forked from wolfSSL/wolfssl
first static ECDH suite
This commit is contained in:
toddouska
@@ -1599,7 +1599,7 @@ static int GetValidity(DecodedCert* cert, int verify)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int DecodeToKey(DecodedCert* cert, int verify)
|
int DecodeToKey(DecodedCert* cert, int verify)
|
||||||
{
|
{
|
||||||
int badDate = 0;
|
int badDate = 0;
|
||||||
int ret;
|
int ret;
|
||||||
|
|||||||
@@ -267,6 +267,7 @@ CYASSL_TEST_API int ParseCert(DecodedCert*, int type, int verify,
|
|||||||
|
|
||||||
CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,
|
CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,
|
||||||
Signer* signer);
|
Signer* signer);
|
||||||
|
CYASSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
|
||||||
|
|
||||||
CYASSL_LOCAL word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,
|
CYASSL_LOCAL word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,
|
||||||
int hashOID);
|
int hashOID);
|
||||||
|
|||||||
@@ -169,6 +169,8 @@ void c32to24(word32 in, word24 out);
|
|||||||
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
#define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||||
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
|
|
||||||
|
#define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
#endif
|
#endif
|
||||||
#if !defined(NO_RC4)
|
#if !defined(NO_RC4)
|
||||||
#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
|
#define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
|
||||||
@@ -235,6 +237,10 @@ enum {
|
|||||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
|
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
|
||||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
|
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
|
||||||
|
|
||||||
|
/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
|
||||||
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
|
||||||
|
|
||||||
|
|
||||||
/* CyaSSL extension - eSTREAM */
|
/* CyaSSL extension - eSTREAM */
|
||||||
TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB,
|
TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB,
|
||||||
TLS_RSA_WITH_HC_128_CBC_SHA = 0xFC,
|
TLS_RSA_WITH_HC_128_CBC_SHA = 0xFC,
|
||||||
@@ -620,7 +626,8 @@ struct CYASSL_CTX {
|
|||||||
byte sendVerify; /* for client side */
|
byte sendVerify; /* for client side */
|
||||||
byte haveDH; /* server DH parms set by user */
|
byte haveDH; /* server DH parms set by user */
|
||||||
byte haveNTRU; /* server private NTRU key loaded */
|
byte haveNTRU; /* server private NTRU key loaded */
|
||||||
byte haveECDSA; /* server private ECDSA key loaded */
|
byte haveECDSA; /* server cert signed w/ ECDSA loaded */
|
||||||
|
byte haveStaticECC; /* static server ECC private key */
|
||||||
byte partialWrite; /* only one msg per write call */
|
byte partialWrite; /* only one msg per write call */
|
||||||
byte quietShutdown; /* don't send close notify */
|
byte quietShutdown; /* don't send close notify */
|
||||||
byte groupMessages; /* group handshake messages before sending */
|
byte groupMessages; /* group handshake messages before sending */
|
||||||
@@ -671,6 +678,7 @@ typedef struct CipherSpecs {
|
|||||||
byte sig_algo;
|
byte sig_algo;
|
||||||
byte hash_size;
|
byte hash_size;
|
||||||
byte pad_size;
|
byte pad_size;
|
||||||
|
byte static_ecdh;
|
||||||
word16 key_size;
|
word16 key_size;
|
||||||
word16 iv_size;
|
word16 iv_size;
|
||||||
word16 block_size;
|
word16 block_size;
|
||||||
@@ -933,7 +941,8 @@ typedef struct Options {
|
|||||||
byte usingCompression; /* are we using compression */
|
byte usingCompression; /* are we using compression */
|
||||||
byte haveDH; /* server DH parms set by user */
|
byte haveDH; /* server DH parms set by user */
|
||||||
byte haveNTRU; /* server NTRU private key loaded */
|
byte haveNTRU; /* server NTRU private key loaded */
|
||||||
byte haveECDSA; /* server ECDSA private key loaded */
|
byte haveECDSA; /* server ECDSA signed cert */
|
||||||
|
byte haveStaticECC; /* static server ECC private key */
|
||||||
byte havePeerCert; /* do we have peer's cert */
|
byte havePeerCert; /* do we have peer's cert */
|
||||||
byte usingPSK_cipher; /* whether we're using psk as cipher */
|
byte usingPSK_cipher; /* whether we're using psk as cipher */
|
||||||
byte sendAlertState; /* nonblocking resume */
|
byte sendAlertState; /* nonblocking resume */
|
||||||
|
|||||||
@@ -335,6 +335,7 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
|
|||||||
ctx->haveDH = 0;
|
ctx->haveDH = 0;
|
||||||
ctx->haveNTRU = 0; /* start off */
|
ctx->haveNTRU = 0; /* start off */
|
||||||
ctx->haveECDSA = 0; /* start off */
|
ctx->haveECDSA = 0; /* start off */
|
||||||
|
ctx->haveStaticECC = 0; /* start off */
|
||||||
ctx->heap = ctx; /* defaults to self */
|
ctx->heap = ctx; /* defaults to self */
|
||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
ctx->havePSK = 0;
|
ctx->havePSK = 0;
|
||||||
@@ -444,6 +445,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||||||
int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
|
int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
|
||||||
int haveRSA = 1;
|
int haveRSA = 1;
|
||||||
|
|
||||||
|
/* TAO temp fix */
|
||||||
|
int haveStaticECC = 1;
|
||||||
|
|
||||||
(void)tls; /* shut up compiler */
|
(void)tls; /* shut up compiler */
|
||||||
(void)haveDH;
|
(void)haveDH;
|
||||||
(void)havePSK;
|
(void)havePSK;
|
||||||
@@ -495,6 +499,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
|
if (tls && haveECDSA && haveStaticECC) {
|
||||||
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
|
suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
||||||
if (tls && haveECDSA) {
|
if (tls && haveECDSA) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
@@ -755,7 +766,8 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||||||
ssl->options.haveDH = 0;
|
ssl->options.haveDH = 0;
|
||||||
ssl->options.haveNTRU = ctx->haveNTRU;
|
ssl->options.haveNTRU = ctx->haveNTRU;
|
||||||
ssl->options.haveECDSA = ctx->haveECDSA;
|
ssl->options.haveECDSA = ctx->haveECDSA;
|
||||||
ssl->options.havePeerCert = 0;
|
ssl->options.haveStaticECC = ctx->haveStaticECC;
|
||||||
|
ssl->options.havePeerCert = 0;
|
||||||
ssl->options.usingPSK_cipher = 0;
|
ssl->options.usingPSK_cipher = 0;
|
||||||
ssl->options.sendAlertState = 0;
|
ssl->options.sendAlertState = 0;
|
||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
@@ -3544,8 +3556,13 @@ const char* const cipher_names[] =
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||||
"DHE-RSA-AES256-SHA256"
|
"DHE-RSA-AES256-SHA256",
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
|
"ECDH-ECDSA-AES256-SHA"
|
||||||
|
#endif
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@@ -3663,8 +3680,13 @@ int cipher_name_idx[] =
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
||||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
|
#endif
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@@ -4068,6 +4090,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
CYASSL_MSG("Unsupported cipher suite, DoServerHello");
|
||||||
return UNSUPPORTED_SUITE;
|
return UNSUPPORTED_SUITE;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@@ -4449,14 +4472,24 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
#endif /* HAVE_NTRU */
|
#endif /* HAVE_NTRU */
|
||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
} else if (ssl->specs.kea == ecc_diffie_hellman_kea) {
|
} else if (ssl->specs.kea == ecc_diffie_hellman_kea) {
|
||||||
ecc_key myKey;
|
ecc_key myKey;
|
||||||
word32 size = sizeof(encSecret);
|
ecc_key* peerKey = &myKey;
|
||||||
|
word32 size = sizeof(encSecret);
|
||||||
|
|
||||||
if (!ssl->peerEccKeyPresent || !ssl->peerEccKey.dp)
|
if (ssl->specs.static_ecdh) {
|
||||||
return NO_PEER_KEY;
|
/* TODO: EccDsa is really fixed Ecc change naming */
|
||||||
|
if (!ssl->peerEccDsaKeyPresent || !ssl->peerEccDsaKey.dp)
|
||||||
|
return NO_PEER_KEY;
|
||||||
|
peerKey = &ssl->peerEccDsaKey;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (!ssl->peerEccKeyPresent || !ssl->peerEccKey.dp)
|
||||||
|
return NO_PEER_KEY;
|
||||||
|
peerKey = &ssl->peerEccKey;
|
||||||
|
}
|
||||||
|
|
||||||
ecc_init(&myKey);
|
ecc_init(&myKey);
|
||||||
ret = ecc_make_key(&ssl->rng, ssl->peerEccKey.dp->size, &myKey);
|
ret = ecc_make_key(&ssl->rng, peerKey->dp->size, &myKey);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ECC_MAKEKEY_ERROR;
|
return ECC_MAKEKEY_ERROR;
|
||||||
|
|
||||||
@@ -4469,7 +4502,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
ret = ECC_EXPORT_ERROR;
|
ret = ECC_EXPORT_ERROR;
|
||||||
else {
|
else {
|
||||||
size = sizeof(ssl->arrays.preMasterSecret);
|
size = sizeof(ssl->arrays.preMasterSecret);
|
||||||
ret = ecc_shared_secret(&myKey, &ssl->peerEccKey,
|
ret = ecc_shared_secret(&myKey, peerKey,
|
||||||
ssl->arrays.preMasterSecret, &size);
|
ssl->arrays.preMasterSecret, &size);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
ret = ECC_SHARED_ERROR;
|
ret = ECC_SHARED_ERROR;
|
||||||
@@ -4880,9 +4913,15 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
RsaKey rsaKey;
|
RsaKey rsaKey;
|
||||||
ecc_key dsaKey;
|
ecc_key dsaKey;
|
||||||
|
|
||||||
|
if (ssl->specs.static_ecdh) {
|
||||||
|
CYASSL_MSG("Using Static ECDH, not sending ServerKeyExchagne");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* curve type, named curve, length(1) */
|
/* curve type, named curve, length(1) */
|
||||||
length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
|
length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
|
||||||
/* pub key size */
|
/* pub key size */
|
||||||
|
CYASSL_MSG("Using ephemeral ECDH");
|
||||||
if (ecc_export_x963(&ssl->eccTempKey, exportBuf, &expSz) != 0)
|
if (ecc_export_x963(&ssl->eccTempKey, exportBuf, &expSz) != 0)
|
||||||
return ECC_EXPORT_ERROR;
|
return ECC_EXPORT_ERROR;
|
||||||
length += expSz;
|
length += expSz;
|
||||||
@@ -5386,8 +5425,10 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
ssl->options.resuming = 0;
|
ssl->options.resuming = 0;
|
||||||
break; /* session lookup failed */
|
break; /* session lookup failed */
|
||||||
}
|
}
|
||||||
if (MatchSuite(ssl, &clSuites) < 0)
|
if (MatchSuite(ssl, &clSuites) < 0) {
|
||||||
|
CYASSL_MSG("Unsupported cipher suite, OldClientHello");
|
||||||
return UNSUPPORTED_SUITE;
|
return UNSUPPORTED_SUITE;
|
||||||
|
}
|
||||||
|
|
||||||
RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
||||||
if (ssl->options.tls)
|
if (ssl->options.tls)
|
||||||
@@ -5540,8 +5581,10 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
CYASSL_MSG("Session lookup for resume failed");
|
CYASSL_MSG("Session lookup for resume failed");
|
||||||
break; /* session lookup failed */
|
break; /* session lookup failed */
|
||||||
}
|
}
|
||||||
if (MatchSuite(ssl, &clSuites) < 0)
|
if (MatchSuite(ssl, &clSuites) < 0) {
|
||||||
|
CYASSL_MSG("Unsupported cipher suite, ClientHello");
|
||||||
return UNSUPPORTED_SUITE;
|
return UNSUPPORTED_SUITE;
|
||||||
|
}
|
||||||
|
|
||||||
RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
||||||
if (ssl->options.tls)
|
if (ssl->options.tls)
|
||||||
@@ -5839,7 +5882,20 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
ssl->peerEccKeyPresent = 1;
|
ssl->peerEccKeyPresent = 1;
|
||||||
|
|
||||||
size = sizeof(ssl->arrays.preMasterSecret);
|
size = sizeof(ssl->arrays.preMasterSecret);
|
||||||
ret = ecc_shared_secret(&ssl->eccTempKey, &ssl->peerEccKey,
|
if (ssl->specs.static_ecdh) {
|
||||||
|
ecc_key staticKey;
|
||||||
|
word32 i = 0;
|
||||||
|
|
||||||
|
ecc_init(&staticKey);
|
||||||
|
ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
|
||||||
|
&staticKey, ssl->buffers.key.length);
|
||||||
|
if (ret == 0)
|
||||||
|
ret = ecc_shared_secret(&staticKey, &ssl->peerEccKey,
|
||||||
|
ssl->arrays.preMasterSecret, &size);
|
||||||
|
ecc_free(&staticKey);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
ret = ecc_shared_secret(&ssl->eccTempKey, &ssl->peerEccKey,
|
||||||
ssl->arrays.preMasterSecret, &size);
|
ssl->arrays.preMasterSecret, &size);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ECC_SHARED_ERROR;
|
return ECC_SHARED_ERROR;
|
||||||
|
|||||||
48
src/keys.c
48
src/keys.c
@@ -48,6 +48,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = rsa_sa_algo;
|
ssl->specs.sig_algo = rsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -64,6 +65,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = rsa_sa_algo;
|
ssl->specs.sig_algo = rsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = DES3_KEY_SIZE;
|
ssl->specs.key_size = DES3_KEY_SIZE;
|
||||||
ssl->specs.block_size = DES_BLOCK_SIZE;
|
ssl->specs.block_size = DES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = DES_IV_SIZE;
|
ssl->specs.iv_size = DES_IV_SIZE;
|
||||||
@@ -80,6 +82,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = rsa_sa_algo;
|
ssl->specs.sig_algo = rsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = RC4_KEY_SIZE;
|
ssl->specs.key_size = RC4_KEY_SIZE;
|
||||||
ssl->specs.iv_size = 0;
|
ssl->specs.iv_size = 0;
|
||||||
ssl->specs.block_size = 0;
|
ssl->specs.block_size = 0;
|
||||||
@@ -96,6 +99,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = DES3_KEY_SIZE;
|
ssl->specs.key_size = DES3_KEY_SIZE;
|
||||||
ssl->specs.block_size = DES_BLOCK_SIZE;
|
ssl->specs.block_size = DES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = DES_IV_SIZE;
|
ssl->specs.iv_size = DES_IV_SIZE;
|
||||||
@@ -112,6 +116,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = RC4_KEY_SIZE;
|
ssl->specs.key_size = RC4_KEY_SIZE;
|
||||||
ssl->specs.iv_size = 0;
|
ssl->specs.iv_size = 0;
|
||||||
ssl->specs.block_size = 0;
|
ssl->specs.block_size = 0;
|
||||||
@@ -128,6 +133,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = rsa_sa_algo;
|
ssl->specs.sig_algo = rsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -144,6 +150,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -160,6 +167,24 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
|
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||||
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
|
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
|
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
|
||||||
|
ssl->specs.bulk_cipher_algorithm = aes;
|
||||||
|
ssl->specs.cipher_type = block;
|
||||||
|
ssl->specs.mac_algorithm = sha_mac;
|
||||||
|
ssl->specs.kea = ecc_diffie_hellman_kea;
|
||||||
|
ssl->specs.sig_algo = ecc_dsa_sa_algo;
|
||||||
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 1;
|
||||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -168,6 +193,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
|
||||||
return UNSUPPORTED_SUITE;
|
return UNSUPPORTED_SUITE;
|
||||||
} /* switch */
|
} /* switch */
|
||||||
} /* if */
|
} /* if */
|
||||||
@@ -183,6 +209,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = rsa_kea;
|
ssl->specs.kea = rsa_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = RC4_KEY_SIZE;
|
ssl->specs.key_size = RC4_KEY_SIZE;
|
||||||
ssl->specs.iv_size = 0;
|
ssl->specs.iv_size = 0;
|
||||||
ssl->specs.block_size = 0;
|
ssl->specs.block_size = 0;
|
||||||
@@ -198,6 +225,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = ntru_kea;
|
ssl->specs.kea = ntru_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = RC4_KEY_SIZE;
|
ssl->specs.key_size = RC4_KEY_SIZE;
|
||||||
ssl->specs.iv_size = 0;
|
ssl->specs.iv_size = 0;
|
||||||
ssl->specs.block_size = 0;
|
ssl->specs.block_size = 0;
|
||||||
@@ -213,6 +241,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = rsa_kea;
|
ssl->specs.kea = rsa_kea;
|
||||||
ssl->specs.hash_size = MD5_DIGEST_SIZE;
|
ssl->specs.hash_size = MD5_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_MD5;
|
ssl->specs.pad_size = PAD_MD5;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = RC4_KEY_SIZE;
|
ssl->specs.key_size = RC4_KEY_SIZE;
|
||||||
ssl->specs.iv_size = 0;
|
ssl->specs.iv_size = 0;
|
||||||
ssl->specs.block_size = 0;
|
ssl->specs.block_size = 0;
|
||||||
@@ -228,6 +257,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = rsa_kea;
|
ssl->specs.kea = rsa_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = DES3_KEY_SIZE;
|
ssl->specs.key_size = DES3_KEY_SIZE;
|
||||||
ssl->specs.block_size = DES_BLOCK_SIZE;
|
ssl->specs.block_size = DES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = DES_IV_SIZE;
|
ssl->specs.iv_size = DES_IV_SIZE;
|
||||||
@@ -243,6 +273,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = ntru_kea;
|
ssl->specs.kea = ntru_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = DES3_KEY_SIZE;
|
ssl->specs.key_size = DES3_KEY_SIZE;
|
||||||
ssl->specs.block_size = DES_BLOCK_SIZE;
|
ssl->specs.block_size = DES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = DES_IV_SIZE;
|
ssl->specs.iv_size = DES_IV_SIZE;
|
||||||
@@ -258,6 +289,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = rsa_kea;
|
ssl->specs.kea = rsa_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -273,6 +305,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = rsa_kea;
|
ssl->specs.kea = rsa_kea;
|
||||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -288,6 +321,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = ntru_kea;
|
ssl->specs.kea = ntru_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -303,6 +337,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = rsa_kea;
|
ssl->specs.kea = rsa_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -318,6 +353,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = rsa_kea;
|
ssl->specs.kea = rsa_kea;
|
||||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -333,6 +369,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = ntru_kea;
|
ssl->specs.kea = ntru_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -348,6 +385,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = psk_kea;
|
ssl->specs.kea = psk_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -364,6 +402,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = psk_kea;
|
ssl->specs.kea = psk_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -381,6 +420,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = rsa_sa_algo;
|
ssl->specs.sig_algo = rsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -397,6 +437,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = rsa_sa_algo;
|
ssl->specs.sig_algo = rsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -413,6 +454,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = rsa_sa_algo;
|
ssl->specs.sig_algo = rsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -429,6 +471,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.sig_algo = rsa_sa_algo;
|
ssl->specs.sig_algo = rsa_sa_algo;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
ssl->specs.iv_size = AES_IV_SIZE;
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
@@ -444,6 +487,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = rsa_kea;
|
ssl->specs.kea = rsa_kea;
|
||||||
ssl->specs.hash_size = MD5_DIGEST_SIZE;
|
ssl->specs.hash_size = MD5_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_MD5;
|
ssl->specs.pad_size = PAD_MD5;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = HC_128_KEY_SIZE;
|
ssl->specs.key_size = HC_128_KEY_SIZE;
|
||||||
ssl->specs.block_size = 0;
|
ssl->specs.block_size = 0;
|
||||||
ssl->specs.iv_size = HC_128_IV_SIZE;
|
ssl->specs.iv_size = HC_128_IV_SIZE;
|
||||||
@@ -459,6 +503,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = rsa_kea;
|
ssl->specs.kea = rsa_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = HC_128_KEY_SIZE;
|
ssl->specs.key_size = HC_128_KEY_SIZE;
|
||||||
ssl->specs.block_size = 0;
|
ssl->specs.block_size = 0;
|
||||||
ssl->specs.iv_size = HC_128_IV_SIZE;
|
ssl->specs.iv_size = HC_128_IV_SIZE;
|
||||||
@@ -474,6 +519,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
ssl->specs.kea = rsa_kea;
|
ssl->specs.kea = rsa_kea;
|
||||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
ssl->specs.pad_size = PAD_SHA;
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
ssl->specs.key_size = RABBIT_KEY_SIZE;
|
ssl->specs.key_size = RABBIT_KEY_SIZE;
|
||||||
ssl->specs.block_size = 0;
|
ssl->specs.block_size = 0;
|
||||||
ssl->specs.iv_size = RABBIT_IV_SIZE;
|
ssl->specs.iv_size = RABBIT_IV_SIZE;
|
||||||
@@ -482,7 +528,7 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
default:
|
default:
|
||||||
CYASSL_MSG("Unsupported cipher suite");
|
CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs");
|
||||||
return UNSUPPORTED_SUITE;
|
return UNSUPPORTED_SUITE;
|
||||||
} /* switch */
|
} /* switch */
|
||||||
} /* if ECC / Normal suites else */
|
} /* if ECC / Normal suites else */
|
||||||
|
|||||||
32
src/ssl.c
32
src/ssl.c
@@ -996,10 +996,37 @@ int AddCA(CYASSL_CTX* ctx, buffer der, int type)
|
|||||||
return SSL_BAD_FILE;
|
return SSL_BAD_FILE;
|
||||||
}
|
}
|
||||||
ecc_free(&key);
|
ecc_free(&key);
|
||||||
ctx->haveECDSA = 1;
|
ctx->haveStaticECC = 1;
|
||||||
|
if (ssl)
|
||||||
|
ssl->options.haveStaticECC = 1;
|
||||||
}
|
}
|
||||||
#endif /* HAVE_ECC */
|
#endif /* HAVE_ECC */
|
||||||
}
|
}
|
||||||
|
else if (type == CERT_TYPE) {
|
||||||
|
int ret;
|
||||||
|
DecodedCert cert;
|
||||||
|
|
||||||
|
CYASSL_MSG("Checking cert signature type");
|
||||||
|
InitDecodedCert(&cert, der.buffer, der.length, ctx->heap);
|
||||||
|
|
||||||
|
if ((ret = DecodeToKey(&cert, 0)) < 0) {
|
||||||
|
CYASSL_MSG("Decode to key failed");
|
||||||
|
return SSL_BAD_FILE;
|
||||||
|
}
|
||||||
|
switch (cert.signatureOID) {
|
||||||
|
case CTC_SHAwECDSA:
|
||||||
|
case CTC_SHA256wECDSA:
|
||||||
|
case CTC_SHA384wECDSA:
|
||||||
|
case CTC_SHA512wECDSA:
|
||||||
|
CYASSL_MSG("ECDSA cert signature");
|
||||||
|
ctx->haveECDSA = 1;
|
||||||
|
if (ssl)
|
||||||
|
ssl->options.haveECDSA = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
FreeDecodedCert(&cert);
|
||||||
|
}
|
||||||
|
|
||||||
return SSL_SUCCESS;
|
return SSL_SUCCESS;
|
||||||
}
|
}
|
||||||
@@ -4365,6 +4392,9 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||||||
return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
|
return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||||
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
|
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
|
||||||
return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
|
return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
|
||||||
|
|
||||||
|
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
|
||||||
|
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
|
||||||
default:
|
default:
|
||||||
return "NONE";
|
return "NONE";
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user