From 6d3e145571d8a371655dc49a0a3e4b64b1d39f78 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 23 Jul 2018 10:20:18 +1000 Subject: [PATCH] Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them. --- certs/ed25519/include.am | 1 + configure.ac | 6 +- examples/client/client.c | 14 +- examples/echoclient/echoclient.c | 5 +- examples/echoserver/echoserver.c | 13 +- examples/server/server.c | 14 +- src/internal.c | 279 +++++++---- src/keys.c | 807 ++++++++++++++++--------------- src/ssl.c | 15 +- src/tls.c | 59 ++- tests/suites.c | 40 ++ wolfcrypt/src/ed25519.c | 43 +- wolfssl/internal.h | 139 ++++-- wolfssl/test.h | 10 + 14 files changed, 841 insertions(+), 604 deletions(-) diff --git a/certs/ed25519/include.am b/certs/ed25519/include.am index 3bd79c6d1..ad2897684 100644 --- a/certs/ed25519/include.am +++ b/certs/ed25519/include.am @@ -23,6 +23,7 @@ EXTRA_DIST += \ certs/ed25519/root-ed25519-priv.pem \ certs/ed25519/server-ed25519.der \ certs/ed25519/server-ed25519.pem \ + certs/ed25519/server-ed25519-cert.pem \ certs/ed25519/server-ed25519-key.der \ certs/ed25519/server-ed25519-key.pem \ certs/ed25519/server-ed25519-priv.der \ diff --git a/configure.ac b/configure.ac index 19c74590d..76d44d33f 100644 --- a/configure.ac +++ b/configure.ac @@ -2634,7 +2634,7 @@ AC_ARG_ENABLE([supportedcurves], if test "x$ENABLED_SUPPORTED_CURVES" = "xyes" then - AS_IF([test "x$ENABLED_ECC" = "xno"], + AS_IF([test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno"], [ENABLED_SUPPORTED_CURVES=no], [AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"]) fi @@ -2688,7 +2688,7 @@ then ENABLED_ALPN=yes AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN" # Check the ECC supported curves prereq - AS_IF([test "x$ENABLED_ECC" = "xyes"], + AS_IF([test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_CURVE25519" = "xyes"], [ENABLED_SUPPORTED_CURVES=yes AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"]) fi @@ -3106,7 +3106,7 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC" # Check the ECC supported curves prereq - AS_IF([test "x$ENABLED_ECC" = "xyes"], + AS_IF([test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_CURVE25519" = "xyes"], [ENABLED_SUPPORTED_CURVES=yes AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"]) fi diff --git a/examples/client/client.c b/examples/client/client.c index 80781f042..aac9ee40d 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -978,9 +978,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) ((func_args*)args)->return_code = -1; /* error state */ #ifdef NO_RSA - verifyCert = (char*)caEccCertFile; - ourCert = (char*)cliEccCertFile; - ourKey = (char*)cliEccKeyFile; + #ifdef HAVE_ECC + verifyCert = (char*)caEccCertFile; + ourCert = (char*)cliEccCertFile; + ourKey = (char*)cliEccKeyFile; + #elif defined(HAVE_ED25519) + verifyCert = (char*)caEdCertFile; + ourCert = (char*)cliEdCertFile; + ourKey = (char*)cliEdKeyFile; + #endif #endif (void)resumeSz; (void)session; @@ -1586,7 +1592,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif -#if defined(NO_RSA) && !defined(HAVE_ECC) +#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) if (!usePsk) { usePsk = 1; } diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index ffe4bd5ca..bdce83a28 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -105,7 +105,7 @@ void echoclient_test(void* args) doPSK = 1; #endif -#if defined(NO_RSA) && !defined(HAVE_ECC) +#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) doPSK = 1; #endif @@ -132,6 +132,9 @@ void echoclient_test(void* args) #ifdef HAVE_ECC if (SSL_CTX_load_verify_locations(ctx, caEccCertFile, 0) != WOLFSSL_SUCCESS) err_sys("can't load ca file, Please run from wolfSSL home dir"); + #elif defined(HAVE_ED25519) + if (SSL_CTX_load_verify_locations(ctx, caEdCertFile, 0) != WOLFSSL_SUCCESS) + err_sys("can't load ca file, Please run from wolfSSL home dir"); #endif #elif !defined(NO_CERTS) if (!doPSK) diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 37048f82f..985189645 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -112,7 +112,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) doPSK = 1; #endif -#if defined(NO_RSA) && !defined(HAVE_ECC) +#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) doPSK = 1; #endif @@ -183,6 +183,17 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) != WOLFSSL_SUCCESS) err_sys("can't load server key file, " "Please run from wolfSSL home dir"); + #elif defined(HAVE_ED25519) && !defined(CYASSL_SNIFFER) + /* ed25519 */ + if (CyaSSL_CTX_use_certificate_chain_file(ctx, edCertFile) + != WOLFSSL_SUCCESS) + err_sys("can't load server cert file, " + "Please run from wolfSSL home dir"); + + if (CyaSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) + err_sys("can't load server key file, " + "Please run from wolfSSL home dir"); #elif defined(NO_CERTS) /* do nothing, just don't load cert files */ #else diff --git a/examples/server/server.c b/examples/server/server.c index f038649d9..34d2a6560 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -576,9 +576,15 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) ((func_args*)args)->return_code = -1; /* error state */ #ifdef NO_RSA - verifyCert = (char*)cliEccCertFile; - ourCert = (char*)eccCertFile; - ourKey = (char*)eccKeyFile; + #ifdef HAVE_ECC + verifyCert = (char*)cliEccCertFile; + ourCert = (char*)eccCertFile; + ourKey = (char*)eccKeyFile; + #elif defined(HAVE_ED25519) + verifyCert = (char*)cliEdCertFile; + ourCert = (char*)edCertFile; + ourKey = (char*)edKeyFile; + #endif #endif (void)needDH; @@ -1050,7 +1056,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } #endif -#if defined(NO_RSA) && !defined(HAVE_ECC) +#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) if (!usePsk) { usePsk = 1; } diff --git a/src/internal.c b/src/internal.c index 371ab34d3..1f3534a3b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1420,15 +1420,20 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) #ifdef HAVE_NTRU if (method->side == WOLFSSL_CLIENT_END) - ctx->haveNTRU = 1; /* always on cliet side */ + ctx->haveNTRU = 1; /* always on client side */ /* server can turn on by loading key */ #endif #ifdef HAVE_ECC if (method->side == WOLFSSL_CLIENT_END) { - ctx->haveECDSAsig = 1; /* always on cliet side */ + ctx->haveECDSAsig = 1; /* always on client side */ ctx->haveECC = 1; /* server turns on with ECC key cert */ ctx->haveStaticECC = 1; /* server can turn on by loading key */ } +#elif defined(HAVE_ED25519) + if (method->side == WOLFSSL_CLIENT_END) { + ctx->haveECDSAsig = 1; /* always on client side */ + ctx->haveECC = 1; /* server turns on with ECC key cert */ + } #endif ctx->devId = INVALID_DEVID; @@ -1739,6 +1744,7 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, #if defined(HAVE_ECC) || defined(HAVE_ED25519) if (haveECDSAsig) { + #ifdef HAVE_ECC #ifdef WOLFSSL_SHA512 suites->hashSigAlgo[idx++] = sha512_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; @@ -1756,6 +1762,7 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, suites->hashSigAlgo[idx++] = sha_mac; suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif + #endif #ifdef HAVE_ED25519 suites->hashSigAlgo[idx++] = ED25519_SA_MAJOR; suites->hashSigAlgo[idx++] = ED25519_SA_MINOR; @@ -2743,7 +2750,7 @@ static WC_INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsTy #ifndef WOLFSSL_NO_TLS12 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) -#if !defined(NO_DH) || defined(HAVE_ECC) || \ +#if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ (!defined(NO_RSA) && defined(WC_RSA_PSS)) static enum wc_HashType HashAlgoToType(int hashAlgo) @@ -4157,9 +4164,11 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #ifdef HAVE_ECC ssl->eccTempKeySz = ctx->eccTempKeySz; - ssl->pkCurveOID = ctx->pkCurveOID; ssl->ecdhCurveOID = ctx->ecdhCurveOID; #endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + ssl->pkCurveOID = ctx->pkCurveOID; +#endif #ifdef OPENSSL_EXTRA ssl->options.mask = ctx->mask; @@ -4910,6 +4919,8 @@ static int ReuseKey(WOLFSSL* ssl, int type, void* pKey) { int ret = 0; + (void)ssl; + switch (type) { #ifndef NO_RSA case DYNAMIC_TYPE_RSA: @@ -5061,23 +5072,30 @@ void SSL_ResourceFree(WOLFSSL* ssl) ssl->peerEccKeyPresent = 0; FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey); ssl->peerEccDsaKeyPresent = 0; -#ifdef HAVE_CURVE25519 - if (!ssl->peerX25519KeyPresent && - ssl->eccTempKeyPresent != DYNAMIC_TYPE_CURVE25519) -#endif /* HAVE_CURVE25519 */ +#endif +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) { - FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->eccTempKey); + int dtype; + #ifdef HAVE_ECC + dtype = DYNAMIC_TYPE_ECC; + #endif + #ifdef HAVE_CURVE25519 + #ifdef HAVE_ECC + if (ssl->peerX25519KeyPresent || + ssl->eccTempKeyPresent == DYNAMIC_TYPE_CURVE25519) + #endif /* HAVE_ECC */ + { + dtype = DYNAMIC_TYPE_CURVE25519; + } + #endif /* HAVE_CURVE25519 */ + FreeKey(ssl, dtype, (void**)&ssl->eccTempKey); ssl->eccTempKeyPresent = 0; } +#endif /* HAVE_ECC || HAVE_CURVE25519 */ #ifdef HAVE_CURVE25519 - else { - FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->eccTempKey); - ssl->eccTempKeyPresent = 0; - } FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key); ssl->peerX25519KeyPresent = 0; #endif -#endif /* HAVE_ECC */ #ifdef HAVE_ED25519 FreeKey(ssl, DYNAMIC_TYPE_ED25519, (void**)&ssl->peerEd25519Key); ssl->peerEd25519KeyPresent = 0; @@ -5236,22 +5254,30 @@ void FreeHandshakeResources(WOLFSSL* ssl) ssl->peerEccKeyPresent = 0; FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey); ssl->peerEccDsaKeyPresent = 0; -#ifdef HAVE_CURVE25519 - if (ssl->ecdhCurveOID != ECC_X25519_OID) -#endif /* HAVE_CURVE25519 */ +#endif +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) { - FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->eccTempKey); + int dtype; + #ifdef HAVE_ECC + dtype = DYNAMIC_TYPE_ECC; + #endif + #ifdef HAVE_CURVE25519 + #ifdef HAVE_ECC + if (ssl->peerX25519KeyPresent || + ssl->eccTempKeyPresent == DYNAMIC_TYPE_CURVE25519) + #endif /* HAVE_ECC */ + { + dtype = DYNAMIC_TYPE_CURVE25519; + } + #endif /* HAVE_CURVE25519 */ + FreeKey(ssl, dtype, (void**)&ssl->eccTempKey); ssl->eccTempKeyPresent = 0; } +#endif /* HAVE_ECC || HAVE_CURVE25519 */ #ifdef HAVE_CURVE25519 - else { - FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->eccTempKey); - ssl->eccTempKeyPresent = 0; - } FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key); ssl->peerX25519KeyPresent = 0; -#endif /* HAVE_CURVE25519 */ -#endif /* HAVE_ECC */ +#endif #ifndef NO_DH if (ssl->buffers.serverDH_Priv.buffer) { ForceZero(ssl->buffers.serverDH_Priv.buffer, @@ -8069,7 +8095,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) } #endif /* WOLFSSL_CERT_EXT */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_ED25519) x509->pkCurveOID = dCert->pkCurveOID; #endif /* HAVE_ECC */ @@ -16063,7 +16089,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) #ifdef HAVE_QSH (XSTRSTR(name, "QSH")) ? QSH_BYTE : #endif - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) (XSTRSTR(name, "EC")) ? ECC_BYTE : #endif #ifdef HAVE_AESCCM @@ -16081,7 +16107,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) } else #endif - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_ED25519) if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA")) haveECDSAsig = 1; else @@ -17392,7 +17418,7 @@ exit_dpk: #endif /* !NO_CERTS */ -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) static int CheckCurveId(int tlsCurveId) { @@ -17469,12 +17495,12 @@ exit_dpk: /* Persistable DoServerKeyExchange arguments */ typedef struct DskeArgs { byte* output; /* not allocated */ -#if !defined(NO_DH) || defined(HAVE_ECC) +#if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_ED25519) byte* verifySig; #endif word32 idx; word32 begin; -#if !defined(NO_DH) || defined(HAVE_ECC) +#if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_ED25519) word16 verifySigSz; #endif word16 sigSz; @@ -17489,7 +17515,7 @@ static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs) (void)ssl; (void)args; -#if !defined(NO_DH) || defined(HAVE_ECC) +#if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_ED25519) if (args->verifySig) { XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); args->verifySig = NULL; @@ -17675,11 +17701,14 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, break; } #endif /* !NO_DH */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { byte b; - int curveId, curveOid; + #ifdef HAVE_ECC + int curveId; + #endif + int curveOid; word16 length; if ((args->idx - args->begin) + ENUM_LEN + OPAQUE16_LEN + @@ -17704,7 +17733,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, ERROR_OUT(BUFFER_ERROR, exit_dske); } - #ifdef HAVE_CURVE25519 + #ifdef HAVE_CURVE25519 if (ssl->ecdhCurveOID == ECC_X25519_OID) { if (ssl->peerX25519Key == NULL) { ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519, @@ -17712,7 +17741,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, if (ret != 0) { goto exit_dske; } - } else if (ssl->peerEccKeyPresent) { + } else if (ssl->peerX25519KeyPresent) { ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519, ssl->peerX25519Key); ssl->peerX25519KeyPresent = 0; @@ -17731,7 +17760,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, ssl->peerX25519KeyPresent = 1; break; } - #endif + #endif + #ifdef HAVE_ECC if (ssl->peerEccKey == NULL) { ret = AllocKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey); @@ -17755,8 +17785,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, args->idx += length; ssl->peerEccKeyPresent = 1; break; + #endif } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ #if !defined(NO_DH) && !defined(NO_PSK) case dhe_psk_kea: { @@ -17873,7 +17904,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, break; } #endif /* !NO_DH || !NO_PSK */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { byte b; @@ -17975,7 +18007,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, ssl->peerEccKeyPresent = 1; break; } - #endif /* HAVE_ECC || !NO_PSK */ + #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ default: ret = BAD_KEA_TYPE_E; } /* switch(ssl->specs.kea) */ @@ -18005,7 +18037,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, case diffie_hellman_kea: case ecc_diffie_hellman_kea: { - #if defined(NO_DH) && !defined(HAVE_ECC) + #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) ERROR_OUT(NOT_COMPILED_IN, exit_dske); #else enum wc_HashType hashType; @@ -18136,7 +18168,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, ret = ALGO_ID_E; } /* switch (args->sigAlgo) */ - #endif /* NO_DH && !HAVE_ECC */ + #endif /* NO_DH && !HAVE_ECC && !HAVE_ED25519 */ break; } default: @@ -18168,7 +18200,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, case diffie_hellman_kea: case ecc_diffie_hellman_kea: { - #if defined(NO_DH) && !defined(HAVE_ECC) + #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) ERROR_OUT(NOT_COMPILED_IN, exit_dske); #else if (ssl->options.usingAnon_cipher) { @@ -18227,6 +18259,10 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #endif ); + /* peerEccDsaKey */ + FreeKey(ssl, DYNAMIC_TYPE_ECC, + (void**)&ssl->peerEccDsaKey); + ssl->peerEccDsaKeyPresent = 0; break; } #endif /* HAVE_ECC */ @@ -18245,6 +18281,10 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #endif ); + /* peerEccDsaKey */ + FreeKey(ssl, DYNAMIC_TYPE_ED25519, + (void**)&ssl->peerEd25519Key); + ssl->peerEd25519KeyPresent = 0; break; } #endif /* HAVE_ED25519 */ @@ -18252,7 +18292,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, default: ret = ALGO_ID_E; } /* switch (sigAlgo) */ - #endif /* NO_DH && !HAVE_ECC */ + #endif /* NO_DH && !HAVE_ECC && !HAVE_ED25519 */ break; } default: @@ -18284,7 +18324,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, case diffie_hellman_kea: case ecc_diffie_hellman_kea: { - #if defined(NO_DH) && !defined(HAVE_ECC) + #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) ERROR_OUT(NOT_COMPILED_IN, exit_dske); #else if (ssl->options.usingAnon_cipher) { @@ -18365,7 +18405,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, default: ret = ALGO_ID_E; } /* switch (sigAlgo) */ - #endif /* NO_DH && !HAVE_ECC */ + #endif /* NO_DH && !HAVE_ECC && !HAVE_ED25519 */ break; } default: @@ -18949,7 +18989,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) } break; #endif /* !NO_DH && !NO_PSK */ - #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: /* sanity check that PSK client callback has been set */ if (ssl->options.client_psk_cb == NULL) { @@ -19256,7 +19297,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) break; } #endif /* !NO_DH && !NO_PSK */ - #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { word32 esSz = 0; @@ -19326,7 +19368,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) break; } - #endif /* HAVE_ECC && !NO_PSK */ + #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ #ifdef HAVE_NTRU case ntru_kea: { @@ -19450,7 +19492,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) break; } #endif /* !NO_DH && !NO_PSK */ - #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { #ifdef HAVE_CURVE25519 @@ -19462,6 +19505,11 @@ int SendClientKeyExchange(WOLFSSL* ssl) &ssl->arrays->preMasterSz, WOLFSSL_CLIENT_END ); + if (ret == 0 && !ssl->specs.static_ecdh) { + FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, + (void**)&ssl->peerX25519Key); + ssl->peerX25519KeyPresent = 0; + } break; } #endif @@ -19517,6 +19565,11 @@ int SendClientKeyExchange(WOLFSSL* ssl) &ssl->arrays->preMasterSz, WOLFSSL_CLIENT_END ); + if (ret == 0) { + FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, + (void**)&ssl->peerX25519Key); + ssl->peerX25519KeyPresent = 0; + } break; } #endif @@ -19601,7 +19654,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) break; } #endif /* !NO_DH && !NO_PSK */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { byte* pms = ssl->arrays->preMasterSecret; @@ -19631,14 +19685,14 @@ int SendClientKeyExchange(WOLFSSL* ssl) ssl->arrays->psk_keySz = 0; /* No further need */ break; } - #endif /* HAVE_ECC && !NO_PSK */ + #endif /* (HAVE_ECC && !HAVE_CURVE25519) && !NO_PSK */ #ifdef HAVE_NTRU case ntru_kea: { break; } #endif /* HAVE_NTRU */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { /* place size of public key in buffer */ @@ -19646,7 +19700,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) args->encSz += OPAQUE8_LEN; break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ default: ret = BAD_KEA_TYPE_E; @@ -20186,7 +20240,7 @@ int SendCertificateVerify(WOLFSSL* ssl) ssl->buffers.sig.buffer, ssl->buffers.sig.length); } #endif /* HAVE_ECC */ - #ifdef HAVE_ECC + #ifdef HAVE_ED25519 if (ssl->hsType == DYNAMIC_TYPE_ED25519) { args->length = (word16)ssl->buffers.sig.length; /* prepend hdr */ @@ -20194,7 +20248,7 @@ int SendCertificateVerify(WOLFSSL* ssl) XMEMCPY(args->verify + args->extraSz + VERIFY_HEADER, ssl->buffers.sig.buffer, ssl->buffers.sig.length); } - #endif /* HAVE_ECC */ + #endif /* HAVE_ED25519 */ #ifndef NO_RSA if (ssl->hsType == DYNAMIC_TYPE_RSA) { RsaKey* key = (RsaKey*)ssl->hsKey; @@ -20655,7 +20709,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } -#ifdef HAVE_ECC +#if defined(HAVE_ECC) static byte SetCurveId(ecc_key* key) { @@ -20665,7 +20719,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } switch(key->dp->oidSum) { - #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) + #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) #ifndef NO_ECC_SECP case ECC_SECP160R1_OID: return WOLFSSL_ECC_SECP160R1; @@ -20714,10 +20768,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* HAVE_ECC_BRAINPOOL */ #endif #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) - #ifdef HAVE_CURVE25519 - case ECC_X25519_OID: - return WOLFSSL_ECC_X25519; - #endif #ifndef NO_ECC_SECP case ECC_SECP384R1_OID: return WOLFSSL_ECC_SECP384R1; @@ -20744,14 +20794,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } } -#endif /* HAVE_ECC */ +#endif /* HAVE_ECC || HAVE_CURVE25519 */ typedef struct SskeArgs { byte* output; /* not allocated */ - #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA)) + #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ + (!defined(NO_DH) && !defined(NO_RSA)) byte* sigDataBuf; #endif - #if defined(HAVE_ECC) + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) byte* exportBuf; #endif #ifndef NO_RSA @@ -20761,10 +20812,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 tmpSigSz; word32 length; word32 sigSz; - #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA)) + #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ + (!defined(NO_DH) && !defined(NO_RSA)) word32 sigDataSz; #endif - #if defined(HAVE_ECC) + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) word32 exportSz; #endif #ifdef HAVE_QSH @@ -20779,13 +20831,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, (void)ssl; - #if defined(HAVE_ECC) + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) if (args->exportBuf) { XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER); args->exportBuf = NULL; } #endif - #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA)) + #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ + (!defined(NO_DH) && !defined(NO_RSA)) if (args->sigDataBuf) { XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_SIGNATURE); args->sigDataBuf = NULL; @@ -20847,14 +20900,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Do some checks / debug msgs */ switch(ssl->specs.kea) { - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { WOLFSSL_MSG("Using ephemeral ECDH PSK"); break; } - #endif /* HAVE_ECC && !NO_PSK */ - #ifdef HAVE_ECC + #endif /* (HAVE_ECC || CURVE25519) && !NO_PSK */ + #if defined(HAVE_ECC) case ecc_diffie_hellman_kea: { if (ssl->specs.static_ecdh) { @@ -20938,10 +20992,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !NO_DH && (!NO_PSK || !NO_RSA) */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: /* Fall through to create temp ECC key */ - #endif /* HAVE_ECC && !NO_PSK */ + #endif /* (HAVE_ECC || CURVE25519) && !NO_PSK */ #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { @@ -21006,7 +21061,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case TLS_ASYNC_BUILD: { - #if (!defined(NO_DH) && !defined(NO_RSA)) || defined(HAVE_ECC) + #if (!defined(NO_DH) && !defined(NO_RSA)) || (defined(HAVE_ECC) || \ + defined(HAVE_CURVE25519)) word32 preSigSz, preSigIdx; #endif @@ -21150,7 +21206,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !defined(NO_DH) && !defined(NO_PSK) */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { word32 hintLen; @@ -21227,16 +21284,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else #endif { + #ifdef HAVE_ECC args->output[args->idx++] = SetCurveId(ssl->eccTempKey); + #endif } args->output[args->idx++] = (byte)args->exportSz; XMEMCPY(args->output + args->idx, args->exportBuf, args->exportSz); break; } - #endif /* HAVE_ECC && !NO_PSK */ - #ifdef HAVE_ECC + #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { enum wc_HashType hashType; @@ -21264,11 +21323,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else #endif { + #ifdef HAVE_ECC if (wc_ecc_export_x963(ssl->eccTempKey, args->exportBuf, &args->exportSz) != 0) { ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); } - } + #endif + } args->length += args->exportSz; preSigSz = args->length; @@ -21324,6 +21385,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !NO_RSA */ + #ifdef HAVE_ECC case ecc_dsa_sa_algo: { word32 i = 0; @@ -21354,6 +21416,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } break; } + #endif #ifdef HAVE_ED25519 case ed25519_sa_algo: { @@ -21433,8 +21496,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else #endif { + #ifdef HAVE_ECC args->output[args->idx++] = SetCurveId(ssl->eccTempKey); + #endif } args->output[args->idx++] = (byte)args->exportSz; XMEMCPY(args->output + args->idx, args->exportBuf, args->exportSz); @@ -21565,7 +21630,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } /* switch(ssl->specs.sig_algo) */ break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ #if !defined(NO_DH) && !defined(NO_RSA) case diffie_hellman_kea: { @@ -21820,13 +21885,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !defined(NO_DH) && !defined(NO_PSK) */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { break; } - #endif /* HAVE_ECC && !NO_PSK */ - #ifdef HAVE_ECC + #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { /* Sign hash to create signature */ @@ -21852,6 +21918,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !NO_RSA */ + #ifdef HAVE_ECC case ecc_dsa_sa_algo: { ecc_key* key = (ecc_key*)ssl->hsKey; @@ -21870,6 +21937,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ); break; } + #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 case ed25519_sa_algo: { @@ -21892,7 +21960,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } /* switch(ssl->specs.sig_algo) */ break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ #if !defined(NO_DH) && !defined(NO_RSA) case diffie_hellman_kea: { @@ -21958,14 +22026,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !defined(NO_DH) && !defined(NO_PSK) */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { /* Nothing to do in this sub-state */ break; } - #endif /* HAVE_ECC && !NO_PSK */ - #ifdef HAVE_ECC + #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { switch(ssl->suites->sigAlgo) @@ -22022,7 +22091,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } /* switch(ssl->specs.sig_algo) */ break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ #if !defined(NO_DH) && !defined(NO_RSA) case diffie_hellman_kea: { @@ -22106,7 +22175,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif - #if defined(HAVE_ECC) + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) if (ssl->specs.kea == ecdhe_psk_kea || ssl->specs.kea == ecc_diffie_hellman_kea) { /* Check output to make sure it was set */ @@ -22118,7 +22187,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ERROR_OUT(BUFFER_ERROR, exit_sske); } } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl)) { @@ -22290,7 +22359,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } } -#if defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) +#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + defined(HAVE_SUPPORTED_CURVES) if (!TLSX_ValidateSupportedCurves(ssl, first, second)) { WOLFSSL_MSG("Don't have matching curves"); return 0; @@ -24069,12 +24139,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* HAVE_NTRU */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ #ifndef NO_DH case diffie_hellman_kea: { @@ -24092,7 +24162,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !NO_DH && !NO_PSK */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { /* sanity check that PSK server callback has been set */ @@ -24102,7 +24173,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } break; } - #endif /* HAVE_ECC && !NO_PSK */ + #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ default: WOLFSSL_MSG("Bad kea type"); ret = BAD_KEA_TYPE_E; @@ -24491,7 +24562,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !NO_DH && !NO_PSK */ - #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { word16 clientSz; @@ -24733,7 +24805,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !NO_DH && !NO_PSK */ - #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { #ifdef HAVE_CURVE25519 @@ -24746,6 +24819,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, &args->sigSz, WOLFSSL_SERVER_END ); + if (ret == 0) { + FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, + (void**)&ssl->peerX25519Key); + ssl->peerX25519KeyPresent = 0; + } break; } #endif @@ -24834,14 +24912,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* HAVE_NTRU */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) case ecc_diffie_hellman_kea: { /* skip past the imported peer key */ args->idx += args->length; break; } - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC || HAVE_CURVE25519 */ #ifndef NO_DH case diffie_hellman_kea: { @@ -24881,7 +24959,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* !NO_DH && !NO_PSK */ - #if defined(HAVE_ECC) && !defined(NO_PSK) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + !defined(NO_PSK) case ecdhe_psk_kea: { byte* pms = ssl->arrays->preMasterSecret; @@ -24914,7 +24993,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->arrays->psk_keySz + OPAQUE16_LEN; break; } - #endif /* HAVE_ECC && !NO_PSK */ + #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ default: ret = BAD_KEA_TYPE_E; } /* switch (ssl->specs.kea) */ diff --git a/src/keys.c b/src/keys.c index d4211a382..0e60cae83 100644 --- a/src/keys.c +++ b/src/keys.c @@ -244,7 +244,7 @@ int SetCipherSpecs(WOLFSSL* ssl) switch (ssl->options.cipherSuite) { -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : @@ -259,55 +259,8 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.iv_size = AES_IV_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - break; -#endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - break; -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - break; -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - break; + break; #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 @@ -323,55 +276,8 @@ int SetCipherSpecs(WOLFSSL* ssl) ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.iv_size = AES_IV_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; - break; -#endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - break; -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - break; -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - break; + break; #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA @@ -391,23 +297,6 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - break; -#endif - #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; @@ -425,23 +314,6 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; - ssl->specs.iv_size = DES_IV_SIZE; - - break; -#endif - #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA case TLS_ECDHE_RSA_WITH_RC4_128_SHA : ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; @@ -459,91 +331,6 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA - case TLS_ECDH_RSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; - ssl->specs.block_size = 0; - - break; -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; - ssl->specs.iv_size = DES_IV_SIZE; - - break; -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = DES3_KEY_SIZE; - ssl->specs.block_size = DES_BLOCK_SIZE; - ssl->specs.iv_size = DES_IV_SIZE; - - break; -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; - ssl->specs.block_size = 0; - - break; -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = RC4_KEY_SIZE; - ssl->specs.iv_size = 0; - ssl->specs.block_size = 0; - - break; -#endif - #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; @@ -561,91 +348,6 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - break; -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - break; -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - break; -#endif - -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - break; -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes; - ssl->specs.cipher_type = block; - ssl->specs.mac_algorithm = sha_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AES_IV_SIZE; - - break; -#endif - #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; @@ -682,6 +384,148 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif +#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 + case TLS_ECDHE_PSK_WITH_NULL_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecdhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = 0; + ssl->specs.block_size = 0; + ssl->specs.iv_size = 0; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 + case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecdhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#endif /* HAVE_ECC || HAVE_CURVE25519 */ + +#if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = DES3_KEY_SIZE; + ssl->specs.block_size = DES_BLOCK_SIZE; + ssl->specs.iv_size = DES_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = RC4_KEY_SIZE; + ssl->specs.iv_size = 0; + ssl->specs.block_size = 0; + + break; +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + break; +#endif + #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; @@ -718,78 +562,6 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - break; -#endif - -#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = rsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - break; -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_128_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - break; -#endif - -#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : - ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; - ssl->specs.cipher_type = aead; - ssl->specs.mac_algorithm = sha384_mac; - ssl->specs.kea = ecc_diffie_hellman_kea; - ssl->specs.sig_algo = ecc_dsa_sa_algo; - ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 1; - ssl->specs.key_size = AES_256_KEY_SIZE; - ssl->specs.block_size = AES_BLOCK_SIZE; - ssl->specs.iv_size = AESGCM_IMP_IV_SZ; - ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; - - break; -#endif - #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM case TLS_ECDHE_ECDSA_WITH_AES_128_CCM : ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm; @@ -861,41 +633,286 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif -#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 - case TLS_ECDHE_PSK_WITH_NULL_SHA256 : - ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null; - ssl->specs.cipher_type = stream; - ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecdhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; - ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; - ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; - ssl->specs.key_size = 0; - ssl->specs.block_size = 0; - ssl->specs.iv_size = 0; +#endif /* HAVE_ECC || (HAVE_CURVE25519 && HAVE_ED25519) */ - ssl->options.usingPSK_cipher = 1; - break; -#endif +#if defined(HAVE_ECC) -#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : +#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = wolfssl_aes; ssl->specs.cipher_type = block; ssl->specs.mac_algorithm = sha256_mac; - ssl->specs.kea = ecdhe_psk_kea; - ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; ssl->specs.pad_size = PAD_SHA; - ssl->specs.static_ecdh = 0; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE; ssl->specs.iv_size = AES_IV_SIZE; - ssl->options.usingPSK_cipher = 1; break; #endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA + case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = DES3_KEY_SIZE; + ssl->specs.block_size = DES_BLOCK_SIZE; + ssl->specs.iv_size = DES_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA + case TLS_ECDH_RSA_WITH_RC4_128_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = RC4_KEY_SIZE; + ssl->specs.iv_size = 0; + ssl->specs.block_size = 0; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA + case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = DES3_KEY_SIZE; + ssl->specs.block_size = DES_BLOCK_SIZE; + ssl->specs.iv_size = DES_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA + case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_rc4; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = RC4_KEY_SIZE; + ssl->specs.iv_size = 0; + ssl->specs.block_size = 0; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 + case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + break; +#endif + +#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : + ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = ecc_diffie_hellman_kea; + ssl->specs.sig_algo = ecc_dsa_sa_algo; + ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 1; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AESGCM_IMP_IV_SZ; + ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ; + + break; +#endif + #endif /* HAVE_ECC */ #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 diff --git a/src/ssl.c b/src/ssl.c index 29679fd30..6335e4f82 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -45,7 +45,8 @@ #ifndef WOLFSSL_ALLOW_NO_SUITES #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \ - && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) + && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \ + && !defined(HAVE_ED25519) #error "No cipher suites defined because DH disabled, ECC disabled, and no static suites defined. Please see top of README" #endif #endif @@ -4762,7 +4763,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #endif #ifdef WOLFSSL_SMALL_STACK - key = (ed25519_key*)XMALLOC(sizeof(ecc_key), heap, + key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, DYNAMIC_TYPE_ED25519); if (key == NULL) return MEMORY_E; @@ -4876,7 +4877,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, break; } - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_ED25519) if (ssl) { ssl->pkCurveOID = cert->pkCurveOID; #ifndef WC_STRICT_SIG @@ -29938,7 +29939,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) #endif case ECDSAk: ctx->haveECC = 1; - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_ED25519) ctx->pkCurveOID = x->pkCurveOID; #endif break; @@ -31270,7 +31271,8 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) /* Write extra data back into bio object if necessary. */ extraBioMemSz = (bioMemSz - derLength); if (extraBioMemSz > 0) { - extraBioMem = XMALLOC(extraBioMemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (extraBioMem == NULL) { WOLFSSL_MSG("Malloc failure");; XFREE((unsigned char*)extraBioMem, bio->heap, @@ -31403,7 +31405,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, derLength = key->pkey_sz; extraBioMemSz = (memSz - derLength); if (extraBioMemSz > 0) { - extraBioMem = XMALLOC(extraBioMemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (extraBioMem == NULL) { WOLFSSL_MSG("Malloc failure"); XFREE((unsigned char*)extraBioMem, bio->heap, diff --git a/src/tls.c b/src/tls.c index 0297af48a..5294e7c0a 100644 --- a/src/tls.c +++ b/src/tls.c @@ -66,8 +66,9 @@ static int TLSX_KeyShare_IsSupported(int namedGroup); #if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && \ - defined(HAVE_SUPPORTED_CURVES)) || \ - (defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)) + !defined(HAVE_CURVE25519) && defined(HAVE_SUPPORTED_CURVES)) || \ + ((defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + defined(HAVE_SUPPORTED_CURVES)) static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions); #endif @@ -3431,7 +3432,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, #ifdef HAVE_SUPPORTED_CURVES -#if !defined(HAVE_ECC) && !defined(WOLFSSL_TLS13) +#if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(WOLFSSL_TLS13) #error Elliptic Curves Extension requires Elliptic Curve Cryptography. \ Use --enable-ecc in the configure script or define HAVE_ECC. #endif @@ -3815,7 +3816,7 @@ static int TLSX_PointFormat_Parse(WOLFSSL* ssl, byte* input, word16 length, return 0; } -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { TLSX* extension = (first == ECC_BYTE || first == CHACHA_BYTE) ? TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS) @@ -3849,6 +3850,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { /* find supported curve */ switch (curve->name) { +#ifdef HAVE_ECC #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP160R1: @@ -3904,6 +3906,8 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { octets = 32; break; #endif /* !NO_ECC_SECP */ + #endif /* !NO_ECC256 || HAVE_ALL_CURVES */ +#endif #ifdef HAVE_CURVE25519 case WOLFSSL_ECC_X25519: oid = ECC_X25519_OID; @@ -3915,6 +3919,8 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { octets = 32; break; #endif /* HAVE_CURVE25519 */ +#ifdef HAVE_ECC + #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) #ifdef HAVE_ECC_KOBLITZ case WOLFSSL_ECC_SECP256K1: pkOid = oid = ECC_SECP256K1_OID; @@ -3958,9 +3964,11 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { break; #endif /* !NO_ECC_SECP */ #endif +#endif default: continue; /* unsupported curve */ } + #ifdef HAVE_ECC /* Set default Oid */ if (defOid == 0 && ssl->eccTempKeySz <= octets && defSz > octets) { defOid = oid; @@ -3973,6 +3981,19 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { nextOid = oid; nextSz = octets; } + #else + if (defOid == 0 && defSz > octets) { + defOid = oid; + defSz = octets; + } + + if (currOid == 0) + currOid = oid; + if (nextOid == 0 || nextSz > octets) { + nextOid = oid; + nextSz = octets; + } + #endif if (first == ECC_BYTE) { switch (second) { @@ -4084,7 +4105,12 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) { } /* Choose the default if it is at the required strength. */ - if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz) { +#ifdef HAVE_ECC + if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz) +#else + if (ssl->ecdhCurveOID == 0) +#endif + { key = 1; ssl->ecdhCurveOID = defOid; } @@ -8742,9 +8768,12 @@ static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name) } #endif /* HAVE_QSH */ -#if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ - (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)) || \ - (defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)) +#if (!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ + !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) || \ + (defined(WOLFSSL_TLS13) && !defined(HAVE_ECC) && \ + !defined(HAVE_CURVE25519) && defined(HAVE_SUPPORTED_CURVES)) || \ + ((defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + defined(HAVE_SUPPORTED_CURVES)) static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) { @@ -9006,7 +9035,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) } #endif -#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) +#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + defined(HAVE_SUPPORTED_CURVES) if (!ssl->options.userCurves && !ssl->ctx->userCurves) { if (TLSX_Find(ssl->ctx->extensions, TLSX_SUPPORTED_GROUPS) == NULL) { @@ -9035,7 +9065,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) return ret; } } -#endif /* HAVE_ECC && HAVE_SUPPORTED_CURVES */ +#endif /* (HAVE_ECC || HAVE_CURVE25519) && HAVE_SUPPORTED_CURVES */ } /* is not server */ WOLFSSL_MSG("Adding signature algorithms extension"); @@ -9053,7 +9083,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) return ret; } - #if !defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) + #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && \ + defined(HAVE_SUPPORTED_CURVES) if (TLSX_Find(ssl->ctx->extensions, TLSX_SUPPORTED_GROUPS) == NULL) { /* Put in DH groups for TLS 1.3 only. */ ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions); @@ -9061,7 +9092,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) return ret; ret = 0; } - #endif /* !HAVE_ECC && HAVE_SUPPORTED_CURVES */ + #endif /* !HAVE_ECC && !HAVE_CURVE25519 && HAVE_SUPPORTED_CURVES */ #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) if (ssl->certHashSigAlgoSz > 0) { @@ -9085,7 +9116,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) #if defined(HAVE_ECC) && (!defined(NO_ECC256) || \ defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) namedGroup = WOLFSSL_ECC_SECP256R1; - #elif defined(HAVE_ECC) && defined(HAVE_CURVE25519) + #elif defined(HAVE_CURVE25519) namedGroup = WOLFSSL_ECC_X25519; #elif defined(HAVE_ECC) && (!defined(NO_ECC384) || \ defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) @@ -9179,7 +9210,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) /* Pre-shared key modes: mandatory extension for resumption. */ modes = 1 << PSK_KE; - #if !defined(NO_DH) || defined(HAVE_ECC) + #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) if (!ssl->options.noPskDheKe) modes |= 1 << PSK_DHE_KE; #endif diff --git a/tests/suites.c b/tests/suites.c index 16bf850ce..e2a0035fe 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -157,6 +157,40 @@ static int IsValidCipherSuite(const char* line, char* suite) return valid; } +static int IsValidCert(const char* line) +{ + int ret = 1; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + WOLFSSL_CTX* ctx; +#ifndef WOLFSSL_NO_TLS12 + wolfSSL_method_func method = wolfTLSv1_2_server_method_ex; +#else + wolfSSL_method_func method = wolfTLSv1_3_server_method_ex; +#endif + size_t i; + const char* begin; + char cert[80]; + + begin = XSTRSTR(line, "-c "); + if (begin == NULL) + return 0; + + begin += 3; + for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++) + cert[i] = *(begin++); + cert[i] = '\0'; + + ctx = wolfSSL_CTX_new(method(NULL)); + if (ctx == NULL) + return 0; + ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS; + wolfSSL_CTX_free(ctx); +#endif /* !NO_FILESYSTEM && !NO_CERTS */ + + (void)line; + + return ret; +} static int execute_test_case(int svr_argc, char** svr_argv, int cli_argc, char** cli_argv, @@ -206,6 +240,12 @@ static int execute_test_case(int svr_argc, char** svr_argv, #endif return NOT_BUILT_IN; } + if (!IsValidCert(commandLine)) { + #ifdef DEBUG_SUITE_TESTS + printf("certificate %s not supported in build\n", commandLine); + #endif + return NOT_BUILT_IN; + } #ifndef WOLFSSL_ALLOW_SSLV3 if (IsSslVersion(commandLine) == 1) { diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 12d784347..7518c6ceb 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -148,12 +148,11 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, if (ret != 0) return ret; ret = wc_Sha512Update(&sha, az + ED25519_KEY_SIZE, ED25519_KEY_SIZE); - if (ret != 0) - return ret; - ret = wc_Sha512Update(&sha, in, inlen); - if (ret != 0) - return ret; - ret = wc_Sha512Final(&sha, nonce); + if (ret == 0) + ret = wc_Sha512Update(&sha, in, inlen); + if (ret == 0) + ret = wc_Sha512Final(&sha, nonce); + wc_Sha512Free(&sha); if (ret != 0) return ret; @@ -179,15 +178,13 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, if (ret != 0) return ret; ret = wc_Sha512Update(&sha, out, ED25519_SIG_SIZE/2); - if (ret != 0) - return ret; - ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE); - if (ret != 0) - return ret; - ret = wc_Sha512Update(&sha, in, inlen); - if (ret != 0) - return ret; - ret = wc_Sha512Final(&sha, hram); + if (ret == 0) + ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE); + if (ret == 0) + ret = wc_Sha512Update(&sha, in, inlen); + if (ret == 0) + ret = wc_Sha512Final(&sha, hram); + wc_Sha512Free(&sha); if (ret != 0) return ret; @@ -248,15 +245,13 @@ int wc_ed25519_verify_msg(const byte* sig, word32 siglen, const byte* msg, if (ret != 0) return ret; ret = wc_Sha512Update(&sha, sig, ED25519_SIG_SIZE/2); - if (ret != 0) - return ret; - ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE); - if (ret != 0) - return ret; - ret = wc_Sha512Update(&sha, msg, msglen); - if (ret != 0) - return ret; - ret = wc_Sha512Final(&sha, h); + if (ret == 0) + ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE); + if (ret == 0) + ret = wc_Sha512Update(&sha, msg, msglen); + if (ret == 0) + ret = wc_Sha512Final(&sha, h); + wc_Sha512Free(&sha); if (ret != 0) return ret; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 606c455c2..5047a08c6 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -69,15 +69,6 @@ #ifndef NO_RC4 #include #endif -#ifdef HAVE_ECC - #include -#endif -#ifdef HAVE_ED25519 - #include -#endif -#ifdef HAVE_CURVE25519 - #include -#endif #ifndef NO_SHA256 #include #endif @@ -105,6 +96,12 @@ #ifndef NO_DH #include #endif +#ifdef HAVE_ED25519 + #include +#endif +#ifdef HAVE_CURVE25519 + #include +#endif #include #include @@ -488,7 +485,7 @@ #endif #endif - #if defined(HAVE_ECC) && !defined(NO_TLS) + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) #if !defined(NO_AES) #if !defined(NO_SHA) #if !defined(NO_RSA) @@ -498,7 +495,7 @@ #ifdef WOLFSSL_AES_256 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA #endif - #if defined(WOLFSSL_STATIC_DH) + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #ifdef WOLFSSL_AES_128 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA #endif @@ -508,14 +505,17 @@ #endif #endif - #ifdef WOLFSSL_AES_128 - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - #endif - #ifdef WOLFSSL_AES_256 - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + #endif #endif - #if defined(WOLFSSL_STATIC_DH) + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #ifdef WOLFSSL_AES_128 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA #endif @@ -527,12 +527,15 @@ #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - #if defined(WOLFSSL_STATIC_DH) + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 #endif #endif - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - #if defined(WOLFSSL_STATIC_DH) + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + #endif + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 #endif #endif @@ -540,25 +543,28 @@ #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - #if defined(WOLFSSL_STATIC_DH) + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 #endif #endif - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - #if defined(WOLFSSL_STATIC_DH) + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + #endif + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 #endif #endif #if defined (HAVE_AESGCM) #if !defined(NO_RSA) - #if defined(WOLFSSL_STATIC_DH) + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #ifdef WOLFSSL_AES_128 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 #endif #endif #if defined(WOLFSSL_SHA384) - #if defined(WOLFSSL_STATIC_DH) + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #ifdef WOLFSSL_AES_256 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 #endif @@ -566,12 +572,14 @@ #endif #endif - #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) + #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_ECC) #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 #endif #if defined(WOLFSSL_SHA384) - #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_256) + #if defined(WOLFSSL_STATIC_DH) && \ + defined(WOLFSSL_AES_256) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 #endif #endif @@ -581,13 +589,16 @@ #if !defined(NO_SHA) #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - #if defined(WOLFSSL_STATIC_DH) + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA #endif #endif - #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - #if defined(WOLFSSL_STATIC_DH) + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + #endif + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA #endif #endif @@ -596,20 +607,26 @@ #ifndef NO_SHA #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - #if defined(WOLFSSL_STATIC_DH) + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA #endif #endif - #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - #if defined(WOLFSSL_STATIC_DH) + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + #endif + #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA #endif #endif /* NO_SHA */ #endif #if defined(HAVE_NULL_CIPHER) #if !defined(NO_SHA) - #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA + #endif #endif #if !defined(NO_PSK) && !defined(NO_SHA256) #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 @@ -622,11 +639,12 @@ #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) #if !defined(NO_OLD_POLY1305) - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - #ifndef NO_RSA - #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - #endif + #endif + #ifndef NO_RSA + #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 #endif #if !defined(NO_DH) && !defined(NO_RSA) #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 @@ -634,7 +652,7 @@ #endif /* NO_OLD_POLY1305 */ #if !defined(NO_PSK) #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_ED25519) #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 #endif #ifndef NO_DH @@ -677,35 +695,48 @@ #endif #endif -#if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES) +#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) && \ + !defined(NO_AES) #ifdef HAVE_AESGCM #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + #endif #ifndef NO_RSA #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 #endif #endif #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + #endif #ifndef NO_RSA #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 #endif #endif #endif #if defined(HAVE_AESCCM) && !defined(NO_SHA256) - #ifdef WOLFSSL_AES_128 - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - #endif - #ifdef WOLFSSL_AES_256 - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 + #endif #endif #endif #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) - #ifdef HAVE_ECC - #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) + #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ + defined(HAVE_ED25519)) + #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + #endif #ifndef NO_RSA #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 #endif @@ -2485,6 +2516,8 @@ struct WOLFSSL_CTX { #endif #ifdef HAVE_ECC word16 eccTempKeySz; /* in octets 20 - 66 */ +#endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) word32 pkCurveOID; /* curve Ecc_Sum */ #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) @@ -3277,7 +3310,7 @@ struct WOLFSSL_X509 { buffer pubKey; int pubKeyOID; DNS_entry* altNamesNext; /* hint for retrieval */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) || defined(HAVE_ED25519) word32 pkCurveOID; #endif /* HAVE_ECC */ #ifndef NO_CERTS @@ -3601,10 +3634,12 @@ struct WOLFSSL { #ifdef HAVE_ECC ecc_key* peerEccKey; /* peer's ECDHE key */ ecc_key* peerEccDsaKey; /* peer's ECDSA key */ - word32 pkCurveOID; /* curve Ecc_Sum */ word16 eccTempKeySz; /* in octets 20 - 66 */ byte peerEccDsaKeyPresent; #endif +#if defined(HAVE_ECC) || defined(HAVE_ED25519) + word32 pkCurveOID; /* curve Ecc_Sum */ +#endif #ifdef HAVE_ED25519 ed25519_key* peerEd25519Key; byte peerEd25519KeyPresent; diff --git a/wolfssl/test.h b/wolfssl/test.h index 5581540c2..ee75fd4b4 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -272,6 +272,11 @@ #define cliEccCertFile "certs/client-ecc-cert.pem" #define caEccCertFile "certs/ca-ecc-cert/pem" #define crlPemDir "certs/crl" +#define edCertFile "certs/ed25519/server-ed25519-cert.pem" +#define edKeyFile "certs/ed25519/server-ed25519-priv.pem" +#define cliEdCertFile "certs/ed25519/client-ed25519.pem" +#define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem" +#define caEdCertFile "certs/ed25519/ca-ed25519.pem" #ifdef HAVE_WNR /* Whitewood netRandom default config file */ #define wnrConfig "wnr-example.conf" @@ -293,6 +298,11 @@ #define cliEccCertFile "./certs/client-ecc-cert.pem" #define caEccCertFile "./certs/ca-ecc-cert.pem" #define crlPemDir "./certs/crl" +#define edCertFile "./certs/ed25519/server-ed25519.pem" +#define edKeyFile "./certs/ed25519/server-ed25519-priv.pem" +#define cliEdCertFile "./certs/ed25519/client-ed25519.pem" +#define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.pem" +#define caEdCertFile "./certs/ed25519/root-ed25519.pem" #ifdef HAVE_WNR /* Whitewood netRandom default config file */ #define wnrConfig "./wnr-example.conf"