feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

added AES-CCM-8 ECC cipher suites, and more test cases

Browse Source
This commit is contained in:
John Safranek
2013-01-21 15:19:45 -08:00
parent 0e3a093cc5
commit 6616975f81
7 changed files with 159 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cyassl/internal.h
View File

@ -255,6 +255,10 @@ void c32to24(word32 in, word24 out);
#define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
#endif
#if defined (HAVE_AESCCM)
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
#endif
#endif
#if !defined(NO_RC4)
#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
@ -387,8 +391,10 @@ enum {
* also, in some of the other AES-CCM suites
* there will be second byte number conflicts
* with non-ECC AES-GCM */
TLS_RSA_WITH_AES_128_CCM_8_SHA256 = 0xa0,
TLS_RSA_WITH_AES_256_CCM_8_SHA384 = 0xa1,
TLS_RSA_WITH_AES_128_CCM_8_SHA256 = 0xa0,
TLS_RSA_WITH_AES_256_CCM_8_SHA384 = 0xa1,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 = 0xac, /* Still TBD, made up */
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 = 0xad, /* Still TBD, made up */
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,

36
src/internal.c
View File

@ -775,6 +775,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
if (tls1_2 && haveECDSAsig && haveDH) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256;
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
if (tls1_2 && haveECDSAsig && haveDH) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
if (tls1_2 && haveRSA) {
suites->suites[idx++] = ECC_BYTE;
@ -5267,6 +5281,14 @@ const char* const cipher_names[] =
"AES256-CCM-8-SHA384",
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
"ECDHE-ECDSA-AES128-CCM-8-SHA256",
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
"ECDHE-ECDSA-AES256-CCM-8-SHA384",
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
"ECDHE-RSA-AES128-SHA",
#endif
@ -5527,6 +5549,14 @@ int cipher_name_idx[] =
TLS_RSA_WITH_AES_256_CCM_8_SHA384,
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256,
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384,
#endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
#endif
@ -7556,6 +7586,12 @@ int SetCipherList(Suites* s, const char* list)
return 1;
break;
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 :
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 :
if (requirement == REQUIRES_ECC_DSA)
return 1;
break;
default:
CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC");
return 0;

32
src/keys.c
View File

@ -451,6 +451,38 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 :
ssl->specs.bulk_cipher_algorithm = aes_ccm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 1;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
break;
#endif
#endif /* HAVE_ECC */
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256

4
src/ssl.c
View File

@ -5434,6 +5434,10 @@ int CyaSSL_set_compression(CYASSL* ssl)
return "TLS_RSA_WITH_AES_128_CCM_8_SHA256";
case TLS_RSA_WITH_AES_256_CCM_8_SHA384 :
return "TLS_RSA_WITH_AES_256_CCM_8_SHA384";
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256";
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384";
default:
return "NONE";

12
tests/suites.c
View File

@ -373,12 +373,22 @@ int SuiteTest(void)
#if defined(HAVE_AESCCM)
/* add aesccm extra suites */
strcpy(argv0[1], "tests/test-aesccm.conf");
printf("starting aesccm extra cipher suite tests\n");
printf("starting aesccm cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef HAVE_ECC
/* add aesccm ecc extra suites */
strcpy(argv0[1], "tests/test-aesccm-ecc.conf");
printf("starting aesccm ecc cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#ifdef HAVE_CAMELLIA

48
tests/test-aesccm-ecc.conf Normal file
View File

@ -0,0 +1,48 @@
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
-N
# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING
-v 3
-l ECDHE-ECDSA-AES128-CCM-8-SHA256
-A ./certs/server-ecc.pem
-N
# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
-N
# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING
-v 3
-l ECDHE-ECDSA-AES256-CCM-8-SHA384
-A ./certs/server-ecc.pem
-N

20
tests/test-aesccm.conf
View File

@ -14,3 +14,23 @@
-v 3
-l AES256-CCM-8-SHA384
# server TLSv1.2 AES128-CCM-8-SHA256 NON-BLOCKING
-v 3
-l AES128-CCM-8-SHA256
-N
# client TLSv1.2 AES128-CCM-8-SHA256 NON-BLOCKING
-v 3
-l AES128-CCM-8-SHA256
-N
# server TLSv1.2 AES256-CCM-8-SHA384 NON-BLOCKING
-v 3
-l AES256-CCM-8-SHA384
-N
# client TLSv1.2 AES256-CCM-8-SHA384 NON-BLOCKING
-v 3
-l AES256-CCM-8-SHA384
-N