WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

add more SHA-256 cipher suites, DHE

pull/1/head
Todd A Ouska 2011-04-26 09:32:18 -07:00
parent adaffeca6c
commit b83862d01d
4 changed files with 78 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
include/cyassl_int.h
View File

@ -145,6 +145,10 @@ void c32to24(word32 in, word24 out);
#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && defined(OPENSSL_EXTRA) #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && defined(OPENSSL_EXTRA)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
#if !defined (NO_SHA256)
#define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
#define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
#endif
#endif #endif
#if defined(HAVE_ECC) && !defined(NO_TLS) #if defined(HAVE_ECC) && !defined(NO_TLS)
@ -225,14 +229,16 @@ enum {
TLS_RSA_WITH_RABBIT_CBC_SHA = 0xFD, TLS_RSA_WITH_RABBIT_CBC_SHA = 0xFD,
/* CyaSSL extension - NTRU */ /* CyaSSL extension - NTRU */
TLS_NTRU_RSA_WITH_RC4_128_SHA = 0x65, TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0x66, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0x67, TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */
TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0x68, TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
/* SHA256 */ /* SHA256 */
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c
}; };

30
src/cyassl_int.c
View File

@ -497,6 +497,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
} }
#endif #endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
if (tls1_2 && haveDH && haveRSA) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
if (tls1_2 && haveDH && haveRSA) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
if (tls && haveDH && haveRSA) { if (tls && haveDH && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
@ -3283,6 +3297,14 @@ const char* const cipher_names[] =
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
"AES256-SHA256", "AES256-SHA256",
#endif #endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
"DHE-RSA-AES128-SHA256",
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
"DHE-RSA-AES256-SHA256"
#endif
}; };
@ -3394,6 +3416,14 @@ int cipher_name_idx[] =
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,
#endif #endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
#endif
}; };

32
src/keys.c
View File

@ -374,6 +374,38 @@ int SetCipherSpecs(SSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
break;
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
break;
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes; ssl->specs.bulk_cipher_algorithm = aes;

4
src/ssl.c
View File

@ -3259,6 +3259,10 @@ int CyaSSL_set_compression(SSL* ssl)
return "TLS_PSK_WITH_AES_128_CBC_SHA"; return "TLS_PSK_WITH_AES_128_CBC_SHA";
case TLS_PSK_WITH_AES_256_CBC_SHA : case TLS_PSK_WITH_AES_256_CBC_SHA :
return "TLS_PSK_WITH_AES_256_CBC_SHA"; return "TLS_PSK_WITH_AES_256_CBC_SHA";
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :