mirror of https://github.com/wolfSSL/wolfssl.git
first static ECDH suite
parent
225fba5c8d
commit
a54f51d886
|
@ -1599,7 +1599,7 @@ static int GetValidity(DecodedCert* cert, int verify)
|
|||
}
|
||||
|
||||
|
||||
static int DecodeToKey(DecodedCert* cert, int verify)
|
||||
int DecodeToKey(DecodedCert* cert, int verify)
|
||||
{
|
||||
int badDate = 0;
|
||||
int ret;
|
||||
|
|
|
@ -267,6 +267,7 @@ CYASSL_TEST_API int ParseCert(DecodedCert*, int type, int verify,
|
|||
|
||||
CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,
|
||||
Signer* signer);
|
||||
CYASSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
|
||||
|
||||
CYASSL_LOCAL word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,
|
||||
int hashOID);
|
||||
|
|
|
@ -169,6 +169,8 @@ void c32to24(word32 in, word24 out);
|
|||
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
||||
|
||||
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
#endif
|
||||
#if !defined(NO_RC4)
|
||||
#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
|
||||
|
@ -235,6 +237,10 @@ enum {
|
|||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
|
||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
|
||||
|
||||
/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
|
||||
|
||||
|
||||
/* CyaSSL extension - eSTREAM */
|
||||
TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB,
|
||||
TLS_RSA_WITH_HC_128_CBC_SHA = 0xFC,
|
||||
|
@ -620,7 +626,8 @@ struct CYASSL_CTX {
|
|||
byte sendVerify; /* for client side */
|
||||
byte haveDH; /* server DH parms set by user */
|
||||
byte haveNTRU; /* server private NTRU key loaded */
|
||||
byte haveECDSA; /* server private ECDSA key loaded */
|
||||
byte haveECDSA; /* server cert signed w/ ECDSA loaded */
|
||||
byte haveStaticECC; /* static server ECC private key */
|
||||
byte partialWrite; /* only one msg per write call */
|
||||
byte quietShutdown; /* don't send close notify */
|
||||
byte groupMessages; /* group handshake messages before sending */
|
||||
|
@ -671,6 +678,7 @@ typedef struct CipherSpecs {
|
|||
byte sig_algo;
|
||||
byte hash_size;
|
||||
byte pad_size;
|
||||
byte static_ecdh;
|
||||
word16 key_size;
|
||||
word16 iv_size;
|
||||
word16 block_size;
|
||||
|
@ -933,7 +941,8 @@ typedef struct Options {
|
|||
byte usingCompression; /* are we using compression */
|
||||
byte haveDH; /* server DH parms set by user */
|
||||
byte haveNTRU; /* server NTRU private key loaded */
|
||||
byte haveECDSA; /* server ECDSA private key loaded */
|
||||
byte haveECDSA; /* server ECDSA signed cert */
|
||||
byte haveStaticECC; /* static server ECC private key */
|
||||
byte havePeerCert; /* do we have peer's cert */
|
||||
byte usingPSK_cipher; /* whether we're using psk as cipher */
|
||||
byte sendAlertState; /* nonblocking resume */
|
||||
|
|
|
@ -335,6 +335,7 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
|
|||
ctx->haveDH = 0;
|
||||
ctx->haveNTRU = 0; /* start off */
|
||||
ctx->haveECDSA = 0; /* start off */
|
||||
ctx->haveStaticECC = 0; /* start off */
|
||||
ctx->heap = ctx; /* defaults to self */
|
||||
#ifndef NO_PSK
|
||||
ctx->havePSK = 0;
|
||||
|
@ -444,6 +445,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||
int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
|
||||
int haveRSA = 1;
|
||||
|
||||
/* TAO temp fix */
|
||||
int haveStaticECC = 1;
|
||||
|
||||
(void)tls; /* shut up compiler */
|
||||
(void)haveDH;
|
||||
(void)havePSK;
|
||||
|
@ -495,6 +499,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
if (tls && haveECDSA && haveStaticECC) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||
if (tls && haveECDSA) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
|
@ -755,7 +766,8 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||
ssl->options.haveDH = 0;
|
||||
ssl->options.haveNTRU = ctx->haveNTRU;
|
||||
ssl->options.haveECDSA = ctx->haveECDSA;
|
||||
ssl->options.havePeerCert = 0;
|
||||
ssl->options.haveStaticECC = ctx->haveStaticECC;
|
||||
ssl->options.havePeerCert = 0;
|
||||
ssl->options.usingPSK_cipher = 0;
|
||||
ssl->options.sendAlertState = 0;
|
||||
#ifndef NO_PSK
|
||||
|
@ -3544,8 +3556,13 @@ const char* const cipher_names[] =
|
|||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||
"DHE-RSA-AES256-SHA256"
|
||||
"DHE-RSA-AES256-SHA256",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
"ECDH-ECDSA-AES256-SHA"
|
||||
#endif
|
||||
|
||||
};
|
||||
|
||||
|
||||
|
@ -3663,8 +3680,13 @@ int cipher_name_idx[] =
|
|||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
#endif
|
||||
|
||||
};
|
||||
|
||||
|
||||
|
@ -4068,6 +4090,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||
return ret;
|
||||
}
|
||||
else
|
||||
CYASSL_MSG("Unsupported cipher suite, DoServerHello");
|
||||
return UNSUPPORTED_SUITE;
|
||||
}
|
||||
else {
|
||||
|
@ -4449,14 +4472,24 @@ int SetCipherList(Suites* s, const char* list)
|
|||
#endif /* HAVE_NTRU */
|
||||
#ifdef HAVE_ECC
|
||||
} else if (ssl->specs.kea == ecc_diffie_hellman_kea) {
|
||||
ecc_key myKey;
|
||||
word32 size = sizeof(encSecret);
|
||||
ecc_key myKey;
|
||||
ecc_key* peerKey = &myKey;
|
||||
word32 size = sizeof(encSecret);
|
||||
|
||||
if (!ssl->peerEccKeyPresent || !ssl->peerEccKey.dp)
|
||||
return NO_PEER_KEY;
|
||||
if (ssl->specs.static_ecdh) {
|
||||
/* TODO: EccDsa is really fixed Ecc change naming */
|
||||
if (!ssl->peerEccDsaKeyPresent || !ssl->peerEccDsaKey.dp)
|
||||
return NO_PEER_KEY;
|
||||
peerKey = &ssl->peerEccDsaKey;
|
||||
}
|
||||
else {
|
||||
if (!ssl->peerEccKeyPresent || !ssl->peerEccKey.dp)
|
||||
return NO_PEER_KEY;
|
||||
peerKey = &ssl->peerEccKey;
|
||||
}
|
||||
|
||||
ecc_init(&myKey);
|
||||
ret = ecc_make_key(&ssl->rng, ssl->peerEccKey.dp->size, &myKey);
|
||||
ret = ecc_make_key(&ssl->rng, peerKey->dp->size, &myKey);
|
||||
if (ret != 0)
|
||||
return ECC_MAKEKEY_ERROR;
|
||||
|
||||
|
@ -4469,7 +4502,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||
ret = ECC_EXPORT_ERROR;
|
||||
else {
|
||||
size = sizeof(ssl->arrays.preMasterSecret);
|
||||
ret = ecc_shared_secret(&myKey, &ssl->peerEccKey,
|
||||
ret = ecc_shared_secret(&myKey, peerKey,
|
||||
ssl->arrays.preMasterSecret, &size);
|
||||
if (ret != 0)
|
||||
ret = ECC_SHARED_ERROR;
|
||||
|
@ -4880,9 +4913,15 @@ int SetCipherList(Suites* s, const char* list)
|
|||
RsaKey rsaKey;
|
||||
ecc_key dsaKey;
|
||||
|
||||
if (ssl->specs.static_ecdh) {
|
||||
CYASSL_MSG("Using Static ECDH, not sending ServerKeyExchagne");
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* curve type, named curve, length(1) */
|
||||
length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
|
||||
/* pub key size */
|
||||
CYASSL_MSG("Using ephemeral ECDH");
|
||||
if (ecc_export_x963(&ssl->eccTempKey, exportBuf, &expSz) != 0)
|
||||
return ECC_EXPORT_ERROR;
|
||||
length += expSz;
|
||||
|
@ -5386,8 +5425,10 @@ int SetCipherList(Suites* s, const char* list)
|
|||
ssl->options.resuming = 0;
|
||||
break; /* session lookup failed */
|
||||
}
|
||||
if (MatchSuite(ssl, &clSuites) < 0)
|
||||
if (MatchSuite(ssl, &clSuites) < 0) {
|
||||
CYASSL_MSG("Unsupported cipher suite, OldClientHello");
|
||||
return UNSUPPORTED_SUITE;
|
||||
}
|
||||
|
||||
RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
||||
if (ssl->options.tls)
|
||||
|
@ -5540,8 +5581,10 @@ int SetCipherList(Suites* s, const char* list)
|
|||
CYASSL_MSG("Session lookup for resume failed");
|
||||
break; /* session lookup failed */
|
||||
}
|
||||
if (MatchSuite(ssl, &clSuites) < 0)
|
||||
if (MatchSuite(ssl, &clSuites) < 0) {
|
||||
CYASSL_MSG("Unsupported cipher suite, ClientHello");
|
||||
return UNSUPPORTED_SUITE;
|
||||
}
|
||||
|
||||
RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
||||
if (ssl->options.tls)
|
||||
|
@ -5839,7 +5882,20 @@ int SetCipherList(Suites* s, const char* list)
|
|||
ssl->peerEccKeyPresent = 1;
|
||||
|
||||
size = sizeof(ssl->arrays.preMasterSecret);
|
||||
ret = ecc_shared_secret(&ssl->eccTempKey, &ssl->peerEccKey,
|
||||
if (ssl->specs.static_ecdh) {
|
||||
ecc_key staticKey;
|
||||
word32 i = 0;
|
||||
|
||||
ecc_init(&staticKey);
|
||||
ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
|
||||
&staticKey, ssl->buffers.key.length);
|
||||
if (ret == 0)
|
||||
ret = ecc_shared_secret(&staticKey, &ssl->peerEccKey,
|
||||
ssl->arrays.preMasterSecret, &size);
|
||||
ecc_free(&staticKey);
|
||||
}
|
||||
else
|
||||
ret = ecc_shared_secret(&ssl->eccTempKey, &ssl->peerEccKey,
|
||||
ssl->arrays.preMasterSecret, &size);
|
||||
if (ret != 0)
|
||||
return ECC_SHARED_ERROR;
|
||||
|
|
48
src/keys.c
48
src/keys.c
|
@ -48,6 +48,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -64,6 +65,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = DES3_KEY_SIZE;
|
||||
ssl->specs.block_size = DES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = DES_IV_SIZE;
|
||||
|
@ -80,6 +82,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = RC4_KEY_SIZE;
|
||||
ssl->specs.iv_size = 0;
|
||||
ssl->specs.block_size = 0;
|
||||
|
@ -96,6 +99,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = DES3_KEY_SIZE;
|
||||
ssl->specs.block_size = DES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = DES_IV_SIZE;
|
||||
|
@ -112,6 +116,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = RC4_KEY_SIZE;
|
||||
ssl->specs.iv_size = 0;
|
||||
ssl->specs.block_size = 0;
|
||||
|
@ -128,6 +133,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -144,6 +150,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -160,6 +167,24 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
|
||||
ssl->specs.bulk_cipher_algorithm = aes;
|
||||
ssl->specs.cipher_type = block;
|
||||
ssl->specs.mac_algorithm = sha_mac;
|
||||
ssl->specs.kea = ecc_diffie_hellman_kea;
|
||||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 1;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -168,6 +193,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
#endif
|
||||
|
||||
default:
|
||||
CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
|
||||
return UNSUPPORTED_SUITE;
|
||||
} /* switch */
|
||||
} /* if */
|
||||
|
@ -183,6 +209,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = rsa_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = RC4_KEY_SIZE;
|
||||
ssl->specs.iv_size = 0;
|
||||
ssl->specs.block_size = 0;
|
||||
|
@ -198,6 +225,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = ntru_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = RC4_KEY_SIZE;
|
||||
ssl->specs.iv_size = 0;
|
||||
ssl->specs.block_size = 0;
|
||||
|
@ -213,6 +241,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = rsa_kea;
|
||||
ssl->specs.hash_size = MD5_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_MD5;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = RC4_KEY_SIZE;
|
||||
ssl->specs.iv_size = 0;
|
||||
ssl->specs.block_size = 0;
|
||||
|
@ -228,6 +257,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = rsa_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = DES3_KEY_SIZE;
|
||||
ssl->specs.block_size = DES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = DES_IV_SIZE;
|
||||
|
@ -243,6 +273,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = ntru_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = DES3_KEY_SIZE;
|
||||
ssl->specs.block_size = DES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = DES_IV_SIZE;
|
||||
|
@ -258,6 +289,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = rsa_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -273,6 +305,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = rsa_kea;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -288,6 +321,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = ntru_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -303,6 +337,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = rsa_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -318,6 +353,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = rsa_kea;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -333,6 +369,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = ntru_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -348,6 +385,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = psk_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -364,6 +402,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = psk_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -381,6 +420,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -397,6 +437,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -413,6 +454,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -429,6 +471,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.sig_algo = rsa_sa_algo;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
@ -444,6 +487,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = rsa_kea;
|
||||
ssl->specs.hash_size = MD5_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_MD5;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = HC_128_KEY_SIZE;
|
||||
ssl->specs.block_size = 0;
|
||||
ssl->specs.iv_size = HC_128_IV_SIZE;
|
||||
|
@ -459,6 +503,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = rsa_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = HC_128_KEY_SIZE;
|
||||
ssl->specs.block_size = 0;
|
||||
ssl->specs.iv_size = HC_128_IV_SIZE;
|
||||
|
@ -474,6 +519,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
ssl->specs.kea = rsa_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = RABBIT_KEY_SIZE;
|
||||
ssl->specs.block_size = 0;
|
||||
ssl->specs.iv_size = RABBIT_IV_SIZE;
|
||||
|
@ -482,7 +528,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||
#endif
|
||||
|
||||
default:
|
||||
CYASSL_MSG("Unsupported cipher suite");
|
||||
CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs");
|
||||
return UNSUPPORTED_SUITE;
|
||||
} /* switch */
|
||||
} /* if ECC / Normal suites else */
|
||||
|
|
32
src/ssl.c
32
src/ssl.c
|
@ -996,10 +996,37 @@ int AddCA(CYASSL_CTX* ctx, buffer der, int type)
|
|||
return SSL_BAD_FILE;
|
||||
}
|
||||
ecc_free(&key);
|
||||
ctx->haveECDSA = 1;
|
||||
ctx->haveStaticECC = 1;
|
||||
if (ssl)
|
||||
ssl->options.haveStaticECC = 1;
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
}
|
||||
else if (type == CERT_TYPE) {
|
||||
int ret;
|
||||
DecodedCert cert;
|
||||
|
||||
CYASSL_MSG("Checking cert signature type");
|
||||
InitDecodedCert(&cert, der.buffer, der.length, ctx->heap);
|
||||
|
||||
if ((ret = DecodeToKey(&cert, 0)) < 0) {
|
||||
CYASSL_MSG("Decode to key failed");
|
||||
return SSL_BAD_FILE;
|
||||
}
|
||||
switch (cert.signatureOID) {
|
||||
case CTC_SHAwECDSA:
|
||||
case CTC_SHA256wECDSA:
|
||||
case CTC_SHA384wECDSA:
|
||||
case CTC_SHA512wECDSA:
|
||||
CYASSL_MSG("ECDSA cert signature");
|
||||
ctx->haveECDSA = 1;
|
||||
if (ssl)
|
||||
ssl->options.haveECDSA = 1;
|
||||
break;
|
||||
}
|
||||
|
||||
FreeDecodedCert(&cert);
|
||||
}
|
||||
|
||||
return SSL_SUCCESS;
|
||||
}
|
||||
|
@ -4365,6 +4392,9 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||
return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
|
||||
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
|
||||
default:
|
||||
return "NONE";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue