wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

added ECDSA and DHE_RSA support for chacha-poly

Browse Source
This commit is contained in:
JacobBarthelmeh
2014-07-10 16:35:56 -06:00
parent c322cb05ad
commit e62fbdd49f
6 changed files with 103 additions and 645 deletions
Download Patch File Download Diff File Expand all files Collapse all files

436
ctaocrypt/src/port.c
View File

@@ -1,436 +0,0 @@
/* port.c
*
* Copyright (C) 2006-2014 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <cyassl/ctaocrypt/settings.h>
#include <cyassl/ctaocrypt/types.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#ifdef _MSC_VER
/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
#pragma warning(disable: 4996)
#endif
#ifdef SINGLE_THREADED
int InitMutex(CyaSSL_Mutex* m)
{
(void)m;
return 0;
}
int FreeMutex(CyaSSL_Mutex *m)
{
(void)m;
return 0;
}
int LockMutex(CyaSSL_Mutex *m)
{
(void)m;
return 0;
}
int UnLockMutex(CyaSSL_Mutex *m)
{
(void)m;
return 0;
}
#else /* MULTI_THREAD */
#if defined(FREERTOS)
int InitMutex(CyaSSL_Mutex* m)
{
int iReturn;
*m = ( CyaSSL_Mutex ) xSemaphoreCreateMutex();
if( *m != NULL )
iReturn = 0;
else
iReturn = BAD_MUTEX_E;
return iReturn;
}
int FreeMutex(CyaSSL_Mutex* m)
{
vSemaphoreDelete( *m );
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
/* Assume an infinite block, or should there be zero block? */
xSemaphoreTake( *m, portMAX_DELAY );
return 0;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
xSemaphoreGive( *m );
return 0;
}
#elif defined(CYASSL_SAFERTOS)
int InitMutex(CyaSSL_Mutex* m)
{
vSemaphoreCreateBinary(m->mutexBuffer, m->mutex);
if (m->mutex == NULL)
return BAD_MUTEX_E;
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
(void)m;
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
/* Assume an infinite block */
xSemaphoreTake(m->mutex, portMAX_DELAY);
return 0;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
xSemaphoreGive(m->mutex);
return 0;
}
#elif defined(USE_WINDOWS_API)
int InitMutex(CyaSSL_Mutex* m)
{
InitializeCriticalSection(m);
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
DeleteCriticalSection(m);
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
EnterCriticalSection(m);
return 0;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
LeaveCriticalSection(m);
return 0;
}
#elif defined(CYASSL_PTHREADS)
int InitMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_init(m, 0) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int FreeMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_destroy(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_lock(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
if (pthread_mutex_unlock(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
#elif defined(THREADX)
int InitMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_create(m, "CyaSSL Mutex", TX_NO_INHERIT) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int FreeMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_delete(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_get(m, TX_WAIT_FOREVER) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
if (tx_mutex_put(m) == 0)
return 0;
else
return BAD_MUTEX_E;
}
#elif defined(MICRIUM)
int InitMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_MutexCreate(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
int FreeMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_FreeMutex(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
int LockMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_LockMutex(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
int UnLockMutex(CyaSSL_Mutex* m)
{
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
if (NetSecure_OS_UnLockMutex(m) == 0)
return 0;
else
return BAD_MUTEX_E;
#else
return 0;
#endif
}
#elif defined(EBSNET)
int InitMutex(CyaSSL_Mutex* m)
{
if (rtp_sig_mutex_alloc(m, "CyaSSL Mutex") == -1)
return BAD_MUTEX_E;
else
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
rtp_sig_mutex_free(*m);
return 0;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (rtp_sig_mutex_claim_timed(*m, RTIP_INF) == 0)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
rtp_sig_mutex_release(*m);
return 0;
}
#elif defined(FREESCALE_MQX)
int InitMutex(CyaSSL_Mutex* m)
{
if (_mutex_init(m, NULL) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
int FreeMutex(CyaSSL_Mutex* m)
{
if (_mutex_destroy(m) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
int LockMutex(CyaSSL_Mutex* m)
{
if (_mutex_lock(m) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
if (_mutex_unlock(m) == MQX_EOK)
return 0;
else
return BAD_MUTEX_E;
}
#elif defined(CYASSL_MDK_ARM)|| defined(CYASSL_CMSIS_RTOS)
#if defined(CYASSL_CMSIS_RTOS)
#include "cmsis_os.h"
#define CMSIS_NMUTEX 10
osMutexDef(CyaSSL_mt0) ; osMutexDef(CyaSSL_mt1) ; osMutexDef(CyaSSL_mt2) ;
osMutexDef(CyaSSL_mt3) ; osMutexDef(CyaSSL_mt4) ; osMutexDef(CyaSSL_mt5) ;
osMutexDef(CyaSSL_mt6) ; osMutexDef(CyaSSL_mt7) ; osMutexDef(CyaSSL_mt8) ;
osMutexDef(CyaSSL_mt9) ;
static const osMutexDef_t *CMSIS_mutex[] = { osMutex(CyaSSL_mt0),
osMutex(CyaSSL_mt1), osMutex(CyaSSL_mt2), osMutex(CyaSSL_mt3),
osMutex(CyaSSL_mt4), osMutex(CyaSSL_mt5), osMutex(CyaSSL_mt6),
osMutex(CyaSSL_mt7), osMutex(CyaSSL_mt8), osMutex(CyaSSL_mt9) } ;
static osMutexId CMSIS_mutexID[CMSIS_NMUTEX] = {0} ;
int InitMutex(CyaSSL_Mutex* m)
{
int i ;
for (i=0; i<CMSIS_NMUTEX; i++) {
if(CMSIS_mutexID[i] == 0) {
CMSIS_mutexID[i] = osMutexCreate(CMSIS_mutex[i]) ;
(*m) = CMSIS_mutexID[i] ;
return 0 ;
}
}
return -1 ;
}
int FreeMutex(CyaSSL_Mutex* m)
{
int i ;
osMutexDelete (*m) ;
for (i=0; i<CMSIS_NMUTEX; i++) {
if(CMSIS_mutexID[i] == (*m)) {
CMSIS_mutexID[i] = 0 ;
return(0) ;
}
}
return(-1) ;
}
int LockMutex(CyaSSL_Mutex* m)
{
osMutexWait(*m, osWaitForever) ;
return(0) ;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
osMutexRelease (*m);
return 0;
}
#else
int InitMutex(CyaSSL_Mutex* m)
{
os_mut_init (m);
return 0;
}
int FreeMutex(CyaSSL_Mutex* m)
{
return(0) ;
}
int LockMutex(CyaSSL_Mutex* m)
{
os_mut_wait (m, 0xffff);
return(0) ;
}
int UnLockMutex(CyaSSL_Mutex* m)
{
os_mut_release (m);
return 0;
}
#endif
#endif /* USE_WINDOWS_API */
#endif /* SINGLE_THREADED */

195
cyassl/ctaocrypt/port.h
View File

@@ -1,195 +0,0 @@
/* port.h
*
* Copyright (C) 2006-2014 wolfSSL Inc.
*
* This file is part of CyaSSL.
*
* CyaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* CyaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef CTAO_CRYPT_PORT_H
#define CTAO_CRYPT_PORT_H
#ifdef __cplusplus
extern "C" {
#endif
#ifdef USE_WINDOWS_API
#ifdef CYASSL_GAME_BUILD
#include "system/xtl.h"
#else
#ifndef WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN
#endif
#if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
/* On WinCE winsock2.h must be included before windows.h */
#include <winsock2.h>
#endif
#include <windows.h>
#endif
#elif defined(THREADX)
#ifndef SINGLE_THREADED
#include "tx_api.h"
#endif
#elif defined(MICRIUM)
/* do nothing, just don't pick Unix */
#elif defined(FREERTOS) || defined(CYASSL_SAFERTOS)
/* do nothing */
#elif defined(EBSNET)
/* do nothing */
#elif defined(FREESCALE_MQX)
/* do nothing */
#elif defined(CYASSL_MDK_ARM)
#if defined(CYASSL_MDK5)
#include "cmsis_os.h"
#else
#include <rtl.h>
#endif
#elif defined(CYASSL_CMSIS_RTOS)
#include "cmsis_os.h"
#else
#ifndef SINGLE_THREADED
#define CYASSL_PTHREADS
#include <pthread.h>
#endif
#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
#include <unistd.h> /* for close of BIO */
#endif
#endif
#ifdef SINGLE_THREADED
typedef int CyaSSL_Mutex;
#else /* MULTI_THREADED */
/* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
#ifdef FREERTOS
typedef xSemaphoreHandle CyaSSL_Mutex;
#elif defined(CYASSL_SAFERTOS)
typedef struct CyaSSL_Mutex {
signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
xSemaphoreHandle mutex;
} CyaSSL_Mutex;
#elif defined(USE_WINDOWS_API)
typedef CRITICAL_SECTION CyaSSL_Mutex;
#elif defined(CYASSL_PTHREADS)
typedef pthread_mutex_t CyaSSL_Mutex;
#elif defined(THREADX)
typedef TX_MUTEX CyaSSL_Mutex;
#elif defined(MICRIUM)
typedef OS_MUTEX CyaSSL_Mutex;
#elif defined(EBSNET)
typedef RTP_MUTEX CyaSSL_Mutex;
#elif defined(FREESCALE_MQX)
typedef MUTEX_STRUCT CyaSSL_Mutex;
#elif defined(CYASSL_MDK_ARM)
#if defined(CYASSL_CMSIS_RTOS)
typedef osMutexId CyaSSL_Mutex;
#else
typedef OS_MUT CyaSSL_Mutex;
#endif
#elif defined(CYASSL_CMSIS_RTOS)
typedef osMutexId CyaSSL_Mutex;
#else
#error Need a mutex type in multithreaded mode
#endif /* USE_WINDOWS_API */
#endif /* SINGLE_THREADED */
CYASSL_LOCAL int InitMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
/* filesystem abstraction layer, used by ssl.c */
#ifndef NO_FILESYSTEM
#if defined(EBSNET)
#define XFILE int
#define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
#define XFSEEK vf_lseek
#define XFTELL vf_tell
#define XREWIND vf_rewind
#define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
#define XFCLOSE vf_close
#define XSEEK_END VSEEK_END
#define XBADFILE -1
#elif defined(LSR_FS)
#include <fs.h>
#define XFILE struct fs_file*
#define XFOPEN(NAME, MODE) fs_open((char*)NAME);
#define XFSEEK(F, O, W) (void)F
#define XFTELL(F) (F)->len
#define XREWIND(F) (void)F
#define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
#define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
#define XFCLOSE fs_close
#define XSEEK_END 0
#define XBADFILE NULL
#elif defined(FREESCALE_MQX)
#define XFILE MQX_FILE_PTR
#define XFOPEN fopen
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND(F) fseek(F, 0, IO_SEEK_SET)
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END IO_SEEK_END
#define XBADFILE NULL
#elif defined(MICRIUM)
#include <fs.h>
#define XFILE FS_FILE*
#define XFOPEN fs_fopen
#define XFSEEK fs_fseek
#define XFTELL fs_ftell
#define XREWIND fs_rewind
#define XFREAD fs_fread
#define XFWRITE fs_fwrite
#define XFCLOSE fs_fclose
#define XSEEK_END FS_SEEK_END
#define XBADFILE NULL
#else
/* stdio, default case */
#define XFILE FILE*
#if defined(CYASSL_MDK_ARM)
#include <stdio.h>
extern FILE * CyaSSL_fopen(const char *name, const char *mode) ;
#define XFOPEN CyaSSL_fopen
#else
#define XFOPEN fopen
#endif
#define XFSEEK fseek
#define XFTELL ftell
#define XREWIND rewind
#define XFREAD fread
#define XFWRITE fwrite
#define XFCLOSE fclose
#define XSEEK_END SEEK_END
#define XBADFILE NULL
#endif
#endif /* NO_FILESYSTEM */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* CTAO_CRYPT_PORT_H */

8
cyassl/internal.h
View File

@@ -468,7 +468,9 @@ void c32to24(word32 in, word24 out);
#ifdef HAVE_CHACHA #ifdef HAVE_CHACHA
#define CHACHA20_BLOCK_SIZE 16 #define CHACHA20_BLOCK_SIZE 16
#define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#endif #endif
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_CHACHA) #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_CHACHA)
@@ -596,7 +598,9 @@ enum {
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 = 0x13, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x13,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x14,
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x15,
/* Renegotiation Indication Extension Special Suite */ /* Renegotiation Indication Extension Special Suite */
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff

55
src/internal.c
View File

@@ -905,10 +905,24 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
} }
#endif #endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
if (tls && haveRSA) { if (tls && haveRSA) {
suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = CHACHA_BYTE;
suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256; suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
if (tls1_2 && haveECDSAsig) {
suites->suites[idx++] = CHACHA_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256;
}
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
if (tls && haveRSA) {
suites->suites[idx++] = CHACHA_BYTE;
suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
} }
#endif #endif
@@ -3171,12 +3185,25 @@ static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
switch (second) { switch (second) {
case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 : case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
break; break;
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
if (requirement == REQUIRES_ECC_DSA)
return 1;
break;
case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
if (requirement == REQUIRES_RSA)
return 1;
if (requirement == REQUIRES_DHE)
return 1;
break;
} }
} }
/* ECC extensions */ /* ECC extensions */
if (first == ECC_BYTE) { if (first == ECC_BYTE) {
@@ -7671,10 +7698,18 @@ static const char* const cipher_names[] =
"ECDH-ECDSA-AES256-SHA384", "ECDH-ECDSA-AES256-SHA384",
#endif #endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
"ECDHE-RSA-CHACHA20-256-POLY1305-SHA256", "ECDHE-RSA-CHACHA20-256-POLY1305-SHA256",
#endif #endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
"ECDHE-ECDSA-CHACHA20-256-POLY1305-SHA256",
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
"DHE-RSA-CHACHA20-256-POLY1305-SHA256",
#endif
}; };
@@ -8051,8 +8086,16 @@ static int cipher_name_idx[] =
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
#endif #endif
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
#endif #endif
}; };

39
src/keys.c
View File

@@ -53,8 +53,8 @@ int SetCipherSpecs(CYASSL* ssl)
if (ssl->options.cipherSuite0 == CHACHA_BYTE) { if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
switch (ssl->options.cipherSuite) { switch (ssl->options.cipherSuite) {
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256: case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
ssl->specs.bulk_cipher_algorithm = cyassl_chacha; ssl->specs.bulk_cipher_algorithm = cyassl_chacha;
ssl->specs.cipher_type = aead; ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac; ssl->specs.mac_algorithm = sha256_mac;
@@ -71,6 +71,41 @@ int SetCipherSpecs(CYASSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
ssl->specs.bulk_cipher_algorithm = cyassl_chacha;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
ssl->specs.iv_size = CHACHA20_IV_SIZE;
ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
break;
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
ssl->specs.bulk_cipher_algorithm = cyassl_chacha;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = rsa_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = CHACHA20_256_KEY_SIZE;
ssl->specs.block_size = CHACHA20_BLOCK_SIZE;
ssl->specs.iv_size = CHACHA20_IV_SIZE;
ssl->specs.aead_mac_size = POLY1305_AUTH_SZ;
break;
#endif
default: default:
CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha"); CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
return UNSUPPORTED_SUITE; return UNSUPPORTED_SUITE;

13
src/ssl.c
View File

@@ -8371,9 +8371,14 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
switch (cipher->ssl->options.cipherSuite) { switch (cipher->ssl->options.cipherSuite) {
#ifdef HAVE_CHACHA #ifdef HAVE_CHACHA
#ifndef NO_RSA #ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256 : case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_ECDHE_RSA_WITH_CHACHA20_256_POLY1305_SHA256"; return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
#endif #endif
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
#endif #endif
} }
} }
@@ -8525,7 +8530,9 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
} }
} }
#endif /* ECC */ #endif /* ECC */
if (cipher->ssl->options.cipherSuite0 != ECC_BYTE && cipher->ssl->options.cipherSuite0 != CHACHA_BYTE) { if (cipher->ssl->options.cipherSuite0 != ECC_BYTE &&
cipher->ssl->options.cipherSuite0 != CHACHA_BYTE) {
/* normal suites */ /* normal suites */
switch (cipher->ssl->options.cipherSuite) { switch (cipher->ssl->options.cipherSuite) {
#ifndef NO_RSA #ifndef NO_RSA