diff --git a/.gitignore b/.gitignore index 14c06cacc..232120497 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,5 @@ sslSniffer/sslSnifferTest/tracefile.txt *.bak NTRU_algorithm/ build-test/ +build/ +cyassl.xcodeproj/ diff --git a/include/cyassl_int.h b/include/cyassl_int.h index 684237551..62c5d2a87 100644 --- a/include/cyassl_int.h +++ b/include/cyassl_int.h @@ -123,6 +123,10 @@ typedef byte word24[3]; #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA #endif + #if !defined (NO_SHA256) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 + #endif #endif #if !defined(NO_HC128) && !defined(NO_TLS) @@ -220,7 +224,11 @@ enum { TLS_NTRU_RSA_WITH_RC4_128_SHA = 0x65, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0x66, TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0x67, - TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0x68 + TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0x68, + + /* SHA256 */ + TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, + TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c }; @@ -292,7 +300,7 @@ enum Misc { KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ MAX_PRF_HALF = 128, /* Maximum half secret len */ MAX_PRF_LABSEED = 80, /* Maximum label + seed len */ - MAX_PRF_DIG = 148, /* Maximum digest len */ + MAX_PRF_DIG = 224, /* Maximum digest len */ MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ @@ -707,8 +715,8 @@ enum CipherType { stream, block }; /* keys and secrets */ typedef struct Keys { - byte client_write_MAC_secret[SHA_DIGEST_SIZE]; /* max sizes */ - byte server_write_MAC_secret[SHA_DIGEST_SIZE]; + byte client_write_MAC_secret[SHA256_DIGEST_SIZE]; /* max sizes */ + byte server_write_MAC_secret[SHA256_DIGEST_SIZE]; byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */ byte server_write_key[AES_256_KEY_SIZE]; byte client_write_IV[AES_IV_SIZE]; /* max sizes */ diff --git a/src/cyassl_int.c b/src/cyassl_int.c index ffdc9ae7e..cde43f9d7 100644 --- a/src/cyassl_int.c +++ b/src/cyassl_int.c @@ -394,7 +394,8 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK, byte haveNTRU, byte haveECDSA, int side) { word32 idx = 0; - int tls = pv.major == 3 && pv.minor >= 1; + int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR; + int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR; int haveRSA = 1; (void)tls; /* shut up compiler */ @@ -507,6 +508,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK, } #endif +#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 + if (tls1_2 && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256; + } +#endif + +#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 + if (tls1_2 && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256; + } +#endif + #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA if (tls && haveRSA) { suites->suites[idx++] = 0; @@ -1522,7 +1537,7 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx) int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx, int sniff) { - byte verifyMAC[SHA_DIGEST_SIZE]; + byte verifyMAC[SHA256_DIGEST_SIZE]; int finishedSz = ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ; int headerSz = HANDSHAKE_HEADER_SZ; word32 macSz = finishedSz + HANDSHAKE_HEADER_SZ, @@ -1795,7 +1810,7 @@ int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx) byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif - byte verify[SHA_DIGEST_SIZE]; + byte verify[SHA256_DIGEST_SIZE]; const byte* mac; if (ssl->specs.cipher_type == block) { @@ -1881,7 +1896,7 @@ static int DoAlert(SSL* ssl, byte* input, word32* inOutIdx, int* type) if (ssl->keys.encryptionOn) { int aSz = ALERT_SIZE; const byte* mac; - byte verify[SHA_DIGEST_SIZE]; + byte verify[SHA256_DIGEST_SIZE]; int padSz = ssl->keys.encryptSz - aSz - ssl->specs.hash_size; ssl->hmac(ssl, verify, input + *inOutIdx - aSz, aSz, alert, 1); @@ -2246,7 +2261,7 @@ static INLINE const byte* GetMacSecret(SSL* ssl, int verify) static void Hmac(SSL* ssl, byte* digest, const byte* buffer, word32 sz, int content, int verify) { - byte result[SHA_DIGEST_SIZE]; /* max possible sizes */ + byte result[SHA256_DIGEST_SIZE]; /* max possible sizes */ word32 digestSz = ssl->specs.hash_size; /* actual sizes */ word32 padSz = ssl->specs.pad_size; @@ -3155,6 +3170,13 @@ const char* const cipher_names[] = "ECDHE-ECDSA-DES-CBC3-SHA", #endif +#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 + "AES128-SHA256", +#endif + +#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 + "AES256-SHA256", +#endif }; @@ -3259,6 +3281,13 @@ int cipher_name_idx[] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, #endif +#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 + TLS_RSA_WITH_AES_128_CBC_SHA256, +#endif + +#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 + TLS_RSA_WITH_AES_256_CBC_SHA256, +#endif }; diff --git a/src/keys.c b/src/keys.c index 3a51f7fb2..929a65c1c 100644 --- a/src/keys.c +++ b/src/keys.c @@ -267,6 +267,21 @@ int SetCipherSpecs(SSL* ssl) break; #endif +#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 + case TLS_RSA_WITH_AES_128_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + break; +#endif + #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : ssl->specs.bulk_cipher_algorithm = aes; @@ -297,6 +312,21 @@ int SetCipherSpecs(SSL* ssl) break; #endif +#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 + case TLS_RSA_WITH_AES_256_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + break; +#endif + #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : ssl->specs.bulk_cipher_algorithm = aes; diff --git a/src/ssl.c b/src/ssl.c index 68be3614b..1312dcb51 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2776,6 +2776,10 @@ int CyaSSL_set_compression(SSL* ssl) return "TLS_RSA_WITH_AES_128_CBC_SHA"; case TLS_RSA_WITH_AES_256_CBC_SHA : return "TLS_RSA_WITH_AES_256_CBC_SHA"; + case TLS_RSA_WITH_AES_128_CBC_SHA256 : + return "TLS_RSA_WITH_AES_128_CBC_SHA256"; + case TLS_RSA_WITH_AES_256_CBC_SHA256 : + return "TLS_RSA_WITH_AES_256_CBC_SHA256"; case TLS_PSK_WITH_AES_128_CBC_SHA : return "TLS_PSK_WITH_AES_128_CBC_SHA"; case TLS_PSK_WITH_AES_256_CBC_SHA : diff --git a/src/tls.c b/src/tls.c index d6dd003e5..1ea48e882 100644 --- a/src/tls.c +++ b/src/tls.c @@ -298,7 +298,7 @@ static INLINE const byte* GetMacSecret(SSL* ssl, int verify) /*** end copy ***/ -/* TLS type HAMC */ +/* TLS type HMAC */ void TLS_hmac(SSL* ssl, byte* digest, const byte* buffer, word32 sz, int content, int verify) { @@ -317,8 +317,10 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* buffer, word32 sz, if (ssl->specs.mac_algorithm == md5_mac) type = MD5; - else + else if (ssl->specs.mac_algorithm == sha_mac) type = SHA; + else + type = SHA256; HmacSetKey(&hmac, type, GetMacSecret(ssl, verify), ssl->specs.hash_size); HmacUpdate(&hmac, seq, SEQ_SZ); /* seq_num */