3 * Copyright (C) 2006-2015 wolfSSL Inc.
5 * This file is part of wolfSSL. (formerly known as CyaSSL)
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
22 /* Name change compatibility layer no longer needs to be included here */
28 #include <wolfssl/wolfcrypt/settings.h>
30 #include <wolfssl/internal.h>
31 #include <wolfssl/error-ssl.h>
32 #if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
41 int SetCipherSpecs(WOLFSSL* ssl)
43 #ifndef NO_WOLFSSL_CLIENT
44 if (ssl->options.side == WOLFSSL_CLIENT_END) {
45 /* server side verified before SetCipherSpecs call */
46 if (VerifyClientSuite(ssl) != 1) {
47 WOLFSSL_MSG("SetCipherSpecs() client has an unusuable suite");
48 return UNSUPPORTED_SUITE;
51 #endif /* NO_WOLFSSL_CLIENT */
53 /* Chacha extensions, 0xcc */
54 if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
56 switch (ssl->options.cipherSuite) {
57 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
58 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
59 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
60 ssl->specs.cipher_type = aead;
61 ssl->specs.mac_algorithm = sha256_mac;
62 ssl->specs.kea = ecc_diffie_hellman_kea;
63 ssl->specs.sig_algo = rsa_sa_algo;
64 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
65 ssl->specs.pad_size = PAD_SHA;
66 ssl->specs.static_ecdh = 0;
67 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
68 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
69 ssl->specs.iv_size = CHACHA20_IV_SIZE;
70 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
75 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
76 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
77 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
78 ssl->specs.cipher_type = aead;
79 ssl->specs.mac_algorithm = sha256_mac;
80 ssl->specs.kea = ecc_diffie_hellman_kea;
81 ssl->specs.sig_algo = ecc_dsa_sa_algo;
82 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
83 ssl->specs.pad_size = PAD_SHA;
84 ssl->specs.static_ecdh = 0;
85 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
86 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
87 ssl->specs.iv_size = CHACHA20_IV_SIZE;
88 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
93 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
94 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
95 ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
96 ssl->specs.cipher_type = aead;
97 ssl->specs.mac_algorithm = sha256_mac;
98 ssl->specs.kea = diffie_hellman_kea;
99 ssl->specs.sig_algo = rsa_sa_algo;
100 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
101 ssl->specs.pad_size = PAD_SHA;
102 ssl->specs.static_ecdh = 0;
103 ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
104 ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
105 ssl->specs.iv_size = CHACHA20_IV_SIZE;
106 ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
111 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
112 return UNSUPPORTED_SUITE;
116 /* ECC extensions, or AES-CCM */
117 if (ssl->options.cipherSuite0 == ECC_BYTE) {
119 switch (ssl->options.cipherSuite) {
123 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
124 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
125 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
126 ssl->specs.cipher_type = block;
127 ssl->specs.mac_algorithm = sha256_mac;
128 ssl->specs.kea = ecc_diffie_hellman_kea;
129 ssl->specs.sig_algo = rsa_sa_algo;
130 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
131 ssl->specs.pad_size = PAD_SHA;
132 ssl->specs.static_ecdh = 0;
133 ssl->specs.key_size = AES_128_KEY_SIZE;
134 ssl->specs.iv_size = AES_IV_SIZE;
135 ssl->specs.block_size = AES_BLOCK_SIZE;
139 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
140 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
141 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
142 ssl->specs.cipher_type = block;
143 ssl->specs.mac_algorithm = sha256_mac;
144 ssl->specs.kea = ecc_diffie_hellman_kea;
145 ssl->specs.sig_algo = ecc_dsa_sa_algo;
146 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
147 ssl->specs.pad_size = PAD_SHA;
148 ssl->specs.static_ecdh = 0;
149 ssl->specs.key_size = AES_128_KEY_SIZE;
150 ssl->specs.iv_size = AES_IV_SIZE;
151 ssl->specs.block_size = AES_BLOCK_SIZE;
155 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
156 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
157 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
158 ssl->specs.cipher_type = block;
159 ssl->specs.mac_algorithm = sha256_mac;
160 ssl->specs.kea = ecc_diffie_hellman_kea;
161 ssl->specs.sig_algo = rsa_sa_algo;
162 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
163 ssl->specs.pad_size = PAD_SHA;
164 ssl->specs.static_ecdh = 1;
165 ssl->specs.key_size = AES_128_KEY_SIZE;
166 ssl->specs.iv_size = AES_IV_SIZE;
167 ssl->specs.block_size = AES_BLOCK_SIZE;
171 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
172 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
173 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
174 ssl->specs.cipher_type = block;
175 ssl->specs.mac_algorithm = sha256_mac;
176 ssl->specs.kea = ecc_diffie_hellman_kea;
177 ssl->specs.sig_algo = ecc_dsa_sa_algo;
178 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
179 ssl->specs.pad_size = PAD_SHA;
180 ssl->specs.static_ecdh = 1;
181 ssl->specs.key_size = AES_128_KEY_SIZE;
182 ssl->specs.iv_size = AES_IV_SIZE;
183 ssl->specs.block_size = AES_BLOCK_SIZE;
187 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
188 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
189 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
190 ssl->specs.cipher_type = block;
191 ssl->specs.mac_algorithm = sha384_mac;
192 ssl->specs.kea = ecc_diffie_hellman_kea;
193 ssl->specs.sig_algo = rsa_sa_algo;
194 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
195 ssl->specs.pad_size = PAD_SHA;
196 ssl->specs.static_ecdh = 0;
197 ssl->specs.key_size = AES_256_KEY_SIZE;
198 ssl->specs.iv_size = AES_IV_SIZE;
199 ssl->specs.block_size = AES_BLOCK_SIZE;
203 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
204 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
205 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
206 ssl->specs.cipher_type = block;
207 ssl->specs.mac_algorithm = sha384_mac;
208 ssl->specs.kea = ecc_diffie_hellman_kea;
209 ssl->specs.sig_algo = ecc_dsa_sa_algo;
210 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
211 ssl->specs.pad_size = PAD_SHA;
212 ssl->specs.static_ecdh = 0;
213 ssl->specs.key_size = AES_256_KEY_SIZE;
214 ssl->specs.iv_size = AES_IV_SIZE;
215 ssl->specs.block_size = AES_BLOCK_SIZE;
219 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
220 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
221 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
222 ssl->specs.cipher_type = block;
223 ssl->specs.mac_algorithm = sha384_mac;
224 ssl->specs.kea = ecc_diffie_hellman_kea;
225 ssl->specs.sig_algo = rsa_sa_algo;
226 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
227 ssl->specs.pad_size = PAD_SHA;
228 ssl->specs.static_ecdh = 1;
229 ssl->specs.key_size = AES_256_KEY_SIZE;
230 ssl->specs.iv_size = AES_IV_SIZE;
231 ssl->specs.block_size = AES_BLOCK_SIZE;
235 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
236 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
237 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
238 ssl->specs.cipher_type = block;
239 ssl->specs.mac_algorithm = sha384_mac;
240 ssl->specs.kea = ecc_diffie_hellman_kea;
241 ssl->specs.sig_algo = ecc_dsa_sa_algo;
242 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
243 ssl->specs.pad_size = PAD_SHA;
244 ssl->specs.static_ecdh = 1;
245 ssl->specs.key_size = AES_256_KEY_SIZE;
246 ssl->specs.iv_size = AES_IV_SIZE;
247 ssl->specs.block_size = AES_BLOCK_SIZE;
251 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
252 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
253 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
254 ssl->specs.cipher_type = block;
255 ssl->specs.mac_algorithm = sha_mac;
256 ssl->specs.kea = ecc_diffie_hellman_kea;
257 ssl->specs.sig_algo = rsa_sa_algo;
258 ssl->specs.hash_size = SHA_DIGEST_SIZE;
259 ssl->specs.pad_size = PAD_SHA;
260 ssl->specs.static_ecdh = 0;
261 ssl->specs.key_size = AES_128_KEY_SIZE;
262 ssl->specs.block_size = AES_BLOCK_SIZE;
263 ssl->specs.iv_size = AES_IV_SIZE;
268 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
269 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
270 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
271 ssl->specs.cipher_type = block;
272 ssl->specs.mac_algorithm = sha_mac;
273 ssl->specs.kea = ecc_diffie_hellman_kea;
274 ssl->specs.sig_algo = rsa_sa_algo;
275 ssl->specs.hash_size = SHA_DIGEST_SIZE;
276 ssl->specs.pad_size = PAD_SHA;
277 ssl->specs.static_ecdh = 1;
278 ssl->specs.key_size = AES_128_KEY_SIZE;
279 ssl->specs.block_size = AES_BLOCK_SIZE;
280 ssl->specs.iv_size = AES_IV_SIZE;
285 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
286 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
287 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
288 ssl->specs.cipher_type = block;
289 ssl->specs.mac_algorithm = sha_mac;
290 ssl->specs.kea = ecc_diffie_hellman_kea;
291 ssl->specs.sig_algo = rsa_sa_algo;
292 ssl->specs.hash_size = SHA_DIGEST_SIZE;
293 ssl->specs.pad_size = PAD_SHA;
294 ssl->specs.static_ecdh = 0;
295 ssl->specs.key_size = DES3_KEY_SIZE;
296 ssl->specs.block_size = DES_BLOCK_SIZE;
297 ssl->specs.iv_size = DES_IV_SIZE;
302 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
303 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
304 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
305 ssl->specs.cipher_type = block;
306 ssl->specs.mac_algorithm = sha_mac;
307 ssl->specs.kea = ecc_diffie_hellman_kea;
308 ssl->specs.sig_algo = rsa_sa_algo;
309 ssl->specs.hash_size = SHA_DIGEST_SIZE;
310 ssl->specs.pad_size = PAD_SHA;
311 ssl->specs.static_ecdh = 1;
312 ssl->specs.key_size = DES3_KEY_SIZE;
313 ssl->specs.block_size = DES_BLOCK_SIZE;
314 ssl->specs.iv_size = DES_IV_SIZE;
319 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
320 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
321 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
322 ssl->specs.cipher_type = stream;
323 ssl->specs.mac_algorithm = sha_mac;
324 ssl->specs.kea = ecc_diffie_hellman_kea;
325 ssl->specs.sig_algo = rsa_sa_algo;
326 ssl->specs.hash_size = SHA_DIGEST_SIZE;
327 ssl->specs.pad_size = PAD_SHA;
328 ssl->specs.static_ecdh = 0;
329 ssl->specs.key_size = RC4_KEY_SIZE;
330 ssl->specs.iv_size = 0;
331 ssl->specs.block_size = 0;
336 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
337 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
338 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
339 ssl->specs.cipher_type = stream;
340 ssl->specs.mac_algorithm = sha_mac;
341 ssl->specs.kea = ecc_diffie_hellman_kea;
342 ssl->specs.sig_algo = rsa_sa_algo;
343 ssl->specs.hash_size = SHA_DIGEST_SIZE;
344 ssl->specs.pad_size = PAD_SHA;
345 ssl->specs.static_ecdh = 1;
346 ssl->specs.key_size = RC4_KEY_SIZE;
347 ssl->specs.iv_size = 0;
348 ssl->specs.block_size = 0;
353 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
354 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
355 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
356 ssl->specs.cipher_type = block;
357 ssl->specs.mac_algorithm = sha_mac;
358 ssl->specs.kea = ecc_diffie_hellman_kea;
359 ssl->specs.sig_algo = ecc_dsa_sa_algo;
360 ssl->specs.hash_size = SHA_DIGEST_SIZE;
361 ssl->specs.pad_size = PAD_SHA;
362 ssl->specs.static_ecdh = 0;
363 ssl->specs.key_size = DES3_KEY_SIZE;
364 ssl->specs.block_size = DES_BLOCK_SIZE;
365 ssl->specs.iv_size = DES_IV_SIZE;
370 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
371 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
372 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
373 ssl->specs.cipher_type = block;
374 ssl->specs.mac_algorithm = sha_mac;
375 ssl->specs.kea = ecc_diffie_hellman_kea;
376 ssl->specs.sig_algo = ecc_dsa_sa_algo;
377 ssl->specs.hash_size = SHA_DIGEST_SIZE;
378 ssl->specs.pad_size = PAD_SHA;
379 ssl->specs.static_ecdh = 1;
380 ssl->specs.key_size = DES3_KEY_SIZE;
381 ssl->specs.block_size = DES_BLOCK_SIZE;
382 ssl->specs.iv_size = DES_IV_SIZE;
387 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
388 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
389 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
390 ssl->specs.cipher_type = stream;
391 ssl->specs.mac_algorithm = sha_mac;
392 ssl->specs.kea = ecc_diffie_hellman_kea;
393 ssl->specs.sig_algo = ecc_dsa_sa_algo;
394 ssl->specs.hash_size = SHA_DIGEST_SIZE;
395 ssl->specs.pad_size = PAD_SHA;
396 ssl->specs.static_ecdh = 0;
397 ssl->specs.key_size = RC4_KEY_SIZE;
398 ssl->specs.iv_size = 0;
399 ssl->specs.block_size = 0;
404 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
405 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
406 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
407 ssl->specs.cipher_type = stream;
408 ssl->specs.mac_algorithm = sha_mac;
409 ssl->specs.kea = ecc_diffie_hellman_kea;
410 ssl->specs.sig_algo = ecc_dsa_sa_algo;
411 ssl->specs.hash_size = SHA_DIGEST_SIZE;
412 ssl->specs.pad_size = PAD_SHA;
413 ssl->specs.static_ecdh = 1;
414 ssl->specs.key_size = RC4_KEY_SIZE;
415 ssl->specs.iv_size = 0;
416 ssl->specs.block_size = 0;
421 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
422 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
423 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
424 ssl->specs.cipher_type = block;
425 ssl->specs.mac_algorithm = sha_mac;
426 ssl->specs.kea = ecc_diffie_hellman_kea;
427 ssl->specs.sig_algo = rsa_sa_algo;
428 ssl->specs.hash_size = SHA_DIGEST_SIZE;
429 ssl->specs.pad_size = PAD_SHA;
430 ssl->specs.static_ecdh = 0;
431 ssl->specs.key_size = AES_256_KEY_SIZE;
432 ssl->specs.block_size = AES_BLOCK_SIZE;
433 ssl->specs.iv_size = AES_IV_SIZE;
438 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
439 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
440 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
441 ssl->specs.cipher_type = block;
442 ssl->specs.mac_algorithm = sha_mac;
443 ssl->specs.kea = ecc_diffie_hellman_kea;
444 ssl->specs.sig_algo = rsa_sa_algo;
445 ssl->specs.hash_size = SHA_DIGEST_SIZE;
446 ssl->specs.pad_size = PAD_SHA;
447 ssl->specs.static_ecdh = 1;
448 ssl->specs.key_size = AES_256_KEY_SIZE;
449 ssl->specs.block_size = AES_BLOCK_SIZE;
450 ssl->specs.iv_size = AES_IV_SIZE;
455 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
456 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
457 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
458 ssl->specs.cipher_type = block;
459 ssl->specs.mac_algorithm = sha_mac;
460 ssl->specs.kea = ecc_diffie_hellman_kea;
461 ssl->specs.sig_algo = ecc_dsa_sa_algo;
462 ssl->specs.hash_size = SHA_DIGEST_SIZE;
463 ssl->specs.pad_size = PAD_SHA;
464 ssl->specs.static_ecdh = 0;
465 ssl->specs.key_size = AES_128_KEY_SIZE;
466 ssl->specs.block_size = AES_BLOCK_SIZE;
467 ssl->specs.iv_size = AES_IV_SIZE;
472 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
473 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
474 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
475 ssl->specs.cipher_type = block;
476 ssl->specs.mac_algorithm = sha_mac;
477 ssl->specs.kea = ecc_diffie_hellman_kea;
478 ssl->specs.sig_algo = ecc_dsa_sa_algo;
479 ssl->specs.hash_size = SHA_DIGEST_SIZE;
480 ssl->specs.pad_size = PAD_SHA;
481 ssl->specs.static_ecdh = 1;
482 ssl->specs.key_size = AES_128_KEY_SIZE;
483 ssl->specs.block_size = AES_BLOCK_SIZE;
484 ssl->specs.iv_size = AES_IV_SIZE;
489 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
490 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
491 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
492 ssl->specs.cipher_type = block;
493 ssl->specs.mac_algorithm = sha_mac;
494 ssl->specs.kea = ecc_diffie_hellman_kea;
495 ssl->specs.sig_algo = ecc_dsa_sa_algo;
496 ssl->specs.hash_size = SHA_DIGEST_SIZE;
497 ssl->specs.pad_size = PAD_SHA;
498 ssl->specs.static_ecdh = 0;
499 ssl->specs.key_size = AES_256_KEY_SIZE;
500 ssl->specs.block_size = AES_BLOCK_SIZE;
501 ssl->specs.iv_size = AES_IV_SIZE;
506 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
507 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
508 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
509 ssl->specs.cipher_type = block;
510 ssl->specs.mac_algorithm = sha_mac;
511 ssl->specs.kea = ecc_diffie_hellman_kea;
512 ssl->specs.sig_algo = ecc_dsa_sa_algo;
513 ssl->specs.hash_size = SHA_DIGEST_SIZE;
514 ssl->specs.pad_size = PAD_SHA;
515 ssl->specs.static_ecdh = 1;
516 ssl->specs.key_size = AES_256_KEY_SIZE;
517 ssl->specs.block_size = AES_BLOCK_SIZE;
518 ssl->specs.iv_size = AES_IV_SIZE;
523 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
524 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
525 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
526 ssl->specs.cipher_type = aead;
527 ssl->specs.mac_algorithm = sha256_mac;
528 ssl->specs.kea = ecc_diffie_hellman_kea;
529 ssl->specs.sig_algo = rsa_sa_algo;
530 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
531 ssl->specs.pad_size = PAD_SHA;
532 ssl->specs.static_ecdh = 0;
533 ssl->specs.key_size = AES_128_KEY_SIZE;
534 ssl->specs.block_size = AES_BLOCK_SIZE;
535 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
536 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
541 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
542 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
543 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
544 ssl->specs.cipher_type = aead;
545 ssl->specs.mac_algorithm = sha384_mac;
546 ssl->specs.kea = ecc_diffie_hellman_kea;
547 ssl->specs.sig_algo = rsa_sa_algo;
548 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
549 ssl->specs.pad_size = PAD_SHA;
550 ssl->specs.static_ecdh = 0;
551 ssl->specs.key_size = AES_256_KEY_SIZE;
552 ssl->specs.block_size = AES_BLOCK_SIZE;
553 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
554 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
559 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
560 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
561 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
562 ssl->specs.cipher_type = aead;
563 ssl->specs.mac_algorithm = sha256_mac;
564 ssl->specs.kea = ecc_diffie_hellman_kea;
565 ssl->specs.sig_algo = ecc_dsa_sa_algo;
566 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
567 ssl->specs.pad_size = PAD_SHA;
568 ssl->specs.static_ecdh = 0;
569 ssl->specs.key_size = AES_128_KEY_SIZE;
570 ssl->specs.block_size = AES_BLOCK_SIZE;
571 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
572 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
577 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
578 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
579 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
580 ssl->specs.cipher_type = aead;
581 ssl->specs.mac_algorithm = sha384_mac;
582 ssl->specs.kea = ecc_diffie_hellman_kea;
583 ssl->specs.sig_algo = ecc_dsa_sa_algo;
584 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
585 ssl->specs.pad_size = PAD_SHA;
586 ssl->specs.static_ecdh = 0;
587 ssl->specs.key_size = AES_256_KEY_SIZE;
588 ssl->specs.block_size = AES_BLOCK_SIZE;
589 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
590 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
595 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
596 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
597 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
598 ssl->specs.cipher_type = aead;
599 ssl->specs.mac_algorithm = sha256_mac;
600 ssl->specs.kea = ecc_diffie_hellman_kea;
601 ssl->specs.sig_algo = rsa_sa_algo;
602 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
603 ssl->specs.pad_size = PAD_SHA;
604 ssl->specs.static_ecdh = 1;
605 ssl->specs.key_size = AES_128_KEY_SIZE;
606 ssl->specs.block_size = AES_BLOCK_SIZE;
607 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
608 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
613 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
614 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
615 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
616 ssl->specs.cipher_type = aead;
617 ssl->specs.mac_algorithm = sha384_mac;
618 ssl->specs.kea = ecc_diffie_hellman_kea;
619 ssl->specs.sig_algo = rsa_sa_algo;
620 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
621 ssl->specs.pad_size = PAD_SHA;
622 ssl->specs.static_ecdh = 1;
623 ssl->specs.key_size = AES_256_KEY_SIZE;
624 ssl->specs.block_size = AES_BLOCK_SIZE;
625 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
626 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
631 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
632 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
633 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
634 ssl->specs.cipher_type = aead;
635 ssl->specs.mac_algorithm = sha256_mac;
636 ssl->specs.kea = ecc_diffie_hellman_kea;
637 ssl->specs.sig_algo = ecc_dsa_sa_algo;
638 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
639 ssl->specs.pad_size = PAD_SHA;
640 ssl->specs.static_ecdh = 1;
641 ssl->specs.key_size = AES_128_KEY_SIZE;
642 ssl->specs.block_size = AES_BLOCK_SIZE;
643 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
644 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
649 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
650 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
651 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
652 ssl->specs.cipher_type = aead;
653 ssl->specs.mac_algorithm = sha384_mac;
654 ssl->specs.kea = ecc_diffie_hellman_kea;
655 ssl->specs.sig_algo = ecc_dsa_sa_algo;
656 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
657 ssl->specs.pad_size = PAD_SHA;
658 ssl->specs.static_ecdh = 1;
659 ssl->specs.key_size = AES_256_KEY_SIZE;
660 ssl->specs.block_size = AES_BLOCK_SIZE;
661 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
662 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
667 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
668 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
669 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
670 ssl->specs.cipher_type = aead;
671 ssl->specs.mac_algorithm = sha256_mac;
672 ssl->specs.kea = ecc_diffie_hellman_kea;
673 ssl->specs.sig_algo = ecc_dsa_sa_algo;
674 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
675 ssl->specs.pad_size = PAD_SHA;
676 ssl->specs.static_ecdh = 0;
677 ssl->specs.key_size = AES_128_KEY_SIZE;
678 ssl->specs.block_size = AES_BLOCK_SIZE;
679 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
680 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
685 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
686 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
687 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
688 ssl->specs.cipher_type = aead;
689 ssl->specs.mac_algorithm = sha256_mac;
690 ssl->specs.kea = ecc_diffie_hellman_kea;
691 ssl->specs.sig_algo = ecc_dsa_sa_algo;
692 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
693 ssl->specs.pad_size = PAD_SHA;
694 ssl->specs.static_ecdh = 0;
695 ssl->specs.key_size = AES_256_KEY_SIZE;
696 ssl->specs.block_size = AES_BLOCK_SIZE;
697 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
698 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
702 #endif /* HAVE_ECC */
704 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
705 case TLS_RSA_WITH_AES_128_CCM_8 :
706 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
707 ssl->specs.cipher_type = aead;
708 ssl->specs.mac_algorithm = sha256_mac;
709 ssl->specs.kea = rsa_kea;
710 ssl->specs.sig_algo = rsa_sa_algo;
711 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
712 ssl->specs.pad_size = PAD_SHA;
713 ssl->specs.static_ecdh = 0;
714 ssl->specs.key_size = AES_128_KEY_SIZE;
715 ssl->specs.block_size = AES_BLOCK_SIZE;
716 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
717 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
722 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
723 case TLS_RSA_WITH_AES_256_CCM_8 :
724 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
725 ssl->specs.cipher_type = aead;
726 ssl->specs.mac_algorithm = sha256_mac;
727 ssl->specs.kea = rsa_kea;
728 ssl->specs.sig_algo = rsa_sa_algo;
729 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
730 ssl->specs.pad_size = PAD_SHA;
731 ssl->specs.static_ecdh = 0;
732 ssl->specs.key_size = AES_256_KEY_SIZE;
733 ssl->specs.block_size = AES_BLOCK_SIZE;
734 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
735 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
740 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
741 case TLS_PSK_WITH_AES_128_CCM_8 :
742 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
743 ssl->specs.cipher_type = aead;
744 ssl->specs.mac_algorithm = sha256_mac;
745 ssl->specs.kea = psk_kea;
746 ssl->specs.sig_algo = anonymous_sa_algo;
747 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
748 ssl->specs.pad_size = PAD_SHA;
749 ssl->specs.static_ecdh = 0;
750 ssl->specs.key_size = AES_128_KEY_SIZE;
751 ssl->specs.block_size = AES_BLOCK_SIZE;
752 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
753 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
755 ssl->options.usingPSK_cipher = 1;
759 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
760 case TLS_PSK_WITH_AES_256_CCM_8 :
761 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
762 ssl->specs.cipher_type = aead;
763 ssl->specs.mac_algorithm = sha256_mac;
764 ssl->specs.kea = psk_kea;
765 ssl->specs.sig_algo = anonymous_sa_algo;
766 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
767 ssl->specs.pad_size = PAD_SHA;
768 ssl->specs.static_ecdh = 0;
769 ssl->specs.key_size = AES_256_KEY_SIZE;
770 ssl->specs.block_size = AES_BLOCK_SIZE;
771 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
772 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
774 ssl->options.usingPSK_cipher = 1;
778 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
779 case TLS_PSK_WITH_AES_128_CCM :
780 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
781 ssl->specs.cipher_type = aead;
782 ssl->specs.mac_algorithm = sha256_mac;
783 ssl->specs.kea = psk_kea;
784 ssl->specs.sig_algo = anonymous_sa_algo;
785 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
786 ssl->specs.pad_size = PAD_SHA;
787 ssl->specs.static_ecdh = 0;
788 ssl->specs.key_size = AES_128_KEY_SIZE;
789 ssl->specs.block_size = AES_BLOCK_SIZE;
790 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
791 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
793 ssl->options.usingPSK_cipher = 1;
797 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
798 case TLS_PSK_WITH_AES_256_CCM :
799 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
800 ssl->specs.cipher_type = aead;
801 ssl->specs.mac_algorithm = sha256_mac;
802 ssl->specs.kea = psk_kea;
803 ssl->specs.sig_algo = anonymous_sa_algo;
804 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
805 ssl->specs.pad_size = PAD_SHA;
806 ssl->specs.static_ecdh = 0;
807 ssl->specs.key_size = AES_256_KEY_SIZE;
808 ssl->specs.block_size = AES_BLOCK_SIZE;
809 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
810 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
812 ssl->options.usingPSK_cipher = 1;
816 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
817 case TLS_DHE_PSK_WITH_AES_128_CCM :
818 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
819 ssl->specs.cipher_type = aead;
820 ssl->specs.mac_algorithm = sha256_mac;
821 ssl->specs.kea = dhe_psk_kea;
822 ssl->specs.sig_algo = anonymous_sa_algo;
823 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
824 ssl->specs.pad_size = PAD_SHA;
825 ssl->specs.static_ecdh = 0;
826 ssl->specs.key_size = AES_128_KEY_SIZE;
827 ssl->specs.block_size = AES_BLOCK_SIZE;
828 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
829 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
831 ssl->options.usingPSK_cipher = 1;
835 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
836 case TLS_DHE_PSK_WITH_AES_256_CCM :
837 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
838 ssl->specs.cipher_type = aead;
839 ssl->specs.mac_algorithm = sha256_mac;
840 ssl->specs.kea = dhe_psk_kea;
841 ssl->specs.sig_algo = anonymous_sa_algo;
842 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
843 ssl->specs.pad_size = PAD_SHA;
844 ssl->specs.static_ecdh = 0;
845 ssl->specs.key_size = AES_256_KEY_SIZE;
846 ssl->specs.block_size = AES_BLOCK_SIZE;
847 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
848 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
850 ssl->options.usingPSK_cipher = 1;
855 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
856 return UNSUPPORTED_SUITE;
859 if (ssl->options.cipherSuite0 != ECC_BYTE &&
860 ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */
861 switch (ssl->options.cipherSuite) {
863 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
864 case SSL_RSA_WITH_RC4_128_SHA :
865 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
866 ssl->specs.cipher_type = stream;
867 ssl->specs.mac_algorithm = sha_mac;
868 ssl->specs.kea = rsa_kea;
869 ssl->specs.sig_algo = rsa_sa_algo;
870 ssl->specs.hash_size = SHA_DIGEST_SIZE;
871 ssl->specs.pad_size = PAD_SHA;
872 ssl->specs.static_ecdh = 0;
873 ssl->specs.key_size = RC4_KEY_SIZE;
874 ssl->specs.iv_size = 0;
875 ssl->specs.block_size = 0;
880 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
881 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
882 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
883 ssl->specs.cipher_type = stream;
884 ssl->specs.mac_algorithm = sha_mac;
885 ssl->specs.kea = ntru_kea;
886 ssl->specs.sig_algo = rsa_sa_algo;
887 ssl->specs.hash_size = SHA_DIGEST_SIZE;
888 ssl->specs.pad_size = PAD_SHA;
889 ssl->specs.static_ecdh = 0;
890 ssl->specs.key_size = RC4_KEY_SIZE;
891 ssl->specs.iv_size = 0;
892 ssl->specs.block_size = 0;
897 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
898 case SSL_RSA_WITH_RC4_128_MD5 :
899 ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
900 ssl->specs.cipher_type = stream;
901 ssl->specs.mac_algorithm = md5_mac;
902 ssl->specs.kea = rsa_kea;
903 ssl->specs.sig_algo = rsa_sa_algo;
904 ssl->specs.hash_size = MD5_DIGEST_SIZE;
905 ssl->specs.pad_size = PAD_MD5;
906 ssl->specs.static_ecdh = 0;
907 ssl->specs.key_size = RC4_KEY_SIZE;
908 ssl->specs.iv_size = 0;
909 ssl->specs.block_size = 0;
914 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
915 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
916 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
917 ssl->specs.cipher_type = block;
918 ssl->specs.mac_algorithm = sha_mac;
919 ssl->specs.kea = rsa_kea;
920 ssl->specs.sig_algo = rsa_sa_algo;
921 ssl->specs.hash_size = SHA_DIGEST_SIZE;
922 ssl->specs.pad_size = PAD_SHA;
923 ssl->specs.static_ecdh = 0;
924 ssl->specs.key_size = DES3_KEY_SIZE;
925 ssl->specs.block_size = DES_BLOCK_SIZE;
926 ssl->specs.iv_size = DES_IV_SIZE;
931 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
932 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
933 ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
934 ssl->specs.cipher_type = block;
935 ssl->specs.mac_algorithm = sha_mac;
936 ssl->specs.kea = ntru_kea;
937 ssl->specs.sig_algo = rsa_sa_algo;
938 ssl->specs.hash_size = SHA_DIGEST_SIZE;
939 ssl->specs.pad_size = PAD_SHA;
940 ssl->specs.static_ecdh = 0;
941 ssl->specs.key_size = DES3_KEY_SIZE;
942 ssl->specs.block_size = DES_BLOCK_SIZE;
943 ssl->specs.iv_size = DES_IV_SIZE;
948 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
949 case TLS_RSA_WITH_AES_128_CBC_SHA :
950 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
951 ssl->specs.cipher_type = block;
952 ssl->specs.mac_algorithm = sha_mac;
953 ssl->specs.kea = rsa_kea;
954 ssl->specs.sig_algo = rsa_sa_algo;
955 ssl->specs.hash_size = SHA_DIGEST_SIZE;
956 ssl->specs.pad_size = PAD_SHA;
957 ssl->specs.static_ecdh = 0;
958 ssl->specs.key_size = AES_128_KEY_SIZE;
959 ssl->specs.block_size = AES_BLOCK_SIZE;
960 ssl->specs.iv_size = AES_IV_SIZE;
965 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
966 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
967 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
968 ssl->specs.cipher_type = block;
969 ssl->specs.mac_algorithm = sha256_mac;
970 ssl->specs.kea = rsa_kea;
971 ssl->specs.sig_algo = rsa_sa_algo;
972 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
973 ssl->specs.pad_size = PAD_SHA;
974 ssl->specs.static_ecdh = 0;
975 ssl->specs.key_size = AES_128_KEY_SIZE;
976 ssl->specs.block_size = AES_BLOCK_SIZE;
977 ssl->specs.iv_size = AES_IV_SIZE;
982 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
983 case TLS_RSA_WITH_NULL_SHA :
984 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
985 ssl->specs.cipher_type = stream;
986 ssl->specs.mac_algorithm = sha_mac;
987 ssl->specs.kea = rsa_kea;
988 ssl->specs.sig_algo = rsa_sa_algo;
989 ssl->specs.hash_size = SHA_DIGEST_SIZE;
990 ssl->specs.pad_size = PAD_SHA;
991 ssl->specs.static_ecdh = 0;
992 ssl->specs.key_size = 0;
993 ssl->specs.block_size = 0;
994 ssl->specs.iv_size = 0;
999 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
1000 case TLS_RSA_WITH_NULL_SHA256 :
1001 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1002 ssl->specs.cipher_type = stream;
1003 ssl->specs.mac_algorithm = sha256_mac;
1004 ssl->specs.kea = rsa_kea;
1005 ssl->specs.sig_algo = rsa_sa_algo;
1006 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1007 ssl->specs.pad_size = PAD_SHA;
1008 ssl->specs.static_ecdh = 0;
1009 ssl->specs.key_size = 0;
1010 ssl->specs.block_size = 0;
1011 ssl->specs.iv_size = 0;
1016 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
1017 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
1018 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1019 ssl->specs.cipher_type = block;
1020 ssl->specs.mac_algorithm = sha_mac;
1021 ssl->specs.kea = ntru_kea;
1022 ssl->specs.sig_algo = rsa_sa_algo;
1023 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1024 ssl->specs.pad_size = PAD_SHA;
1025 ssl->specs.static_ecdh = 0;
1026 ssl->specs.key_size = AES_128_KEY_SIZE;
1027 ssl->specs.block_size = AES_BLOCK_SIZE;
1028 ssl->specs.iv_size = AES_IV_SIZE;
1033 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
1034 case TLS_RSA_WITH_AES_256_CBC_SHA :
1035 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1036 ssl->specs.cipher_type = block;
1037 ssl->specs.mac_algorithm = sha_mac;
1038 ssl->specs.kea = rsa_kea;
1039 ssl->specs.sig_algo = rsa_sa_algo;
1040 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1041 ssl->specs.pad_size = PAD_SHA;
1042 ssl->specs.static_ecdh = 0;
1043 ssl->specs.key_size = AES_256_KEY_SIZE;
1044 ssl->specs.block_size = AES_BLOCK_SIZE;
1045 ssl->specs.iv_size = AES_IV_SIZE;
1050 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
1051 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
1052 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1053 ssl->specs.cipher_type = block;
1054 ssl->specs.mac_algorithm = sha256_mac;
1055 ssl->specs.kea = rsa_kea;
1056 ssl->specs.sig_algo = rsa_sa_algo;
1057 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1058 ssl->specs.pad_size = PAD_SHA;
1059 ssl->specs.static_ecdh = 0;
1060 ssl->specs.key_size = AES_256_KEY_SIZE;
1061 ssl->specs.block_size = AES_BLOCK_SIZE;
1062 ssl->specs.iv_size = AES_IV_SIZE;
1067 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
1068 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
1069 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1070 ssl->specs.cipher_type = block;
1071 ssl->specs.mac_algorithm = sha_mac;
1072 ssl->specs.kea = ntru_kea;
1073 ssl->specs.sig_algo = rsa_sa_algo;
1074 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1075 ssl->specs.pad_size = PAD_SHA;
1076 ssl->specs.static_ecdh = 0;
1077 ssl->specs.key_size = AES_256_KEY_SIZE;
1078 ssl->specs.block_size = AES_BLOCK_SIZE;
1079 ssl->specs.iv_size = AES_IV_SIZE;
1084 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
1085 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
1086 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1087 ssl->specs.cipher_type = aead;
1088 ssl->specs.mac_algorithm = sha256_mac;
1089 ssl->specs.kea = psk_kea;
1090 ssl->specs.sig_algo = anonymous_sa_algo;
1091 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1092 ssl->specs.pad_size = PAD_SHA;
1093 ssl->specs.static_ecdh = 0;
1094 ssl->specs.key_size = AES_128_KEY_SIZE;
1095 ssl->specs.block_size = AES_BLOCK_SIZE;
1096 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1097 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1099 ssl->options.usingPSK_cipher = 1;
1103 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
1104 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
1105 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1106 ssl->specs.cipher_type = aead;
1107 ssl->specs.mac_algorithm = sha384_mac;
1108 ssl->specs.kea = psk_kea;
1109 ssl->specs.sig_algo = anonymous_sa_algo;
1110 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1111 ssl->specs.pad_size = PAD_SHA;
1112 ssl->specs.static_ecdh = 0;
1113 ssl->specs.key_size = AES_256_KEY_SIZE;
1114 ssl->specs.block_size = AES_BLOCK_SIZE;
1115 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1116 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1118 ssl->options.usingPSK_cipher = 1;
1122 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1123 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
1124 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1125 ssl->specs.cipher_type = aead;
1126 ssl->specs.mac_algorithm = sha256_mac;
1127 ssl->specs.kea = dhe_psk_kea;
1128 ssl->specs.sig_algo = anonymous_sa_algo;
1129 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1130 ssl->specs.pad_size = PAD_SHA;
1131 ssl->specs.static_ecdh = 0;
1132 ssl->specs.key_size = AES_128_KEY_SIZE;
1133 ssl->specs.block_size = AES_BLOCK_SIZE;
1134 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1135 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1137 ssl->options.usingPSK_cipher = 1;
1141 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1142 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
1143 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1144 ssl->specs.cipher_type = aead;
1145 ssl->specs.mac_algorithm = sha384_mac;
1146 ssl->specs.kea = dhe_psk_kea;
1147 ssl->specs.sig_algo = anonymous_sa_algo;
1148 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1149 ssl->specs.pad_size = PAD_SHA;
1150 ssl->specs.static_ecdh = 0;
1151 ssl->specs.key_size = AES_256_KEY_SIZE;
1152 ssl->specs.block_size = AES_BLOCK_SIZE;
1153 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1154 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1156 ssl->options.usingPSK_cipher = 1;
1160 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
1161 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
1162 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1163 ssl->specs.cipher_type = block;
1164 ssl->specs.mac_algorithm = sha256_mac;
1165 ssl->specs.kea = psk_kea;
1166 ssl->specs.sig_algo = anonymous_sa_algo;
1167 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1168 ssl->specs.pad_size = PAD_SHA;
1169 ssl->specs.static_ecdh = 0;
1170 ssl->specs.key_size = AES_128_KEY_SIZE;
1171 ssl->specs.block_size = AES_BLOCK_SIZE;
1172 ssl->specs.iv_size = AES_IV_SIZE;
1174 ssl->options.usingPSK_cipher = 1;
1178 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
1179 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
1180 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1181 ssl->specs.cipher_type = block;
1182 ssl->specs.mac_algorithm = sha384_mac;
1183 ssl->specs.kea = psk_kea;
1184 ssl->specs.sig_algo = anonymous_sa_algo;
1185 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1186 ssl->specs.pad_size = PAD_SHA;
1187 ssl->specs.static_ecdh = 0;
1188 ssl->specs.key_size = AES_256_KEY_SIZE;
1189 ssl->specs.block_size = AES_BLOCK_SIZE;
1190 ssl->specs.iv_size = AES_IV_SIZE;
1192 ssl->options.usingPSK_cipher = 1;
1196 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1197 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
1198 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1199 ssl->specs.cipher_type = block;
1200 ssl->specs.mac_algorithm = sha256_mac;
1201 ssl->specs.kea = dhe_psk_kea;
1202 ssl->specs.sig_algo = anonymous_sa_algo;
1203 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1204 ssl->specs.pad_size = PAD_SHA;
1205 ssl->specs.static_ecdh = 0;
1206 ssl->specs.key_size = AES_128_KEY_SIZE;
1207 ssl->specs.block_size = AES_BLOCK_SIZE;
1208 ssl->specs.iv_size = AES_IV_SIZE;
1210 ssl->options.usingPSK_cipher = 1;
1214 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1215 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
1216 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1217 ssl->specs.cipher_type = block;
1218 ssl->specs.mac_algorithm = sha384_mac;
1219 ssl->specs.kea = dhe_psk_kea;
1220 ssl->specs.sig_algo = anonymous_sa_algo;
1221 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1222 ssl->specs.pad_size = PAD_SHA;
1223 ssl->specs.static_ecdh = 0;
1224 ssl->specs.key_size = AES_256_KEY_SIZE;
1225 ssl->specs.block_size = AES_BLOCK_SIZE;
1226 ssl->specs.iv_size = AES_IV_SIZE;
1228 ssl->options.usingPSK_cipher = 1;
1232 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
1233 case TLS_PSK_WITH_AES_128_CBC_SHA :
1234 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1235 ssl->specs.cipher_type = block;
1236 ssl->specs.mac_algorithm = sha_mac;
1237 ssl->specs.kea = psk_kea;
1238 ssl->specs.sig_algo = anonymous_sa_algo;
1239 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1240 ssl->specs.pad_size = PAD_SHA;
1241 ssl->specs.static_ecdh = 0;
1242 ssl->specs.key_size = AES_128_KEY_SIZE;
1243 ssl->specs.block_size = AES_BLOCK_SIZE;
1244 ssl->specs.iv_size = AES_IV_SIZE;
1246 ssl->options.usingPSK_cipher = 1;
1250 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
1251 case TLS_PSK_WITH_AES_256_CBC_SHA :
1252 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1253 ssl->specs.cipher_type = block;
1254 ssl->specs.mac_algorithm = sha_mac;
1255 ssl->specs.kea = psk_kea;
1256 ssl->specs.sig_algo = anonymous_sa_algo;
1257 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1258 ssl->specs.pad_size = PAD_SHA;
1259 ssl->specs.static_ecdh = 0;
1260 ssl->specs.key_size = AES_256_KEY_SIZE;
1261 ssl->specs.block_size = AES_BLOCK_SIZE;
1262 ssl->specs.iv_size = AES_IV_SIZE;
1264 ssl->options.usingPSK_cipher = 1;
1268 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
1269 case TLS_PSK_WITH_NULL_SHA256 :
1270 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1271 ssl->specs.cipher_type = stream;
1272 ssl->specs.mac_algorithm = sha256_mac;
1273 ssl->specs.kea = psk_kea;
1274 ssl->specs.sig_algo = anonymous_sa_algo;
1275 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1276 ssl->specs.pad_size = PAD_SHA;
1277 ssl->specs.static_ecdh = 0;
1278 ssl->specs.key_size = 0;
1279 ssl->specs.block_size = 0;
1280 ssl->specs.iv_size = 0;
1282 ssl->options.usingPSK_cipher = 1;
1286 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
1287 case TLS_PSK_WITH_NULL_SHA384 :
1288 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1289 ssl->specs.cipher_type = stream;
1290 ssl->specs.mac_algorithm = sha384_mac;
1291 ssl->specs.kea = psk_kea;
1292 ssl->specs.sig_algo = anonymous_sa_algo;
1293 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1294 ssl->specs.pad_size = PAD_SHA;
1295 ssl->specs.static_ecdh = 0;
1296 ssl->specs.key_size = 0;
1297 ssl->specs.block_size = 0;
1298 ssl->specs.iv_size = 0;
1300 ssl->options.usingPSK_cipher = 1;
1304 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
1305 case TLS_PSK_WITH_NULL_SHA :
1306 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1307 ssl->specs.cipher_type = stream;
1308 ssl->specs.mac_algorithm = sha_mac;
1309 ssl->specs.kea = psk_kea;
1310 ssl->specs.sig_algo = anonymous_sa_algo;
1311 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1312 ssl->specs.pad_size = PAD_SHA;
1313 ssl->specs.static_ecdh = 0;
1314 ssl->specs.key_size = 0;
1315 ssl->specs.block_size = 0;
1316 ssl->specs.iv_size = 0;
1318 ssl->options.usingPSK_cipher = 1;
1322 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
1323 case TLS_DHE_PSK_WITH_NULL_SHA256 :
1324 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1325 ssl->specs.cipher_type = stream;
1326 ssl->specs.mac_algorithm = sha256_mac;
1327 ssl->specs.kea = dhe_psk_kea;
1328 ssl->specs.sig_algo = anonymous_sa_algo;
1329 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1330 ssl->specs.pad_size = PAD_SHA;
1331 ssl->specs.static_ecdh = 0;
1332 ssl->specs.key_size = 0;
1333 ssl->specs.block_size = 0;
1334 ssl->specs.iv_size = 0;
1336 ssl->options.usingPSK_cipher = 1;
1340 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
1341 case TLS_DHE_PSK_WITH_NULL_SHA384 :
1342 ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1343 ssl->specs.cipher_type = stream;
1344 ssl->specs.mac_algorithm = sha384_mac;
1345 ssl->specs.kea = dhe_psk_kea;
1346 ssl->specs.sig_algo = anonymous_sa_algo;
1347 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1348 ssl->specs.pad_size = PAD_SHA;
1349 ssl->specs.static_ecdh = 0;
1350 ssl->specs.key_size = 0;
1351 ssl->specs.block_size = 0;
1352 ssl->specs.iv_size = 0;
1354 ssl->options.usingPSK_cipher = 1;
1358 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1359 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
1360 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1361 ssl->specs.cipher_type = block;
1362 ssl->specs.mac_algorithm = sha256_mac;
1363 ssl->specs.kea = diffie_hellman_kea;
1364 ssl->specs.sig_algo = rsa_sa_algo;
1365 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1366 ssl->specs.pad_size = PAD_SHA;
1367 ssl->specs.static_ecdh = 0;
1368 ssl->specs.key_size = AES_128_KEY_SIZE;
1369 ssl->specs.block_size = AES_BLOCK_SIZE;
1370 ssl->specs.iv_size = AES_IV_SIZE;
1375 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1376 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
1377 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1378 ssl->specs.cipher_type = block;
1379 ssl->specs.mac_algorithm = sha256_mac;
1380 ssl->specs.kea = diffie_hellman_kea;
1381 ssl->specs.sig_algo = rsa_sa_algo;
1382 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1383 ssl->specs.pad_size = PAD_SHA;
1384 ssl->specs.static_ecdh = 0;
1385 ssl->specs.key_size = AES_256_KEY_SIZE;
1386 ssl->specs.block_size = AES_BLOCK_SIZE;
1387 ssl->specs.iv_size = AES_IV_SIZE;
1392 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1393 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
1394 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1395 ssl->specs.cipher_type = block;
1396 ssl->specs.mac_algorithm = sha_mac;
1397 ssl->specs.kea = diffie_hellman_kea;
1398 ssl->specs.sig_algo = rsa_sa_algo;
1399 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1400 ssl->specs.pad_size = PAD_SHA;
1401 ssl->specs.static_ecdh = 0;
1402 ssl->specs.key_size = AES_128_KEY_SIZE;
1403 ssl->specs.block_size = AES_BLOCK_SIZE;
1404 ssl->specs.iv_size = AES_IV_SIZE;
1409 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1410 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
1411 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1412 ssl->specs.cipher_type = block;
1413 ssl->specs.mac_algorithm = sha_mac;
1414 ssl->specs.kea = diffie_hellman_kea;
1415 ssl->specs.sig_algo = rsa_sa_algo;
1416 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1417 ssl->specs.pad_size = PAD_SHA;
1418 ssl->specs.static_ecdh = 0;
1419 ssl->specs.key_size = AES_256_KEY_SIZE;
1420 ssl->specs.block_size = AES_BLOCK_SIZE;
1421 ssl->specs.iv_size = AES_IV_SIZE;
1426 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
1427 case TLS_RSA_WITH_HC_128_MD5 :
1428 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1429 ssl->specs.cipher_type = stream;
1430 ssl->specs.mac_algorithm = md5_mac;
1431 ssl->specs.kea = rsa_kea;
1432 ssl->specs.sig_algo = rsa_sa_algo;
1433 ssl->specs.hash_size = MD5_DIGEST_SIZE;
1434 ssl->specs.pad_size = PAD_MD5;
1435 ssl->specs.static_ecdh = 0;
1436 ssl->specs.key_size = HC_128_KEY_SIZE;
1437 ssl->specs.block_size = 0;
1438 ssl->specs.iv_size = HC_128_IV_SIZE;
1443 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
1444 case TLS_RSA_WITH_HC_128_SHA :
1445 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1446 ssl->specs.cipher_type = stream;
1447 ssl->specs.mac_algorithm = sha_mac;
1448 ssl->specs.kea = rsa_kea;
1449 ssl->specs.sig_algo = rsa_sa_algo;
1450 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1451 ssl->specs.pad_size = PAD_SHA;
1452 ssl->specs.static_ecdh = 0;
1453 ssl->specs.key_size = HC_128_KEY_SIZE;
1454 ssl->specs.block_size = 0;
1455 ssl->specs.iv_size = HC_128_IV_SIZE;
1460 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
1461 case TLS_RSA_WITH_HC_128_B2B256:
1462 ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
1463 ssl->specs.cipher_type = stream;
1464 ssl->specs.mac_algorithm = blake2b_mac;
1465 ssl->specs.kea = rsa_kea;
1466 ssl->specs.sig_algo = rsa_sa_algo;
1467 ssl->specs.hash_size = BLAKE2B_256;
1468 ssl->specs.pad_size = PAD_SHA;
1469 ssl->specs.static_ecdh = 0;
1470 ssl->specs.key_size = HC_128_KEY_SIZE;
1471 ssl->specs.block_size = 0;
1472 ssl->specs.iv_size = HC_128_IV_SIZE;
1477 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
1478 case TLS_RSA_WITH_AES_128_CBC_B2B256:
1479 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1480 ssl->specs.cipher_type = block;
1481 ssl->specs.mac_algorithm = blake2b_mac;
1482 ssl->specs.kea = rsa_kea;
1483 ssl->specs.sig_algo = rsa_sa_algo;
1484 ssl->specs.hash_size = BLAKE2B_256;
1485 ssl->specs.pad_size = PAD_SHA;
1486 ssl->specs.static_ecdh = 0;
1487 ssl->specs.key_size = AES_128_KEY_SIZE;
1488 ssl->specs.iv_size = AES_IV_SIZE;
1489 ssl->specs.block_size = AES_BLOCK_SIZE;
1494 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
1495 case TLS_RSA_WITH_AES_256_CBC_B2B256:
1496 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1497 ssl->specs.cipher_type = block;
1498 ssl->specs.mac_algorithm = blake2b_mac;
1499 ssl->specs.kea = rsa_kea;
1500 ssl->specs.sig_algo = rsa_sa_algo;
1501 ssl->specs.hash_size = BLAKE2B_256;
1502 ssl->specs.pad_size = PAD_SHA;
1503 ssl->specs.static_ecdh = 0;
1504 ssl->specs.key_size = AES_256_KEY_SIZE;
1505 ssl->specs.iv_size = AES_IV_SIZE;
1506 ssl->specs.block_size = AES_BLOCK_SIZE;
1511 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
1512 case TLS_RSA_WITH_RABBIT_SHA :
1513 ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit;
1514 ssl->specs.cipher_type = stream;
1515 ssl->specs.mac_algorithm = sha_mac;
1516 ssl->specs.kea = rsa_kea;
1517 ssl->specs.sig_algo = rsa_sa_algo;
1518 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1519 ssl->specs.pad_size = PAD_SHA;
1520 ssl->specs.static_ecdh = 0;
1521 ssl->specs.key_size = RABBIT_KEY_SIZE;
1522 ssl->specs.block_size = 0;
1523 ssl->specs.iv_size = RABBIT_IV_SIZE;
1528 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
1529 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
1530 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1531 ssl->specs.cipher_type = aead;
1532 ssl->specs.mac_algorithm = sha256_mac;
1533 ssl->specs.kea = rsa_kea;
1534 ssl->specs.sig_algo = rsa_sa_algo;
1535 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1536 ssl->specs.pad_size = PAD_SHA;
1537 ssl->specs.static_ecdh = 0;
1538 ssl->specs.key_size = AES_128_KEY_SIZE;
1539 ssl->specs.block_size = AES_BLOCK_SIZE;
1540 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1541 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1546 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
1547 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
1548 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1549 ssl->specs.cipher_type = aead;
1550 ssl->specs.mac_algorithm = sha384_mac;
1551 ssl->specs.kea = rsa_kea;
1552 ssl->specs.sig_algo = rsa_sa_algo;
1553 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1554 ssl->specs.pad_size = PAD_SHA;
1555 ssl->specs.static_ecdh = 0;
1556 ssl->specs.key_size = AES_256_KEY_SIZE;
1557 ssl->specs.block_size = AES_BLOCK_SIZE;
1558 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1559 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1564 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1565 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
1566 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1567 ssl->specs.cipher_type = aead;
1568 ssl->specs.mac_algorithm = sha256_mac;
1569 ssl->specs.kea = diffie_hellman_kea;
1570 ssl->specs.sig_algo = rsa_sa_algo;
1571 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1572 ssl->specs.pad_size = PAD_SHA;
1573 ssl->specs.static_ecdh = 0;
1574 ssl->specs.key_size = AES_128_KEY_SIZE;
1575 ssl->specs.block_size = AES_BLOCK_SIZE;
1576 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1577 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1582 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1583 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
1584 ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1585 ssl->specs.cipher_type = aead;
1586 ssl->specs.mac_algorithm = sha384_mac;
1587 ssl->specs.kea = diffie_hellman_kea;
1588 ssl->specs.sig_algo = rsa_sa_algo;
1589 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1590 ssl->specs.pad_size = PAD_SHA;
1591 ssl->specs.static_ecdh = 0;
1592 ssl->specs.key_size = AES_256_KEY_SIZE;
1593 ssl->specs.block_size = AES_BLOCK_SIZE;
1594 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1595 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1600 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1601 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
1602 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1603 ssl->specs.cipher_type = block;
1604 ssl->specs.mac_algorithm = sha_mac;
1605 ssl->specs.kea = rsa_kea;
1606 ssl->specs.sig_algo = rsa_sa_algo;
1607 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1608 ssl->specs.pad_size = PAD_SHA;
1609 ssl->specs.static_ecdh = 0;
1610 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1611 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1612 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1617 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1618 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
1619 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1620 ssl->specs.cipher_type = block;
1621 ssl->specs.mac_algorithm = sha_mac;
1622 ssl->specs.kea = rsa_kea;
1623 ssl->specs.sig_algo = rsa_sa_algo;
1624 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1625 ssl->specs.pad_size = PAD_SHA;
1626 ssl->specs.static_ecdh = 0;
1627 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1628 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1629 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1634 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1635 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1636 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1637 ssl->specs.cipher_type = block;
1638 ssl->specs.mac_algorithm = sha256_mac;
1639 ssl->specs.kea = rsa_kea;
1640 ssl->specs.sig_algo = rsa_sa_algo;
1641 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1642 ssl->specs.pad_size = PAD_SHA;
1643 ssl->specs.static_ecdh = 0;
1644 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1645 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1646 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1651 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
1652 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
1653 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1654 ssl->specs.cipher_type = block;
1655 ssl->specs.mac_algorithm = sha256_mac;
1656 ssl->specs.kea = rsa_kea;
1657 ssl->specs.sig_algo = rsa_sa_algo;
1658 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1659 ssl->specs.pad_size = PAD_SHA;
1660 ssl->specs.static_ecdh = 0;
1661 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1662 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1663 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1668 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
1669 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
1670 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1671 ssl->specs.cipher_type = block;
1672 ssl->specs.mac_algorithm = sha_mac;
1673 ssl->specs.kea = diffie_hellman_kea;
1674 ssl->specs.sig_algo = rsa_sa_algo;
1675 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1676 ssl->specs.pad_size = PAD_SHA;
1677 ssl->specs.static_ecdh = 0;
1678 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1679 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1680 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1685 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1686 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
1687 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1688 ssl->specs.cipher_type = block;
1689 ssl->specs.mac_algorithm = sha_mac;
1690 ssl->specs.kea = diffie_hellman_kea;
1691 ssl->specs.sig_algo = rsa_sa_algo;
1692 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1693 ssl->specs.pad_size = PAD_SHA;
1694 ssl->specs.static_ecdh = 0;
1695 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1696 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1697 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1702 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1703 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1704 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1705 ssl->specs.cipher_type = block;
1706 ssl->specs.mac_algorithm = sha256_mac;
1707 ssl->specs.kea = diffie_hellman_kea;
1708 ssl->specs.sig_algo = rsa_sa_algo;
1709 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1710 ssl->specs.pad_size = PAD_SHA;
1711 ssl->specs.static_ecdh = 0;
1712 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1713 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1714 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1719 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
1720 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
1721 ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1722 ssl->specs.cipher_type = block;
1723 ssl->specs.mac_algorithm = sha256_mac;
1724 ssl->specs.kea = diffie_hellman_kea;
1725 ssl->specs.sig_algo = rsa_sa_algo;
1726 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1727 ssl->specs.pad_size = PAD_SHA;
1728 ssl->specs.static_ecdh = 0;
1729 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1730 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1731 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1736 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
1737 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
1738 ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1739 ssl->specs.cipher_type = block;
1740 ssl->specs.mac_algorithm = sha_mac;
1741 ssl->specs.kea = diffie_hellman_kea;
1742 ssl->specs.sig_algo = anonymous_sa_algo;
1743 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1744 ssl->specs.pad_size = PAD_SHA;
1745 ssl->specs.static_ecdh = 0;
1746 ssl->specs.key_size = AES_128_KEY_SIZE;
1747 ssl->specs.block_size = AES_BLOCK_SIZE;
1748 ssl->specs.iv_size = AES_IV_SIZE;
1750 ssl->options.usingAnon_cipher = 1;
1755 WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
1756 return UNSUPPORTED_SUITE;
1758 } /* if ECC / Normal suites else */
1760 /* set TLS if it hasn't been turned off */
1761 if (ssl->version.major == 3 && ssl->version.minor >= 1) {
1763 ssl->options.tls = 1;
1764 ssl->hmac = TLS_hmac;
1765 if (ssl->version.minor >= 2)
1766 ssl->options.tls1_1 = 1;
1771 if (ssl->options.dtls)
1772 ssl->hmac = TLS_hmac;
1781 PREFIX = 3, /* up to three letters for master prefix */
1782 KEY_PREFIX = 7 /* up to 7 prefix letters for key rounds */
1788 /* true or false, zero for error */
1789 static int SetPrefix(byte* sha_input, int idx)
1793 XMEMCPY(sha_input, "A", 1);
1796 XMEMCPY(sha_input, "BB", 2);
1799 XMEMCPY(sha_input, "CCC", 3);
1802 XMEMCPY(sha_input, "DDDD", 4);
1805 XMEMCPY(sha_input, "EEEEE", 5);
1808 XMEMCPY(sha_input, "FFFFFF", 6);
1811 XMEMCPY(sha_input, "GGGGGGG", 7);
1814 WOLFSSL_MSG("Set Prefix error, bad input");
1822 static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
1823 int side, void* heap, int devId)
1826 word32 sz = specs->key_size;
1827 if (specs->bulk_cipher_algorithm == wolfssl_rc4) {
1828 if (enc && enc->arc4 == NULL)
1829 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
1830 if (enc && enc->arc4 == NULL)
1832 if (dec && dec->arc4 == NULL)
1833 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
1834 if (dec && dec->arc4 == NULL)
1837 if (devId != NO_CAVIUM_DEVICE) {
1839 if (Arc4InitCavium(enc->arc4, devId) != 0) {
1840 WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
1841 return CAVIUM_INIT_E;
1845 if (Arc4InitCavium(dec->arc4, devId) != 0) {
1846 WOLFSSL_MSG("Arc4InitCavium failed in SetKeys");
1847 return CAVIUM_INIT_E;
1852 if (side == WOLFSSL_CLIENT_END) {
1854 wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
1856 wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz);
1860 wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz);
1862 wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz);
1872 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
1873 if (specs->bulk_cipher_algorithm == wolfssl_chacha) {
1875 if (enc && enc->chacha == NULL)
1877 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
1878 if (enc && enc->chacha == NULL)
1880 if (dec && dec->chacha == NULL)
1882 (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
1883 if (dec && dec->chacha == NULL)
1885 if (side == WOLFSSL_CLIENT_END) {
1887 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key,
1889 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
1891 if (chachaRet != 0) return chachaRet;
1894 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key,
1896 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
1898 if (chachaRet != 0) return chachaRet;
1903 chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key,
1905 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
1907 if (chachaRet != 0) return chachaRet;
1910 chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key,
1912 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
1914 if (chachaRet != 0) return chachaRet;
1926 if (specs->bulk_cipher_algorithm == wolfssl_hc128) {
1928 if (enc && enc->hc128 == NULL)
1930 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
1931 if (enc && enc->hc128 == NULL)
1933 if (dec && dec->hc128 == NULL)
1935 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
1936 if (dec && dec->hc128 == NULL)
1938 if (side == WOLFSSL_CLIENT_END) {
1940 hcRet = wc_Hc128_SetKey(enc->hc128, keys->client_write_key,
1941 keys->client_write_IV);
1942 if (hcRet != 0) return hcRet;
1945 hcRet = wc_Hc128_SetKey(dec->hc128, keys->server_write_key,
1946 keys->server_write_IV);
1947 if (hcRet != 0) return hcRet;
1952 hcRet = wc_Hc128_SetKey(enc->hc128, keys->server_write_key,
1953 keys->server_write_IV);
1954 if (hcRet != 0) return hcRet;
1957 hcRet = wc_Hc128_SetKey(dec->hc128, keys->client_write_key,
1958 keys->client_write_IV);
1959 if (hcRet != 0) return hcRet;
1970 if (specs->bulk_cipher_algorithm == wolfssl_rabbit) {
1972 if (enc && enc->rabbit == NULL)
1974 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
1975 if (enc && enc->rabbit == NULL)
1977 if (dec && dec->rabbit == NULL)
1979 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
1980 if (dec && dec->rabbit == NULL)
1982 if (side == WOLFSSL_CLIENT_END) {
1984 rabRet = wc_RabbitSetKey(enc->rabbit, keys->client_write_key,
1985 keys->client_write_IV);
1986 if (rabRet != 0) return rabRet;
1989 rabRet = wc_RabbitSetKey(dec->rabbit, keys->server_write_key,
1990 keys->server_write_IV);
1991 if (rabRet != 0) return rabRet;
1996 rabRet = wc_RabbitSetKey(enc->rabbit, keys->server_write_key,
1997 keys->server_write_IV);
1998 if (rabRet != 0) return rabRet;
2001 rabRet = wc_RabbitSetKey(dec->rabbit, keys->client_write_key,
2002 keys->client_write_IV);
2003 if (rabRet != 0) return rabRet;
2014 if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
2017 if (enc && enc->des3 == NULL)
2018 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2019 if (enc && enc->des3 == NULL)
2021 if (dec && dec->des3 == NULL)
2022 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2023 if (dec && dec->des3 == NULL)
2026 if (devId != NO_CAVIUM_DEVICE) {
2028 if (Des3_InitCavium(enc->des3, devId) != 0) {
2029 WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
2030 return CAVIUM_INIT_E;
2034 if (Des3_InitCavium(dec->des3, devId) != 0) {
2035 WOLFSSL_MSG("Des3_InitCavium failed in SetKeys");
2036 return CAVIUM_INIT_E;
2041 if (side == WOLFSSL_CLIENT_END) {
2043 desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
2044 keys->client_write_IV, DES_ENCRYPTION);
2045 if (desRet != 0) return desRet;
2048 desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key,
2049 keys->server_write_IV, DES_DECRYPTION);
2050 if (desRet != 0) return desRet;
2055 desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key,
2056 keys->server_write_IV, DES_ENCRYPTION);
2057 if (desRet != 0) return desRet;
2060 desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key,
2061 keys->client_write_IV, DES_DECRYPTION);
2062 if (desRet != 0) return desRet;
2073 if (specs->bulk_cipher_algorithm == wolfssl_aes) {
2076 if (enc && enc->aes == NULL)
2077 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2078 if (enc && enc->aes == NULL)
2080 if (dec && dec->aes == NULL)
2081 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2082 if (dec && dec->aes == NULL)
2085 if (devId != NO_CAVIUM_DEVICE) {
2087 if (wc_AesInitCavium(enc->aes, devId) != 0) {
2088 WOLFSSL_MSG("AesInitCavium failed in SetKeys");
2089 return CAVIUM_INIT_E;
2093 if (wc_AesInitCavium(dec->aes, devId) != 0) {
2094 WOLFSSL_MSG("AesInitCavium failed in SetKeys");
2095 return CAVIUM_INIT_E;
2100 if (side == WOLFSSL_CLIENT_END) {
2102 aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
2103 specs->key_size, keys->client_write_IV,
2105 if (aesRet != 0) return aesRet;
2108 aesRet = wc_AesSetKey(dec->aes, keys->server_write_key,
2109 specs->key_size, keys->server_write_IV,
2111 if (aesRet != 0) return aesRet;
2116 aesRet = wc_AesSetKey(enc->aes, keys->server_write_key,
2117 specs->key_size, keys->server_write_IV,
2119 if (aesRet != 0) return aesRet;
2122 aesRet = wc_AesSetKey(dec->aes, keys->client_write_key,
2123 specs->key_size, keys->client_write_IV,
2125 if (aesRet != 0) return aesRet;
2136 if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
2139 if (enc && enc->aes == NULL)
2140 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2141 if (enc && enc->aes == NULL)
2143 if (dec && dec->aes == NULL)
2144 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2145 if (dec && dec->aes == NULL)
2148 if (side == WOLFSSL_CLIENT_END) {
2150 gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key,
2152 if (gcmRet != 0) return gcmRet;
2153 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2157 gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
2159 if (gcmRet != 0) return gcmRet;
2160 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2166 gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key,
2168 if (gcmRet != 0) return gcmRet;
2169 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2173 gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
2175 if (gcmRet != 0) return gcmRet;
2176 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2188 if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
2189 if (enc && enc->aes == NULL)
2190 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2191 if (enc && enc->aes == NULL)
2193 if (dec && dec->aes == NULL)
2194 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2195 if (dec && dec->aes == NULL)
2198 if (side == WOLFSSL_CLIENT_END) {
2200 wc_AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
2201 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2205 wc_AesCcmSetKey(dec->aes, keys->server_write_key, specs->key_size);
2206 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2212 wc_AesCcmSetKey(enc->aes, keys->server_write_key, specs->key_size);
2213 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2217 wc_AesCcmSetKey(dec->aes, keys->client_write_key, specs->key_size);
2218 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2229 #ifdef HAVE_CAMELLIA
2230 if (specs->bulk_cipher_algorithm == wolfssl_camellia) {
2233 if (enc && enc->cam == NULL)
2235 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2236 if (enc && enc->cam == NULL)
2239 if (dec && dec->cam == NULL)
2241 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2242 if (dec && dec->cam == NULL)
2245 if (side == WOLFSSL_CLIENT_END) {
2247 camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key,
2248 specs->key_size, keys->client_write_IV);
2249 if (camRet != 0) return camRet;
2252 camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key,
2253 specs->key_size, keys->server_write_IV);
2254 if (camRet != 0) return camRet;
2259 camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key,
2260 specs->key_size, keys->server_write_IV);
2261 if (camRet != 0) return camRet;
2264 camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key,
2265 specs->key_size, keys->client_write_IV);
2266 if (camRet != 0) return camRet;
2276 #ifdef HAVE_NULL_CIPHER
2277 if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
2286 keys->sequence_number = 0;
2288 keys->peer_sequence_number = 0;
2300 #ifdef HAVE_ONE_TIME_AUTH
2301 /* set one time authentication keys */
2302 static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
2303 CipherSpecs* specs, void* heap, int devId)
2306 #ifdef HAVE_POLY1305
2307 /* set up memory space for poly1305 */
2308 if (authentication && authentication->poly1305 == NULL)
2309 authentication->poly1305 =
2310 (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER);
2311 if (authentication && authentication->poly1305 == NULL)
2314 authentication->setup = 1;
2323 #endif /* HAVE_ONE_TIME_AUTH */
2326 /* Set wc_encrypt/wc_decrypt or both sides of key setup
2327 * note: use wc_encrypt to avoid shadowing global encrypt
2328 * declared in unistd.h
2330 int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
2332 int devId = NO_CAVIUM_DEVICE, ret, copy = 0;
2333 Ciphers* wc_encrypt = NULL;
2334 Ciphers* wc_decrypt = NULL;
2335 Keys* keys = &ssl->keys;
2343 #ifdef HAVE_SECURE_RENEGOTIATION
2344 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) {
2345 keys = &ssl->secure_renegotiation->tmp_keys;
2348 #endif /* HAVE_SECURE_RENEGOTIATION */
2351 case ENCRYPT_SIDE_ONLY:
2352 wc_encrypt = &ssl->encrypt;
2355 case DECRYPT_SIDE_ONLY:
2356 wc_decrypt = &ssl->decrypt;
2359 case ENCRYPT_AND_DECRYPT_SIDE:
2360 wc_encrypt = &ssl->encrypt;
2361 wc_decrypt = &ssl->decrypt;
2365 return BAD_FUNC_ARG;
2368 #ifdef HAVE_ONE_TIME_AUTH
2369 if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){
2370 ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, devId);
2376 ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
2379 #ifdef HAVE_SECURE_RENEGOTIATION
2383 if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt)
2385 else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt)
2389 XMEMCPY(ssl->keys.client_write_MAC_secret,
2390 keys->client_write_MAC_secret, MAX_DIGEST_SIZE);
2391 XMEMCPY(ssl->keys.client_write_key,
2392 keys->client_write_key, AES_256_KEY_SIZE);
2393 XMEMCPY(ssl->keys.client_write_IV,
2394 keys->client_write_IV, AES_IV_SIZE);
2396 XMEMCPY(ssl->keys.server_write_MAC_secret,
2397 keys->server_write_MAC_secret, MAX_DIGEST_SIZE);
2398 XMEMCPY(ssl->keys.server_write_key,
2399 keys->server_write_key, AES_256_KEY_SIZE);
2400 XMEMCPY(ssl->keys.server_write_IV,
2401 keys->server_write_IV, AES_IV_SIZE);
2404 ssl->keys.sequence_number = keys->sequence_number;
2406 if (ssl->specs.cipher_type == aead) {
2407 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
2408 XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
2411 /* Initialize encrypt implicit IV by encrypt side */
2412 if (ssl->options.side == WOLFSSL_CLIENT_END) {
2413 XMEMCPY(ssl->keys.aead_enc_imp_IV,
2414 keys->client_write_IV, AEAD_IMP_IV_SZ);
2416 XMEMCPY(ssl->keys.aead_enc_imp_IV,
2417 keys->server_write_IV, AEAD_IMP_IV_SZ);
2423 ssl->keys.peer_sequence_number = keys->peer_sequence_number;
2425 if (ssl->specs.cipher_type == aead) {
2426 /* Initialize decrypt implicit IV by decrypt side */
2427 if (ssl->options.side == WOLFSSL_SERVER_END) {
2428 XMEMCPY(ssl->keys.aead_dec_imp_IV,
2429 keys->client_write_IV, AEAD_IMP_IV_SZ);
2431 XMEMCPY(ssl->keys.aead_dec_imp_IV,
2432 keys->server_write_IV, AEAD_IMP_IV_SZ);
2437 ssl->secure_renegotiation->cache_status++;
2439 #endif /* HAVE_SECURE_RENEGOTIATION */
2445 /* TLS can call too */
2446 int StoreKeys(WOLFSSL* ssl, const byte* keyData)
2449 Keys* keys = &ssl->keys;
2451 #ifdef HAVE_SECURE_RENEGOTIATION
2452 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status ==
2454 keys = &ssl->secure_renegotiation->tmp_keys;
2455 ssl->secure_renegotiation->cache_status++;
2457 #endif /* HAVE_SECURE_RENEGOTIATION */
2459 if (ssl->specs.cipher_type != aead) {
2460 sz = ssl->specs.hash_size;
2461 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
2463 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
2466 sz = ssl->specs.key_size;
2467 XMEMCPY(keys->client_write_key, &keyData[i], sz);
2469 XMEMCPY(keys->server_write_key, &keyData[i], sz);
2472 sz = ssl->specs.iv_size;
2473 XMEMCPY(keys->client_write_IV, &keyData[i], sz);
2475 XMEMCPY(keys->server_write_IV, &keyData[i], sz);
2478 if (ssl->specs.cipher_type == aead) {
2479 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
2480 XMEMSET(keys->aead_exp_IV, 0, AEAD_EXP_IV_SZ);
2488 int DeriveKeys(WOLFSSL* ssl)
2490 int length = 2 * ssl->specs.hash_size +
2491 2 * ssl->specs.key_size +
2492 2 * ssl->specs.iv_size;
2493 int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
2496 #ifdef WOLFSSL_SMALL_STACK
2504 byte shaOutput[SHA_DIGEST_SIZE];
2505 byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE];
2506 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
2507 byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE];
2512 #ifdef WOLFSSL_SMALL_STACK
2513 shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
2514 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2515 md5Input = (byte*)XMALLOC(SECRET_LEN + SHA_DIGEST_SIZE,
2516 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2517 shaInput = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN,
2518 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2519 keyData = (byte*)XMALLOC(KEY_PREFIX * MD5_DIGEST_SIZE,
2520 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2521 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
2522 sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
2524 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
2525 keyData == NULL || md5 == NULL || sha == NULL) {
2526 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2527 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2528 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2529 if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2530 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2531 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2539 ret = wc_InitSha(sha);
2542 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
2544 for (i = 0; i < rounds; ++i) {
2548 if (!SetPrefix(shaInput, i)) {
2553 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
2555 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
2557 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
2559 wc_ShaUpdate(sha, shaInput, (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN)
2561 wc_ShaFinal(sha, shaOutput);
2563 XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE);
2564 wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE);
2565 wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE);
2569 ret = StoreKeys(ssl, keyData);
2572 #ifdef WOLFSSL_SMALL_STACK
2573 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2574 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2575 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2576 XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2577 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2578 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2585 static int CleanPreMaster(WOLFSSL* ssl)
2587 int i, ret, sz = ssl->arrays->preMasterSz;
2589 for (i = 0; i < sz; i++)
2590 ssl->arrays->preMasterSecret[i] = 0;
2592 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
2596 for (i = 0; i < sz; i++)
2597 ssl->arrays->preMasterSecret[i] = 0;
2603 /* Create and store the master secret see page 32, 6.1 */
2604 static int MakeSslMasterSecret(WOLFSSL* ssl)
2608 word32 pmsSz = ssl->arrays->preMasterSz;
2610 #ifdef WOLFSSL_SMALL_STACK
2617 byte shaOutput[SHA_DIGEST_SIZE];
2618 byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
2619 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
2627 printf("pre master secret: ");
2628 for (j = 0; j < pmsSz; j++)
2629 printf("%02x", ssl->arrays->preMasterSecret[j]);
2634 #ifdef WOLFSSL_SMALL_STACK
2635 shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
2636 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2637 md5Input = (byte*)XMALLOC(ENCRYPT_LEN + SHA_DIGEST_SIZE,
2638 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2639 shaInput = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN,
2640 NULL, DYNAMIC_TYPE_TMP_BUFFER);
2641 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
2642 sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
2644 if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
2645 md5 == NULL || sha == NULL) {
2646 if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2647 if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2648 if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2649 if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2650 if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2658 ret = wc_InitSha(sha);
2661 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
2663 for (i = 0; i < MASTER_ROUNDS; ++i) {
2664 byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */
2665 if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */
2671 XMEMCPY(shaInput, prefix, i + 1);
2674 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
2676 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
2678 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
2680 wc_ShaUpdate(sha, shaInput, idx);
2681 wc_ShaFinal(sha, shaOutput);
2683 idx = pmsSz; /* preSz */
2684 XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
2685 idx += SHA_DIGEST_SIZE;
2686 wc_Md5Update(md5, md5Input, idx);
2687 wc_Md5Final(md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]);
2693 printf("master secret: ");
2694 for (j = 0; j < SECRET_LEN; j++)
2695 printf("%02x", ssl->arrays->masterSecret[j]);
2701 ret = DeriveKeys(ssl);
2704 #ifdef WOLFSSL_SMALL_STACK
2705 XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2706 XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2707 XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2708 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2709 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2713 ret = CleanPreMaster(ssl);
2715 CleanPreMaster(ssl);
2722 /* Master wrapper, doesn't use SSL stack space in TLS mode */
2723 int MakeMasterSecret(WOLFSSL* ssl)
2726 return MakeTlsMasterSecret(ssl);
2727 #elif !defined(NO_TLS)
2728 if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
2732 return MakeSslMasterSecret(ssl);
begriffs.com / projects / freertos / blob