mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-03 12:44:45 +02:00
add cipher suite ECDHE-PSK-AES128-SHA256 and adjustments to ECDHE-PSK
This commit is contained in:
Jacob Barthelmeh
@@ -1362,6 +1362,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||
if (tls && havePSK) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
|
||||
if (tls && havePSK) {
|
||||
suites->suites[idx++] = ECC_BYTE;
|
||||
@@ -4000,6 +4007,16 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
|
||||
if (requirement == REQUIRES_PSK)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
|
||||
if (requirement == REQUIRES_PSK)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
default:
|
||||
WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC");
|
||||
return 0;
|
||||
@@ -9941,6 +9958,10 @@ static const char* const cipher_names[] =
|
||||
#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
|
||||
"ECDHE-PSK-NULL-SHA256",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||
"ECDHE-PSK-AES128-CBC-SHA256",
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
@@ -10363,6 +10384,10 @@ static int cipher_name_idx[] =
|
||||
#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
|
||||
TLS_ECDHE_PSK_WITH_NULL_SHA256,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
|
||||
18
src/keys.c
18
src/keys.c
@@ -799,6 +799,24 @@ int SetCipherSpecs(WOLFSSL* ssl)
|
||||
ssl->options.usingPSK_cipher = 1;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||
case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
|
||||
ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
|
||||
ssl->specs.cipher_type = block;
|
||||
ssl->specs.mac_algorithm = sha256_mac;
|
||||
ssl->specs.kea = ecdhe_psk_kea;
|
||||
ssl->specs.sig_algo = anonymous_sa_algo;
|
||||
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_128_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AES_IV_SIZE;
|
||||
|
||||
ssl->options.usingPSK_cipher = 1;
|
||||
break;
|
||||
#endif
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
|
||||
|
||||
@@ -10304,6 +10304,14 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
|
||||
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
|
||||
return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
|
||||
#endif
|
||||
case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
|
||||
return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
|
||||
#ifndef NO_PSK
|
||||
case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
|
||||
return "TLS_ECDHE_PSK_WITH_NULL_SHA256";
|
||||
case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
|
||||
return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
|
||||
#endif
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
|
||||
@@ -746,6 +746,42 @@
|
||||
-l ECDH-ECDSA-AES256-SHA384
|
||||
-A ./certs/server-ecc.pem
|
||||
|
||||
# server TLSv1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-u
|
||||
-v 1
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# client TLSv1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-u
|
||||
-v 1
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-u
|
||||
-v 2
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-u
|
||||
-v 2
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# server TLSv1.2 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# client TLSv1.2 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-u
|
||||
-v 3
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# server TLSv1 ECDHE-PSK-NULL-SHA256
|
||||
-s
|
||||
-u
|
||||
|
||||
@@ -1,3 +1,69 @@
|
||||
# No Hint server TLSv1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-I
|
||||
-v 1
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# No Hint client TLSv1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 1
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-I
|
||||
-v 2
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 2
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# No Hint server TLSv1.2 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-I
|
||||
-v 3
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# No Hint client TLSv1.2 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 3
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# No Hint server TLSv1 ECDHE-PSK-NULL-SHA256
|
||||
-s
|
||||
-I
|
||||
-v 1
|
||||
-l ECDHE-PSK-NULL-SHA256
|
||||
|
||||
# No Hint client TLSv1 ECDHE-PSK-NULL-SHA256
|
||||
-s
|
||||
-v 1
|
||||
-l ECDHE-PSK-NULL-SHA256
|
||||
|
||||
# No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256
|
||||
-s
|
||||
-I
|
||||
-v 2
|
||||
-l ECDHE-PSK-NULL-SHA256
|
||||
|
||||
# No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256
|
||||
-s
|
||||
-v 2
|
||||
-l ECDHE-PSK-NULL-SHA256
|
||||
|
||||
# No Hint server TLSv1.2 ECDHE-PSK-NULL-SHA256
|
||||
-s
|
||||
-I
|
||||
-v 3
|
||||
-l ECDHE-PSK-NULL-SHA256
|
||||
|
||||
# No Hint client TLSv1.2 ECDHE-PSK-NULL-SHA256
|
||||
-s
|
||||
-v 3
|
||||
-l ECDHE-PSK-NULL-SHA256
|
||||
|
||||
# No Hint server TLSv1 PSK-AES128
|
||||
-s
|
||||
-I
|
||||
|
||||
@@ -1155,6 +1155,36 @@
|
||||
-v 3
|
||||
-l QSH:DHE-RSA-AES256-SHA256
|
||||
|
||||
# server TLSv1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 1
|
||||
-l QSH:ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# client TLSv1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 1
|
||||
-l QSH:ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 2
|
||||
-l QSH:ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 2
|
||||
-l QSH:ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# server TLSv1.2 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 3
|
||||
-l QSH:ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# client TLSv1.2 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 3
|
||||
-l QSH:ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# server TLSv1 ECDHE-PSK-NULL-SHA256
|
||||
-s
|
||||
-v 1
|
||||
|
||||
@@ -1158,6 +1158,36 @@
|
||||
-v 3
|
||||
-l ECDHE-PSK-NULL-SHA256
|
||||
|
||||
# server TLSv1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 1
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# client TLSv1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 1
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 2
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 2
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# server TLSv1.2 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 3
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# client TLSv1.2 ECDHE-PSK-AES128-SHA256
|
||||
-s
|
||||
-v 3
|
||||
-l ECDHE-PSK-AES128-SHA256
|
||||
|
||||
# server TLSv1 PSK-AES128
|
||||
-s
|
||||
-v 1
|
||||
|
||||
@@ -528,6 +528,9 @@ typedef byte word24[3];
|
||||
#define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES)
|
||||
#define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||
#endif
|
||||
#endif
|
||||
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) \
|
||||
&& !defined(NO_OLD_POLY1305)
|
||||
@@ -715,6 +718,7 @@ enum {
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
|
||||
TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
|
||||
TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
|
||||
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
|
||||
|
||||
/* static ECDH, first byte is 0xC0 (ECC_BYTE) */
|
||||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
|
||||
|
||||
Reference in New Issue
Block a user