forked from wolfSSL/wolfssl
Add TLS 1.2 ciphersuite ECDHE_PSK_WITH_AES_128_GCM_SHA256 from RFC 8442
Testing: ./autogen.sh ./configure --enable-psk make all check $ ./examples/server/server -j -l ECDHE-PSK-AES128-GCM-SHA256 SSL version is TLSv1.2 SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 SSL curve name is SECP256R1 Client message: hello wolfssl! $ ./examples/client/client -s -l ECDHE-PSK-AES128-GCM-SHA256 SSL version is TLSv1.2 SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 SSL curve name is SECP256R1 I hear you fa shizzle!
This commit is contained in:
Anthony Hu
@ -3562,6 +3562,18 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
|
||||||
|
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
|
||||||
|
if (tls1_2 && havePSK)
|
||||||
|
#else
|
||||||
|
if (tls && havePSK)
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
suites->suites[idx++] = ECDHE_PSK_BYTE;
|
||||||
|
suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
|
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
|
||||||
if (tls && havePSK) {
|
if (tls && havePSK) {
|
||||||
suites->suites[idx++] = ECC_BYTE;
|
suites->suites[idx++] = ECC_BYTE;
|
||||||
@ -10073,6 +10085,21 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
|||||||
} /* switch */
|
} /* switch */
|
||||||
} /* if */
|
} /* if */
|
||||||
|
|
||||||
|
/* ECC extensions */
|
||||||
|
if (first == ECDHE_PSK_BYTE) {
|
||||||
|
|
||||||
|
switch (second) {
|
||||||
|
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
|
||||||
|
case TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 :
|
||||||
|
if (requirement == REQUIRES_PSK)
|
||||||
|
return 1;
|
||||||
|
break;
|
||||||
|
#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
|
||||||
|
default:
|
||||||
|
WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC PSK");
|
||||||
|
return 0;
|
||||||
|
} /* switch */
|
||||||
|
} /* if */
|
||||||
#endif /* !WOLFSSL_NO_TLS12 */
|
#endif /* !WOLFSSL_NO_TLS12 */
|
||||||
|
|
||||||
/* Distinct TLS v1.3 cipher suites with cipher and digest only. */
|
/* Distinct TLS v1.3 cipher suites with cipher and digest only. */
|
||||||
@ -10098,7 +10125,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
|||||||
#ifndef WOLFSSL_NO_TLS12
|
#ifndef WOLFSSL_NO_TLS12
|
||||||
|
|
||||||
if (first != ECC_BYTE && first != CHACHA_BYTE &&
|
if (first != ECC_BYTE && first != CHACHA_BYTE &&
|
||||||
first != TLS13_BYTE) { /* normal suites */
|
first != TLS13_BYTE && first != ECDHE_PSK_BYTE) {
|
||||||
|
/* normal suites */
|
||||||
switch (second) {
|
switch (second) {
|
||||||
|
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
@ -21587,6 +21615,10 @@ static const CipherSuiteInfo cipher_names[] =
|
|||||||
SUITE_INFO("ECDHE-PSK-AES128-CBC-SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
|
SUITE_INFO("ECDHE-PSK-AES128-CBC-SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
|
||||||
|
SUITE_INFO("ECDHE-PSK-AES128-GCM-SHA256","TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256",ECDHE_PSK_BYTE,TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
|
#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
|
||||||
SUITE_INFO("PSK-CHACHA20-POLY1305","TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR),
|
SUITE_INFO("PSK-CHACHA20-POLY1305","TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR),
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
36
src/keys.c
36
src/keys.c
@ -1226,9 +1226,41 @@ int SetCipherSpecs(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ssl->options.cipherSuite0 == ECDHE_PSK_BYTE) {
|
||||||
|
|
||||||
|
switch (ssl->options.cipherSuite) {
|
||||||
|
|
||||||
|
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
|
||||||
|
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
|
||||||
|
case TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 :
|
||||||
|
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
|
||||||
|
ssl->specs.cipher_type = aead;
|
||||||
|
ssl->specs.mac_algorithm = sha256_mac;
|
||||||
|
ssl->specs.kea = ecdhe_psk_kea;
|
||||||
|
ssl->specs.sig_algo = anonymous_sa_algo;
|
||||||
|
ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE;
|
||||||
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
|
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||||
|
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||||
|
ssl->specs.iv_size = AES_IV_SIZE;
|
||||||
|
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||||
|
|
||||||
|
ssl->options.usingPSK_cipher = 1;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
if (ssl->options.cipherSuite0 != ECC_BYTE &&
|
if (ssl->options.cipherSuite0 != ECC_BYTE &&
|
||||||
ssl->options.cipherSuite0 != CHACHA_BYTE &&
|
ssl->options.cipherSuite0 != ECDHE_PSK_BYTE &&
|
||||||
ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */
|
ssl->options.cipherSuite0 != CHACHA_BYTE &&
|
||||||
|
ssl->options.cipherSuite0 != TLS13_BYTE) { /* normal suites */
|
||||||
switch (ssl->options.cipherSuite) {
|
switch (ssl->options.cipherSuite) {
|
||||||
|
|
||||||
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
|
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
|
||||||
|
|||||||
12
src/tls.c
12
src/tls.c
@ -3860,7 +3860,8 @@ static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
|
|||||||
if (ssl->suites->suites[i] == TLS13_BYTE)
|
if (ssl->suites->suites[i] == TLS13_BYTE)
|
||||||
return;
|
return;
|
||||||
if ((ssl->suites->suites[i] == ECC_BYTE) ||
|
if ((ssl->suites->suites[i] == ECC_BYTE) ||
|
||||||
(ssl->suites->suites[i] == CHACHA_BYTE)) {
|
(ssl->suites->suites[i] == ECDHE_PSK_BYTE) ||
|
||||||
|
(ssl->suites->suites[i] == CHACHA_BYTE)) {
|
||||||
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
|
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
|
||||||
defined(HAVE_CURVE448)
|
defined(HAVE_CURVE448)
|
||||||
return;
|
return;
|
||||||
@ -3888,7 +3889,8 @@ static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
|
|||||||
if (ssl->suites->suites[i] == TLS13_BYTE)
|
if (ssl->suites->suites[i] == TLS13_BYTE)
|
||||||
return;
|
return;
|
||||||
if ((ssl->suites->suites[i] == ECC_BYTE) ||
|
if ((ssl->suites->suites[i] == ECC_BYTE) ||
|
||||||
(ssl->suites->suites[i] == CHACHA_BYTE)) {
|
(ssl->suites->suites[i] == ECDHE_PSK_BYTE) ||
|
||||||
|
(ssl->suites->suites[i] == CHACHA_BYTE)) {
|
||||||
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
|
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
|
||||||
defined(HAVE_CURVE448)
|
defined(HAVE_CURVE448)
|
||||||
return;
|
return;
|
||||||
@ -3919,6 +3921,7 @@ static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore)
|
|||||||
return;
|
return;
|
||||||
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
|
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
|
||||||
if (ssl->options.cipherSuite0 == ECC_BYTE ||
|
if (ssl->options.cipherSuite0 == ECC_BYTE ||
|
||||||
|
ssl->options.cipherSuite0 == ECDHE_PSK_BYTE ||
|
||||||
ssl->options.cipherSuite0 == CHACHA_BYTE) {
|
ssl->options.cipherSuite0 == CHACHA_BYTE) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -4439,7 +4442,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (first == ECC_BYTE || first == CHACHA_BYTE)
|
if (first == ECC_BYTE || first == ECDHE_PSK_BYTE || first == CHACHA_BYTE)
|
||||||
extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
|
extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
|
||||||
if (!extension)
|
if (!extension)
|
||||||
return 1; /* no suite restriction */
|
return 1; /* no suite restriction */
|
||||||
@ -11115,7 +11118,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_NULL_CIPHER
|
#ifdef HAVE_NULL_CIPHER
|
||||||
if (cipherSuite0 == ECC_BYTE) {
|
if (cipherSuite0 == ECC_BYTE ||
|
||||||
|
cipherSuite0 == ECDHE_PSK_BYTE) {
|
||||||
if (cipherSuite != TLS_SHA256_SHA256 &&
|
if (cipherSuite != TLS_SHA256_SHA256 &&
|
||||||
cipherSuite != TLS_SHA384_SHA384) {
|
cipherSuite != TLS_SHA384_SHA384) {
|
||||||
continue;
|
continue;
|
||||||
|
|||||||
@ -43,7 +43,7 @@
|
|||||||
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
# server DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
||||||
-e
|
-e
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -51,7 +51,7 @@
|
|||||||
-s
|
-s
|
||||||
-l DHE-PSK-CHACHA20-POLY1305
|
-l DHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
# client DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
||||||
-B 4000,1359
|
-B 4000,1359
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -59,7 +59,7 @@
|
|||||||
-s
|
-s
|
||||||
-l DHE-PSK-CHACHA20-POLY1305
|
-l DHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
# server DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
||||||
-e
|
-e
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -67,7 +67,7 @@
|
|||||||
-s
|
-s
|
||||||
-l ECDHE-PSK-CHACHA20-POLY1305
|
-l ECDHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
# client DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
||||||
-B 4000,1359
|
-B 4000,1359
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -75,7 +75,7 @@
|
|||||||
-s
|
-s
|
||||||
-l ECDHE-PSK-CHACHA20-POLY1305
|
-l ECDHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# server TLSv1.2 PSK-CHACHA20-POLY1305
|
# server DTLSv1.2 PSK-CHACHA20-POLY1305
|
||||||
-e
|
-e
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -83,7 +83,7 @@
|
|||||||
-s
|
-s
|
||||||
-l PSK-CHACHA20-POLY1305
|
-l PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# client TLSv1.2 PSK-CHACHA20-POLY1305
|
# client DTLSv1.2 PSK-CHACHA20-POLY1305
|
||||||
-B 4000,1359
|
-B 4000,1359
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -234,7 +234,7 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-RSA-AES256-SHA
|
-l ECDHE-RSA-AES256-SHA
|
||||||
|
|
||||||
# server TLSv1 ECDHE-ECDSA-NULL-SHA
|
# server DTLSv1 ECDHE-ECDSA-NULL-SHA
|
||||||
-e
|
-e
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -243,7 +243,7 @@
|
|||||||
-c ./certs/server-ecc.pem
|
-c ./certs/server-ecc.pem
|
||||||
-k ./certs/ecc-key.pem
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
# client TLSv1 ECDHE-ECDSA-NULL-SHA
|
# client DTLSv1 ECDHE-ECDSA-NULL-SHA
|
||||||
-B 4000,1355
|
-B 4000,1355
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -251,7 +251,7 @@
|
|||||||
-l ECDHE-ECDSA-NULL-SHA
|
-l ECDHE-ECDSA-NULL-SHA
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
|
# server DTLSv1.1 ECDHE-ECDSA-NULL-SHA
|
||||||
-e
|
-e
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -260,7 +260,7 @@
|
|||||||
-c ./certs/server-ecc.pem
|
-c ./certs/server-ecc.pem
|
||||||
-k ./certs/ecc-key.pem
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
# client TLSv1 ECDHE-ECDSA-NULL-SHA
|
# client DTLSv1 ECDHE-ECDSA-NULL-SHA
|
||||||
-B 4000,1355
|
-B 4000,1355
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -268,7 +268,7 @@
|
|||||||
-l ECDHE-ECDSA-NULL-SHA
|
-l ECDHE-ECDSA-NULL-SHA
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
# server DTLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||||
-e
|
-e
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -277,7 +277,7 @@
|
|||||||
-c ./certs/server-ecc.pem
|
-c ./certs/server-ecc.pem
|
||||||
-k ./certs/ecc-key.pem
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
# client DTLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||||
-B 4000,1355
|
-B 4000,1355
|
||||||
-u
|
-u
|
||||||
-f
|
-f
|
||||||
@ -699,7 +699,7 @@
|
|||||||
-l ECDH-ECDSA-AES256-SHA384
|
-l ECDH-ECDSA-AES256-SHA384
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
# server DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
||||||
-e
|
-e
|
||||||
-s
|
-s
|
||||||
-u
|
-u
|
||||||
@ -707,7 +707,7 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-PSK-AES128-CBC-SHA256
|
-l ECDHE-PSK-AES128-CBC-SHA256
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
# client DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
||||||
-B 4000,1298
|
-B 4000,1298
|
||||||
-s
|
-s
|
||||||
-u
|
-u
|
||||||
@ -715,7 +715,7 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-PSK-AES128-CBC-SHA256
|
-l ECDHE-PSK-AES128-CBC-SHA256
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-PSK-NULL-SHA256
|
# server DTLSv1.2 ECDHE-PSK-NULL-SHA256
|
||||||
-e
|
-e
|
||||||
-s
|
-s
|
||||||
-u
|
-u
|
||||||
@ -723,7 +723,7 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-PSK-NULL-SHA256
|
-l ECDHE-PSK-NULL-SHA256
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-PSK-NULL-SHA256
|
# client DTLSv1.2 ECDHE-PSK-NULL-SHA256
|
||||||
-B 4000,1343
|
-B 4000,1343
|
||||||
-s
|
-s
|
||||||
-u
|
-u
|
||||||
@ -1149,7 +1149,7 @@
|
|||||||
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
# server DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
||||||
-e
|
-e
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1157,7 +1157,7 @@
|
|||||||
-s
|
-s
|
||||||
-l DHE-PSK-CHACHA20-POLY1305
|
-l DHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
# client DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
||||||
-B 4000,983
|
-B 4000,983
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1165,7 +1165,7 @@
|
|||||||
-s
|
-s
|
||||||
-l DHE-PSK-CHACHA20-POLY1305
|
-l DHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
# server DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
||||||
-e
|
-e
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1173,7 +1173,7 @@
|
|||||||
-s
|
-s
|
||||||
-l ECDHE-PSK-CHACHA20-POLY1305
|
-l ECDHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
# client DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
||||||
-B 4000,983
|
-B 4000,983
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1181,7 +1181,7 @@
|
|||||||
-s
|
-s
|
||||||
-l ECDHE-PSK-CHACHA20-POLY1305
|
-l ECDHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# server TLSv1.2 PSK-CHACHA20-POLY1305
|
# server DTLSv1.2 PSK-CHACHA20-POLY1305
|
||||||
-e
|
-e
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1189,7 +1189,7 @@
|
|||||||
-s
|
-s
|
||||||
-l PSK-CHACHA20-POLY1305
|
-l PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# client TLSv1.2 PSK-CHACHA20-POLY1305
|
# client DTLSv1.2 PSK-CHACHA20-POLY1305
|
||||||
-B 4000,983
|
-B 4000,983
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1340,7 +1340,7 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-RSA-AES256-SHA
|
-l ECDHE-RSA-AES256-SHA
|
||||||
|
|
||||||
# server TLSv1 ECDHE-ECDSA-NULL-SHA
|
# server DTLSv1 ECDHE-ECDSA-NULL-SHA
|
||||||
-e
|
-e
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1349,7 +1349,7 @@
|
|||||||
-c ./certs/server-ecc.pem
|
-c ./certs/server-ecc.pem
|
||||||
-k ./certs/ecc-key.pem
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
# client TLSv1 ECDHE-ECDSA-NULL-SHA
|
# client DTLSv1 ECDHE-ECDSA-NULL-SHA
|
||||||
-B 4000,979
|
-B 4000,979
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1357,7 +1357,7 @@
|
|||||||
-l ECDHE-ECDSA-NULL-SHA
|
-l ECDHE-ECDSA-NULL-SHA
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
|
# server DTLSv1.1 ECDHE-ECDSA-NULL-SHA
|
||||||
-e
|
-e
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1366,7 +1366,7 @@
|
|||||||
-c ./certs/server-ecc.pem
|
-c ./certs/server-ecc.pem
|
||||||
-k ./certs/ecc-key.pem
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
# client TLSv1 ECDHE-ECDSA-NULL-SHA
|
# client DTLSv1 ECDHE-ECDSA-NULL-SHA
|
||||||
-B 4000,979
|
-B 4000,979
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1374,7 +1374,7 @@
|
|||||||
-l ECDHE-ECDSA-NULL-SHA
|
-l ECDHE-ECDSA-NULL-SHA
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
# server DTLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||||
-e
|
-e
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1383,7 +1383,7 @@
|
|||||||
-c ./certs/server-ecc.pem
|
-c ./certs/server-ecc.pem
|
||||||
-k ./certs/ecc-key.pem
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
# client DTLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||||
-B 4000,979
|
-B 4000,979
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
@ -1805,7 +1805,7 @@
|
|||||||
-l ECDH-ECDSA-AES256-SHA384
|
-l ECDH-ECDSA-AES256-SHA384
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
# server DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
||||||
-e
|
-e
|
||||||
-s
|
-s
|
||||||
-u 1024
|
-u 1024
|
||||||
@ -1813,7 +1813,7 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-PSK-AES128-CBC-SHA256
|
-l ECDHE-PSK-AES128-CBC-SHA256
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
# client DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
||||||
-B 4000,922
|
-B 4000,922
|
||||||
-s
|
-s
|
||||||
-u 1024
|
-u 1024
|
||||||
@ -1821,21 +1821,21 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-PSK-AES128-CBC-SHA256
|
-l ECDHE-PSK-AES128-CBC-SHA256
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-PSK-AES128-SHA256
|
# server DTLSv1.2 ECDHE-PSK-AES128-SHA256
|
||||||
-s
|
-s
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-PSK-AES128-SHA256
|
-l ECDHE-PSK-AES128-SHA256
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-PSK-AES128-SHA256
|
# client DTLSv1.2 ECDHE-PSK-AES128-SHA256
|
||||||
-s
|
-s
|
||||||
-u 1024
|
-u 1024
|
||||||
-f
|
-f
|
||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-PSK-AES128-SHA256
|
-l ECDHE-PSK-AES128-SHA256
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-PSK-NULL-SHA256
|
# server DTLSv1.2 ECDHE-PSK-NULL-SHA256
|
||||||
-e
|
-e
|
||||||
-s
|
-s
|
||||||
-u 1024
|
-u 1024
|
||||||
@ -1843,7 +1843,7 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-PSK-NULL-SHA256
|
-l ECDHE-PSK-NULL-SHA256
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-PSK-NULL-SHA256
|
# client DTLSv1.2 ECDHE-PSK-NULL-SHA256
|
||||||
-B 4000,967
|
-B 4000,967
|
||||||
-s
|
-s
|
||||||
-u 1024
|
-u 1024
|
||||||
@ -2365,7 +2365,7 @@
|
|||||||
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
-l ECDHE-ECDSA-CHACHA20-POLY1305
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
# server DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
||||||
-e
|
-e
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -2373,7 +2373,7 @@
|
|||||||
-s
|
-s
|
||||||
-l DHE-PSK-CHACHA20-POLY1305
|
-l DHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
# client DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
|
||||||
-B 4000,471
|
-B 4000,471
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -2381,7 +2381,7 @@
|
|||||||
-s
|
-s
|
||||||
-l DHE-PSK-CHACHA20-POLY1305
|
-l DHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
# server DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
||||||
-e
|
-e
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -2389,7 +2389,7 @@
|
|||||||
-s
|
-s
|
||||||
-l ECDHE-PSK-CHACHA20-POLY1305
|
-l ECDHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
# client DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
|
||||||
-B 4000,471
|
-B 4000,471
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -2397,7 +2397,7 @@
|
|||||||
-s
|
-s
|
||||||
-l ECDHE-PSK-CHACHA20-POLY1305
|
-l ECDHE-PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# server TLSv1.2 PSK-CHACHA20-POLY1305
|
# server DTLSv1.2 PSK-CHACHA20-POLY1305
|
||||||
-e
|
-e
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -2405,7 +2405,7 @@
|
|||||||
-s
|
-s
|
||||||
-l PSK-CHACHA20-POLY1305
|
-l PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
# client TLSv1.2 PSK-CHACHA20-POLY1305
|
# client DTLSv1.2 PSK-CHACHA20-POLY1305
|
||||||
-B 4000,471
|
-B 4000,471
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -2556,7 +2556,7 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-RSA-AES256-SHA
|
-l ECDHE-RSA-AES256-SHA
|
||||||
|
|
||||||
# server TLSv1 ECDHE-ECDSA-NULL-SHA
|
# server DTLSv1 ECDHE-ECDSA-NULL-SHA
|
||||||
-e
|
-e
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -2565,7 +2565,7 @@
|
|||||||
-c ./certs/server-ecc.pem
|
-c ./certs/server-ecc.pem
|
||||||
-k ./certs/ecc-key.pem
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
# client TLSv1 ECDHE-ECDSA-NULL-SHA
|
# client DTLSv1 ECDHE-ECDSA-NULL-SHA
|
||||||
-B 4000,467
|
-B 4000,467
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -2573,7 +2573,7 @@
|
|||||||
-l ECDHE-ECDSA-NULL-SHA
|
-l ECDHE-ECDSA-NULL-SHA
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
|
# server DTLSv1.1 ECDHE-ECDSA-NULL-SHA
|
||||||
-e
|
-e
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -2582,7 +2582,7 @@
|
|||||||
-c ./certs/server-ecc.pem
|
-c ./certs/server-ecc.pem
|
||||||
-k ./certs/ecc-key.pem
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
# client TLSv1 ECDHE-ECDSA-NULL-SHA
|
# client DTLSv1 ECDHE-ECDSA-NULL-SHA
|
||||||
-B 4000,467
|
-B 4000,467
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -2590,7 +2590,7 @@
|
|||||||
-l ECDHE-ECDSA-NULL-SHA
|
-l ECDHE-ECDSA-NULL-SHA
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
# server DTLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||||
-e
|
-e
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -2599,7 +2599,7 @@
|
|||||||
-c ./certs/server-ecc.pem
|
-c ./certs/server-ecc.pem
|
||||||
-k ./certs/ecc-key.pem
|
-k ./certs/ecc-key.pem
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
|
# client DTLSv1.2 ECDHE-ECDSA-NULL-SHA
|
||||||
-B 4000,467
|
-B 4000,467
|
||||||
-u 512
|
-u 512
|
||||||
-f
|
-f
|
||||||
@ -3021,7 +3021,7 @@
|
|||||||
-l ECDH-ECDSA-AES256-SHA384
|
-l ECDH-ECDSA-AES256-SHA384
|
||||||
-A ./certs/ca-ecc-cert.pem
|
-A ./certs/ca-ecc-cert.pem
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
# server DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
||||||
-e
|
-e
|
||||||
-s
|
-s
|
||||||
-u 512
|
-u 512
|
||||||
@ -3029,7 +3029,7 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-PSK-AES128-CBC-SHA256
|
-l ECDHE-PSK-AES128-CBC-SHA256
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
# client DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
|
||||||
-B 4000,410
|
-B 4000,410
|
||||||
-s
|
-s
|
||||||
-u 512
|
-u 512
|
||||||
@ -3037,7 +3037,7 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-PSK-AES128-CBC-SHA256
|
-l ECDHE-PSK-AES128-CBC-SHA256
|
||||||
|
|
||||||
# server TLSv1.2 ECDHE-PSK-NULL-SHA256
|
# server DTLSv1.2 ECDHE-PSK-NULL-SHA256
|
||||||
-e
|
-e
|
||||||
-s
|
-s
|
||||||
-u 512
|
-u 512
|
||||||
@ -3045,7 +3045,7 @@
|
|||||||
-v 3
|
-v 3
|
||||||
-l ECDHE-PSK-NULL-SHA256
|
-l ECDHE-PSK-NULL-SHA256
|
||||||
|
|
||||||
# client TLSv1.2 ECDHE-PSK-NULL-SHA256
|
# client DTLSv1.2 ECDHE-PSK-NULL-SHA256
|
||||||
-B 4000,455
|
-B 4000,455
|
||||||
-s
|
-s
|
||||||
-u 512
|
-u 512
|
||||||
|
|||||||
@ -5,3 +5,11 @@
|
|||||||
# client- standard PSK
|
# client- standard PSK
|
||||||
-s
|
-s
|
||||||
-l PSK-CHACHA20-POLY1305
|
-l PSK-CHACHA20-POLY1305
|
||||||
|
|
||||||
|
# server
|
||||||
|
-j
|
||||||
|
-l ECDHE-PSK-AES128-GCM-SHA256
|
||||||
|
|
||||||
|
# client
|
||||||
|
-s
|
||||||
|
-l ECDHE-PSK-AES128-GCM-SHA256
|
||||||
|
|||||||
@ -667,6 +667,10 @@
|
|||||||
defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
|
defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
|
||||||
#define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
#define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||||
#endif
|
#endif
|
||||||
|
#if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \
|
||||||
|
defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM)
|
||||||
|
#define BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
|
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
|
||||||
#if !defined(NO_OLD_POLY1305)
|
#if !defined(NO_OLD_POLY1305)
|
||||||
@ -1050,6 +1054,9 @@ enum {
|
|||||||
TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
|
TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
|
||||||
TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
|
TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
|
||||||
|
|
||||||
|
/* ECDHE_PSK RFC8442, first byte is 0xD0 (EDHE_PSK_BYTE) */
|
||||||
|
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0x01,
|
||||||
|
|
||||||
/* TLS v1.3 cipher suites */
|
/* TLS v1.3 cipher suites */
|
||||||
TLS_AES_128_GCM_SHA256 = 0x01,
|
TLS_AES_128_GCM_SHA256 = 0x01,
|
||||||
TLS_AES_256_GCM_SHA384 = 0x02,
|
TLS_AES_256_GCM_SHA384 = 0x02,
|
||||||
@ -1159,10 +1166,11 @@ enum {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
enum Misc {
|
enum Misc {
|
||||||
CIPHER_BYTE = 0x00, /* Default ciphers */
|
CIPHER_BYTE = 0x00, /* Default ciphers */
|
||||||
ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
|
ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
|
||||||
CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
|
CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
|
||||||
TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */
|
TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */
|
||||||
|
ECDHE_PSK_BYTE = 0xD0, /* RFC 8442 */
|
||||||
|
|
||||||
SEND_CERT = 1,
|
SEND_CERT = 1,
|
||||||
SEND_BLANK_CERT = 2,
|
SEND_BLANK_CERT = 2,
|
||||||
|
|||||||
Reference in New Issue
Block a user