc->hmac = NULL;
2917 return ASYNC_INIT_E;
2918 }
2919 }
2920
2921 if (dec && dec->hmac == NULL) {
2922 dec->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap,
2923 DYNAMIC_TYPE_CIPHER);
2924 if (dec->hmac == NULL)
2925 return MEMORY_E;
2926 }
2927
2928 if (dec) {
2929 if (wc_HmacInit(dec->hmac, heap, devId) != 0) {
2930 WOLFSSL_MSG("HmacInit failed in SetKeys");
2931 XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER);
2932 dec->hmac = NULL;
2933 return ASYNC_INIT_E;
2934 }
2935 }
2936
2937 if (side == WOLFSSL_CLIENT_END) {
2938 if (enc) {
2939 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2940 HMAC_NONCE_SZ);
2941 hmacRet = wc_HmacSetKey(enc->hmac, hashType,
2942 keys->client_write_key, specs->key_size);
2943 if (hmacRet != 0) return hmacRet;
2944 }
2945 if (dec) {
2946 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2947 HMAC_NONCE_SZ);
2948 hmacRet = wc_HmacSetKey(dec->hmac, hashType,
2949 keys->server_write_key, specs->key_size);
2950 if (hmacRet != 0) return hmacRet;
2951 }
2952 }
2953 else {
2954 if (enc) {
2955 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2956 HMAC_NONCE_SZ);
2957 hmacRet = wc_HmacSetKey(enc->hmac, hashType,
2958 keys->server_write_key, specs->key_size);
2959 if (hmacRet != 0) return hmacRet;
2960 }
2961 if (dec) {
2962 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2963 HMAC_NONCE_SZ);
2964 hmacRet = wc_HmacSetKey(dec->hmac, hashType,
2965 keys->client_write_key, specs->key_size);
2966 if (hmacRet != 0) return hmacRet;
2967 }
2968 }
2969 }
2970 #endif
2971 if (enc)
2972 enc->setup = 1;
2973 if (dec)
2974 dec->setup = 1;
2975 }
2976#endif
2977
2978 if (enc) {
2979 keys->sequence_number_hi = 0;
2980 keys->sequence_number_lo = 0;
2981 }
2982 if (dec) {
2983 keys->peer_sequence_number_hi = 0;
2984 keys->peer_sequence_number_lo = 0;
2985 }
2986 (void)side;
2987 (void)heap;
2988 (void)enc;
2989 (void)dec;
2990 (void)specs;
2991 (void)devId;
2992
2993 return 0;
2994}
2995
2996
2997#ifdef HAVE_ONE_TIME_AUTH
2998/* set one time authentication keys */
2999static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
3000 CipherSpecs* specs, void* heap, int devId)
3001{
3002
3003#ifdef HAVE_POLY1305
3004 /* set up memory space for poly1305 */
3005 if (authentication && authentication->poly1305 == NULL)
3006 authentication->poly1305 =
3007 (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER);
3008 if (authentication && authentication->poly1305 == NULL)
3009 return MEMORY_E;
3010 if (authentication)
3011 authentication->setup = 1;
3012#endif
3013 (void)authentication;
3014 (void)heap;
3015 (void)keys;
3016 (void)specs;
3017 (void)devId;
3018
3019 return 0;
3020}
3021#endif /* HAVE_ONE_TIME_AUTH */
3022
3023#ifdef HAVE_SECURE_RENEGOTIATION
3024/* function name is for cache_status++
3025 * This function was added because of error incrementing enum type when
3026 * compiling with a C++ compiler.
3027 */
3028static void CacheStatusPP(SecureRenegotiation* cache)
3029{
3030 switch (cache->cache_status) {
3031 case SCR_CACHE_NULL:
3032 cache->cache_status = SCR_CACHE_NEEDED;
3033 break;
3034
3035 case SCR_CACHE_NEEDED:
3036 cache->cache_status = SCR_CACHE_COPY;
3037 break;
3038
3039 case SCR_CACHE_COPY:
3040 cache->cache_status = SCR_CACHE_PARTIAL;
3041 break;
3042
3043 case SCR_CACHE_PARTIAL:
3044 cache->cache_status = SCR_CACHE_COMPLETE;
3045 break;
3046
3047 case SCR_CACHE_COMPLETE:
3048 WOLFSSL_MSG("SCR Cache state Complete");
3049 break;
3050
3051 default:
3052 WOLFSSL_MSG("Unknown cache state!!");
3053 }
3054}
3055#endif /* HAVE_SECURE_RENEGOTIATION */
3056
3057
3058/* Set wc_encrypt/wc_decrypt or both sides of key setup
3059 * note: use wc_encrypt to avoid shadowing global encrypt
3060 * declared in unistd.h
3061 */
3062int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
3063{
3064 int ret, copy = 0;
3065 Ciphers* wc_encrypt = NULL;
3066 Ciphers* wc_decrypt = NULL;
3067 Keys* keys = &ssl->keys;
3068
3069 (void)copy;
3070
3071#ifdef HAVE_SECURE_RENEGOTIATION
3072 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) {
3073 keys = &ssl->secure_renegotiation->tmp_keys;
3074#ifdef WOLFSSL_DTLS
3075 /* For DTLS, copy is done in StoreKeys */
3076 if (!ssl->options.dtls)
3077#endif
3078 copy = 1;
3079 }
3080#endif /* HAVE_SECURE_RENEGOTIATION */
3081
3082 switch (side) {
3083 case ENCRYPT_SIDE_ONLY:
3084#ifdef WOLFSSL_DEBUG_TLS
3085 WOLFSSL_MSG("Provisioning ENCRYPT key");
3086 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3087 WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
3088 }
3089 else {
3090 WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
3091 }
3092#endif
3093 wc_encrypt = &ssl->encrypt;
3094 break;
3095
3096 case DECRYPT_SIDE_ONLY:
3097#ifdef WOLFSSL_DEBUG_TLS
3098 WOLFSSL_MSG("Provisioning DECRYPT key");
3099 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3100 WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
3101 }
3102 else {
3103 WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
3104 }
3105#endif
3106 wc_decrypt = &ssl->decrypt;
3107 break;
3108
3109 case ENCRYPT_AND_DECRYPT_SIDE:
3110#ifdef WOLFSSL_DEBUG_TLS
3111 WOLFSSL_MSG("Provisioning ENCRYPT key");
3112 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3113 WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
3114 }
3115 else {
3116 WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
3117 }
3118 WOLFSSL_MSG("Provisioning DECRYPT key");
3119 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3120 WOLFSSL_BUFFER(ssl->keys.server_write_key, ssl->specs.key_size);
3121 }
3122 else {
3123 WOLFSSL_BUFFER(ssl->keys.client_write_key, ssl->specs.key_size);
3124 }
3125#endif
3126 wc_encrypt = &ssl->encrypt;
3127 wc_decrypt = &ssl->decrypt;
3128 break;
3129
3130 default:
3131 return BAD_FUNC_ARG;
3132 }
3133
3134#ifdef HAVE_ONE_TIME_AUTH
3135 if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){
3136 ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, ssl->devId);
3137 if (ret != 0)
3138 return ret;
3139 }
3140#endif
3141
3142#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
3143 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
3144 /* check if keys for TSIP has been created */
3145 if (tsip_useable(ssl) == 1)
3146 ret = 0;
3147 else
3148#endif
3149 ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
3150 ssl->heap, ssl->devId, ssl->rng, ssl->options.tls1_3);
3151
3152#ifdef HAVE_SECURE_RENEGOTIATION
3153#ifdef WOLFSSL_DTLS
3154 if (ret == 0 && ssl->options.dtls) {
3155 if (wc_encrypt)
3156 wc_encrypt->src = keys == &ssl->keys ? KEYS : SCR;
3157 if (wc_decrypt)
3158 wc_decrypt->src = keys == &ssl->keys ? KEYS : SCR;
3159 }
3160#endif
3161
3162 if (copy) {
3163 int clientCopy = 0;
3164
3165 if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt)
3166 clientCopy = 1;
3167 else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt)
3168 clientCopy = 1;
3169
3170 if (clientCopy) {
3171 #ifndef WOLFSSL_AEAD_ONLY
3172 XMEMCPY(ssl->keys.client_write_MAC_secret,
3173 keys->client_write_MAC_secret, WC_MAX_DIGEST_SIZE);
3174 #endif
3175 XMEMCPY(ssl->keys.client_write_key,
3176 keys->client_write_key, AES_256_KEY_SIZE);
3177 XMEMCPY(ssl->keys.client_write_IV,
3178 keys->client_write_IV, MAX_WRITE_IV_SZ);
3179 } else {
3180 #ifndef WOLFSSL_AEAD_ONLY
3181 XMEMCPY(ssl->keys.server_write_MAC_secret,
3182 keys->server_write_MAC_secret, WC_MAX_DIGEST_SIZE);
3183 #endif
3184 XMEMCPY(ssl->keys.server_write_key,
3185 keys->server_write_key, AES_256_KEY_SIZE);
3186 XMEMCPY(ssl->keys.server_write_IV,
3187 keys->server_write_IV, MAX_WRITE_IV_SZ);
3188 }
3189 if (wc_encrypt) {
3190 ssl->keys.sequence_number_hi = keys->sequence_number_hi;
3191 ssl->keys.sequence_number_lo = keys->sequence_number_lo;
3192 #ifdef HAVE_AEAD
3193 if (ssl->specs.cipher_type == aead) {
3194 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3195 XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
3196 AEAD_MAX_EXP_SZ);
3197
3198 /* Initialize encrypt implicit IV by encrypt side */
3199 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3200 XMEMCPY(ssl->keys.aead_enc_imp_IV,
3201 keys->client_write_IV, AEAD_MAX_IMP_SZ);
3202 } else {
3203 XMEMCPY(ssl->keys.aead_enc_imp_IV,
3204 keys->server_write_IV, AEAD_MAX_IMP_SZ);
3205 }
3206 }
3207 #endif
3208 }
3209 if (wc_decrypt) {
3210 ssl->keys.peer_sequence_number_hi = keys->peer_sequence_number_hi;
3211 ssl->keys.peer_sequence_number_lo = keys->peer_sequence_number_lo;
3212 #ifdef HAVE_AEAD
3213 if (ssl->specs.cipher_type == aead) {
3214 /* Initialize decrypt implicit IV by decrypt side */
3215 if (ssl->options.side == WOLFSSL_SERVER_END) {
3216 XMEMCPY(ssl->keys.aead_dec_imp_IV,
3217 keys->client_write_IV, AEAD_MAX_IMP_SZ);
3218 } else {
3219 XMEMCPY(ssl->keys.aead_dec_imp_IV,
3220 keys->server_write_IV, AEAD_MAX_IMP_SZ);
3221 }
3222 }
3223 #endif
3224 }
3225 CacheStatusPP(ssl->secure_renegotiation);
3226 }
3227#endif /* HAVE_SECURE_RENEGOTIATION */
3228
3229 return ret;
3230}
3231
3232
3233/* TLS can call too */
3234int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
3235{
3236 int sz, i = 0;
3237 Keys* keys = &ssl->keys;
3238#ifdef WOLFSSL_DTLS
3239 /* In case of DTLS, ssl->keys is updated here */
3240 int scr_copy = 0;
3241#endif
3242
3243#ifdef HAVE_SECURE_RENEGOTIATION
3244 if (ssl->secure_renegotiation &&
3245 ssl->secure_renegotiation->cache_status == SCR_CACHE_NEEDED) {
3246 keys = &ssl->secure_renegotiation->tmp_keys;
3247#ifdef WOLFSSL_DTLS
3248 if (ssl->options.dtls) {
3249 /* epoch is incremented after StoreKeys is called */
3250 ssl->secure_renegotiation->tmp_keys.dtls_epoch = ssl->keys.dtls_epoch + 1;
3251 /* we only need to copy keys on second and future renegotiations */
3252 if (ssl->keys.dtls_epoch > 1)
3253 scr_copy = 1;
3254 ssl->encrypt.src = KEYS_NOT_SET;
3255 ssl->decrypt.src = KEYS_NOT_SET;
3256 }
3257#endif
3258 CacheStatusPP(ssl->secure_renegotiation);
3259 }
3260#endif /* HAVE_SECURE_RENEGOTIATION */
3261
3262#ifdef WOLFSSL_MULTICAST
3263 if (ssl->options.haveMcast) {
3264 /* Use the same keys for encrypt and decrypt. */
3265 if (ssl->specs.cipher_type != aead) {
3266 sz = ssl->specs.hash_size;
3267 #ifndef WOLFSSL_AEAD_ONLY
3268
3269 #ifdef WOLFSSL_DTLS
3270 if (scr_copy) {
3271 XMEMCPY(ssl->keys.client_write_MAC_secret,
3272 keys->client_write_MAC_secret, sz);
3273 XMEMCPY(ssl->keys.server_write_MAC_secret,
3274 keys->server_write_MAC_secret, sz);
3275 }
3276 #endif
3277 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3278 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3279 #endif
3280 i += sz;
3281 }
3282 sz = ssl->specs.key_size;
3283 #ifdef WOLFSSL_DTLS
3284 if (scr_copy) {
3285 XMEMCPY(ssl->keys.client_write_key,
3286 keys->client_write_key, sz);
3287 XMEMCPY(ssl->keys.server_write_key,
3288 keys->server_write_key, sz);
3289 }
3290 #endif
3291 XMEMCPY(keys->client_write_key, &keyData[i], sz);
3292 XMEMCPY(keys->server_write_key, &keyData[i], sz);
3293 i += sz;
3294
3295 sz = ssl->specs.iv_size;
3296 #ifdef WOLFSSL_DTLS
3297 if (scr_copy) {
3298 XMEMCPY(ssl->keys.client_write_IV,
3299 keys->client_write_IV, sz);
3300 XMEMCPY(ssl->keys.server_write_IV,
3301 keys->server_write_IV, sz);
3302 }
3303 #endif
3304 XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3305 XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3306
3307#ifdef HAVE_AEAD
3308 if (ssl->specs.cipher_type == aead) {
3309 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3310 #ifdef WOLFSSL_DTLS
3311 if (scr_copy) {
3312 XMEMCPY(ssl->keys.aead_exp_IV,
3313 keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
3314 }
3315 #endif
3316 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3317 }
3318#endif /* HAVE_AEAD */
3319
3320 return 0;
3321 }
3322#endif /* WOLFSSL_MULTICAST */
3323
3324 if (ssl->specs.cipher_type != aead) {
3325 sz = ssl->specs.hash_size;
3326 if (side & PROVISION_CLIENT) {
3327 #ifndef WOLFSSL_AEAD_ONLY
3328 #ifdef WOLFSSL_DTLS
3329 if (scr_copy)
3330 XMEMCPY(ssl->keys.client_write_MAC_secret,
3331 keys->client_write_MAC_secret, sz);
3332 #endif
3333 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3334 #endif
3335 i += sz;
3336 }
3337 if (side & PROVISION_SERVER) {
3338 #ifndef WOLFSSL_AEAD_ONLY
3339 #ifdef WOLFSSL_DTLS
3340 if (scr_copy)
3341 XMEMCPY(ssl->keys.server_write_MAC_secret,
3342 keys->server_write_MAC_secret, sz);
3343 #endif
3344 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3345 #endif
3346 i += sz;
3347 }
3348 }
3349 sz = ssl->specs.key_size;
3350 if (side & PROVISION_CLIENT) {
3351 #ifdef WOLFSSL_DTLS
3352 if (scr_copy)
3353 XMEMCPY(ssl->keys.client_write_key,
3354 keys->client_write_key, sz);
3355 #endif
3356 XMEMCPY(keys->client_write_key, &keyData[i], sz);
3357 i += sz;
3358 }
3359 if (side & PROVISION_SERVER) {
3360 #ifdef WOLFSSL_DTLS
3361 if (scr_copy)
3362 XMEMCPY(ssl->keys.server_write_key,
3363 keys->server_write_key, sz);
3364 #endif
3365 XMEMCPY(keys->server_write_key, &keyData[i], sz);
3366 i += sz;
3367 }
3368
3369 sz = ssl->specs.iv_size;
3370 if (side & PROVISION_CLIENT) {
3371 #ifdef WOLFSSL_DTLS
3372 if (scr_copy)
3373 XMEMCPY(ssl->keys.client_write_IV,
3374 keys->client_write_IV, sz);
3375 #endif
3376 XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3377 i += sz;
3378 }
3379 if (side & PROVISION_SERVER) {
3380 #ifdef WOLFSSL_DTLS
3381 if (scr_copy)
3382 XMEMCPY(ssl->keys.server_write_IV,
3383 keys->server_write_IV, sz);
3384 #endif
3385 XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3386 }
3387
3388#ifdef HAVE_AEAD
3389 if (ssl->specs.cipher_type == aead) {
3390 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3391 #ifdef WOLFSSL_DTLS
3392 if (scr_copy)
3393 XMEMMOVE(ssl->keys.aead_exp_IV,
3394 keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
3395 #endif
3396 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3397 }
3398#endif
3399
3400 return 0;
3401}
3402
3403#ifndef NO_OLD_TLS
3404int DeriveKeys(WOLFSSL* ssl)
3405{
3406 int length = 2 * ssl->specs.hash_size +
3407 2 * ssl->specs.key_size +
3408 2 * ssl->specs.iv_size;
3409 int rounds = (length + WC_MD5_DIGEST_SIZE - 1 ) / WC_MD5_DIGEST_SIZE, i;
3410 int ret = 0;
3411
3412#ifdef WOLFSSL_SMALL_STACK
3413 byte* shaOutput;
3414 byte* md5Input;
3415 byte* shaInput;
3416 byte* keyData;
3417 wc_Md5* md5;
3418 wc_Sha* sha;
3419#else
3420 byte shaOutput[WC_SHA_DIGEST_SIZE];
3421 byte md5Input[SECRET_LEN + WC_SHA_DIGEST_SIZE];
3422 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
3423 byte keyData[KEY_PREFIX * WC_MD5_DIGEST_SIZE];
3424 wc_Md5 md5[1];
3425 wc_Sha sha[1];
3426#endif
3427
3428#ifdef WOLFSSL_SMALL_STACK
3429 shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3430 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3431 md5Input = (byte*)XMALLOC(SECRET_LEN + WC_SHA_DIGEST_SIZE,
3432 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3433 shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN,
3434 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3435 keyData = (byte*)XMALLOC(KEY_PREFIX * WC_MD5_DIGEST_SIZE,
3436 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3437 md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3438 sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3439
3440 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3441 keyData == NULL || md5 == NULL || sha == NULL) {
3442 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3443 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3444 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3445 if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3446 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3447 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3448
3449 return MEMORY_E;
3450 }
3451#endif
3452 XMEMSET(shaOutput, 0, WC_SHA_DIGEST_SIZE);
3453 ret = wc_InitMd5(md5);
3454 if (ret == 0) {
3455 ret = wc_InitSha(sha);
3456 }
3457 if (ret == 0) {
3458 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
3459
3460 for (i = 0; i < rounds; ++i) {
3461 int j = i + 1;
3462 int idx = j;
3463
3464 if (!SetPrefix(shaInput, i)) {
3465 ret = PREFIX_ERROR;
3466 break;
3467 }
3468
3469 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
3470 idx += SECRET_LEN;
3471 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3472 idx += RAN_LEN;
3473 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3474 if (ret == 0) {
3475 ret = wc_ShaUpdate(sha, shaInput,
3476 (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j);
3477 }
3478 if (ret == 0) {
3479 ret = wc_ShaFinal(sha, shaOutput);
3480 }
3481
3482 XMEMCPY(md5Input + SECRET_LEN, shaOutput, WC_SHA_DIGEST_SIZE);
3483 if (ret == 0) {
3484 ret = wc_Md5Update(md5, md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE);
3485 }
3486 if (ret == 0) {
3487 ret = wc_Md5Final(md5, keyData + i * WC_MD5_DIGEST_SIZE);
3488 }
3489 }
3490
3491 if (ret == 0)
3492 ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER);
3493 }
3494
3495#ifdef WOLFSSL_SMALL_STACK
3496 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3497 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3498 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3499 XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3500 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3501 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3502#endif
3503
3504 return ret;
3505}
3506
3507
3508static int CleanPreMaster(WOLFSSL* ssl)
3509{
3510 int i, ret, sz = ssl->arrays->preMasterSz;
3511
3512 for (i = 0; i < sz; i++)
3513 ssl->arrays->preMasterSecret[i] = 0;
3514
3515 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
3516 if (ret != 0)
3517 return ret;
3518
3519 for (i = 0; i < sz; i++)
3520 ssl->arrays->preMasterSecret[i] = 0;
3521
3522 XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
3523 ssl->arrays->preMasterSecret = NULL;
3524 ssl->arrays->preMasterSz = 0;
3525
3526 return 0;
3527}
3528
3529
3530/* Create and store the master secret see page 32, 6.1 */
3531static int MakeSslMasterSecret(WOLFSSL* ssl)
3532{
3533 int i, ret;
3534 word32 idx;
3535 word32 pmsSz = ssl->arrays->preMasterSz;
3536
3537#ifdef WOLFSSL_SMALL_STACK
3538 byte* shaOutput;
3539 byte* md5Input;
3540 byte* shaInput;
3541 wc_Md5* md5;
3542 wc_Sha* sha;
3543#else
3544 byte shaOutput[WC_SHA_DIGEST_SIZE];
3545 byte md5Input[ENCRYPT_LEN + WC_SHA_DIGEST_SIZE];
3546 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
3547 wc_Md5 md5[1];
3548 wc_Sha sha[1];
3549#endif
3550
3551#ifdef SHOW_SECRETS
3552 {
3553 word32 j;
3554 printf("pre master secret: ");
3555 for (j = 0; j < pmsSz; j++)
3556 printf("%02x", ssl->arrays->preMasterSecret[j]);
3557 printf("\n");
3558 }
3559#endif
3560
3561#ifdef WOLFSSL_SMALL_STACK
3562 shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3563 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3564 md5Input = (byte*)XMALLOC(ENCRYPT_LEN + WC_SHA_DIGEST_SIZE,
3565 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3566 shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN,
3567 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3568 md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3569 sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3570
3571 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3572 md5 == NULL || sha == NULL) {
3573 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3574 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3575 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3576 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3577 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3578
3579 return MEMORY_E;
3580 }
3581#endif
3582 XMEMSET(shaOutput, 0, WC_SHA_DIGEST_SIZE);
3583
3584 ret = wc_InitMd5(md5);
3585 if (ret == 0) {
3586 ret = wc_InitSha(sha);
3587 }
3588 if (ret == 0) {
3589 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
3590
3591 for (i = 0; i < MASTER_ROUNDS; ++i) {
3592 byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */
3593 if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */
3594 ret = PREFIX_ERROR;
3595 break;
3596 }
3597
3598 idx = 0;
3599 XMEMCPY(shaInput, prefix, i + 1);
3600 idx += i + 1;
3601
3602 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
3603 idx += pmsSz;
3604 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3605 idx += RAN_LEN;
3606 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3607 idx += RAN_LEN;
3608 if (ret == 0) {
3609 ret = wc_ShaUpdate(sha, shaInput, idx);
3610 }
3611 if (ret == 0) {
3612 ret = wc_ShaFinal(sha, shaOutput);
3613 }
3614 idx = pmsSz; /* preSz */
3615 XMEMCPY(md5Input + idx, shaOutput, WC_SHA_DIGEST_SIZE);
3616 idx += WC_SHA_DIGEST_SIZE;
3617 if (ret == 0) {
3618 ret = wc_Md5Update(md5, md5Input, idx);
3619 }
3620 if (ret == 0) {
3621 ret = wc_Md5Final(md5,
3622 &ssl->arrays->masterSecret[i * WC_MD5_DIGEST_SIZE]);
3623 }
3624 }
3625
3626#ifdef SHOW_SECRETS
3627 {
3628 word32 j;
3629 printf("master secret: ");
3630 for (j = 0; j < SECRET_LEN; j++)
3631 printf("%02x", ssl->arrays->masterSecret[j]);
3632 printf("\n");
3633 }
3634#endif
3635
3636 if (ret == 0)
3637 ret = DeriveKeys(ssl);
3638 }
3639
3640#ifdef WOLFSSL_SMALL_STACK
3641 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3642 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3643 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3644 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3645 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3646#endif
3647
3648 if (ret == 0)
3649 ret = CleanPreMaster(ssl);
3650 else
3651 CleanPreMaster(ssl);
3652
3653 return ret;
3654}
3655#endif
3656
3657
3658/* Master wrapper, doesn't use SSL stack space in TLS mode */
3659int MakeMasterSecret(WOLFSSL* ssl)
3660{
3661 /* append secret to premaster : premaster | SerSi | CliSi */
3662#ifdef HAVE_QSH
3663 word32 offset = 0;
3664
3665 if (ssl->peerQSHKeyPresent) {
3666 offset += ssl->arrays->preMasterSz;
3667 ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length +
3668 ssl->QSH_secret->SerSi->length;
3669 /* test and set flag if QSH has been used */
3670 if (ssl->QSH_secret->CliSi->length > 0 ||
3671 ssl->QSH_secret->SerSi->length > 0)
3672 ssl->isQSH = 1;
3673
3674 /* append secrets to the premaster */
3675 if (ssl->QSH_secret->SerSi != NULL) {
3676 XMEMCPY(ssl->arrays->preMasterSecret + offset,
3677 ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length);
3678 }
3679 offset += ssl->QSH_secret->SerSi->length;
3680 if (ssl->QSH_secret->CliSi != NULL) {
3681 XMEMCPY(ssl->arrays->preMasterSecret + offset,
3682 ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length);
3683 }
3684
3685 /* show secret SerSi and CliSi */
3686 #ifdef SHOW_SECRETS
3687 {
3688 word32 j;
3689 printf("QSH generated secret material\n");
3690 printf("SerSi : ");
3691 for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) {
3692 printf("%02x", ssl->QSH_secret->SerSi->buffer[j]);
3693 }
3694 printf("\n");
3695 printf("CliSi : ");
3696 for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) {
3697 printf("%02x", ssl->QSH_secret->CliSi->buffer[j]);
3698 }
3699 printf("\n");
3700 }
3701 #endif
3702 }
3703#endif
3704
3705#ifndef NO_OLD_TLS
3706 if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
3707 return MakeSslMasterSecret(ssl);
3708#elif !defined(WOLFSSL_NO_TLS12)
3709 return MakeTlsMasterSecret(ssl);
3710#else
3711 (void)ssl;
3712 return 0;
3713#endif
3714}
3715
3716#endif /* WOLFCRYPT_ONLY */
Note: See TracBrowser for help on using the repository browser.