source: asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/src/keys.c@ 352

Last change on this file since 352 was 352, checked in by coas-nagasima, 6 years ago

arm向けASP3版ECNLを追加
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc;charset=UTF-8
File size: 132.3 KB
Line 
1/* keys.c
2 *
3 * Copyright (C) 2006-2017 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23/* Name change compatibility layer no longer needs to be included here */
24
25#ifdef HAVE_CONFIG_H
26 #include <config.h>
27#endif
28
29#include <wolfssl/wolfcrypt/settings.h>
30
31#ifndef WOLFCRYPT_ONLY
32
33#include <wolfssl/internal.h>
34#include <wolfssl/error-ssl.h>
35#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
36 #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
37 #if MQX_USE_IO_OLD
38 #include <fio.h>
39 #else
40 #include <nio.h>
41 #endif
42 #else
43 #include <stdio.h>
44 #endif
45#endif
46
47
48int SetCipherSpecs(WOLFSSL* ssl)
49{
50#ifndef NO_WOLFSSL_CLIENT
51 if (ssl->options.side == WOLFSSL_CLIENT_END) {
52 /* server side verified before SetCipherSpecs call */
53 if (VerifyClientSuite(ssl) != 1) {
54 WOLFSSL_MSG("SetCipherSpecs() client has an unusuable suite");
55 return UNSUPPORTED_SUITE;
56 }
57 }
58#endif /* NO_WOLFSSL_CLIENT */
59
60 /* Chacha extensions, 0xcc */
61 if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
62
63 switch (ssl->options.cipherSuite) {
64#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
65 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
66 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
67 ssl->specs.cipher_type = aead;
68 ssl->specs.mac_algorithm = sha256_mac;
69 ssl->specs.kea = ecc_diffie_hellman_kea;
70 ssl->specs.sig_algo = rsa_sa_algo;
71 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
72 ssl->specs.pad_size = PAD_SHA;
73 ssl->specs.static_ecdh = 0;
74 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
75 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
76 ssl->specs.iv_size = CHACHA20_IV_SIZE;
77 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
78 ssl->options.oldPoly = 1; /* use old poly1305 padding */
79
80 break;
81#endif
82
83#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
84 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
85 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
86 ssl->specs.cipher_type = aead;
87 ssl->specs.mac_algorithm = sha256_mac;
88 ssl->specs.kea = ecc_diffie_hellman_kea;
89 ssl->specs.sig_algo = ecc_dsa_sa_algo;
90 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
91 ssl->specs.pad_size = PAD_SHA;
92 ssl->specs.static_ecdh = 0;
93 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
94 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
95 ssl->specs.iv_size = CHACHA20_IV_SIZE;
96 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
97 ssl->options.oldPoly = 1; /* use old poly1305 padding */
98
99 break;
100#endif
101
102#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
103 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
104 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
105 ssl->specs.cipher_type = aead;
106 ssl->specs.mac_algorithm = sha256_mac;
107 ssl->specs.kea = diffie_hellman_kea;
108 ssl->specs.sig_algo = rsa_sa_algo;
109 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
110 ssl->specs.pad_size = PAD_SHA;
111 ssl->specs.static_ecdh = 0;
112 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
113 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
114 ssl->specs.iv_size = CHACHA20_IV_SIZE;
115 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
116 ssl->options.oldPoly = 1; /* use old poly1305 padding */
117
118 break;
119#endif
120#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
121 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
122 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
123 ssl->specs.cipher_type = aead;
124 ssl->specs.mac_algorithm = sha256_mac;
125 ssl->specs.kea = ecc_diffie_hellman_kea;
126 ssl->specs.sig_algo = rsa_sa_algo;
127 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
128 ssl->specs.pad_size = PAD_SHA;
129 ssl->specs.static_ecdh = 0;
130 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
131 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
132 ssl->specs.iv_size = CHACHA20_IV_SIZE;
133 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
134 ssl->options.oldPoly = 0; /* use recent padding RFC */
135
136 break;
137#endif
138
139#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
140 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
141 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
142 ssl->specs.cipher_type = aead;
143 ssl->specs.mac_algorithm = sha256_mac;
144 ssl->specs.kea = ecc_diffie_hellman_kea;
145 ssl->specs.sig_algo = ecc_dsa_sa_algo;
146 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
147 ssl->specs.pad_size = PAD_SHA;
148 ssl->specs.static_ecdh = 0;
149 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
150 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
151 ssl->specs.iv_size = CHACHA20_IV_SIZE;
152 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
153 ssl->options.oldPoly = 0; /* use recent padding RFC */
154
155 break;
156#endif
157
158#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
159 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
160 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
161 ssl->specs.cipher_type = aead;
162 ssl->specs.mac_algorithm = sha256_mac;
163 ssl->specs.kea = diffie_hellman_kea;
164 ssl->specs.sig_algo = rsa_sa_algo;
165 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
166 ssl->specs.pad_size = PAD_SHA;
167 ssl->specs.static_ecdh = 0;
168 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
169 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
170 ssl->specs.iv_size = CHACHA20_IV_SIZE;
171 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
172 ssl->options.oldPoly = 0; /* use recent padding RFC */
173
174 break;
175#endif
176
177#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
178 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256:
179 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
180 ssl->specs.cipher_type = aead;
181 ssl->specs.mac_algorithm = sha256_mac;
182 ssl->specs.kea = psk_kea;
183 ssl->specs.sig_algo = anonymous_sa_algo;
184 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
185 ssl->specs.pad_size = PAD_SHA;
186 ssl->specs.static_ecdh = 0;
187 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
188 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
189 ssl->specs.iv_size = CHACHA20_IV_SIZE;
190 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
191
192 ssl->options.oldPoly = 0; /* use recent padding RFC */
193 ssl->options.usingPSK_cipher = 1;
194 break;
195#endif
196
197#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
198 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
199 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
200 ssl->specs.cipher_type = aead;
201 ssl->specs.mac_algorithm = sha256_mac;
202 ssl->specs.kea = ecdhe_psk_kea;
203 ssl->specs.sig_algo = anonymous_sa_algo;
204 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
205 ssl->specs.pad_size = PAD_SHA;
206 ssl->specs.static_ecdh = 0;
207 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
208 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
209 ssl->specs.iv_size = CHACHA20_IV_SIZE;
210 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
211
212 ssl->options.oldPoly = 0; /* use recent padding RFC */
213 ssl->options.usingPSK_cipher = 1;
214 break;
215#endif
216
217#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
218 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
219 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
220 ssl->specs.cipher_type = aead;
221 ssl->specs.mac_algorithm = sha256_mac;
222 ssl->specs.kea = dhe_psk_kea;
223 ssl->specs.sig_algo = anonymous_sa_algo;
224 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
225 ssl->specs.pad_size = PAD_SHA;
226 ssl->specs.static_ecdh = 0;
227 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
228 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
229 ssl->specs.iv_size = CHACHA20_IV_SIZE;
230 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
231
232 ssl->options.oldPoly = 0; /* use recent padding RFC */
233 ssl->options.usingPSK_cipher = 1;
234 break;
235#endif
236 default:
237 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
238 return UNSUPPORTED_SUITE;
239 }
240 }
241
242 /* ECC extensions, or AES-CCM */
243 if (ssl->options.cipherSuite0 == ECC_BYTE) {
244
245 switch (ssl->options.cipherSuite) {
246
247#ifdef HAVE_ECC
248
249#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
250 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
251 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
252 ssl->specs.cipher_type = block;
253 ssl->specs.mac_algorithm = sha256_mac;
254 ssl->specs.kea = ecc_diffie_hellman_kea;
255 ssl->specs.sig_algo = rsa_sa_algo;
256 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
257 ssl->specs.pad_size = PAD_SHA;
258 ssl->specs.static_ecdh = 0;
259 ssl->specs.key_size = AES_128_KEY_SIZE;
260 ssl->specs.iv_size = AES_IV_SIZE;
261 ssl->specs.block_size = AES_BLOCK_SIZE;
262 break;
263#endif
264
265#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
266 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
267 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
268 ssl->specs.cipher_type = block;
269 ssl->specs.mac_algorithm = sha256_mac;
270 ssl->specs.kea = ecc_diffie_hellman_kea;
271 ssl->specs.sig_algo = ecc_dsa_sa_algo;
272 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
273 ssl->specs.pad_size = PAD_SHA;
274 ssl->specs.static_ecdh = 0;
275 ssl->specs.key_size = AES_128_KEY_SIZE;
276 ssl->specs.iv_size = AES_IV_SIZE;
277 ssl->specs.block_size = AES_BLOCK_SIZE;
278 break;
279#endif
280
281#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
282 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
283 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
284 ssl->specs.cipher_type = block;
285 ssl->specs.mac_algorithm = sha256_mac;
286 ssl->specs.kea = ecc_diffie_hellman_kea;
287 ssl->specs.sig_algo = rsa_sa_algo;
288 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
289 ssl->specs.pad_size = PAD_SHA;
290 ssl->specs.static_ecdh = 1;
291 ssl->specs.key_size = AES_128_KEY_SIZE;
292 ssl->specs.iv_size = AES_IV_SIZE;
293 ssl->specs.block_size = AES_BLOCK_SIZE;
294 break;
295#endif
296
297#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
298 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
299 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
300 ssl->specs.cipher_type = block;
301 ssl->specs.mac_algorithm = sha256_mac;
302 ssl->specs.kea = ecc_diffie_hellman_kea;
303 ssl->specs.sig_algo = ecc_dsa_sa_algo;
304 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
305 ssl->specs.pad_size = PAD_SHA;
306 ssl->specs.static_ecdh = 1;
307 ssl->specs.key_size = AES_128_KEY_SIZE;
308 ssl->specs.iv_size = AES_IV_SIZE;
309 ssl->specs.block_size = AES_BLOCK_SIZE;
310 break;
311#endif
312
313#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
314 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
315 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
316 ssl->specs.cipher_type = block;
317 ssl->specs.mac_algorithm = sha384_mac;
318 ssl->specs.kea = ecc_diffie_hellman_kea;
319 ssl->specs.sig_algo = rsa_sa_algo;
320 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
321 ssl->specs.pad_size = PAD_SHA;
322 ssl->specs.static_ecdh = 0;
323 ssl->specs.key_size = AES_256_KEY_SIZE;
324 ssl->specs.iv_size = AES_IV_SIZE;
325 ssl->specs.block_size = AES_BLOCK_SIZE;
326 break;
327#endif
328
329#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
330 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
331 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
332 ssl->specs.cipher_type = block;
333 ssl->specs.mac_algorithm = sha384_mac;
334 ssl->specs.kea = ecc_diffie_hellman_kea;
335 ssl->specs.sig_algo = ecc_dsa_sa_algo;
336 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
337 ssl->specs.pad_size = PAD_SHA;
338 ssl->specs.static_ecdh = 0;
339 ssl->specs.key_size = AES_256_KEY_SIZE;
340 ssl->specs.iv_size = AES_IV_SIZE;
341 ssl->specs.block_size = AES_BLOCK_SIZE;
342 break;
343#endif
344
345#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
346 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
347 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
348 ssl->specs.cipher_type = block;
349 ssl->specs.mac_algorithm = sha384_mac;
350 ssl->specs.kea = ecc_diffie_hellman_kea;
351 ssl->specs.sig_algo = rsa_sa_algo;
352 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
353 ssl->specs.pad_size = PAD_SHA;
354 ssl->specs.static_ecdh = 1;
355 ssl->specs.key_size = AES_256_KEY_SIZE;
356 ssl->specs.iv_size = AES_IV_SIZE;
357 ssl->specs.block_size = AES_BLOCK_SIZE;
358 break;
359#endif
360
361#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
362 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
363 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
364 ssl->specs.cipher_type = block;
365 ssl->specs.mac_algorithm = sha384_mac;
366 ssl->specs.kea = ecc_diffie_hellman_kea;
367 ssl->specs.sig_algo = ecc_dsa_sa_algo;
368 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
369 ssl->specs.pad_size = PAD_SHA;
370 ssl->specs.static_ecdh = 1;
371 ssl->specs.key_size = AES_256_KEY_SIZE;
372 ssl->specs.iv_size = AES_IV_SIZE;
373 ssl->specs.block_size = AES_BLOCK_SIZE;
374 break;
375#endif
376
377#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
378 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
379 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
380 ssl->specs.cipher_type = block;
381 ssl->specs.mac_algorithm = sha_mac;
382 ssl->specs.kea = ecc_diffie_hellman_kea;
383 ssl->specs.sig_algo = rsa_sa_algo;
384 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
385 ssl->specs.pad_size = PAD_SHA;
386 ssl->specs.static_ecdh = 0;
387 ssl->specs.key_size = AES_128_KEY_SIZE;
388 ssl->specs.block_size = AES_BLOCK_SIZE;
389 ssl->specs.iv_size = AES_IV_SIZE;
390
391 break;
392#endif
393
394#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
395 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
396 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
397 ssl->specs.cipher_type = block;
398 ssl->specs.mac_algorithm = sha_mac;
399 ssl->specs.kea = ecc_diffie_hellman_kea;
400 ssl->specs.sig_algo = rsa_sa_algo;
401 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
402 ssl->specs.pad_size = PAD_SHA;
403 ssl->specs.static_ecdh = 1;
404 ssl->specs.key_size = AES_128_KEY_SIZE;
405 ssl->specs.block_size = AES_BLOCK_SIZE;
406 ssl->specs.iv_size = AES_IV_SIZE;
407
408 break;
409#endif
410
411#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
412 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
413 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
414 ssl->specs.cipher_type = block;
415 ssl->specs.mac_algorithm = sha_mac;
416 ssl->specs.kea = ecc_diffie_hellman_kea;
417 ssl->specs.sig_algo = rsa_sa_algo;
418 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
419 ssl->specs.pad_size = PAD_SHA;
420 ssl->specs.static_ecdh = 0;
421 ssl->specs.key_size = DES3_KEY_SIZE;
422 ssl->specs.block_size = DES_BLOCK_SIZE;
423 ssl->specs.iv_size = DES_IV_SIZE;
424
425 break;
426#endif
427
428#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
429 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
430 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
431 ssl->specs.cipher_type = block;
432 ssl->specs.mac_algorithm = sha_mac;
433 ssl->specs.kea = ecc_diffie_hellman_kea;
434 ssl->specs.sig_algo = rsa_sa_algo;
435 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
436 ssl->specs.pad_size = PAD_SHA;
437 ssl->specs.static_ecdh = 1;
438 ssl->specs.key_size = DES3_KEY_SIZE;
439 ssl->specs.block_size = DES_BLOCK_SIZE;
440 ssl->specs.iv_size = DES_IV_SIZE;
441
442 break;
443#endif
444
445#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
446 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
447 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
448 ssl->specs.cipher_type = stream;
449 ssl->specs.mac_algorithm = sha_mac;
450 ssl->specs.kea = ecc_diffie_hellman_kea;
451 ssl->specs.sig_algo = rsa_sa_algo;
452 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
453 ssl->specs.pad_size = PAD_SHA;
454 ssl->specs.static_ecdh = 0;
455 ssl->specs.key_size = RC4_KEY_SIZE;
456 ssl->specs.iv_size = 0;
457 ssl->specs.block_size = 0;
458
459 break;
460#endif
461
462#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
463 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
464 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
465 ssl->specs.cipher_type = stream;
466 ssl->specs.mac_algorithm = sha_mac;
467 ssl->specs.kea = ecc_diffie_hellman_kea;
468 ssl->specs.sig_algo = rsa_sa_algo;
469 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
470 ssl->specs.pad_size = PAD_SHA;
471 ssl->specs.static_ecdh = 1;
472 ssl->specs.key_size = RC4_KEY_SIZE;
473 ssl->specs.iv_size = 0;
474 ssl->specs.block_size = 0;
475
476 break;
477#endif
478
479#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
480 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
481 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
482 ssl->specs.cipher_type = block;
483 ssl->specs.mac_algorithm = sha_mac;
484 ssl->specs.kea = ecc_diffie_hellman_kea;
485 ssl->specs.sig_algo = ecc_dsa_sa_algo;
486 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
487 ssl->specs.pad_size = PAD_SHA;
488 ssl->specs.static_ecdh = 0;
489 ssl->specs.key_size = DES3_KEY_SIZE;
490 ssl->specs.block_size = DES_BLOCK_SIZE;
491 ssl->specs.iv_size = DES_IV_SIZE;
492
493 break;
494#endif
495
496#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
497 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
498 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
499 ssl->specs.cipher_type = block;
500 ssl->specs.mac_algorithm = sha_mac;
501 ssl->specs.kea = ecc_diffie_hellman_kea;
502 ssl->specs.sig_algo = ecc_dsa_sa_algo;
503 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
504 ssl->specs.pad_size = PAD_SHA;
505 ssl->specs.static_ecdh = 1;
506 ssl->specs.key_size = DES3_KEY_SIZE;
507 ssl->specs.block_size = DES_BLOCK_SIZE;
508 ssl->specs.iv_size = DES_IV_SIZE;
509
510 break;
511#endif
512
513#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
514 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
515 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
516 ssl->specs.cipher_type = stream;
517 ssl->specs.mac_algorithm = sha_mac;
518 ssl->specs.kea = ecc_diffie_hellman_kea;
519 ssl->specs.sig_algo = ecc_dsa_sa_algo;
520 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
521 ssl->specs.pad_size = PAD_SHA;
522 ssl->specs.static_ecdh = 0;
523 ssl->specs.key_size = RC4_KEY_SIZE;
524 ssl->specs.iv_size = 0;
525 ssl->specs.block_size = 0;
526
527 break;
528#endif
529
530#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
531 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
532 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
533 ssl->specs.cipher_type = stream;
534 ssl->specs.mac_algorithm = sha_mac;
535 ssl->specs.kea = ecc_diffie_hellman_kea;
536 ssl->specs.sig_algo = ecc_dsa_sa_algo;
537 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
538 ssl->specs.pad_size = PAD_SHA;
539 ssl->specs.static_ecdh = 1;
540 ssl->specs.key_size = RC4_KEY_SIZE;
541 ssl->specs.iv_size = 0;
542 ssl->specs.block_size = 0;
543
544 break;
545#endif
546
547#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
548 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
549 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
550 ssl->specs.cipher_type = block;
551 ssl->specs.mac_algorithm = sha_mac;
552 ssl->specs.kea = ecc_diffie_hellman_kea;
553 ssl->specs.sig_algo = rsa_sa_algo;
554 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
555 ssl->specs.pad_size = PAD_SHA;
556 ssl->specs.static_ecdh = 0;
557 ssl->specs.key_size = AES_256_KEY_SIZE;
558 ssl->specs.block_size = AES_BLOCK_SIZE;
559 ssl->specs.iv_size = AES_IV_SIZE;
560
561 break;
562#endif
563
564#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
565 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
566 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
567 ssl->specs.cipher_type = block;
568 ssl->specs.mac_algorithm = sha_mac;
569 ssl->specs.kea = ecc_diffie_hellman_kea;
570 ssl->specs.sig_algo = rsa_sa_algo;
571 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
572 ssl->specs.pad_size = PAD_SHA;
573 ssl->specs.static_ecdh = 1;
574 ssl->specs.key_size = AES_256_KEY_SIZE;
575 ssl->specs.block_size = AES_BLOCK_SIZE;
576 ssl->specs.iv_size = AES_IV_SIZE;
577
578 break;
579#endif
580
581#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
582 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
583 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
584 ssl->specs.cipher_type = block;
585 ssl->specs.mac_algorithm = sha_mac;
586 ssl->specs.kea = ecc_diffie_hellman_kea;
587 ssl->specs.sig_algo = ecc_dsa_sa_algo;
588 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
589 ssl->specs.pad_size = PAD_SHA;
590 ssl->specs.static_ecdh = 0;
591 ssl->specs.key_size = AES_128_KEY_SIZE;
592 ssl->specs.block_size = AES_BLOCK_SIZE;
593 ssl->specs.iv_size = AES_IV_SIZE;
594
595 break;
596#endif
597
598#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
599 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
600 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
601 ssl->specs.cipher_type = block;
602 ssl->specs.mac_algorithm = sha_mac;
603 ssl->specs.kea = ecc_diffie_hellman_kea;
604 ssl->specs.sig_algo = ecc_dsa_sa_algo;
605 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
606 ssl->specs.pad_size = PAD_SHA;
607 ssl->specs.static_ecdh = 1;
608 ssl->specs.key_size = AES_128_KEY_SIZE;
609 ssl->specs.block_size = AES_BLOCK_SIZE;
610 ssl->specs.iv_size = AES_IV_SIZE;
611
612 break;
613#endif
614
615#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
616 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
617 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
618 ssl->specs.cipher_type = block;
619 ssl->specs.mac_algorithm = sha_mac;
620 ssl->specs.kea = ecc_diffie_hellman_kea;
621 ssl->specs.sig_algo = ecc_dsa_sa_algo;
622 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
623 ssl->specs.pad_size = PAD_SHA;
624 ssl->specs.static_ecdh = 0;
625 ssl->specs.key_size = AES_256_KEY_SIZE;
626 ssl->specs.block_size = AES_BLOCK_SIZE;
627 ssl->specs.iv_size = AES_IV_SIZE;
628
629 break;
630#endif
631
632#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
633 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
634 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
635 ssl->specs.cipher_type = block;
636 ssl->specs.mac_algorithm = sha_mac;
637 ssl->specs.kea = ecc_diffie_hellman_kea;
638 ssl->specs.sig_algo = ecc_dsa_sa_algo;
639 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
640 ssl->specs.pad_size = PAD_SHA;
641 ssl->specs.static_ecdh = 1;
642 ssl->specs.key_size = AES_256_KEY_SIZE;
643 ssl->specs.block_size = AES_BLOCK_SIZE;
644 ssl->specs.iv_size = AES_IV_SIZE;
645
646 break;
647#endif
648
649#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
650 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
651 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
652 ssl->specs.cipher_type = aead;
653 ssl->specs.mac_algorithm = sha256_mac;
654 ssl->specs.kea = ecc_diffie_hellman_kea;
655 ssl->specs.sig_algo = rsa_sa_algo;
656 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
657 ssl->specs.pad_size = PAD_SHA;
658 ssl->specs.static_ecdh = 0;
659 ssl->specs.key_size = AES_128_KEY_SIZE;
660 ssl->specs.block_size = AES_BLOCK_SIZE;
661 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
662 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
663
664 break;
665#endif
666
667#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
668 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
669 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
670 ssl->specs.cipher_type = aead;
671 ssl->specs.mac_algorithm = sha384_mac;
672 ssl->specs.kea = ecc_diffie_hellman_kea;
673 ssl->specs.sig_algo = rsa_sa_algo;
674 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
675 ssl->specs.pad_size = PAD_SHA;
676 ssl->specs.static_ecdh = 0;
677 ssl->specs.key_size = AES_256_KEY_SIZE;
678 ssl->specs.block_size = AES_BLOCK_SIZE;
679 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
680 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
681
682 break;
683#endif
684
685#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
686 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
687 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
688 ssl->specs.cipher_type = aead;
689 ssl->specs.mac_algorithm = sha256_mac;
690 ssl->specs.kea = ecc_diffie_hellman_kea;
691 ssl->specs.sig_algo = ecc_dsa_sa_algo;
692 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
693 ssl->specs.pad_size = PAD_SHA;
694 ssl->specs.static_ecdh = 0;
695 ssl->specs.key_size = AES_128_KEY_SIZE;
696 ssl->specs.block_size = AES_BLOCK_SIZE;
697 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
698 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
699
700 break;
701#endif
702
703#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
704 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
705 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
706 ssl->specs.cipher_type = aead;
707 ssl->specs.mac_algorithm = sha384_mac;
708 ssl->specs.kea = ecc_diffie_hellman_kea;
709 ssl->specs.sig_algo = ecc_dsa_sa_algo;
710 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
711 ssl->specs.pad_size = PAD_SHA;
712 ssl->specs.static_ecdh = 0;
713 ssl->specs.key_size = AES_256_KEY_SIZE;
714 ssl->specs.block_size = AES_BLOCK_SIZE;
715 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
716 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
717
718 break;
719#endif
720
721#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
722 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
723 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
724 ssl->specs.cipher_type = aead;
725 ssl->specs.mac_algorithm = sha256_mac;
726 ssl->specs.kea = ecc_diffie_hellman_kea;
727 ssl->specs.sig_algo = rsa_sa_algo;
728 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
729 ssl->specs.pad_size = PAD_SHA;
730 ssl->specs.static_ecdh = 1;
731 ssl->specs.key_size = AES_128_KEY_SIZE;
732 ssl->specs.block_size = AES_BLOCK_SIZE;
733 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
734 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
735
736 break;
737#endif
738
739#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
740 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
741 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
742 ssl->specs.cipher_type = aead;
743 ssl->specs.mac_algorithm = sha384_mac;
744 ssl->specs.kea = ecc_diffie_hellman_kea;
745 ssl->specs.sig_algo = rsa_sa_algo;
746 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
747 ssl->specs.pad_size = PAD_SHA;
748 ssl->specs.static_ecdh = 1;
749 ssl->specs.key_size = AES_256_KEY_SIZE;
750 ssl->specs.block_size = AES_BLOCK_SIZE;
751 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
752 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
753
754 break;
755#endif
756
757#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
758 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
759 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
760 ssl->specs.cipher_type = aead;
761 ssl->specs.mac_algorithm = sha256_mac;
762 ssl->specs.kea = ecc_diffie_hellman_kea;
763 ssl->specs.sig_algo = ecc_dsa_sa_algo;
764 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
765 ssl->specs.pad_size = PAD_SHA;
766 ssl->specs.static_ecdh = 1;
767 ssl->specs.key_size = AES_128_KEY_SIZE;
768 ssl->specs.block_size = AES_BLOCK_SIZE;
769 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
770 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
771
772 break;
773#endif
774
775#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
776 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
777 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
778 ssl->specs.cipher_type = aead;
779 ssl->specs.mac_algorithm = sha384_mac;
780 ssl->specs.kea = ecc_diffie_hellman_kea;
781 ssl->specs.sig_algo = ecc_dsa_sa_algo;
782 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
783 ssl->specs.pad_size = PAD_SHA;
784 ssl->specs.static_ecdh = 1;
785 ssl->specs.key_size = AES_256_KEY_SIZE;
786 ssl->specs.block_size = AES_BLOCK_SIZE;
787 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
788 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
789
790 break;
791#endif
792
793#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
794 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
795 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
796 ssl->specs.cipher_type = aead;
797 ssl->specs.mac_algorithm = sha256_mac;
798 ssl->specs.kea = ecc_diffie_hellman_kea;
799 ssl->specs.sig_algo = ecc_dsa_sa_algo;
800 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
801 ssl->specs.pad_size = PAD_SHA;
802 ssl->specs.static_ecdh = 0;
803 ssl->specs.key_size = AES_128_KEY_SIZE;
804 ssl->specs.block_size = AES_BLOCK_SIZE;
805 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
806 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
807
808 break;
809#endif
810
811#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
812 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
813 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
814 ssl->specs.cipher_type = aead;
815 ssl->specs.mac_algorithm = sha256_mac;
816 ssl->specs.kea = ecc_diffie_hellman_kea;
817 ssl->specs.sig_algo = ecc_dsa_sa_algo;
818 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
819 ssl->specs.pad_size = PAD_SHA;
820 ssl->specs.static_ecdh = 0;
821 ssl->specs.key_size = AES_128_KEY_SIZE;
822 ssl->specs.block_size = AES_BLOCK_SIZE;
823 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
824 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
825
826 break;
827#endif
828
829#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
830 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
831 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
832 ssl->specs.cipher_type = aead;
833 ssl->specs.mac_algorithm = sha256_mac;
834 ssl->specs.kea = ecc_diffie_hellman_kea;
835 ssl->specs.sig_algo = ecc_dsa_sa_algo;
836 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
837 ssl->specs.pad_size = PAD_SHA;
838 ssl->specs.static_ecdh = 0;
839 ssl->specs.key_size = AES_256_KEY_SIZE;
840 ssl->specs.block_size = AES_BLOCK_SIZE;
841 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
842 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
843
844 break;
845#endif
846
847#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
848 case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
849 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
850 ssl->specs.cipher_type = stream;
851 ssl->specs.mac_algorithm = sha_mac;
852 ssl->specs.kea = ecc_diffie_hellman_kea;
853 ssl->specs.sig_algo = ecc_dsa_sa_algo;
854 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
855 ssl->specs.pad_size = PAD_SHA;
856 ssl->specs.static_ecdh = 0;
857 ssl->specs.key_size = 0;
858 ssl->specs.block_size = 0;
859 ssl->specs.iv_size = 0;
860
861 break;
862#endif
863
864#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
865 case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
866 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
867 ssl->specs.cipher_type = stream;
868 ssl->specs.mac_algorithm = sha256_mac;
869 ssl->specs.kea = ecdhe_psk_kea;
870 ssl->specs.sig_algo = anonymous_sa_algo;
871 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
872 ssl->specs.pad_size = PAD_SHA;
873 ssl->specs.static_ecdh = 0;
874 ssl->specs.key_size = 0;
875 ssl->specs.block_size = 0;
876 ssl->specs.iv_size = 0;
877
878 ssl->options.usingPSK_cipher = 1;
879 break;
880#endif
881
882#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
883 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
884 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
885 ssl->specs.cipher_type = block;
886 ssl->specs.mac_algorithm = sha256_mac;
887 ssl->specs.kea = ecdhe_psk_kea;
888 ssl->specs.sig_algo = anonymous_sa_algo;
889 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
890 ssl->specs.pad_size = PAD_SHA;
891 ssl->specs.static_ecdh = 0;
892 ssl->specs.key_size = AES_128_KEY_SIZE;
893 ssl->specs.block_size = AES_BLOCK_SIZE;
894 ssl->specs.iv_size = AES_IV_SIZE;
895
896 ssl->options.usingPSK_cipher = 1;
897 break;
898#endif
899#endif /* HAVE_ECC */
900
901#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
902 case TLS_RSA_WITH_AES_128_CCM_8 :
903 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
904 ssl->specs.cipher_type = aead;
905 ssl->specs.mac_algorithm = sha256_mac;
906 ssl->specs.kea = rsa_kea;
907 ssl->specs.sig_algo = rsa_sa_algo;
908 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
909 ssl->specs.pad_size = PAD_SHA;
910 ssl->specs.static_ecdh = 0;
911 ssl->specs.key_size = AES_128_KEY_SIZE;
912 ssl->specs.block_size = AES_BLOCK_SIZE;
913 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
914 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
915
916 break;
917#endif
918
919#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
920 case TLS_RSA_WITH_AES_256_CCM_8 :
921 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
922 ssl->specs.cipher_type = aead;
923 ssl->specs.mac_algorithm = sha256_mac;
924 ssl->specs.kea = rsa_kea;
925 ssl->specs.sig_algo = rsa_sa_algo;
926 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
927 ssl->specs.pad_size = PAD_SHA;
928 ssl->specs.static_ecdh = 0;
929 ssl->specs.key_size = AES_256_KEY_SIZE;
930 ssl->specs.block_size = AES_BLOCK_SIZE;
931 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
932 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
933
934 break;
935#endif
936
937#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
938 case TLS_PSK_WITH_AES_128_CCM_8 :
939 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
940 ssl->specs.cipher_type = aead;
941 ssl->specs.mac_algorithm = sha256_mac;
942 ssl->specs.kea = psk_kea;
943 ssl->specs.sig_algo = anonymous_sa_algo;
944 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
945 ssl->specs.pad_size = PAD_SHA;
946 ssl->specs.static_ecdh = 0;
947 ssl->specs.key_size = AES_128_KEY_SIZE;
948 ssl->specs.block_size = AES_BLOCK_SIZE;
949 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
950 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
951
952 ssl->options.usingPSK_cipher = 1;
953 break;
954#endif
955
956#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
957 case TLS_PSK_WITH_AES_256_CCM_8 :
958 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
959 ssl->specs.cipher_type = aead;
960 ssl->specs.mac_algorithm = sha256_mac;
961 ssl->specs.kea = psk_kea;
962 ssl->specs.sig_algo = anonymous_sa_algo;
963 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
964 ssl->specs.pad_size = PAD_SHA;
965 ssl->specs.static_ecdh = 0;
966 ssl->specs.key_size = AES_256_KEY_SIZE;
967 ssl->specs.block_size = AES_BLOCK_SIZE;
968 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
969 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
970
971 ssl->options.usingPSK_cipher = 1;
972 break;
973#endif
974
975#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
976 case TLS_PSK_WITH_AES_128_CCM :
977 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
978 ssl->specs.cipher_type = aead;
979 ssl->specs.mac_algorithm = sha256_mac;
980 ssl->specs.kea = psk_kea;
981 ssl->specs.sig_algo = anonymous_sa_algo;
982 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
983 ssl->specs.pad_size = PAD_SHA;
984 ssl->specs.static_ecdh = 0;
985 ssl->specs.key_size = AES_128_KEY_SIZE;
986 ssl->specs.block_size = AES_BLOCK_SIZE;
987 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
988 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
989
990 ssl->options.usingPSK_cipher = 1;
991 break;
992#endif
993
994#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
995 case TLS_PSK_WITH_AES_256_CCM :
996 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
997 ssl->specs.cipher_type = aead;
998 ssl->specs.mac_algorithm = sha256_mac;
999 ssl->specs.kea = psk_kea;
1000 ssl->specs.sig_algo = anonymous_sa_algo;
1001 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1002 ssl->specs.pad_size = PAD_SHA;
1003 ssl->specs.static_ecdh = 0;
1004 ssl->specs.key_size = AES_256_KEY_SIZE;
1005 ssl->specs.block_size = AES_BLOCK_SIZE;
1006 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1007 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1008
1009 ssl->options.usingPSK_cipher = 1;
1010 break;
1011#endif
1012
1013#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
1014 case TLS_DHE_PSK_WITH_AES_128_CCM :
1015 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1016 ssl->specs.cipher_type = aead;
1017 ssl->specs.mac_algorithm = sha256_mac;
1018 ssl->specs.kea = dhe_psk_kea;
1019 ssl->specs.sig_algo = anonymous_sa_algo;
1020 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1021 ssl->specs.pad_size = PAD_SHA;
1022 ssl->specs.static_ecdh = 0;
1023 ssl->specs.key_size = AES_128_KEY_SIZE;
1024 ssl->specs.block_size = AES_BLOCK_SIZE;
1025 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1026 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1027
1028 ssl->options.usingPSK_cipher = 1;
1029 break;
1030#endif
1031
1032#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
1033 case TLS_DHE_PSK_WITH_AES_256_CCM :
1034 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1035 ssl->specs.cipher_type = aead;
1036 ssl->specs.mac_algorithm = sha256_mac;
1037 ssl->specs.kea = dhe_psk_kea;
1038 ssl->specs.sig_algo = anonymous_sa_algo;
1039 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1040 ssl->specs.pad_size = PAD_SHA;
1041 ssl->specs.static_ecdh = 0;
1042 ssl->specs.key_size = AES_256_KEY_SIZE;
1043 ssl->specs.block_size = AES_BLOCK_SIZE;
1044 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1045 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1046
1047 ssl->options.usingPSK_cipher = 1;
1048 break;
1049#endif
1050
1051 default:
1052 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
1053 return UNSUPPORTED_SUITE;
1054 } /* switch */
1055 } /* if */
1056
1057 /* TLSi v1.3 cipher suites, 0x13 */
1058 if (ssl->options.cipherSuite0 == TLS13_BYTE) {
1059 switch (ssl->options.cipherSuite) {
1060
1061#ifdef WOLFSSL_TLS13
1062 #ifdef BUILD_TLS_AES_128_GCM_SHA256
1063 case TLS_AES_128_GCM_SHA256 :
1064 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1065 ssl->specs.cipher_type = aead;
1066 ssl->specs.mac_algorithm = sha256_mac;
1067 ssl->specs.kea = 0;
1068 ssl->specs.sig_algo = 0;
1069 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1070 ssl->specs.pad_size = PAD_SHA;
1071 ssl->specs.static_ecdh = 0;
1072 ssl->specs.key_size = AES_128_KEY_SIZE;
1073 ssl->specs.block_size = AES_BLOCK_SIZE;
1074 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1075 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1076
1077 break;
1078 #endif
1079
1080 #ifdef BUILD_TLS_AES_256_GCM_SHA384
1081 case TLS_AES_256_GCM_SHA384 :
1082 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1083 ssl->specs.cipher_type = aead;
1084 ssl->specs.mac_algorithm = sha384_mac;
1085 ssl->specs.kea = 0;
1086 ssl->specs.sig_algo = 0;
1087 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1088 ssl->specs.pad_size = PAD_SHA;
1089 ssl->specs.static_ecdh = 0;
1090 ssl->specs.key_size = AES_256_KEY_SIZE;
1091 ssl->specs.block_size = AES_BLOCK_SIZE;
1092 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1093 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1094
1095 break;
1096 #endif
1097
1098 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
1099 case TLS_CHACHA20_POLY1305_SHA256 :
1100 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
1101 ssl->specs.cipher_type = aead;
1102 ssl->specs.mac_algorithm = sha256_mac;
1103 ssl->specs.kea = 0;
1104 ssl->specs.sig_algo = 0;
1105 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1106 ssl->specs.pad_size = PAD_SHA;
1107 ssl->specs.static_ecdh = 0;
1108 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
1109 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
1110 ssl->specs.iv_size = CHACHA20_IV_SIZE;
1111 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
1112 ssl->options.oldPoly = 0; /* use recent padding RFC */
1113
1114 break;
1115 #endif
1116
1117 #ifdef BUILD_TLS_AES_128_CCM_SHA256
1118 case TLS_AES_128_CCM_SHA256 :
1119 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1120 ssl->specs.cipher_type = aead;
1121 ssl->specs.mac_algorithm = sha256_mac;
1122 ssl->specs.kea = 0;
1123 ssl->specs.sig_algo = 0;
1124 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1125 ssl->specs.pad_size = PAD_SHA;
1126 ssl->specs.static_ecdh = 0;
1127 ssl->specs.key_size = AES_128_KEY_SIZE;
1128 ssl->specs.block_size = AES_BLOCK_SIZE;
1129 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1130 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
1131
1132 break;
1133 #endif
1134
1135 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
1136 case TLS_AES_128_CCM_8_SHA256 :
1137 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1138 ssl->specs.cipher_type = aead;
1139 ssl->specs.mac_algorithm = sha256_mac;
1140 ssl->specs.kea = 0;
1141 ssl->specs.sig_algo = 0;
1142 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1143 ssl->specs.pad_size = PAD_SHA;
1144 ssl->specs.static_ecdh = 0;
1145 ssl->specs.key_size = AES_128_KEY_SIZE;
1146 ssl->specs.block_size = AES_BLOCK_SIZE;
1147 ssl->specs.iv_size = AESGCM_NONCE_SZ;
1148 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
1149
1150 break;
1151 #endif
1152#endif /* WOLFSSL_TLS13 */
1153 }
1154 }
1155
1156 if (ssl->options.cipherSuite0 != ECC_BYTE &&
1157 ssl->options.cipherSuite0 != CHACHA_BYTE &&
1158 ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */
1159 switch (ssl->options.cipherSuite) {
1160
1161#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
1162 case SSL_RSA_WITH_RC4_128_SHA :
1163 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1164 ssl->specs.cipher_type = stream;
1165 ssl->specs.mac_algorithm = sha_mac;
1166 ssl->specs.kea = rsa_kea;
1167 ssl->specs.sig_algo = rsa_sa_algo;
1168 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1169 ssl->specs.pad_size = PAD_SHA;
1170 ssl->specs.static_ecdh = 0;
1171 ssl->specs.key_size = RC4_KEY_SIZE;
1172 ssl->specs.iv_size = 0;
1173 ssl->specs.block_size = 0;
1174
1175 break;
1176#endif
1177
1178#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
1179 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
1180 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1181 ssl->specs.cipher_type = stream;
1182 ssl->specs.mac_algorithm = sha_mac;
1183 ssl->specs.kea = ntru_kea;
1184 ssl->specs.sig_algo = rsa_sa_algo;
1185 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1186 ssl->specs.pad_size = PAD_SHA;
1187 ssl->specs.static_ecdh = 0;
1188 ssl->specs.key_size = RC4_KEY_SIZE;
1189 ssl->specs.iv_size = 0;
1190 ssl->specs.block_size = 0;
1191
1192 break;
1193#endif
1194
1195#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
1196 case SSL_RSA_WITH_RC4_128_MD5 :
1197 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1198 ssl->specs.cipher_type = stream;
1199 ssl->specs.mac_algorithm = md5_mac;
1200 ssl->specs.kea = rsa_kea;
1201 ssl->specs.sig_algo = rsa_sa_algo;
1202 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
1203 ssl->specs.pad_size = PAD_MD5;
1204 ssl->specs.static_ecdh = 0;
1205 ssl->specs.key_size = RC4_KEY_SIZE;
1206 ssl->specs.iv_size = 0;
1207 ssl->specs.block_size = 0;
1208
1209 break;
1210#endif
1211
1212#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
1213 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
1214 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1215 ssl->specs.cipher_type = block;
1216 ssl->specs.mac_algorithm = sha_mac;
1217 ssl->specs.kea = rsa_kea;
1218 ssl->specs.sig_algo = rsa_sa_algo;
1219 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1220 ssl->specs.pad_size = PAD_SHA;
1221 ssl->specs.static_ecdh = 0;
1222 ssl->specs.key_size = DES3_KEY_SIZE;
1223 ssl->specs.block_size = DES_BLOCK_SIZE;
1224 ssl->specs.iv_size = DES_IV_SIZE;
1225
1226 break;
1227#endif
1228
1229#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
1230 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
1231 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1232 ssl->specs.cipher_type = block;
1233 ssl->specs.mac_algorithm = sha_mac;
1234 ssl->specs.kea = ntru_kea;
1235 ssl->specs.sig_algo = rsa_sa_algo;
1236 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1237 ssl->specs.pad_size = PAD_SHA;
1238 ssl->specs.static_ecdh = 0;
1239 ssl->specs.key_size = DES3_KEY_SIZE;
1240 ssl->specs.block_size = DES_BLOCK_SIZE;
1241 ssl->specs.iv_size = DES_IV_SIZE;
1242
1243 break;
1244#endif
1245
1246#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
1247 case TLS_RSA_WITH_AES_128_CBC_SHA :
1248 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1249 ssl->specs.cipher_type = block;
1250 ssl->specs.mac_algorithm = sha_mac;
1251 ssl->specs.kea = rsa_kea;
1252 ssl->specs.sig_algo = rsa_sa_algo;
1253 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1254 ssl->specs.pad_size = PAD_SHA;
1255 ssl->specs.static_ecdh = 0;
1256 ssl->specs.key_size = AES_128_KEY_SIZE;
1257 ssl->specs.block_size = AES_BLOCK_SIZE;
1258 ssl->specs.iv_size = AES_IV_SIZE;
1259
1260 break;
1261#endif
1262
1263#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
1264 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
1265 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1266 ssl->specs.cipher_type = block;
1267 ssl->specs.mac_algorithm = sha256_mac;
1268 ssl->specs.kea = rsa_kea;
1269 ssl->specs.sig_algo = rsa_sa_algo;
1270 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1271 ssl->specs.pad_size = PAD_SHA;
1272 ssl->specs.static_ecdh = 0;
1273 ssl->specs.key_size = AES_128_KEY_SIZE;
1274 ssl->specs.block_size = AES_BLOCK_SIZE;
1275 ssl->specs.iv_size = AES_IV_SIZE;
1276
1277 break;
1278#endif
1279
1280#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
1281 case TLS_RSA_WITH_NULL_SHA :
1282 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1283 ssl->specs.cipher_type = stream;
1284 ssl->specs.mac_algorithm = sha_mac;
1285 ssl->specs.kea = rsa_kea;
1286 ssl->specs.sig_algo = rsa_sa_algo;
1287 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1288 ssl->specs.pad_size = PAD_SHA;
1289 ssl->specs.static_ecdh = 0;
1290 ssl->specs.key_size = 0;
1291 ssl->specs.block_size = 0;
1292 ssl->specs.iv_size = 0;
1293
1294 break;
1295#endif
1296
1297#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
1298 case TLS_RSA_WITH_NULL_SHA256 :
1299 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1300 ssl->specs.cipher_type = stream;
1301 ssl->specs.mac_algorithm = sha256_mac;
1302 ssl->specs.kea = rsa_kea;
1303 ssl->specs.sig_algo = rsa_sa_algo;
1304 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1305 ssl->specs.pad_size = PAD_SHA;
1306 ssl->specs.static_ecdh = 0;
1307 ssl->specs.key_size = 0;
1308 ssl->specs.block_size = 0;
1309 ssl->specs.iv_size = 0;
1310
1311 break;
1312#endif
1313
1314#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
1315 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
1316 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1317 ssl->specs.cipher_type = block;
1318 ssl->specs.mac_algorithm = sha_mac;
1319 ssl->specs.kea = ntru_kea;
1320 ssl->specs.sig_algo = rsa_sa_algo;
1321 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1322 ssl->specs.pad_size = PAD_SHA;
1323 ssl->specs.static_ecdh = 0;
1324 ssl->specs.key_size = AES_128_KEY_SIZE;
1325 ssl->specs.block_size = AES_BLOCK_SIZE;
1326 ssl->specs.iv_size = AES_IV_SIZE;
1327
1328 break;
1329#endif
1330
1331#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
1332 case TLS_RSA_WITH_AES_256_CBC_SHA :
1333 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1334 ssl->specs.cipher_type = block;
1335 ssl->specs.mac_algorithm = sha_mac;
1336 ssl->specs.kea = rsa_kea;
1337 ssl->specs.sig_algo = rsa_sa_algo;
1338 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1339 ssl->specs.pad_size = PAD_SHA;
1340 ssl->specs.static_ecdh = 0;
1341 ssl->specs.key_size = AES_256_KEY_SIZE;
1342 ssl->specs.block_size = AES_BLOCK_SIZE;
1343 ssl->specs.iv_size = AES_IV_SIZE;
1344
1345 break;
1346#endif
1347
1348#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
1349 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
1350 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1351 ssl->specs.cipher_type = block;
1352 ssl->specs.mac_algorithm = sha256_mac;
1353 ssl->specs.kea = rsa_kea;
1354 ssl->specs.sig_algo = rsa_sa_algo;
1355 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1356 ssl->specs.pad_size = PAD_SHA;
1357 ssl->specs.static_ecdh = 0;
1358 ssl->specs.key_size = AES_256_KEY_SIZE;
1359 ssl->specs.block_size = AES_BLOCK_SIZE;
1360 ssl->specs.iv_size = AES_IV_SIZE;
1361
1362 break;
1363#endif
1364
1365#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
1366 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
1367 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1368 ssl->specs.cipher_type = block;
1369 ssl->specs.mac_algorithm = sha_mac;
1370 ssl->specs.kea = ntru_kea;
1371 ssl->specs.sig_algo = rsa_sa_algo;
1372 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1373 ssl->specs.pad_size = PAD_SHA;
1374 ssl->specs.static_ecdh = 0;
1375 ssl->specs.key_size = AES_256_KEY_SIZE;
1376 ssl->specs.block_size = AES_BLOCK_SIZE;
1377 ssl->specs.iv_size = AES_IV_SIZE;
1378
1379 break;
1380#endif
1381
1382#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
1383 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
1384 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1385 ssl->specs.cipher_type = aead;
1386 ssl->specs.mac_algorithm = sha256_mac;
1387 ssl->specs.kea = psk_kea;
1388 ssl->specs.sig_algo = anonymous_sa_algo;
1389 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1390 ssl->specs.pad_size = PAD_SHA;
1391 ssl->specs.static_ecdh = 0;
1392 ssl->specs.key_size = AES_128_KEY_SIZE;
1393 ssl->specs.block_size = AES_BLOCK_SIZE;
1394 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1395 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1396
1397 ssl->options.usingPSK_cipher = 1;
1398 break;
1399#endif
1400
1401#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
1402 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
1403 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1404 ssl->specs.cipher_type = aead;
1405 ssl->specs.mac_algorithm = sha384_mac;
1406 ssl->specs.kea = psk_kea;
1407 ssl->specs.sig_algo = anonymous_sa_algo;
1408 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1409 ssl->specs.pad_size = PAD_SHA;
1410 ssl->specs.static_ecdh = 0;
1411 ssl->specs.key_size = AES_256_KEY_SIZE;
1412 ssl->specs.block_size = AES_BLOCK_SIZE;
1413 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1414 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1415
1416 ssl->options.usingPSK_cipher = 1;
1417 break;
1418#endif
1419
1420#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1421 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
1422 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1423 ssl->specs.cipher_type = aead;
1424 ssl->specs.mac_algorithm = sha256_mac;
1425 ssl->specs.kea = dhe_psk_kea;
1426 ssl->specs.sig_algo = anonymous_sa_algo;
1427 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1428 ssl->specs.pad_size = PAD_SHA;
1429 ssl->specs.static_ecdh = 0;
1430 ssl->specs.key_size = AES_128_KEY_SIZE;
1431 ssl->specs.block_size = AES_BLOCK_SIZE;
1432 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1433 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1434
1435 ssl->options.usingPSK_cipher = 1;
1436 break;
1437#endif
1438
1439#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1440 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
1441 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1442 ssl->specs.cipher_type = aead;
1443 ssl->specs.mac_algorithm = sha384_mac;
1444 ssl->specs.kea = dhe_psk_kea;
1445 ssl->specs.sig_algo = anonymous_sa_algo;
1446 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1447 ssl->specs.pad_size = PAD_SHA;
1448 ssl->specs.static_ecdh = 0;
1449 ssl->specs.key_size = AES_256_KEY_SIZE;
1450 ssl->specs.block_size = AES_BLOCK_SIZE;
1451 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1452 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1453
1454 ssl->options.usingPSK_cipher = 1;
1455 break;
1456#endif
1457
1458#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
1459 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
1460 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1461 ssl->specs.cipher_type = block;
1462 ssl->specs.mac_algorithm = sha256_mac;
1463 ssl->specs.kea = psk_kea;
1464 ssl->specs.sig_algo = anonymous_sa_algo;
1465 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1466 ssl->specs.pad_size = PAD_SHA;
1467 ssl->specs.static_ecdh = 0;
1468 ssl->specs.key_size = AES_128_KEY_SIZE;
1469 ssl->specs.block_size = AES_BLOCK_SIZE;
1470 ssl->specs.iv_size = AES_IV_SIZE;
1471
1472 ssl->options.usingPSK_cipher = 1;
1473 break;
1474#endif
1475
1476#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
1477 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
1478 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1479 ssl->specs.cipher_type = block;
1480 ssl->specs.mac_algorithm = sha384_mac;
1481 ssl->specs.kea = psk_kea;
1482 ssl->specs.sig_algo = anonymous_sa_algo;
1483 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1484 ssl->specs.pad_size = PAD_SHA;
1485 ssl->specs.static_ecdh = 0;
1486 ssl->specs.key_size = AES_256_KEY_SIZE;
1487 ssl->specs.block_size = AES_BLOCK_SIZE;
1488 ssl->specs.iv_size = AES_IV_SIZE;
1489
1490 ssl->options.usingPSK_cipher = 1;
1491 break;
1492#endif
1493
1494#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1495 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
1496 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1497 ssl->specs.cipher_type = block;
1498 ssl->specs.mac_algorithm = sha256_mac;
1499 ssl->specs.kea = dhe_psk_kea;
1500 ssl->specs.sig_algo = anonymous_sa_algo;
1501 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1502 ssl->specs.pad_size = PAD_SHA;
1503 ssl->specs.static_ecdh = 0;
1504 ssl->specs.key_size = AES_128_KEY_SIZE;
1505 ssl->specs.block_size = AES_BLOCK_SIZE;
1506 ssl->specs.iv_size = AES_IV_SIZE;
1507
1508 ssl->options.usingPSK_cipher = 1;
1509 break;
1510#endif
1511
1512#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1513 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
1514 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1515 ssl->specs.cipher_type = block;
1516 ssl->specs.mac_algorithm = sha384_mac;
1517 ssl->specs.kea = dhe_psk_kea;
1518 ssl->specs.sig_algo = anonymous_sa_algo;
1519 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1520 ssl->specs.pad_size = PAD_SHA;
1521 ssl->specs.static_ecdh = 0;
1522 ssl->specs.key_size = AES_256_KEY_SIZE;
1523 ssl->specs.block_size = AES_BLOCK_SIZE;
1524 ssl->specs.iv_size = AES_IV_SIZE;
1525
1526 ssl->options.usingPSK_cipher = 1;
1527 break;
1528#endif
1529
1530#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
1531 case TLS_PSK_WITH_AES_128_CBC_SHA :
1532 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1533 ssl->specs.cipher_type = block;
1534 ssl->specs.mac_algorithm = sha_mac;
1535 ssl->specs.kea = psk_kea;
1536 ssl->specs.sig_algo = anonymous_sa_algo;
1537 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1538 ssl->specs.pad_size = PAD_SHA;
1539 ssl->specs.static_ecdh = 0;
1540 ssl->specs.key_size = AES_128_KEY_SIZE;
1541 ssl->specs.block_size = AES_BLOCK_SIZE;
1542 ssl->specs.iv_size = AES_IV_SIZE;
1543
1544 ssl->options.usingPSK_cipher = 1;
1545 break;
1546#endif
1547
1548#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
1549 case TLS_PSK_WITH_AES_256_CBC_SHA :
1550 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1551 ssl->specs.cipher_type = block;
1552 ssl->specs.mac_algorithm = sha_mac;
1553 ssl->specs.kea = psk_kea;
1554 ssl->specs.sig_algo = anonymous_sa_algo;
1555 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1556 ssl->specs.pad_size = PAD_SHA;
1557 ssl->specs.static_ecdh = 0;
1558 ssl->specs.key_size = AES_256_KEY_SIZE;
1559 ssl->specs.block_size = AES_BLOCK_SIZE;
1560 ssl->specs.iv_size = AES_IV_SIZE;
1561
1562 ssl->options.usingPSK_cipher = 1;
1563 break;
1564#endif
1565
1566#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
1567 case TLS_PSK_WITH_NULL_SHA256 :
1568 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1569 ssl->specs.cipher_type = stream;
1570 ssl->specs.mac_algorithm = sha256_mac;
1571 ssl->specs.kea = psk_kea;
1572 ssl->specs.sig_algo = anonymous_sa_algo;
1573 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1574 ssl->specs.pad_size = PAD_SHA;
1575 ssl->specs.static_ecdh = 0;
1576 ssl->specs.key_size = 0;
1577 ssl->specs.block_size = 0;
1578 ssl->specs.iv_size = 0;
1579
1580 ssl->options.usingPSK_cipher = 1;
1581 break;
1582#endif
1583
1584#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
1585 case TLS_PSK_WITH_NULL_SHA384 :
1586 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1587 ssl->specs.cipher_type = stream;
1588 ssl->specs.mac_algorithm = sha384_mac;
1589 ssl->specs.kea = psk_kea;
1590 ssl->specs.sig_algo = anonymous_sa_algo;
1591 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1592 ssl->specs.pad_size = PAD_SHA;
1593 ssl->specs.static_ecdh = 0;
1594 ssl->specs.key_size = 0;
1595 ssl->specs.block_size = 0;
1596 ssl->specs.iv_size = 0;
1597
1598 ssl->options.usingPSK_cipher = 1;
1599 break;
1600#endif
1601
1602#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
1603 case TLS_PSK_WITH_NULL_SHA :
1604 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1605 ssl->specs.cipher_type = stream;
1606 ssl->specs.mac_algorithm = sha_mac;
1607 ssl->specs.kea = psk_kea;
1608 ssl->specs.sig_algo = anonymous_sa_algo;
1609 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1610 ssl->specs.pad_size = PAD_SHA;
1611 ssl->specs.static_ecdh = 0;
1612 ssl->specs.key_size = 0;
1613 ssl->specs.block_size = 0;
1614 ssl->specs.iv_size = 0;
1615
1616 ssl->options.usingPSK_cipher = 1;
1617 break;
1618#endif
1619
1620#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
1621 case TLS_DHE_PSK_WITH_NULL_SHA256 :
1622 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1623 ssl->specs.cipher_type = stream;
1624 ssl->specs.mac_algorithm = sha256_mac;
1625 ssl->specs.kea = dhe_psk_kea;
1626 ssl->specs.sig_algo = anonymous_sa_algo;
1627 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1628 ssl->specs.pad_size = PAD_SHA;
1629 ssl->specs.static_ecdh = 0;
1630 ssl->specs.key_size = 0;
1631 ssl->specs.block_size = 0;
1632 ssl->specs.iv_size = 0;
1633
1634 ssl->options.usingPSK_cipher = 1;
1635 break;
1636#endif
1637
1638#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
1639 case TLS_DHE_PSK_WITH_NULL_SHA384 :
1640 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1641 ssl->specs.cipher_type = stream;
1642 ssl->specs.mac_algorithm = sha384_mac;
1643 ssl->specs.kea = dhe_psk_kea;
1644 ssl->specs.sig_algo = anonymous_sa_algo;
1645 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1646 ssl->specs.pad_size = PAD_SHA;
1647 ssl->specs.static_ecdh = 0;
1648 ssl->specs.key_size = 0;
1649 ssl->specs.block_size = 0;
1650 ssl->specs.iv_size = 0;
1651
1652 ssl->options.usingPSK_cipher = 1;
1653 break;
1654#endif
1655
1656#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1657 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
1658 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1659 ssl->specs.cipher_type = block;
1660 ssl->specs.mac_algorithm = sha256_mac;
1661 ssl->specs.kea = diffie_hellman_kea;
1662 ssl->specs.sig_algo = rsa_sa_algo;
1663 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1664 ssl->specs.pad_size = PAD_SHA;
1665 ssl->specs.static_ecdh = 0;
1666 ssl->specs.key_size = AES_128_KEY_SIZE;
1667 ssl->specs.block_size = AES_BLOCK_SIZE;
1668 ssl->specs.iv_size = AES_IV_SIZE;
1669
1670 break;
1671#endif
1672
1673#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
1674 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA :
1675 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1676 ssl->specs.cipher_type = block;
1677 ssl->specs.mac_algorithm = sha_mac;
1678 ssl->specs.kea = diffie_hellman_kea;
1679 ssl->specs.sig_algo = rsa_sa_algo;
1680 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1681 ssl->specs.pad_size = PAD_SHA;
1682 ssl->specs.static_ecdh = 0;
1683 ssl->specs.key_size = DES3_KEY_SIZE;
1684 ssl->specs.block_size = DES_BLOCK_SIZE;
1685 ssl->specs.iv_size = DES_IV_SIZE;
1686
1687 break;
1688#endif
1689
1690#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1691 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
1692 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1693 ssl->specs.cipher_type = block;
1694 ssl->specs.mac_algorithm = sha256_mac;
1695 ssl->specs.kea = diffie_hellman_kea;
1696 ssl->specs.sig_algo = rsa_sa_algo;
1697 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1698 ssl->specs.pad_size = PAD_SHA;
1699 ssl->specs.static_ecdh = 0;
1700 ssl->specs.key_size = AES_256_KEY_SIZE;
1701 ssl->specs.block_size = AES_BLOCK_SIZE;
1702 ssl->specs.iv_size = AES_IV_SIZE;
1703
1704 break;
1705#endif
1706
1707#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1708 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
1709 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1710 ssl->specs.cipher_type = block;
1711 ssl->specs.mac_algorithm = sha_mac;
1712 ssl->specs.kea = diffie_hellman_kea;
1713 ssl->specs.sig_algo = rsa_sa_algo;
1714 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1715 ssl->specs.pad_size = PAD_SHA;
1716 ssl->specs.static_ecdh = 0;
1717 ssl->specs.key_size = AES_128_KEY_SIZE;
1718 ssl->specs.block_size = AES_BLOCK_SIZE;
1719 ssl->specs.iv_size = AES_IV_SIZE;
1720
1721 break;
1722#endif
1723
1724#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1725 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
1726 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1727 ssl->specs.cipher_type = block;
1728 ssl->specs.mac_algorithm = sha_mac;
1729 ssl->specs.kea = diffie_hellman_kea;
1730 ssl->specs.sig_algo = rsa_sa_algo;
1731 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1732 ssl->specs.pad_size = PAD_SHA;
1733 ssl->specs.static_ecdh = 0;
1734 ssl->specs.key_size = AES_256_KEY_SIZE;
1735 ssl->specs.block_size = AES_BLOCK_SIZE;
1736 ssl->specs.iv_size = AES_IV_SIZE;
1737
1738 break;
1739#endif
1740
1741#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
1742 case TLS_RSA_WITH_HC_128_MD5 :
1743 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1744 ssl->specs.cipher_type = stream;
1745 ssl->specs.mac_algorithm = md5_mac;
1746 ssl->specs.kea = rsa_kea;
1747 ssl->specs.sig_algo = rsa_sa_algo;
1748 ssl->specs.hash_size = WC_MD5_DIGEST_SIZE;
1749 ssl->specs.pad_size = PAD_MD5;
1750 ssl->specs.static_ecdh = 0;
1751 ssl->specs.key_size = HC_128_KEY_SIZE;
1752 ssl->specs.block_size = 0;
1753 ssl->specs.iv_size = HC_128_IV_SIZE;
1754
1755 break;
1756#endif
1757
1758#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
1759 case TLS_RSA_WITH_HC_128_SHA :
1760 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1761 ssl->specs.cipher_type = stream;
1762 ssl->specs.mac_algorithm = sha_mac;
1763 ssl->specs.kea = rsa_kea;
1764 ssl->specs.sig_algo = rsa_sa_algo;
1765 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1766 ssl->specs.pad_size = PAD_SHA;
1767 ssl->specs.static_ecdh = 0;
1768 ssl->specs.key_size = HC_128_KEY_SIZE;
1769 ssl->specs.block_size = 0;
1770 ssl->specs.iv_size = HC_128_IV_SIZE;
1771
1772 break;
1773#endif
1774
1775#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
1776 case TLS_RSA_WITH_HC_128_B2B256:
1777 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1778 ssl->specs.cipher_type = stream;
1779 ssl->specs.mac_algorithm = blake2b_mac;
1780 ssl->specs.kea = rsa_kea;
1781 ssl->specs.sig_algo = rsa_sa_algo;
1782 ssl->specs.hash_size = BLAKE2B_256;
1783 ssl->specs.pad_size = PAD_SHA;
1784 ssl->specs.static_ecdh = 0;
1785 ssl->specs.key_size = HC_128_KEY_SIZE;
1786 ssl->specs.block_size = 0;
1787 ssl->specs.iv_size = HC_128_IV_SIZE;
1788
1789 break;
1790#endif
1791
1792#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
1793 case TLS_RSA_WITH_AES_128_CBC_B2B256:
1794 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1795 ssl->specs.cipher_type = block;
1796 ssl->specs.mac_algorithm = blake2b_mac;
1797 ssl->specs.kea = rsa_kea;
1798 ssl->specs.sig_algo = rsa_sa_algo;
1799 ssl->specs.hash_size = BLAKE2B_256;
1800 ssl->specs.pad_size = PAD_SHA;
1801 ssl->specs.static_ecdh = 0;
1802 ssl->specs.key_size = AES_128_KEY_SIZE;
1803 ssl->specs.iv_size = AES_IV_SIZE;
1804 ssl->specs.block_size = AES_BLOCK_SIZE;
1805
1806 break;
1807#endif
1808
1809#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
1810 case TLS_RSA_WITH_AES_256_CBC_B2B256:
1811 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1812 ssl->specs.cipher_type = block;
1813 ssl->specs.mac_algorithm = blake2b_mac;
1814 ssl->specs.kea = rsa_kea;
1815 ssl->specs.sig_algo = rsa_sa_algo;
1816 ssl->specs.hash_size = BLAKE2B_256;
1817 ssl->specs.pad_size = PAD_SHA;
1818 ssl->specs.static_ecdh = 0;
1819 ssl->specs.key_size = AES_256_KEY_SIZE;
1820 ssl->specs.iv_size = AES_IV_SIZE;
1821 ssl->specs.block_size = AES_BLOCK_SIZE;
1822
1823 break;
1824#endif
1825
1826#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
1827 case TLS_RSA_WITH_RABBIT_SHA :
1828 ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit;
1829 ssl->specs.cipher_type = stream;
1830 ssl->specs.mac_algorithm = sha_mac;
1831 ssl->specs.kea = rsa_kea;
1832 ssl->specs.sig_algo = rsa_sa_algo;
1833 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1834 ssl->specs.pad_size = PAD_SHA;
1835 ssl->specs.static_ecdh = 0;
1836 ssl->specs.key_size = RABBIT_KEY_SIZE;
1837 ssl->specs.block_size = 0;
1838 ssl->specs.iv_size = RABBIT_IV_SIZE;
1839
1840 break;
1841#endif
1842
1843#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
1844 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
1845 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1846 ssl->specs.cipher_type = aead;
1847 ssl->specs.mac_algorithm = sha256_mac;
1848 ssl->specs.kea = rsa_kea;
1849 ssl->specs.sig_algo = rsa_sa_algo;
1850 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1851 ssl->specs.pad_size = PAD_SHA;
1852 ssl->specs.static_ecdh = 0;
1853 ssl->specs.key_size = AES_128_KEY_SIZE;
1854 ssl->specs.block_size = AES_BLOCK_SIZE;
1855 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1856 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1857
1858 break;
1859#endif
1860
1861#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
1862 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
1863 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1864 ssl->specs.cipher_type = aead;
1865 ssl->specs.mac_algorithm = sha384_mac;
1866 ssl->specs.kea = rsa_kea;
1867 ssl->specs.sig_algo = rsa_sa_algo;
1868 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1869 ssl->specs.pad_size = PAD_SHA;
1870 ssl->specs.static_ecdh = 0;
1871 ssl->specs.key_size = AES_256_KEY_SIZE;
1872 ssl->specs.block_size = AES_BLOCK_SIZE;
1873 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1874 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1875
1876 break;
1877#endif
1878
1879#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1880 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
1881 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1882 ssl->specs.cipher_type = aead;
1883 ssl->specs.mac_algorithm = sha256_mac;
1884 ssl->specs.kea = diffie_hellman_kea;
1885 ssl->specs.sig_algo = rsa_sa_algo;
1886 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1887 ssl->specs.pad_size = PAD_SHA;
1888 ssl->specs.static_ecdh = 0;
1889 ssl->specs.key_size = AES_128_KEY_SIZE;
1890 ssl->specs.block_size = AES_BLOCK_SIZE;
1891 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1892 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1893
1894 break;
1895#endif
1896
1897#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1898 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
1899 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1900 ssl->specs.cipher_type = aead;
1901 ssl->specs.mac_algorithm = sha384_mac;
1902 ssl->specs.kea = diffie_hellman_kea;
1903 ssl->specs.sig_algo = rsa_sa_algo;
1904 ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
1905 ssl->specs.pad_size = PAD_SHA;
1906 ssl->specs.static_ecdh = 0;
1907 ssl->specs.key_size = AES_256_KEY_SIZE;
1908 ssl->specs.block_size = AES_BLOCK_SIZE;
1909 ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
1910 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1911
1912 break;
1913#endif
1914
1915#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1916 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
1917 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1918 ssl->specs.cipher_type = block;
1919 ssl->specs.mac_algorithm = sha_mac;
1920 ssl->specs.kea = rsa_kea;
1921 ssl->specs.sig_algo = rsa_sa_algo;
1922 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1923 ssl->specs.pad_size = PAD_SHA;
1924 ssl->specs.static_ecdh = 0;
1925 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1926 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1927 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1928
1929 break;
1930#endif
1931
1932#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1933 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
1934 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1935 ssl->specs.cipher_type = block;
1936 ssl->specs.mac_algorithm = sha_mac;
1937 ssl->specs.kea = rsa_kea;
1938 ssl->specs.sig_algo = rsa_sa_algo;
1939 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1940 ssl->specs.pad_size = PAD_SHA;
1941 ssl->specs.static_ecdh = 0;
1942 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1943 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1944 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1945
1946 break;
1947#endif
1948
1949#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1950 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1951 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1952 ssl->specs.cipher_type = block;
1953 ssl->specs.mac_algorithm = sha256_mac;
1954 ssl->specs.kea = rsa_kea;
1955 ssl->specs.sig_algo = rsa_sa_algo;
1956 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1957 ssl->specs.pad_size = PAD_SHA;
1958 ssl->specs.static_ecdh = 0;
1959 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1960 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1961 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1962
1963 break;
1964#endif
1965
1966#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
1967 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
1968 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1969 ssl->specs.cipher_type = block;
1970 ssl->specs.mac_algorithm = sha256_mac;
1971 ssl->specs.kea = rsa_kea;
1972 ssl->specs.sig_algo = rsa_sa_algo;
1973 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
1974 ssl->specs.pad_size = PAD_SHA;
1975 ssl->specs.static_ecdh = 0;
1976 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1977 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1978 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1979
1980 break;
1981#endif
1982
1983#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
1984 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
1985 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1986 ssl->specs.cipher_type = block;
1987 ssl->specs.mac_algorithm = sha_mac;
1988 ssl->specs.kea = diffie_hellman_kea;
1989 ssl->specs.sig_algo = rsa_sa_algo;
1990 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
1991 ssl->specs.pad_size = PAD_SHA;
1992 ssl->specs.static_ecdh = 0;
1993 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1994 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1995 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1996
1997 break;
1998#endif
1999
2000#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
2001 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
2002 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2003 ssl->specs.cipher_type = block;
2004 ssl->specs.mac_algorithm = sha_mac;
2005 ssl->specs.kea = diffie_hellman_kea;
2006 ssl->specs.sig_algo = rsa_sa_algo;
2007 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2008 ssl->specs.pad_size = PAD_SHA;
2009 ssl->specs.static_ecdh = 0;
2010 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
2011 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2012 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2013
2014 break;
2015#endif
2016
2017#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
2018 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
2019 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2020 ssl->specs.cipher_type = block;
2021 ssl->specs.mac_algorithm = sha256_mac;
2022 ssl->specs.kea = diffie_hellman_kea;
2023 ssl->specs.sig_algo = rsa_sa_algo;
2024 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2025 ssl->specs.pad_size = PAD_SHA;
2026 ssl->specs.static_ecdh = 0;
2027 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
2028 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2029 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2030
2031 break;
2032#endif
2033
2034#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2035 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
2036 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2037 ssl->specs.cipher_type = block;
2038 ssl->specs.mac_algorithm = sha256_mac;
2039 ssl->specs.kea = diffie_hellman_kea;
2040 ssl->specs.sig_algo = rsa_sa_algo;
2041 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2042 ssl->specs.pad_size = PAD_SHA;
2043 ssl->specs.static_ecdh = 0;
2044 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
2045 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
2046 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
2047
2048 break;
2049#endif
2050
2051#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
2052 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
2053 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
2054 ssl->specs.cipher_type = block;
2055 ssl->specs.mac_algorithm = sha_mac;
2056 ssl->specs.kea = diffie_hellman_kea;
2057 ssl->specs.sig_algo = anonymous_sa_algo;
2058 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2059 ssl->specs.pad_size = PAD_SHA;
2060 ssl->specs.static_ecdh = 0;
2061 ssl->specs.key_size = AES_128_KEY_SIZE;
2062 ssl->specs.block_size = AES_BLOCK_SIZE;
2063 ssl->specs.iv_size = AES_IV_SIZE;
2064
2065 ssl->options.usingAnon_cipher = 1;
2066 break;
2067#endif
2068
2069#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
2070 case SSL_RSA_WITH_IDEA_CBC_SHA :
2071 ssl->specs.bulk_cipher_algorithm = wolfssl_idea;
2072 ssl->specs.cipher_type = block;
2073 ssl->specs.mac_algorithm = sha_mac;
2074 ssl->specs.kea = rsa_kea;
2075 ssl->specs.sig_algo = rsa_sa_algo;
2076 ssl->specs.hash_size = WC_SHA_DIGEST_SIZE;
2077 ssl->specs.pad_size = PAD_SHA;
2078 ssl->specs.static_ecdh = 0;
2079 ssl->specs.key_size = IDEA_KEY_SIZE;
2080 ssl->specs.block_size = IDEA_BLOCK_SIZE;
2081 ssl->specs.iv_size = IDEA_IV_SIZE;
2082
2083 break;
2084#endif
2085
2086#ifdef BUILD_WDM_WITH_NULL_SHA256
2087 case WDM_WITH_NULL_SHA256 :
2088 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
2089 ssl->specs.cipher_type = stream;
2090 ssl->specs.mac_algorithm = sha256_mac;
2091 ssl->specs.kea = no_kea;
2092 ssl->specs.sig_algo = anonymous_sa_algo;
2093 ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
2094 ssl->specs.pad_size = PAD_SHA;
2095
2096 break;
2097#endif
2098
2099 default:
2100 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
2101 return UNSUPPORTED_SUITE;
2102 } /* switch */
2103 } /* if ECC / Normal suites else */
2104
2105 /* set TLS if it hasn't been turned off */
2106 if (ssl->version.major == 3 && ssl->version.minor >= 1) {
2107#ifndef NO_TLS
2108 ssl->options.tls = 1;
2109 ssl->hmac = TLS_hmac;
2110 if (ssl->version.minor >= 2) {
2111 ssl->options.tls1_1 = 1;
2112 if (ssl->version.minor >= 4)
2113 ssl->options.tls1_3 = 1;
2114 }
2115#endif
2116 }
2117
2118#ifdef WOLFSSL_DTLS
2119 if (ssl->options.dtls)
2120 ssl->hmac = TLS_hmac;
2121#endif
2122
2123 return 0;
2124}
2125
2126
2127enum KeyStuff {
2128 MASTER_ROUNDS = 3,
2129 PREFIX = 3, /* up to three letters for master prefix */
2130 KEY_PREFIX = 9 /* up to 9 prefix letters for key rounds */
2131
2132
2133};
2134
2135#ifndef NO_OLD_TLS
2136/* true or false, zero for error */
2137static int SetPrefix(byte* sha_input, int idx)
2138{
2139 switch (idx) {
2140 case 0:
2141 XMEMCPY(sha_input, "A", 1);
2142 break;
2143 case 1:
2144 XMEMCPY(sha_input, "BB", 2);
2145 break;
2146 case 2:
2147 XMEMCPY(sha_input, "CCC", 3);
2148 break;
2149 case 3:
2150 XMEMCPY(sha_input, "DDDD", 4);
2151 break;
2152 case 4:
2153 XMEMCPY(sha_input, "EEEEE", 5);
2154 break;
2155 case 5:
2156 XMEMCPY(sha_input, "FFFFFF", 6);
2157 break;
2158 case 6:
2159 XMEMCPY(sha_input, "GGGGGGG", 7);
2160 break;
2161 case 7:
2162 XMEMCPY(sha_input, "HHHHHHHH", 8);
2163 break;
2164 case 8:
2165 XMEMCPY(sha_input, "IIIIIIIII", 9);
2166 break;
2167 default:
2168 WOLFSSL_MSG("Set Prefix error, bad input");
2169 return 0;
2170 }
2171 return 1;
2172}
2173#endif
2174
2175
2176static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
2177 int side, void* heap, int devId)
2178{
2179#ifdef BUILD_ARC4
2180 word32 sz = specs->key_size;
2181 if (specs->bulk_cipher_algorithm == wolfssl_rc4) {
2182 if (enc && enc->arc4 == NULL)
2183 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2184 if (enc && enc->arc4 == NULL)
2185 return MEMORY_E;
2186 if (dec && dec->arc4 == NULL)
2187 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2188 if (dec && dec->arc4 == NULL)
2189 return MEMORY_E;
2190
2191 if (enc) {
2192 if (wc_Arc4Init(enc->arc4, heap, devId) != 0) {
2193 WOLFSSL_MSG("Arc4Init failed in SetKeys");
2194 return ASYNC_INIT_E;
2195 }
2196 }
2197 if (dec) {
2198 if (wc_Arc4Init(dec->arc4, heap, devId) != 0) {
2199 WOLFSSL_MSG("Arc4Init failed in SetKeys");
2200 return ASYNC_INIT_E;
2201 }
2202 }
2203
2204 if (side == WOLFSSL_CLIENT_END) {
2205 if (enc)
2206 wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
2207 if (dec)
2208 wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz);
2209 }
2210 else {
2211 if (enc)
2212 wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz);
2213 if (dec)
2214 wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz);
2215 }
2216 if (enc)
2217 enc->setup = 1;
2218 if (dec)
2219 dec->setup = 1;
2220 }
2221#endif /* BUILD_ARC4 */
2222
2223
2224#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
2225 /* Check that the max implicit iv size is suffecient */
2226 #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2227 #error AEAD_MAX_IMP_SZ is too small for ChaCha20
2228 #endif
2229 #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2230 #error MAX_WRITE_IV_SZ is too small for ChaCha20
2231 #endif
2232
2233 if (specs->bulk_cipher_algorithm == wolfssl_chacha) {
2234 int chachaRet;
2235 if (enc && enc->chacha == NULL)
2236 enc->chacha =
2237 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2238 if (enc && enc->chacha == NULL)
2239 return MEMORY_E;
2240 if (dec && dec->chacha == NULL)
2241 dec->chacha =
2242 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2243 if (dec && dec->chacha == NULL)
2244 return MEMORY_E;
2245 if (side == WOLFSSL_CLIENT_END) {
2246 if (enc) {
2247 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key,
2248 specs->key_size);
2249 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2250 CHACHA20_IMP_IV_SZ);
2251 if (chachaRet != 0) return chachaRet;
2252 }
2253 if (dec) {
2254 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key,
2255 specs->key_size);
2256 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2257 CHACHA20_IMP_IV_SZ);
2258 if (chachaRet != 0) return chachaRet;
2259 }
2260 }
2261 else {
2262 if (enc) {
2263 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key,
2264 specs->key_size);
2265 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2266 CHACHA20_IMP_IV_SZ);
2267 if (chachaRet != 0) return chachaRet;
2268 }
2269 if (dec) {
2270 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key,
2271 specs->key_size);
2272 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2273 CHACHA20_IMP_IV_SZ);
2274 if (chachaRet != 0) return chachaRet;
2275 }
2276 }
2277
2278 if (enc)
2279 enc->setup = 1;
2280 if (dec)
2281 dec->setup = 1;
2282 }
2283#endif /* HAVE_CHACHA && HAVE_POLY1305 */
2284
2285
2286#ifdef HAVE_HC128
2287 /* check that buffer sizes are sufficient */
2288 #if (MAX_WRITE_IV_SZ < 16) /* HC_128_IV_SIZE */
2289 #error MAX_WRITE_IV_SZ too small for HC128
2290 #endif
2291
2292 if (specs->bulk_cipher_algorithm == wolfssl_hc128) {
2293 int hcRet;
2294 if (enc && enc->hc128 == NULL)
2295 enc->hc128 =
2296 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
2297 if (enc && enc->hc128 == NULL)
2298 return MEMORY_E;
2299 if (dec && dec->hc128 == NULL)
2300 dec->hc128 =
2301 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
2302 if (dec && dec->hc128 == NULL)
2303 return MEMORY_E;
2304 if (side == WOLFSSL_CLIENT_END) {
2305 if (enc) {
2306 hcRet = wc_Hc128_SetKey(enc->hc128, keys->client_write_key,
2307 keys->client_write_IV);
2308 if (hcRet != 0) return hcRet;
2309 }
2310 if (dec) {
2311 hcRet = wc_Hc128_SetKey(dec->hc128, keys->server_write_key,
2312 keys->server_write_IV);
2313 if (hcRet != 0) return hcRet;
2314 }
2315 }
2316 else {
2317 if (enc) {
2318 hcRet = wc_Hc128_SetKey(enc->hc128, keys->server_write_key,
2319 keys->server_write_IV);
2320 if (hcRet != 0) return hcRet;
2321 }
2322 if (dec) {
2323 hcRet = wc_Hc128_SetKey(dec->hc128, keys->client_write_key,
2324 keys->client_write_IV);
2325 if (hcRet != 0) return hcRet;
2326 }
2327 }
2328 if (enc)
2329 enc->setup = 1;
2330 if (dec)
2331 dec->setup = 1;
2332 }
2333#endif /* HAVE_HC128 */
2334
2335#ifdef BUILD_RABBIT
2336 /* check that buffer sizes are sufficient */
2337 #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */
2338 #error MAX_WRITE_IV_SZ too small for RABBIT
2339 #endif
2340
2341 if (specs->bulk_cipher_algorithm == wolfssl_rabbit) {
2342 int rabRet;
2343 if (enc && enc->rabbit == NULL)
2344 enc->rabbit =
2345 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
2346 if (enc && enc->rabbit == NULL)
2347 return MEMORY_E;
2348 if (dec && dec->rabbit == NULL)
2349 dec->rabbit =
2350 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
2351 if (dec && dec->rabbit == NULL)
2352 return MEMORY_E;
2353 if (side == WOLFSSL_CLIENT_END) {
2354 if (enc) {
2355 rabRet = wc_RabbitSetKey(enc->rabbit, keys->client_write_key,
2356 keys->client_write_IV);
2357 if (rabRet != 0) return rabRet;
2358 }
2359 if (dec) {
2360 rabRet = wc_RabbitSetKey(dec->rabbit, keys->server_write_key,
2361 keys->server_write_IV);
2362 if (rabRet != 0) return rabRet;
2363 }
2364 }
2365 else {
2366 if (enc) {
2367 rabRet = wc_RabbitSetKey(enc->rabbit, keys->server_write_key,
2368 keys->server_write_IV);
2369 if (rabRet != 0) return rabRet;
2370 }
2371 if (dec) {
2372 rabRet = wc_RabbitSetKey(dec->rabbit, keys->client_write_key,
2373 keys->client_write_IV);
2374 if (rabRet != 0) return rabRet;
2375 }
2376 }
2377 if (enc)
2378 enc->setup = 1;
2379 if (dec)
2380 dec->setup = 1;
2381 }
2382#endif /* BUILD_RABBIT */
2383
2384#ifdef BUILD_DES3
2385 /* check that buffer sizes are sufficient */
2386 #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */
2387 #error MAX_WRITE_IV_SZ too small for 3DES
2388 #endif
2389
2390 if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
2391 int desRet = 0;
2392
2393 if (enc) {
2394 if (enc->des3 == NULL)
2395 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2396 if (enc->des3 == NULL)
2397 return MEMORY_E;
2398 XMEMSET(enc->des3, 0, sizeof(Des3));
2399 }
2400 if (dec) {
2401 if (dec->des3 == NULL)
2402 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2403 if (dec->des3 == NULL)
2404 return MEMORY_E;
2405 XMEMSET(dec->des3, 0, sizeof(Des3));
2406 }
2407
2408 if (enc) {
2409 if (wc_Des3Init(enc->des3, heap, devId) != 0) {
2410 WOLFSSL_MSG("Des3Init failed in SetKeys");
2411 return ASYNC_INIT_E;
2412 }
2413 }
2414 if (dec) {
2415 if (wc_Des3Init(dec->des3, heap, devId) != 0) {
2416 WOLFSSL_MSG("Des3Init failed in SetKeys");
2417 return ASYNC_INIT_E;
2418 }
2419 }
2420
2421 if (side == WOLFSSL_CLIENT_END) {
2422 if (enc) {
2423 desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
2424 keys->client_write_IV, DES_ENCRYPTION);
2425 if (desRet != 0) return desRet;
2426 }
2427 if (dec) {
2428 desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key,
2429 keys->server_write_IV, DES_DECRYPTION);
2430 if (desRet != 0) return desRet;
2431 }
2432 }
2433 else {
2434 if (enc) {
2435 desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key,
2436 keys->server_write_IV, DES_ENCRYPTION);
2437 if (desRet != 0) return desRet;
2438 }
2439 if (dec) {
2440 desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key,
2441 keys->client_write_IV, DES_DECRYPTION);
2442 if (desRet != 0) return desRet;
2443 }
2444 }
2445 if (enc)
2446 enc->setup = 1;
2447 if (dec)
2448 dec->setup = 1;
2449 }
2450#endif /* BUILD_DES3 */
2451
2452#ifdef BUILD_AES
2453 /* check that buffer sizes are sufficient */
2454 #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */
2455 #error MAX_WRITE_IV_SZ too small for AES
2456 #endif
2457
2458 if (specs->bulk_cipher_algorithm == wolfssl_aes) {
2459 int aesRet = 0;
2460
2461 if (enc) {
2462 if (enc->aes == NULL)
2463 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2464 if (enc->aes == NULL)
2465 return MEMORY_E;
2466 XMEMSET(enc->aes, 0, sizeof(Aes));
2467 }
2468 if (dec) {
2469 if (dec->aes == NULL)
2470 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2471 if (dec->aes == NULL)
2472 return MEMORY_E;
2473 XMEMSET(dec->aes, 0, sizeof(Aes));
2474 }
2475 if (enc) {
2476 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2477 WOLFSSL_MSG("AesInit failed in SetKeys");
2478 return ASYNC_INIT_E;
2479 }
2480 }
2481 if (dec) {
2482 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2483 WOLFSSL_MSG("AesInit failed in SetKeys");
2484 return ASYNC_INIT_E;
2485 }
2486 }
2487
2488 if (side == WOLFSSL_CLIENT_END) {
2489 if (enc) {
2490 aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
2491 specs->key_size, keys->client_write_IV,
2492 AES_ENCRYPTION);
2493 if (aesRet != 0) return aesRet;
2494 }
2495 if (dec) {
2496 aesRet = wc_AesSetKey(dec->aes, keys->server_write_key,
2497 specs->key_size, keys->server_write_IV,
2498 AES_DECRYPTION);
2499 if (aesRet != 0) return aesRet;
2500 }
2501 }
2502 else {
2503 if (enc) {
2504 aesRet = wc_AesSetKey(enc->aes, keys->server_write_key,
2505 specs->key_size, keys->server_write_IV,
2506 AES_ENCRYPTION);
2507 if (aesRet != 0) return aesRet;
2508 }
2509 if (dec) {
2510 aesRet = wc_AesSetKey(dec->aes, keys->client_write_key,
2511 specs->key_size, keys->client_write_IV,
2512 AES_DECRYPTION);
2513 if (aesRet != 0) return aesRet;
2514 }
2515 }
2516 if (enc)
2517 enc->setup = 1;
2518 if (dec)
2519 dec->setup = 1;
2520 }
2521#endif /* BUILD_AES */
2522
2523#ifdef BUILD_AESGCM
2524 /* check that buffer sizes are sufficient */
2525 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2526 #error AEAD_MAX_IMP_SZ too small for AESGCM
2527 #endif
2528 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2529 #error AEAD_MAX_EXP_SZ too small for AESGCM
2530 #endif
2531 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2532 #error MAX_WRITE_IV_SZ too small for AESGCM
2533 #endif
2534
2535 if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
2536 int gcmRet;
2537
2538 if (enc) {
2539 if (enc->aes == NULL)
2540 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2541 if (enc->aes == NULL)
2542 return MEMORY_E;
2543 XMEMSET(enc->aes, 0, sizeof(Aes));
2544 }
2545 if (dec) {
2546 if (dec->aes == NULL)
2547 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2548 if (dec->aes == NULL)
2549 return MEMORY_E;
2550 XMEMSET(dec->aes, 0, sizeof(Aes));
2551 }
2552
2553 if (enc) {
2554 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2555 WOLFSSL_MSG("AesInit failed in SetKeys");
2556 return ASYNC_INIT_E;
2557 }
2558 }
2559 if (dec) {
2560 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2561 WOLFSSL_MSG("AesInit failed in SetKeys");
2562 return ASYNC_INIT_E;
2563 }
2564 }
2565
2566 if (side == WOLFSSL_CLIENT_END) {
2567 if (enc) {
2568 gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key,
2569 specs->key_size);
2570 if (gcmRet != 0) return gcmRet;
2571 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2572 AEAD_MAX_IMP_SZ);
2573 }
2574 if (dec) {
2575 gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
2576 specs->key_size);
2577 if (gcmRet != 0) return gcmRet;
2578 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2579 AEAD_MAX_IMP_SZ);
2580 }
2581 }
2582 else {
2583 if (enc) {
2584 gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key,
2585 specs->key_size);
2586 if (gcmRet != 0) return gcmRet;
2587 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2588 AEAD_MAX_IMP_SZ);
2589 }
2590 if (dec) {
2591 gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
2592 specs->key_size);
2593 if (gcmRet != 0) return gcmRet;
2594 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2595 AEAD_MAX_IMP_SZ);
2596 }
2597 }
2598 if (enc)
2599 enc->setup = 1;
2600 if (dec)
2601 dec->setup = 1;
2602 }
2603#endif /* BUILD_AESGCM */
2604
2605#ifdef HAVE_AESCCM
2606 /* check that buffer sizes are sufficient (CCM is same size as GCM) */
2607 #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2608 #error AEAD_MAX_IMP_SZ too small for AESCCM
2609 #endif
2610 #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2611 #error AEAD_MAX_EXP_SZ too small for AESCCM
2612 #endif
2613 #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2614 #error MAX_WRITE_IV_SZ too small for AESCCM
2615 #endif
2616
2617 if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
2618 int CcmRet;
2619
2620 if (enc) {
2621 if (enc->aes == NULL)
2622 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2623 if (enc->aes == NULL)
2624 return MEMORY_E;
2625 XMEMSET(enc->aes, 0, sizeof(Aes));
2626 }
2627 if (dec) {
2628 if (dec->aes == NULL)
2629 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2630 if (dec->aes == NULL)
2631 return MEMORY_E;
2632 XMEMSET(dec->aes, 0, sizeof(Aes));
2633 }
2634
2635 if (enc) {
2636 if (wc_AesInit(enc->aes, heap, devId) != 0) {
2637 WOLFSSL_MSG("AesInit failed in SetKeys");
2638 return ASYNC_INIT_E;
2639 }
2640 }
2641 if (dec) {
2642 if (wc_AesInit(dec->aes, heap, devId) != 0) {
2643 WOLFSSL_MSG("AesInit failed in SetKeys");
2644 return ASYNC_INIT_E;
2645 }
2646 }
2647
2648 if (side == WOLFSSL_CLIENT_END) {
2649 if (enc) {
2650 CcmRet = wc_AesCcmSetKey(enc->aes, keys->client_write_key,
2651 specs->key_size);
2652 if (CcmRet != 0) {
2653 return CcmRet;
2654 }
2655 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2656 AEAD_MAX_IMP_SZ);
2657 }
2658 if (dec) {
2659 CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key,
2660 specs->key_size);
2661 if (CcmRet != 0) {
2662 return CcmRet;
2663 }
2664 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2665 AEAD_MAX_IMP_SZ);
2666 }
2667 }
2668 else {
2669 if (enc) {
2670 CcmRet = wc_AesCcmSetKey(enc->aes, keys->server_write_key,
2671 specs->key_size);
2672 if (CcmRet != 0) {
2673 return CcmRet;
2674 }
2675 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2676 AEAD_MAX_IMP_SZ);
2677 }
2678 if (dec) {
2679 CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key,
2680 specs->key_size);
2681 if (CcmRet != 0) {
2682 return CcmRet;
2683 }
2684 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2685 AEAD_MAX_IMP_SZ);
2686 }
2687 }
2688 if (enc)
2689 enc->setup = 1;
2690 if (dec)
2691 dec->setup = 1;
2692 }
2693#endif /* HAVE_AESCCM */
2694
2695#ifdef HAVE_CAMELLIA
2696 /* check that buffer sizes are sufficient */
2697 #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */
2698 #error MAX_WRITE_IV_SZ too small for CAMELLIA
2699 #endif
2700
2701 if (specs->bulk_cipher_algorithm == wolfssl_camellia) {
2702 int camRet;
2703
2704 if (enc && enc->cam == NULL)
2705 enc->cam =
2706 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2707 if (enc && enc->cam == NULL)
2708 return MEMORY_E;
2709
2710 if (dec && dec->cam == NULL)
2711 dec->cam =
2712 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2713 if (dec && dec->cam == NULL)
2714 return MEMORY_E;
2715
2716 if (side == WOLFSSL_CLIENT_END) {
2717 if (enc) {
2718 camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key,
2719 specs->key_size, keys->client_write_IV);
2720 if (camRet != 0) return camRet;
2721 }
2722 if (dec) {
2723 camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key,
2724 specs->key_size, keys->server_write_IV);
2725 if (camRet != 0) return camRet;
2726 }
2727 }
2728 else {
2729 if (enc) {
2730 camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key,
2731 specs->key_size, keys->server_write_IV);
2732 if (camRet != 0) return camRet;
2733 }
2734 if (dec) {
2735 camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key,
2736 specs->key_size, keys->client_write_IV);
2737 if (camRet != 0) return camRet;
2738 }
2739 }
2740 if (enc)
2741 enc->setup = 1;
2742 if (dec)
2743 dec->setup = 1;
2744 }
2745#endif /* HAVE_CAMELLIA */
2746
2747#ifdef HAVE_IDEA
2748 /* check that buffer sizes are sufficient */
2749 #if (MAX_WRITE_IV_SZ < 8) /* IDEA_IV_SIZE */
2750 #error MAX_WRITE_IV_SZ too small for IDEA
2751 #endif
2752
2753 if (specs->bulk_cipher_algorithm == wolfssl_idea) {
2754 int ideaRet;
2755
2756 if (enc && enc->idea == NULL)
2757 enc->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
2758 if (enc && enc->idea == NULL)
2759 return MEMORY_E;
2760
2761 if (dec && dec->idea == NULL)
2762 dec->idea = (Idea*)XMALLOC(sizeof(Idea), heap, DYNAMIC_TYPE_CIPHER);
2763 if (dec && dec->idea == NULL)
2764 return MEMORY_E;
2765
2766 if (side == WOLFSSL_CLIENT_END) {
2767 if (enc) {
2768 ideaRet = wc_IdeaSetKey(enc->idea, keys->client_write_key,
2769 specs->key_size, keys->client_write_IV,
2770 IDEA_ENCRYPTION);
2771 if (ideaRet != 0) return ideaRet;
2772 }
2773 if (dec) {
2774 ideaRet = wc_IdeaSetKey(dec->idea, keys->server_write_key,
2775 specs->key_size, keys->server_write_IV,
2776 IDEA_DECRYPTION);
2777 if (ideaRet != 0) return ideaRet;
2778 }
2779 }
2780 else {
2781 if (enc) {
2782 ideaRet = wc_IdeaSetKey(enc->idea, keys->server_write_key,
2783 specs->key_size, keys->server_write_IV,
2784 IDEA_ENCRYPTION);
2785 if (ideaRet != 0) return ideaRet;
2786 }
2787 if (dec) {
2788 ideaRet = wc_IdeaSetKey(dec->idea, keys->client_write_key,
2789 specs->key_size, keys->client_write_IV,
2790 IDEA_DECRYPTION);
2791 if (ideaRet != 0) return ideaRet;
2792 }
2793 }
2794 if (enc)
2795 enc->setup = 1;
2796 if (dec)
2797 dec->setup = 1;
2798 }
2799#endif /* HAVE_IDEA */
2800
2801#ifdef HAVE_NULL_CIPHER
2802 if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
2803 if (enc)
2804 enc->setup = 1;
2805 if (dec)
2806 dec->setup = 1;
2807 }
2808#endif
2809
2810 if (enc) {
2811 keys->sequence_number_hi = 0;
2812 keys->sequence_number_lo = 0;
2813 }
2814 if (dec) {
2815 keys->peer_sequence_number_hi = 0;
2816 keys->peer_sequence_number_lo = 0;
2817 }
2818 (void)side;
2819 (void)heap;
2820 (void)enc;
2821 (void)dec;
2822 (void)specs;
2823 (void)devId;
2824
2825 return 0;
2826}
2827
2828
2829#ifdef HAVE_ONE_TIME_AUTH
2830/* set one time authentication keys */
2831static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
2832 CipherSpecs* specs, void* heap, int devId)
2833{
2834
2835#ifdef HAVE_POLY1305
2836 /* set up memory space for poly1305 */
2837 if (authentication && authentication->poly1305 == NULL)
2838 authentication->poly1305 =
2839 (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER);
2840 if (authentication && authentication->poly1305 == NULL)
2841 return MEMORY_E;
2842 if (authentication)
2843 authentication->setup = 1;
2844#endif
2845 (void)authentication;
2846 (void)heap;
2847 (void)keys;
2848 (void)specs;
2849 (void)devId;
2850
2851 return 0;
2852}
2853#endif /* HAVE_ONE_TIME_AUTH */
2854
2855#ifdef HAVE_SECURE_RENEGOTIATION
2856/* function name is for cache_status++
2857 * This function was added because of error incrementing enum type when
2858 * compiling with a C++ compiler.
2859 */
2860static void CacheStatusPP(SecureRenegotiation* cache)
2861{
2862 switch (cache->cache_status) {
2863 case SCR_CACHE_NULL:
2864 cache->cache_status = SCR_CACHE_NEEDED;
2865 break;
2866
2867 case SCR_CACHE_NEEDED:
2868 cache->cache_status = SCR_CACHE_COPY;
2869 break;
2870
2871 case SCR_CACHE_COPY:
2872 cache->cache_status = SCR_CACHE_PARTIAL;
2873 break;
2874
2875 case SCR_CACHE_PARTIAL:
2876 cache->cache_status = SCR_CACHE_COMPLETE;
2877 break;
2878
2879 case SCR_CACHE_COMPLETE:
2880 WOLFSSL_MSG("SCR Cache state Complete");
2881 break;
2882
2883 default:
2884 WOLFSSL_MSG("Unknown cache state!!");
2885 }
2886}
2887#endif /* HAVE_SECURE_RENEGOTIATION */
2888
2889
2890/* Set wc_encrypt/wc_decrypt or both sides of key setup
2891 * note: use wc_encrypt to avoid shadowing global encrypt
2892 * declared in unistd.h
2893 */
2894int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
2895{
2896 int devId = INVALID_DEVID, ret, copy = 0;
2897 Ciphers* wc_encrypt = NULL;
2898 Ciphers* wc_decrypt = NULL;
2899 Keys* keys = &ssl->keys;
2900
2901 (void)copy;
2902
2903#ifdef WOLFSSL_ASYNC_CRYPT
2904 devId = ssl->devId;
2905#endif
2906
2907#ifdef HAVE_SECURE_RENEGOTIATION
2908 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) {
2909 keys = &ssl->secure_renegotiation->tmp_keys;
2910 copy = 1;
2911 }
2912#endif /* HAVE_SECURE_RENEGOTIATION */
2913
2914 switch (side) {
2915 case ENCRYPT_SIDE_ONLY:
2916#ifdef WOLFSSL_DEBUG_TLS
2917 WOLFSSL_MSG("Provisioning ENCRYPT key");
2918 if (ssl->options.side == WOLFSSL_CLIENT_END) {
2919 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE);
2920 }
2921 else {
2922 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE);
2923 }
2924#endif
2925 wc_encrypt = &ssl->encrypt;
2926 break;
2927
2928 case DECRYPT_SIDE_ONLY:
2929#ifdef WOLFSSL_DEBUG_TLS
2930 WOLFSSL_MSG("Provisioning DECRYPT key");
2931 if (ssl->options.side == WOLFSSL_CLIENT_END) {
2932 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE);
2933 }
2934 else {
2935 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE);
2936 }
2937#endif
2938 wc_decrypt = &ssl->decrypt;
2939 break;
2940
2941 case ENCRYPT_AND_DECRYPT_SIDE:
2942#ifdef WOLFSSL_DEBUG_TLS
2943 WOLFSSL_MSG("Provisioning ENCRYPT key");
2944 if (ssl->options.side == WOLFSSL_CLIENT_END) {
2945 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE);
2946 }
2947 else {
2948 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE);
2949 }
2950 WOLFSSL_MSG("Provisioning DECRYPT key");
2951 if (ssl->options.side == WOLFSSL_CLIENT_END) {
2952 WOLFSSL_BUFFER(ssl->keys.server_write_key, AES_256_KEY_SIZE);
2953 }
2954 else {
2955 WOLFSSL_BUFFER(ssl->keys.client_write_key, AES_256_KEY_SIZE);
2956 }
2957#endif
2958 wc_encrypt = &ssl->encrypt;
2959 wc_decrypt = &ssl->decrypt;
2960 break;
2961
2962 default:
2963 return BAD_FUNC_ARG;
2964 }
2965
2966#ifdef HAVE_ONE_TIME_AUTH
2967 if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){
2968 ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, devId);
2969 if (ret != 0)
2970 return ret;
2971 }
2972#endif
2973
2974 ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
2975 ssl->heap, devId);
2976
2977#ifdef HAVE_SECURE_RENEGOTIATION
2978 if (copy) {
2979 int clientCopy = 0;
2980
2981 if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt)
2982 clientCopy = 1;
2983 else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt)
2984 clientCopy = 1;
2985
2986 if (clientCopy) {
2987 XMEMCPY(ssl->keys.client_write_MAC_secret,
2988 keys->client_write_MAC_secret, MAX_DIGEST_SIZE);
2989 XMEMCPY(ssl->keys.client_write_key,
2990 keys->client_write_key, AES_256_KEY_SIZE);
2991 XMEMCPY(ssl->keys.client_write_IV,
2992 keys->client_write_IV, MAX_WRITE_IV_SZ);
2993 } else {
2994 XMEMCPY(ssl->keys.server_write_MAC_secret,
2995 keys->server_write_MAC_secret, MAX_DIGEST_SIZE);
2996 XMEMCPY(ssl->keys.server_write_key,
2997 keys->server_write_key, AES_256_KEY_SIZE);
2998 XMEMCPY(ssl->keys.server_write_IV,
2999 keys->server_write_IV, MAX_WRITE_IV_SZ);
3000 }
3001 if (wc_encrypt) {
3002 ssl->keys.sequence_number_hi = keys->sequence_number_hi;
3003 ssl->keys.sequence_number_lo = keys->sequence_number_lo;
3004 #ifdef HAVE_AEAD
3005 if (ssl->specs.cipher_type == aead) {
3006 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3007 XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
3008 AEAD_MAX_EXP_SZ);
3009
3010 /* Initialize encrypt implicit IV by encrypt side */
3011 if (ssl->options.side == WOLFSSL_CLIENT_END) {
3012 XMEMCPY(ssl->keys.aead_enc_imp_IV,
3013 keys->client_write_IV, AEAD_MAX_IMP_SZ);
3014 } else {
3015 XMEMCPY(ssl->keys.aead_enc_imp_IV,
3016 keys->server_write_IV, AEAD_MAX_IMP_SZ);
3017 }
3018 }
3019 #endif
3020 }
3021 if (wc_decrypt) {
3022 ssl->keys.peer_sequence_number_hi = keys->peer_sequence_number_hi;
3023 ssl->keys.peer_sequence_number_lo = keys->peer_sequence_number_lo;
3024 #ifdef HAVE_AEAD
3025 if (ssl->specs.cipher_type == aead) {
3026 /* Initialize decrypt implicit IV by decrypt side */
3027 if (ssl->options.side == WOLFSSL_SERVER_END) {
3028 XMEMCPY(ssl->keys.aead_dec_imp_IV,
3029 keys->client_write_IV, AEAD_MAX_IMP_SZ);
3030 } else {
3031 XMEMCPY(ssl->keys.aead_dec_imp_IV,
3032 keys->server_write_IV, AEAD_MAX_IMP_SZ);
3033 }
3034 }
3035 #endif
3036 }
3037 CacheStatusPP(ssl->secure_renegotiation);
3038 }
3039#endif /* HAVE_SECURE_RENEGOTIATION */
3040
3041 return ret;
3042}
3043
3044
3045/* TLS can call too */
3046int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
3047{
3048 int sz, i = 0;
3049 Keys* keys = &ssl->keys;
3050
3051#ifdef HAVE_SECURE_RENEGOTIATION
3052 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status ==
3053 SCR_CACHE_NEEDED) {
3054 keys = &ssl->secure_renegotiation->tmp_keys;
3055 CacheStatusPP(ssl->secure_renegotiation);
3056 }
3057#endif /* HAVE_SECURE_RENEGOTIATION */
3058
3059#ifdef WOLFSSL_MULTICAST
3060 if (ssl->options.haveMcast) {
3061 /* Use the same keys for encrypt and decrypt. */
3062 if (ssl->specs.cipher_type != aead) {
3063 sz = ssl->specs.hash_size;
3064 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3065 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3066 i += sz;
3067 }
3068 sz = ssl->specs.key_size;
3069 XMEMCPY(keys->client_write_key, &keyData[i], sz);
3070 XMEMCPY(keys->server_write_key, &keyData[i], sz);
3071 i += sz;
3072
3073 sz = ssl->specs.iv_size;
3074 XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3075 XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3076
3077#ifdef HAVE_AEAD
3078 if (ssl->specs.cipher_type == aead) {
3079 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3080 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3081 }
3082#endif /* HAVE_AEAD */
3083
3084 return 0;
3085 }
3086#endif /* WOLFSSL_MULTICAST */
3087
3088 if (ssl->specs.cipher_type != aead) {
3089 sz = ssl->specs.hash_size;
3090 if (side & PROVISION_CLIENT) {
3091 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3092 i += sz;
3093 }
3094 if (side & PROVISION_SERVER) {
3095 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3096 i += sz;
3097 }
3098 }
3099 sz = ssl->specs.key_size;
3100 if (side & PROVISION_CLIENT) {
3101 XMEMCPY(keys->client_write_key, &keyData[i], sz);
3102 i += sz;
3103 }
3104 if (side & PROVISION_SERVER) {
3105 XMEMCPY(keys->server_write_key, &keyData[i], sz);
3106 i += sz;
3107 }
3108
3109 sz = ssl->specs.iv_size;
3110 if (side & PROVISION_CLIENT) {
3111 XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3112 i += sz;
3113 }
3114 if (side & PROVISION_SERVER)
3115 XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3116
3117#ifdef HAVE_AEAD
3118 if (ssl->specs.cipher_type == aead) {
3119 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3120 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3121 }
3122#endif
3123
3124 return 0;
3125}
3126
3127#ifndef NO_OLD_TLS
3128int DeriveKeys(WOLFSSL* ssl)
3129{
3130 int length = 2 * ssl->specs.hash_size +
3131 2 * ssl->specs.key_size +
3132 2 * ssl->specs.iv_size;
3133 int rounds = (length + WC_MD5_DIGEST_SIZE - 1 ) / WC_MD5_DIGEST_SIZE, i;
3134 int ret = 0;
3135
3136#ifdef WOLFSSL_SMALL_STACK
3137 byte* shaOutput;
3138 byte* md5Input;
3139 byte* shaInput;
3140 byte* keyData;
3141 wc_Md5* md5;
3142 wc_Sha* sha;
3143#else
3144 byte shaOutput[WC_SHA_DIGEST_SIZE];
3145 byte md5Input[SECRET_LEN + WC_SHA_DIGEST_SIZE];
3146 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
3147 byte keyData[KEY_PREFIX * WC_MD5_DIGEST_SIZE];
3148 wc_Md5 md5[1];
3149 wc_Sha sha[1];
3150#endif
3151
3152#ifdef WOLFSSL_SMALL_STACK
3153 shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3154 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3155 md5Input = (byte*)XMALLOC(SECRET_LEN + WC_SHA_DIGEST_SIZE,
3156 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3157 shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN,
3158 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3159 keyData = (byte*)XMALLOC(KEY_PREFIX * WC_MD5_DIGEST_SIZE,
3160 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3161 md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3162 sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3163
3164 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3165 keyData == NULL || md5 == NULL || sha == NULL) {
3166 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3167 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3168 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3169 if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3170 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3171 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3172
3173 return MEMORY_E;
3174 }
3175#endif
3176
3177 ret = wc_InitMd5(md5);
3178 if (ret == 0) {
3179 ret = wc_InitSha(sha);
3180 }
3181 if (ret == 0) {
3182 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
3183
3184 for (i = 0; i < rounds; ++i) {
3185 int j = i + 1;
3186 int idx = j;
3187
3188 if (!SetPrefix(shaInput, i)) {
3189 ret = PREFIX_ERROR;
3190 break;
3191 }
3192
3193 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
3194 idx += SECRET_LEN;
3195 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3196 idx += RAN_LEN;
3197 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3198 if (ret == 0) {
3199 ret = wc_ShaUpdate(sha, shaInput,
3200 (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j);
3201 }
3202 if (ret == 0) {
3203 ret = wc_ShaFinal(sha, shaOutput);
3204 }
3205
3206 XMEMCPY(md5Input + SECRET_LEN, shaOutput, WC_SHA_DIGEST_SIZE);
3207 if (ret == 0) {
3208 ret = wc_Md5Update(md5, md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE);
3209 }
3210 if (ret == 0) {
3211 ret = wc_Md5Final(md5, keyData + i * WC_MD5_DIGEST_SIZE);
3212 }
3213 }
3214
3215 if (ret == 0)
3216 ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER);
3217 }
3218
3219#ifdef WOLFSSL_SMALL_STACK
3220 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3221 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3222 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3223 XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3224 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3225 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3226#endif
3227
3228 return ret;
3229}
3230
3231
3232static int CleanPreMaster(WOLFSSL* ssl)
3233{
3234 int i, ret, sz = ssl->arrays->preMasterSz;
3235
3236 for (i = 0; i < sz; i++)
3237 ssl->arrays->preMasterSecret[i] = 0;
3238
3239 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
3240 if (ret != 0)
3241 return ret;
3242
3243 for (i = 0; i < sz; i++)
3244 ssl->arrays->preMasterSecret[i] = 0;
3245
3246 return 0;
3247}
3248
3249
3250/* Create and store the master secret see page 32, 6.1 */
3251static int MakeSslMasterSecret(WOLFSSL* ssl)
3252{
3253 int i, ret;
3254 word32 idx;
3255 word32 pmsSz = ssl->arrays->preMasterSz;
3256
3257#ifdef WOLFSSL_SMALL_STACK
3258 byte* shaOutput;
3259 byte* md5Input;
3260 byte* shaInput;
3261 wc_Md5* md5;
3262 wc_Sha* sha;
3263#else
3264 byte shaOutput[WC_SHA_DIGEST_SIZE];
3265 byte md5Input[ENCRYPT_LEN + WC_SHA_DIGEST_SIZE];
3266 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
3267 wc_Md5 md5[1];
3268 wc_Sha sha[1];
3269#endif
3270
3271#ifdef SHOW_SECRETS
3272 {
3273 word32 j;
3274 printf("pre master secret: ");
3275 for (j = 0; j < pmsSz; j++)
3276 printf("%02x", ssl->arrays->preMasterSecret[j]);
3277 printf("\n");
3278 }
3279#endif
3280
3281#ifdef WOLFSSL_SMALL_STACK
3282 shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3283 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3284 md5Input = (byte*)XMALLOC(ENCRYPT_LEN + WC_SHA_DIGEST_SIZE,
3285 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3286 shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN,
3287 NULL, DYNAMIC_TYPE_TMP_BUFFER);
3288 md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3289 sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3290
3291 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3292 md5 == NULL || sha == NULL) {
3293 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3294 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3295 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3296 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3297 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3298
3299 return MEMORY_E;
3300 }
3301#endif
3302
3303 ret = wc_InitMd5(md5);
3304 if (ret == 0) {
3305 ret = wc_InitSha(sha);
3306 }
3307 if (ret == 0) {
3308 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
3309
3310 for (i = 0; i < MASTER_ROUNDS; ++i) {
3311 byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */
3312 if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */
3313 ret = PREFIX_ERROR;
3314 break;
3315 }
3316
3317 idx = 0;
3318 XMEMCPY(shaInput, prefix, i + 1);
3319 idx += i + 1;
3320
3321 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
3322 idx += pmsSz;
3323 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3324 idx += RAN_LEN;
3325 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3326 idx += RAN_LEN;
3327 if (ret == 0) {
3328 ret = wc_ShaUpdate(sha, shaInput, idx);
3329 }
3330 if (ret == 0) {
3331 ret = wc_ShaFinal(sha, shaOutput);
3332 }
3333 idx = pmsSz; /* preSz */
3334 XMEMCPY(md5Input + idx, shaOutput, WC_SHA_DIGEST_SIZE);
3335 idx += WC_SHA_DIGEST_SIZE;
3336 if (ret == 0) {
3337 ret = wc_Md5Update(md5, md5Input, idx);
3338 }
3339 if (ret == 0) {
3340 ret = wc_Md5Final(md5,
3341 &ssl->arrays->masterSecret[i * WC_MD5_DIGEST_SIZE]);
3342 }
3343 }
3344
3345#ifdef SHOW_SECRETS
3346 {
3347 word32 j;
3348 printf("master secret: ");
3349 for (j = 0; j < SECRET_LEN; j++)
3350 printf("%02x", ssl->arrays->masterSecret[j]);
3351 printf("\n");
3352 }
3353#endif
3354
3355 if (ret == 0)
3356 ret = DeriveKeys(ssl);
3357 }
3358
3359#ifdef WOLFSSL_SMALL_STACK
3360 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3361 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3362 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3363 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3364 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3365#endif
3366
3367 if (ret == 0)
3368 ret = CleanPreMaster(ssl);
3369 else
3370 CleanPreMaster(ssl);
3371
3372 return ret;
3373}
3374#endif
3375
3376
3377/* Master wrapper, doesn't use SSL stack space in TLS mode */
3378int MakeMasterSecret(WOLFSSL* ssl)
3379{
3380 /* append secret to premaster : premaster | SerSi | CliSi */
3381#ifdef HAVE_QSH
3382 word32 offset = 0;
3383
3384 if (ssl->peerQSHKeyPresent) {
3385 offset += ssl->arrays->preMasterSz;
3386 ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length +
3387 ssl->QSH_secret->SerSi->length;
3388 /* test and set flag if QSH has been used */
3389 if (ssl->QSH_secret->CliSi->length > 0 ||
3390 ssl->QSH_secret->SerSi->length > 0)
3391 ssl->isQSH = 1;
3392
3393 /* append secrets to the premaster */
3394 if (ssl->QSH_secret->SerSi != NULL) {
3395 XMEMCPY(ssl->arrays->preMasterSecret + offset,
3396 ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length);
3397 }
3398 offset += ssl->QSH_secret->SerSi->length;
3399 if (ssl->QSH_secret->CliSi != NULL) {
3400 XMEMCPY(ssl->arrays->preMasterSecret + offset,
3401 ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length);
3402 }
3403
3404 /* show secret SerSi and CliSi */
3405 #ifdef SHOW_SECRETS
3406 {
3407 word32 j;
3408 printf("QSH generated secret material\n");
3409 printf("SerSi : ");
3410 for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) {
3411 printf("%02x", ssl->QSH_secret->SerSi->buffer[j]);
3412 }
3413 printf("\n");
3414 printf("CliSi : ");
3415 for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) {
3416 printf("%02x", ssl->QSH_secret->CliSi->buffer[j]);
3417 }
3418 printf("\n");
3419 }
3420 #endif
3421 }
3422#endif
3423
3424#ifdef NO_OLD_TLS
3425 return MakeTlsMasterSecret(ssl);
3426#elif !defined(NO_TLS)
3427 if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
3428#endif
3429
3430#ifndef NO_OLD_TLS
3431 return MakeSslMasterSecret(ssl);
3432#endif
3433}
3434
3435#endif /* WOLFCRYPT_ONLY */
3436
Note: See TracBrowser for help on using the repository browser.