feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add cipher suite ECDHE-PSK-AES128-SHA256 and adjustments to ECDHE-PSK

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-02-03 15:25:34 -07:00
parent d04a7e802a
commit 5a9175a758
8 changed files with 217 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/internal.c
View File

@@ -1362,6 +1362,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
} }
#endif #endif
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
if (tls && havePSK) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
if (tls && havePSK) { if (tls && havePSK) {
suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = ECC_BYTE;
@@ -4000,6 +4007,16 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
break; break;
case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
if (requirement == REQUIRES_PSK)
return 1;
break;
case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
if (requirement == REQUIRES_PSK)
return 1;
break;
default: default:
WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC"); WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC");
return 0; return 0;
@@ -9941,6 +9958,10 @@ static const char* const cipher_names[] =
#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
"ECDHE-PSK-NULL-SHA256", "ECDHE-PSK-NULL-SHA256",
#endif #endif
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
"ECDHE-PSK-AES128-CBC-SHA256",
#endif
}; };
@@ -10363,6 +10384,10 @@ static int cipher_name_idx[] =
#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
TLS_ECDHE_PSK_WITH_NULL_SHA256, TLS_ECDHE_PSK_WITH_NULL_SHA256,
#endif #endif
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
#endif
}; };

18
src/keys.c
View File

@@ -799,6 +799,24 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->options.usingPSK_cipher = 1; ssl->options.usingPSK_cipher = 1;
break; break;
#endif #endif
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecdhe_psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8

8
src/ssl.c
View File

@@ -10304,6 +10304,14 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"; return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
#endif
case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
#ifndef NO_PSK
case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
return "TLS_ECDHE_PSK_WITH_NULL_SHA256";
case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
#endif #endif
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */

36
tests/test-dtls.conf
View File

@@ -746,6 +746,42 @@
-l ECDH-ECDSA-AES256-SHA384 -l ECDH-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem -A ./certs/server-ecc.pem
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 1
-l ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 1
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 2
-l ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 2
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-u
-v 3
-l ECDHE-PSK-AES128-SHA256
# client TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-u
-v 3
-l ECDHE-PSK-AES128-SHA256
# server TLSv1 ECDHE-PSK-NULL-SHA256 # server TLSv1 ECDHE-PSK-NULL-SHA256
-s -s
-u -u

66
tests/test-psk-no-id.conf
View File

@@ -1,3 +1,69 @@
# No Hint server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-I
-v 1
-l ECDHE-PSK-AES128-SHA256
# No Hint client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l ECDHE-PSK-AES128-SHA256
# No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-I
-v 2
-l ECDHE-PSK-AES128-SHA256
# No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l ECDHE-PSK-AES128-SHA256
# No Hint server TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-I
-v 3
-l ECDHE-PSK-AES128-SHA256
# No Hint client TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-v 3
-l ECDHE-PSK-AES128-SHA256
# No Hint server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-I
-v 1
-l ECDHE-PSK-NULL-SHA256
# No Hint client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l ECDHE-PSK-NULL-SHA256
# No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-I
-v 2
-l ECDHE-PSK-NULL-SHA256
# No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l ECDHE-PSK-NULL-SHA256
# No Hint server TLSv1.2 ECDHE-PSK-NULL-SHA256
-s
-I
-v 3
-l ECDHE-PSK-NULL-SHA256
# No Hint client TLSv1.2 ECDHE-PSK-NULL-SHA256
-s
-v 3
-l ECDHE-PSK-NULL-SHA256
# No Hint server TLSv1 PSK-AES128 # No Hint server TLSv1 PSK-AES128
-s -s
-I -I

30
tests/test-qsh.conf
View File

@@ -1155,6 +1155,36 @@
-v 3 -v 3
-l QSH:DHE-RSA-AES256-SHA256 -l QSH:DHE-RSA-AES256-SHA256
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-AES128-SHA256
# server TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-v 3
-l QSH:ECDHE-PSK-AES128-SHA256
# client TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-v 3
-l QSH:ECDHE-PSK-AES128-SHA256
# server TLSv1 ECDHE-PSK-NULL-SHA256 # server TLSv1 ECDHE-PSK-NULL-SHA256
-s -s
-v 1 -v 1

30
tests/test.conf
View File

@@ -1158,6 +1158,36 @@
-v 3 -v 3
-l ECDHE-PSK-NULL-SHA256 -l ECDHE-PSK-NULL-SHA256
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-v 3
-l ECDHE-PSK-AES128-SHA256
# client TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-v 3
-l ECDHE-PSK-AES128-SHA256
# server TLSv1 PSK-AES128 # server TLSv1 PSK-AES128
-s -s
-v 1 -v 1

4
wolfssl/internal.h
View File

@@ -528,6 +528,9 @@ typedef byte word24[3];
#define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
#endif #endif
#endif #endif
#if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES)
#define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
#endif
#endif #endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) \ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) \
&& !defined(NO_OLD_POLY1305) && !defined(NO_OLD_POLY1305)
@@ -715,6 +718,7 @@ enum {
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06, TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a, TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
/* static ECDH, first byte is 0xC0 (ECC_BYTE) */ /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,