diff --git a/README b/README index 9e3c58eac..cb12a6cda 100644 --- a/README +++ b/README @@ -35,7 +35,33 @@ before calling SSL_new(); Though it's not recommended. *** end Notes *** -CyaSSL Release 3.0.0 (04/29/2014) +CyaSSL Release 3.0.2 (05/30/2014) + +Release 3.0.2 CyaSSL has bug fixes and new features including: + +- Added the following cipher suites: + * TLS_PSK_WITH_AES_128_GCM_SHA256 + * TLS_PSK_WITH_AES_256_GCM_SHA384 + * TLS_PSK_WITH_AES_256_CBC_SHA384 + * TLS_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_NULL_SHA256 + * TLS_DHE_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CCM + * TLS_DHE_PSK_WITH_AES_256_CCM +- Added AES-NI support for Microsoft Visual Studio builds. +- Changed small stack build to be disabled by default. +- Updated the Hash DRBG and provided a configure option to enable. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 3.0.0 (04/29/2014) Release 3.0.0 CyaSSL has bug fixes and new features including: diff --git a/configure.ac b/configure.ac index 66b1ae3f8..038969c37 100644 --- a/configure.ac +++ b/configure.ac @@ -81,6 +81,7 @@ AC_CHECK_HEADERS([errno.h]) AC_CHECK_LIB(network,socket) AC_CHECK_SIZEOF(long long, 8) AC_CHECK_SIZEOF(long, 4) +AC_CHECK_TYPES(__uint128_t) AC_C_BIGENDIAN # mktime check takes forever on some systems, if time supported it would be # highly unusual for mktime to be missing diff --git a/cyassl/ctaocrypt/integer.h b/cyassl/ctaocrypt/integer.h index 8f20f901b..77b5552c7 100644 --- a/cyassl/ctaocrypt/integer.h +++ b/cyassl/ctaocrypt/integer.h @@ -70,6 +70,10 @@ extern "C" { #define MP_64BIT #endif #endif +/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */ +#if defined(MP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T) + #undef MP_64BIT +#endif /* some default configurations. * diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index abb588f78..f4e98c152 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -73,6 +73,11 @@ #if defined(__x86_64__) && !defined(FP_64BIT) #define FP_64BIT #endif +/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */ +#if defined(FP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T) + #undef FP_64BIT + #undef TFM_X86_64 +#endif #endif /* NO_64BIT */ /* try to detect x86-32 */ diff --git a/cyassl/internal.h b/cyassl/internal.h index 3891b1624..62f224e0a 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -241,6 +241,8 @@ void c32to24(word32 in, word24 out); #ifdef HAVE_AESCCM #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 + #define BUILD_TLS_PSK_WITH_AES_128_CCM + #define BUILD_TLS_PSK_WITH_AES_256_CCM #endif #endif #ifdef CYASSL_SHA384 @@ -307,6 +309,33 @@ void c32to24(word32 in, word24 out); #endif #endif + +#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) && \ + defined(OPENSSL_EXTRA) + #ifndef NO_SHA256 + #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + #ifdef HAVE_NULL_CIPHER + #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + #endif + #ifdef HAVE_AESGCM + #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + #endif + #ifdef HAVE_AESGCM + #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + #endif + #endif + #ifdef CYASSL_SHA384 + #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + #ifdef HAVE_NULL_CIPHER + #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + #endif + #ifdef HAVE_AESGCM + #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + #endif + #endif +#endif + #if defined(HAVE_ECC) && !defined(NO_TLS) #if !defined(NO_AES) #if !defined(NO_SHA) @@ -512,6 +541,12 @@ enum { TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, TLS_RSA_WITH_NULL_SHA256 = 0x3b, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2, + TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4, + + /* SHA384 */ + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3, + TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5, /* AES-GCM */ TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, @@ -520,6 +555,8 @@ enum { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab, /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, @@ -543,6 +580,8 @@ enum { TLS_PSK_WITH_AES_256_CCM = 0xa5, TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, + TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6, + TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7, /* Camellia */ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, @@ -649,7 +688,7 @@ enum Misc { TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ - MAX_PRF_HALF = 128, /* Maximum half secret len */ + MAX_PRF_HALF = 256, /* Maximum half secret len */ MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ MAX_PRF_DIG = 224, /* Maximum digest len */ MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ @@ -1358,6 +1397,7 @@ enum KeyExchangeAlgorithm { diffie_hellman_kea, fortezza_kea, psk_kea, + dhe_psk_kea, ntru_kea, ecc_diffie_hellman_kea, ecc_static_diffie_hellman_kea /* for verify suite only */ diff --git a/examples/server/server.c b/examples/server/server.c index a395293e8..2057ca565 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -484,7 +484,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) CloseSocket(sockfd); SSL_set_fd(ssl, clientfd); - if (usePsk == 0) { + if (usePsk == 0 || cipherList != NULL) { #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_CERTS) diff --git a/src/internal.c b/src/internal.c index 91e68ef61..61b339af5 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1026,6 +1026,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + if (tls1_2 && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 if (tls1_2 && havePSK) { suites->suites[idx++] = 0; @@ -1040,6 +1047,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + if (tls && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1047,6 +1061,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + if (tls1_2 && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 if (tls1_2 && havePSK) { suites->suites[idx++] = 0; @@ -1054,6 +1075,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + if (tls && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1068,6 +1096,34 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + if (tls && haveDH && havePSK) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM; + } +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + if (tls && haveDH && havePSK) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CCM; + } +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM + if (tls && havePSK) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM; + } +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM + if (tls && havePSK) { + suites->suites[idx++] = ECC_BYTE; + suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 if (tls && havePSK) { suites->suites[idx++] = ECC_BYTE; @@ -1082,6 +1138,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + if (tls && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1089,6 +1152,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + if (tls && haveDH && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -6572,6 +6642,14 @@ static const char* const cipher_names[] = "DHE-RSA-AES256-SHA", #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + "DHE-PSK-AES256-GCM-SHA384", +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + "DHE-PSK-AES128-GCM-SHA256", +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384", #endif @@ -6580,6 +6658,14 @@ static const char* const cipher_names[] = "PSK-AES128-GCM-SHA256", #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + "DHE-PSK-AES256-CBC-SHA384", +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + "DHE-PSK-AES128-CBC-SHA256", +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384", #endif @@ -6596,6 +6682,22 @@ static const char* const cipher_names[] = "PSK-AES256-CBC-SHA", #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + "DHE-PSK-AES128-CCM", +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + "DHE-PSK-AES256-CCM", +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM + "PSK-AES128-CCM", +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM + "PSK-AES256-CCM", +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM-8", #endif @@ -6604,6 +6706,14 @@ static const char* const cipher_names[] = "PSK-AES256-CCM-8", #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + "DHE-PSK-NULL-SHA384", +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + "DHE-PSK-NULL-SHA256", +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384", #endif @@ -6908,6 +7018,14 @@ static int cipher_name_idx[] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA, #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 TLS_PSK_WITH_AES_256_GCM_SHA384, #endif @@ -6916,6 +7034,14 @@ static int cipher_name_idx[] = TLS_PSK_WITH_AES_128_GCM_SHA256, #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 TLS_PSK_WITH_AES_256_CBC_SHA384, #endif @@ -6932,6 +7058,22 @@ static int cipher_name_idx[] = TLS_PSK_WITH_AES_256_CBC_SHA, #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + TLS_DHE_PSK_WITH_AES_128_CCM, +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + TLS_DHE_PSK_WITH_AES_256_CCM, +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM + TLS_PSK_WITH_AES_128_CCM, +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM + TLS_PSK_WITH_AES_256_CCM, +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 TLS_PSK_WITH_AES_128_CCM_8, #endif @@ -6940,6 +7082,14 @@ static int cipher_name_idx[] = TLS_PSK_WITH_AES_256_CCM_8, #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + TLS_DHE_PSK_WITH_NULL_SHA384, +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + TLS_DHE_PSK_WITH_NULL_SHA256, +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 TLS_PSK_WITH_NULL_SHA384, #endif @@ -8060,7 +8210,91 @@ static void PickHashSigAlgo(CYASSL* ssl, } #endif /* HAVE_ECC */ + #if defined(OPENSSL_EXTRA) || !defined(NO_PSK) + if (ssl->specs.kea == dhe_psk_kea) { + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &length); + *inOutIdx += OPAQUE16_LEN; + + if ((*inOutIdx - begin) + length > size) + return BUFFER_ERROR; + + XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx, + min(length, MAX_PSK_ID_LEN)); + + ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0; + *inOutIdx += length; + + /* p */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &length); + *inOutIdx += OPAQUE16_LEN; + + if ((*inOutIdx - begin) + length > size) + return BUFFER_ERROR; + + ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap, + DYNAMIC_TYPE_DH); + + if (ssl->buffers.serverDH_P.buffer) + ssl->buffers.serverDH_P.length = length; + else + return MEMORY_ERROR; + + XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length); + *inOutIdx += length; + + /* g */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &length); + *inOutIdx += OPAQUE16_LEN; + + if ((*inOutIdx - begin) + length > size) + return BUFFER_ERROR; + + ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap, + DYNAMIC_TYPE_DH); + + if (ssl->buffers.serverDH_G.buffer) + ssl->buffers.serverDH_G.length = length; + else + return MEMORY_ERROR; + + XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length); + *inOutIdx += length; + + /* pub */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &length); + *inOutIdx += OPAQUE16_LEN; + + if ((*inOutIdx - begin) + length > size) + return BUFFER_ERROR; + + ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap, + DYNAMIC_TYPE_DH); + + if (ssl->buffers.serverDH_Pub.buffer) + ssl->buffers.serverDH_Pub.length = length; + else + return MEMORY_ERROR; + + XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); + *inOutIdx += length; + } + #endif /* OPENSSL_EXTRA || !NO_PSK */ + #if defined(OPENSSL_EXTRA) || defined(HAVE_ECC) + if (ssl->specs.kea == ecc_diffie_hellman_kea || + ssl->specs.kea == diffie_hellman_kea) { #ifndef NO_OLD_TLS Md5 md5; @@ -8303,9 +8537,8 @@ static void PickHashSigAlgo(CYASSL* ssl, *inOutIdx += length; ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; - - return 0; } + return 0; #else /* HAVE_OPENSSL or HAVE_ECC */ return NOT_COMPILED_IN; /* not supported by build */ #endif /* HAVE_OPENSSL or HAVE_ECC */ @@ -8428,6 +8661,73 @@ static void PickHashSigAlgo(CYASSL* ssl, } break; #endif /* NO_PSK */ + #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) + case dhe_psk_kea: + { + byte* pms = ssl->arrays->preMasterSecret; + byte* es = encSecret; + buffer serverP = ssl->buffers.serverDH_P; + buffer serverG = ssl->buffers.serverDH_G; + buffer serverPub = ssl->buffers.serverDH_Pub; + byte priv[ENCRYPT_LEN]; + word32 privSz = 0; + word32 pubSz = 0; + word32 esSz = 0; + DhKey key; + + if (serverP.buffer == 0 || serverG.buffer == 0 || + serverPub.buffer == 0) + return NO_PEER_KEY; + + ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl, + ssl->arrays->server_hint, ssl->arrays->client_identity, + MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); + if (ssl->arrays->psk_keySz == 0 || + ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) + return PSK_KEY_ERROR; + esSz = (word32)XSTRLEN(ssl->arrays->client_identity); + + if (esSz > MAX_PSK_ID_LEN) + return CLIENT_ID_ERROR; + c16toa(esSz, es); + es += OPAQUE16_LEN; + XMEMCPY(es, ssl->arrays->client_identity, esSz); + es += esSz; + encSz = esSz + OPAQUE16_LEN; + + InitDhKey(&key); + ret = DhSetKey(&key, serverP.buffer, serverP.length, + serverG.buffer, serverG.length); + if (ret == 0) + /* for DH, encSecret is Yc, agree is pre-master */ + ret = DhGenerateKeyPair(&key, ssl->rng, priv, &privSz, + es + OPAQUE16_LEN, &pubSz); + if (ret == 0) + ret = DhAgree(&key, pms + OPAQUE16_LEN, + &ssl->arrays->preMasterSz, priv, privSz, + serverPub.buffer, serverPub.length); + FreeDhKey(&key); + if (ret != 0) + return ret; + + c16toa((word16)pubSz, es); + encSz += pubSz + OPAQUE16_LEN; + c16toa((word16)ssl->arrays->preMasterSz, pms); + ssl->arrays->preMasterSz += OPAQUE16_LEN; + pms += ssl->arrays->preMasterSz; + + /* make psk pre master secret */ + /* length of key + length 0s + length of key + key */ + c16toa((word16)ssl->arrays->psk_keySz, pms); + pms += OPAQUE16_LEN; + XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); + ssl->arrays->preMasterSz += + ssl->arrays->psk_keySz + OPAQUE16_LEN; + XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); + ssl->arrays->psk_keySz = 0; /* No further need */ + } + break; + #endif /* OPENSSL_EXTRA && !NO_PSK */ #ifdef HAVE_NTRU case ntru_kea: { @@ -8527,7 +8827,8 @@ static void PickHashSigAlgo(CYASSL* ssl, if (ssl->options.tls || ssl->specs.kea == diffie_hellman_kea) tlsSz = 2; - if (ssl->specs.kea == ecc_diffie_hellman_kea) /* always off */ + if (ssl->specs.kea == ecc_diffie_hellman_kea || + ssl->specs.kea == dhe_psk_kea) /* always off */ tlsSz = 0; sendSz = encSz + tlsSz + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; @@ -9073,6 +9374,126 @@ static void PickHashSigAlgo(CYASSL* ssl, } #endif /*NO_PSK */ + #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) + if (ssl->specs.kea == dhe_psk_kea) { + byte *output; + word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + word32 hintLen; + int sendSz; + DhKey dhKey; + + if (ssl->buffers.serverDH_P.buffer == NULL || + ssl->buffers.serverDH_G.buffer == NULL) + return NO_DH_PARAMS; + + if (ssl->buffers.serverDH_Pub.buffer == NULL) { + ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( + ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, + DYNAMIC_TYPE_DH); + if (ssl->buffers.serverDH_Pub.buffer == NULL) + return MEMORY_E; + } + + if (ssl->buffers.serverDH_Priv.buffer == NULL) { + ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( + ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, + DYNAMIC_TYPE_DH); + if (ssl->buffers.serverDH_Priv.buffer == NULL) + return MEMORY_E; + } + + InitDhKey(&dhKey); + ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + if (ret == 0) + ret = DhGenerateKeyPair(&dhKey, ssl->rng, + ssl->buffers.serverDH_Priv.buffer, + &ssl->buffers.serverDH_Priv.length, + ssl->buffers.serverDH_Pub.buffer, + &ssl->buffers.serverDH_Pub.length); + FreeDhKey(&dhKey); + if (ret != 0) + return ret; + + length = LENGTH_SZ * 3 + /* p, g, pub */ + ssl->buffers.serverDH_P.length + + ssl->buffers.serverDH_G.length + + ssl->buffers.serverDH_Pub.length; + + /* include size part */ + hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); + if (hintLen > MAX_PSK_ID_LEN) + return SERVER_HINT_ERROR; + length += hintLen + HINT_LEN_SZ; + sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; + + #ifdef CYASSL_DTLS + if (ssl->options.dtls) { + sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + } + #endif + /* check for available size */ + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) + return ret; + + /* get ouput buffer */ + output = ssl->buffers.outputBuffer.buffer + + ssl->buffers.outputBuffer.length; + + AddHeaders(output, length, server_key_exchange, ssl); + + /* key data */ + c16toa((word16)hintLen, output + idx); + idx += HINT_LEN_SZ; + XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen); + idx += hintLen; + + /* add p, g, pub */ + c16toa((word16)ssl->buffers.serverDH_P.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length); + idx += ssl->buffers.serverDH_P.length; + + /* g */ + c16toa((word16)ssl->buffers.serverDH_G.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + idx += ssl->buffers.serverDH_G.length; + + /* pub */ + c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer, + ssl->buffers.serverDH_Pub.length); + idx += ssl->buffers.serverDH_Pub.length; + + ret = HashOutput(ssl, output, sendSz, 0); + + if (ret != 0) + return ret; + + #ifdef CYASSL_CALLBACKS + if (ssl->hsInfoOn) + AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); + if (ssl->toInfoOn) + AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, + output, sendSz, ssl->heap); + #endif + + ssl->buffers.outputBuffer.length += sendSz; + if (ssl->options.groupMessages) + ret = 0; + else + ret = SendBuffered(ssl); + ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; + } + #endif /* OPENSSL_EXTRA && !NO_PSK */ + #ifdef HAVE_ECC if (ssl->specs.kea == ecc_diffie_hellman_kea) { @@ -9921,6 +10342,14 @@ static void PickHashSigAlgo(CYASSL* ssl, return 1; break; + case TLS_DHE_PSK_WITH_AES_128_CCM: + case TLS_DHE_PSK_WITH_AES_256_CCM: + if (requirement == REQUIRES_PSK) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; + default: CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); return 0; @@ -10005,6 +10434,18 @@ static void PickHashSigAlgo(CYASSL* ssl, return 1; break; + case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : + case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : + case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : + case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : + case TLS_DHE_PSK_WITH_NULL_SHA384 : + case TLS_DHE_PSK_WITH_NULL_SHA256 : + if (requirement == REQUIRES_DHE) + return 1; + if (requirement == REQUIRES_PSK) + return 1; + break; + #ifndef NO_RSA case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : if (requirement == REQUIRES_RSA) @@ -11273,6 +11714,84 @@ static void PickHashSigAlgo(CYASSL* ssl, } break; #endif /* OPENSSL_EXTRA */ + #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) + case dhe_psk_kea: + { + byte* pms = ssl->arrays->preMasterSecret; + word16 clientSz; + DhKey dhKey; + + /* Read in the PSK hint */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &clientSz); + *inOutIdx += OPAQUE16_LEN; + if (clientSz > MAX_PSK_ID_LEN) + return CLIENT_ID_ERROR; + + if ((*inOutIdx - begin) + clientSz > size) + return BUFFER_ERROR; + + XMEMCPY(ssl->arrays->client_identity, + input + *inOutIdx, clientSz); + *inOutIdx += clientSz; + ssl->arrays->client_identity[min(clientSz, MAX_PSK_ID_LEN-1)] = + 0; + + /* Read in the DHE business */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + + ato16(input + *inOutIdx, &clientSz); + *inOutIdx += OPAQUE16_LEN; + + if ((*inOutIdx - begin) + clientSz > size) + return BUFFER_ERROR; + + InitDhKey(&dhKey); + ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + if (ret == 0) + ret = DhAgree(&dhKey, pms + OPAQUE16_LEN, + &ssl->arrays->preMasterSz, + ssl->buffers.serverDH_Priv.buffer, + ssl->buffers.serverDH_Priv.length, + input + *inOutIdx, clientSz); + FreeDhKey(&dhKey); + + *inOutIdx += clientSz; + c16toa(ssl->arrays->preMasterSz, pms); + ssl->arrays->preMasterSz += OPAQUE16_LEN; + pms += ssl->arrays->preMasterSz; + + /* Use the PSK hint to look up the PSK and add it to the + * preMasterSecret here. */ + ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, + ssl->arrays->client_identity, ssl->arrays->psk_key, + MAX_PSK_KEY_LEN); + + if (ssl->arrays->psk_keySz == 0 || + ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) + return PSK_KEY_ERROR; + + c16toa((word16) ssl->arrays->psk_keySz, pms); + pms += OPAQUE16_LEN; + + XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); + ssl->arrays->preMasterSz += + ssl->arrays->psk_keySz + OPAQUE16_LEN; + if (ret == 0) + ret = MakeMasterSecret(ssl); + + /* No further need for PSK */ + XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); + ssl->arrays->psk_keySz = 0; + } + break; + #endif /* OPENSSL_EXTRA && !NO_PSK */ default: { CYASSL_MSG("Bad kea type"); diff --git a/src/keys.c b/src/keys.c index bcd169a96..130d118d5 100644 --- a/src/keys.c +++ b/src/keys.c @@ -708,6 +708,82 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM + case TLS_PSK_WITH_AES_128_CCM : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM + case TLS_PSK_WITH_AES_256_CCM : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + case TLS_DHE_PSK_WITH_AES_128_CCM : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + case TLS_DHE_PSK_WITH_AES_256_CCM : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + default: CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC"); return UNSUPPORTED_SUITE; @@ -975,6 +1051,44 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AEAD_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 case TLS_PSK_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -1011,6 +1125,42 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA case TLS_PSK_WITH_AES_128_CBC_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -1101,6 +1251,42 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 + case TLS_DHE_PSK_WITH_NULL_SHA256 : + ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = 0; + ssl->specs.block_size = 0; + ssl->specs.iv_size = 0; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 + case TLS_DHE_PSK_WITH_NULL_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = 0; + ssl->specs.block_size = 0; + ssl->specs.iv_size = 0; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; diff --git a/src/ssl.c b/src/ssl.c index 7154f314f..cc4f0a121 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8425,6 +8425,14 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_PSK_WITH_AES_128_CCM_8"; case TLS_PSK_WITH_AES_256_CCM_8 : return "TLS_PSK_WITH_AES_256_CCM_8"; + case TLS_PSK_WITH_AES_128_CCM : + return "TLS_PSK_WITH_AES_128_CCM"; + case TLS_PSK_WITH_AES_256_CCM : + return "TLS_PSK_WITH_AES_256_CCM"; + case TLS_DHE_PSK_WITH_AES_128_CCM : + return "TLS_DHE_PSK_WITH_AES_128_CCM"; + case TLS_DHE_PSK_WITH_AES_256_CCM : + return "TLS_DHE_PSK_WITH_AES_256_CCM"; #endif #ifdef HAVE_ECC case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: @@ -8492,9 +8500,15 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_PSK_WITH_AES_128_CBC_SHA256"; case TLS_PSK_WITH_NULL_SHA256 : return "TLS_PSK_WITH_NULL_SHA256"; + case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : + return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"; + case TLS_DHE_PSK_WITH_NULL_SHA256 : + return "TLS_DHE_PSK_WITH_NULL_SHA256"; #ifdef HAVE_AESGCM case TLS_PSK_WITH_AES_128_GCM_SHA256 : return "TLS_PSK_WITH_AES_128_GCM_SHA256"; + case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : + return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"; #endif #endif #ifdef CYASSL_SHA384 @@ -8502,9 +8516,15 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_PSK_WITH_AES_256_CBC_SHA384"; case TLS_PSK_WITH_NULL_SHA384 : return "TLS_PSK_WITH_NULL_SHA384"; + case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : + return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"; + case TLS_DHE_PSK_WITH_NULL_SHA384 : + return "TLS_DHE_PSK_WITH_NULL_SHA384"; #ifdef HAVE_AESGCM case TLS_PSK_WITH_AES_256_GCM_SHA384 : return "TLS_PSK_WITH_AES_256_GCM_SHA384"; + case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : + return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"; #endif #endif #ifndef NO_SHA diff --git a/tests/test.conf b/tests/test.conf index c585930ad..71735d2cd 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1182,6 +1182,26 @@ -v 3 -l PSK-AES256-CBC-SHA +# server TLSv1.0 PSK-AES128-SHA256 +-s +-v 1 +-l PSK-AES128-CBC-SHA256 + +# client TLSv1.0 PSK-AES128-SHA256 +-s +-v 1 +-l PSK-AES128-CBC-SHA256 + +# server TLSv1.1 PSK-AES128-SHA256 +-s +-v 2 +-l PSK-AES128-CBC-SHA256 + +# client TLSv1.1 PSK-AES128-SHA256 +-s +-v 2 +-l PSK-AES128-CBC-SHA256 + # server TLSv1.2 PSK-AES128-SHA256 -s -v 3 @@ -1192,6 +1212,26 @@ -v 3 -l PSK-AES128-CBC-SHA256 +# server TLSv1.0 PSK-AES256-SHA384 +-s +-v 1 +-l PSK-AES256-CBC-SHA384 + +# client TLSv1.0 PSK-AES256-SHA384 +-s +-v 1 +-l PSK-AES256-CBC-SHA384 + +# server TLSv1.1 PSK-AES256-SHA384 +-s +-v 2 +-l PSK-AES256-CBC-SHA384 + +# client TLSv1.1 PSK-AES256-SHA384 +-s +-v 2 +-l PSK-AES256-CBC-SHA384 + # server TLSv1.2 PSK-AES256-SHA384 -s -v 3 @@ -1682,12 +1722,32 @@ -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/server-ecc.pem +# server TLSv1.2 PSK-AES128-CCM +-s +-v 3 +-l PSK-AES128-CCM + +# client TLSv1.2 PSK-AES128-CCM +-s +-v 3 +-l PSK-AES128-CCM + +# server TLSv1.2 PSK-AES256-CCM +-s +-v 3 +-l PSK-AES256-CCM + +# client TLSv1.2 PSK-AES256-CCM +-s +-v 3 +-l PSK-AES256-CCM + # server TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l PSK-AES128-CCM-8 -# client TLSv1.2 AES128-CCM-8 +# client TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l PSK-AES128-CCM-8 @@ -1697,8 +1757,168 @@ -v 3 -l PSK-AES256-CCM-8 -# client TLSv1.2 AES256-CCM-8 +# client TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l PSK-AES256-CCM-8 +# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256 +-s +-v 1 +-l DHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256 +-s +-v 1 +-l DHE-PSK-AES128-CBC-SHA256 + +# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256 +-s +-v 2 +-l DHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256 +-s +-v 2 +-l DHE-PSK-AES128-CBC-SHA256 + +# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 +-s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 +-s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 + +# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384 +-s +-v 1 +-l DHE-PSK-AES256-CBC-SHA384 + +# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384 +-s +-v 1 +-l DHE-PSK-AES256-CBC-SHA384 + +# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384 +-s +-v 2 +-l DHE-PSK-AES256-CBC-SHA384 + +# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384 +-s +-v 2 +-l DHE-PSK-AES256-CBC-SHA384 + +# server TLSv1.2 DHE-PSK-AES256-CBC-SHA384 +-s +-v 3 +-l DHE-PSK-AES256-CBC-SHA384 + +# client TLSv1.2 DHE-PSK-AES256-CBC-SHA384 +-s +-v 3 +-l DHE-PSK-AES256-CBC-SHA384 + +# server TLSv1.0 DHE-PSK-NULL-SHA256 +-s +-v 1 +-l DHE-PSK-NULL-SHA256 + +# client TLSv1.0 DHE-PSK-NULL-SHA256 +-s +-v 1 +-l DHE-PSK-NULL-SHA256 + +# server TLSv1.1 DHE-PSK-NULL-SHA256 +-s +-v 2 +-l DHE-PSK-NULL-SHA256 + +# client TLSv1.1 DHE-PSK-NULL-SHA256 +-s +-v 2 +-l DHE-PSK-NULL-SHA256 + +# server TLSv1.2 DHE-PSK-NULL-SHA256 +-s +-v 3 +-l DHE-PSK-NULL-SHA256 + +# client TLSv1.2 DHE-PSK-NULL-SHA256 +-s +-v 3 +-l DHE-PSK-NULL-SHA256 + +# server TLSv1.0 DHE-PSK-NULL-SHA384 +-s +-v 1 +-l DHE-PSK-NULL-SHA384 + +# client TLSv1.0 DHE-PSK-NULL-SHA384 +-s +-v 1 +-l DHE-PSK-NULL-SHA384 + +# server TLSv1.1 DHE-PSK-NULL-SHA384 +-s +-v 2 +-l DHE-PSK-NULL-SHA384 + +# client TLSv1.1 DHE-PSK-NULL-SHA384 +-s +-v 2 +-l DHE-PSK-NULL-SHA384 + +# server TLSv1.2 DHE-PSK-NULL-SHA384 +-s +-v 3 +-l DHE-PSK-NULL-SHA384 + +# client TLSv1.2 DHE-PSK-NULL-SHA384 +-s +-v 3 +-l DHE-PSK-NULL-SHA384 + +# server TLSv1.2 DHE-PSK-AES128-GCM-SHA256 +-s +-v 3 +-l DHE-PSK-AES128-GCM-SHA256 + +# client TLSv1.2 DHE-PSK-AES128-GCM-SHA256 +-s +-v 3 +-l DHE-PSK-AES128-GCM-SHA256 + +# server TLSv1.2 DHE-PSK-AES256-GCM-SHA384 +-s +-v 3 +-l DHE-PSK-AES256-GCM-SHA384 + +# client TLSv1.2 DHE-PSK-AES256-GCM-SHA384 +-s +-v 3 +-l DHE-PSK-AES256-GCM-SHA384 + +# server TLSv1.2 DHE-PSK-AES128-CCM +-s +-v 3 +-l DHE-PSK-AES128-CCM + +# client TLSv1.2 DHE-PSK-AES128-CCM +-s +-v 3 +-l DHE-PSK-AES128-CCM + +# server TLSv1.2 DHE-PSK-AES256-CCM +-s +-v 3 +-l DHE-PSK-AES256-CCM + +# client TLSv1.2 DHE-PSK-AES256-CCM +-s +-v 3 +-l DHE-PSK-AES256-CCM +