3 * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
5 * This file is part of CyaSSL.
7 * CyaSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * CyaSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
27 #include <cyassl/internal.h>
28 #include <cyassl/error.h>
34 int SetCipherSpecs(CYASSL* ssl)
38 if (ssl->options.cipherSuite0 == ECC_BYTE) {
40 switch (ssl->options.cipherSuite) {
42 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
43 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
44 ssl->specs.bulk_cipher_algorithm = aes;
45 ssl->specs.cipher_type = block;
46 ssl->specs.mac_algorithm = sha_mac;
47 ssl->specs.kea = ecc_diffie_hellman_kea;
48 ssl->specs.sig_algo = rsa_sa_algo;
49 ssl->specs.hash_size = SHA_DIGEST_SIZE;
50 ssl->specs.pad_size = PAD_SHA;
51 ssl->specs.static_ecdh = 0;
52 ssl->specs.key_size = AES_128_KEY_SIZE;
53 ssl->specs.block_size = AES_BLOCK_SIZE;
54 ssl->specs.iv_size = AES_IV_SIZE;
59 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
60 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
61 ssl->specs.bulk_cipher_algorithm = aes;
62 ssl->specs.cipher_type = block;
63 ssl->specs.mac_algorithm = sha_mac;
64 ssl->specs.kea = ecc_diffie_hellman_kea;
65 ssl->specs.sig_algo = rsa_sa_algo;
66 ssl->specs.hash_size = SHA_DIGEST_SIZE;
67 ssl->specs.pad_size = PAD_SHA;
68 ssl->specs.static_ecdh = 1;
69 ssl->specs.key_size = AES_128_KEY_SIZE;
70 ssl->specs.block_size = AES_BLOCK_SIZE;
71 ssl->specs.iv_size = AES_IV_SIZE;
76 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
77 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
78 ssl->specs.bulk_cipher_algorithm = triple_des;
79 ssl->specs.cipher_type = block;
80 ssl->specs.mac_algorithm = sha_mac;
81 ssl->specs.kea = ecc_diffie_hellman_kea;
82 ssl->specs.sig_algo = rsa_sa_algo;
83 ssl->specs.hash_size = SHA_DIGEST_SIZE;
84 ssl->specs.pad_size = PAD_SHA;
85 ssl->specs.static_ecdh = 0;
86 ssl->specs.key_size = DES3_KEY_SIZE;
87 ssl->specs.block_size = DES_BLOCK_SIZE;
88 ssl->specs.iv_size = DES_IV_SIZE;
93 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
94 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
95 ssl->specs.bulk_cipher_algorithm = triple_des;
96 ssl->specs.cipher_type = block;
97 ssl->specs.mac_algorithm = sha_mac;
98 ssl->specs.kea = ecc_diffie_hellman_kea;
99 ssl->specs.sig_algo = rsa_sa_algo;
100 ssl->specs.hash_size = SHA_DIGEST_SIZE;
101 ssl->specs.pad_size = PAD_SHA;
102 ssl->specs.static_ecdh = 1;
103 ssl->specs.key_size = DES3_KEY_SIZE;
104 ssl->specs.block_size = DES_BLOCK_SIZE;
105 ssl->specs.iv_size = DES_IV_SIZE;
110 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
111 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
112 ssl->specs.bulk_cipher_algorithm = rc4;
113 ssl->specs.cipher_type = stream;
114 ssl->specs.mac_algorithm = sha_mac;
115 ssl->specs.kea = ecc_diffie_hellman_kea;
116 ssl->specs.sig_algo = rsa_sa_algo;
117 ssl->specs.hash_size = SHA_DIGEST_SIZE;
118 ssl->specs.pad_size = PAD_SHA;
119 ssl->specs.static_ecdh = 0;
120 ssl->specs.key_size = RC4_KEY_SIZE;
121 ssl->specs.iv_size = 0;
122 ssl->specs.block_size = 0;
127 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
128 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
129 ssl->specs.bulk_cipher_algorithm = rc4;
130 ssl->specs.cipher_type = stream;
131 ssl->specs.mac_algorithm = sha_mac;
132 ssl->specs.kea = ecc_diffie_hellman_kea;
133 ssl->specs.sig_algo = rsa_sa_algo;
134 ssl->specs.hash_size = SHA_DIGEST_SIZE;
135 ssl->specs.pad_size = PAD_SHA;
136 ssl->specs.static_ecdh = 1;
137 ssl->specs.key_size = RC4_KEY_SIZE;
138 ssl->specs.iv_size = 0;
139 ssl->specs.block_size = 0;
144 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
145 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
146 ssl->specs.bulk_cipher_algorithm = triple_des;
147 ssl->specs.cipher_type = block;
148 ssl->specs.mac_algorithm = sha_mac;
149 ssl->specs.kea = ecc_diffie_hellman_kea;
150 ssl->specs.sig_algo = ecc_dsa_sa_algo;
151 ssl->specs.hash_size = SHA_DIGEST_SIZE;
152 ssl->specs.pad_size = PAD_SHA;
153 ssl->specs.static_ecdh = 0;
154 ssl->specs.key_size = DES3_KEY_SIZE;
155 ssl->specs.block_size = DES_BLOCK_SIZE;
156 ssl->specs.iv_size = DES_IV_SIZE;
161 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
162 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
163 ssl->specs.bulk_cipher_algorithm = triple_des;
164 ssl->specs.cipher_type = block;
165 ssl->specs.mac_algorithm = sha_mac;
166 ssl->specs.kea = ecc_diffie_hellman_kea;
167 ssl->specs.sig_algo = ecc_dsa_sa_algo;
168 ssl->specs.hash_size = SHA_DIGEST_SIZE;
169 ssl->specs.pad_size = PAD_SHA;
170 ssl->specs.static_ecdh = 1;
171 ssl->specs.key_size = DES3_KEY_SIZE;
172 ssl->specs.block_size = DES_BLOCK_SIZE;
173 ssl->specs.iv_size = DES_IV_SIZE;
178 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
179 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
180 ssl->specs.bulk_cipher_algorithm = rc4;
181 ssl->specs.cipher_type = stream;
182 ssl->specs.mac_algorithm = sha_mac;
183 ssl->specs.kea = ecc_diffie_hellman_kea;
184 ssl->specs.sig_algo = ecc_dsa_sa_algo;
185 ssl->specs.hash_size = SHA_DIGEST_SIZE;
186 ssl->specs.pad_size = PAD_SHA;
187 ssl->specs.static_ecdh = 0;
188 ssl->specs.key_size = RC4_KEY_SIZE;
189 ssl->specs.iv_size = 0;
190 ssl->specs.block_size = 0;
195 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
196 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
197 ssl->specs.bulk_cipher_algorithm = rc4;
198 ssl->specs.cipher_type = stream;
199 ssl->specs.mac_algorithm = sha_mac;
200 ssl->specs.kea = ecc_diffie_hellman_kea;
201 ssl->specs.sig_algo = ecc_dsa_sa_algo;
202 ssl->specs.hash_size = SHA_DIGEST_SIZE;
203 ssl->specs.pad_size = PAD_SHA;
204 ssl->specs.static_ecdh = 1;
205 ssl->specs.key_size = RC4_KEY_SIZE;
206 ssl->specs.iv_size = 0;
207 ssl->specs.block_size = 0;
212 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
213 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
214 ssl->specs.bulk_cipher_algorithm = aes;
215 ssl->specs.cipher_type = block;
216 ssl->specs.mac_algorithm = sha_mac;
217 ssl->specs.kea = ecc_diffie_hellman_kea;
218 ssl->specs.sig_algo = rsa_sa_algo;
219 ssl->specs.hash_size = SHA_DIGEST_SIZE;
220 ssl->specs.pad_size = PAD_SHA;
221 ssl->specs.static_ecdh = 0;
222 ssl->specs.key_size = AES_256_KEY_SIZE;
223 ssl->specs.block_size = AES_BLOCK_SIZE;
224 ssl->specs.iv_size = AES_IV_SIZE;
229 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
230 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
231 ssl->specs.bulk_cipher_algorithm = aes;
232 ssl->specs.cipher_type = block;
233 ssl->specs.mac_algorithm = sha_mac;
234 ssl->specs.kea = ecc_diffie_hellman_kea;
235 ssl->specs.sig_algo = rsa_sa_algo;
236 ssl->specs.hash_size = SHA_DIGEST_SIZE;
237 ssl->specs.pad_size = PAD_SHA;
238 ssl->specs.static_ecdh = 1;
239 ssl->specs.key_size = AES_256_KEY_SIZE;
240 ssl->specs.block_size = AES_BLOCK_SIZE;
241 ssl->specs.iv_size = AES_IV_SIZE;
246 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
247 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
248 ssl->specs.bulk_cipher_algorithm = aes;
249 ssl->specs.cipher_type = block;
250 ssl->specs.mac_algorithm = sha_mac;
251 ssl->specs.kea = ecc_diffie_hellman_kea;
252 ssl->specs.sig_algo = ecc_dsa_sa_algo;
253 ssl->specs.hash_size = SHA_DIGEST_SIZE;
254 ssl->specs.pad_size = PAD_SHA;
255 ssl->specs.static_ecdh = 0;
256 ssl->specs.key_size = AES_128_KEY_SIZE;
257 ssl->specs.block_size = AES_BLOCK_SIZE;
258 ssl->specs.iv_size = AES_IV_SIZE;
263 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
264 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
265 ssl->specs.bulk_cipher_algorithm = aes;
266 ssl->specs.cipher_type = block;
267 ssl->specs.mac_algorithm = sha_mac;
268 ssl->specs.kea = ecc_diffie_hellman_kea;
269 ssl->specs.sig_algo = ecc_dsa_sa_algo;
270 ssl->specs.hash_size = SHA_DIGEST_SIZE;
271 ssl->specs.pad_size = PAD_SHA;
272 ssl->specs.static_ecdh = 1;
273 ssl->specs.key_size = AES_128_KEY_SIZE;
274 ssl->specs.block_size = AES_BLOCK_SIZE;
275 ssl->specs.iv_size = AES_IV_SIZE;
280 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
281 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
282 ssl->specs.bulk_cipher_algorithm = aes;
283 ssl->specs.cipher_type = block;
284 ssl->specs.mac_algorithm = sha_mac;
285 ssl->specs.kea = ecc_diffie_hellman_kea;
286 ssl->specs.sig_algo = ecc_dsa_sa_algo;
287 ssl->specs.hash_size = SHA_DIGEST_SIZE;
288 ssl->specs.pad_size = PAD_SHA;
289 ssl->specs.static_ecdh = 0;
290 ssl->specs.key_size = AES_256_KEY_SIZE;
291 ssl->specs.block_size = AES_BLOCK_SIZE;
292 ssl->specs.iv_size = AES_IV_SIZE;
297 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
298 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
299 ssl->specs.bulk_cipher_algorithm = aes;
300 ssl->specs.cipher_type = block;
301 ssl->specs.mac_algorithm = sha_mac;
302 ssl->specs.kea = ecc_diffie_hellman_kea;
303 ssl->specs.sig_algo = ecc_dsa_sa_algo;
304 ssl->specs.hash_size = SHA_DIGEST_SIZE;
305 ssl->specs.pad_size = PAD_SHA;
306 ssl->specs.static_ecdh = 1;
307 ssl->specs.key_size = AES_256_KEY_SIZE;
308 ssl->specs.block_size = AES_BLOCK_SIZE;
309 ssl->specs.iv_size = AES_IV_SIZE;
314 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
315 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
316 ssl->specs.bulk_cipher_algorithm = aes_gcm;
317 ssl->specs.cipher_type = aead;
318 ssl->specs.mac_algorithm = sha256_mac;
319 ssl->specs.kea = ecc_diffie_hellman_kea;
320 ssl->specs.sig_algo = rsa_sa_algo;
321 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
322 ssl->specs.pad_size = PAD_SHA;
323 ssl->specs.static_ecdh = 0;
324 ssl->specs.key_size = AES_128_KEY_SIZE;
325 ssl->specs.block_size = AES_BLOCK_SIZE;
326 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
331 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
332 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
333 ssl->specs.bulk_cipher_algorithm = aes_gcm;
334 ssl->specs.cipher_type = aead;
335 ssl->specs.mac_algorithm = sha384_mac;
336 ssl->specs.kea = ecc_diffie_hellman_kea;
337 ssl->specs.sig_algo = rsa_sa_algo;
338 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
339 ssl->specs.pad_size = PAD_SHA;
340 ssl->specs.static_ecdh = 0;
341 ssl->specs.key_size = AES_256_KEY_SIZE;
342 ssl->specs.block_size = AES_BLOCK_SIZE;
343 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
348 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
349 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
350 ssl->specs.bulk_cipher_algorithm = aes_gcm;
351 ssl->specs.cipher_type = aead;
352 ssl->specs.mac_algorithm = sha256_mac;
353 ssl->specs.kea = ecc_diffie_hellman_kea;
354 ssl->specs.sig_algo = ecc_dsa_sa_algo;
355 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
356 ssl->specs.pad_size = PAD_SHA;
357 ssl->specs.static_ecdh = 0;
358 ssl->specs.key_size = AES_128_KEY_SIZE;
359 ssl->specs.block_size = AES_BLOCK_SIZE;
360 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
365 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
366 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
367 ssl->specs.bulk_cipher_algorithm = aes_gcm;
368 ssl->specs.cipher_type = aead;
369 ssl->specs.mac_algorithm = sha384_mac;
370 ssl->specs.kea = ecc_diffie_hellman_kea;
371 ssl->specs.sig_algo = ecc_dsa_sa_algo;
372 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
373 ssl->specs.pad_size = PAD_SHA;
374 ssl->specs.static_ecdh = 0;
375 ssl->specs.key_size = AES_256_KEY_SIZE;
376 ssl->specs.block_size = AES_BLOCK_SIZE;
377 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
382 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
383 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
384 ssl->specs.bulk_cipher_algorithm = aes_gcm;
385 ssl->specs.cipher_type = aead;
386 ssl->specs.mac_algorithm = sha256_mac;
387 ssl->specs.kea = ecc_diffie_hellman_kea;
388 ssl->specs.sig_algo = rsa_sa_algo;
389 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
390 ssl->specs.pad_size = PAD_SHA;
391 ssl->specs.static_ecdh = 1;
392 ssl->specs.key_size = AES_128_KEY_SIZE;
393 ssl->specs.block_size = AES_BLOCK_SIZE;
394 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
399 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
400 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
401 ssl->specs.bulk_cipher_algorithm = aes_gcm;
402 ssl->specs.cipher_type = aead;
403 ssl->specs.mac_algorithm = sha384_mac;
404 ssl->specs.kea = ecc_diffie_hellman_kea;
405 ssl->specs.sig_algo = rsa_sa_algo;
406 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
407 ssl->specs.pad_size = PAD_SHA;
408 ssl->specs.static_ecdh = 1;
409 ssl->specs.key_size = AES_256_KEY_SIZE;
410 ssl->specs.block_size = AES_BLOCK_SIZE;
411 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
416 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
417 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
418 ssl->specs.bulk_cipher_algorithm = aes_gcm;
419 ssl->specs.cipher_type = aead;
420 ssl->specs.mac_algorithm = sha256_mac;
421 ssl->specs.kea = ecc_diffie_hellman_kea;
422 ssl->specs.sig_algo = ecc_dsa_sa_algo;
423 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
424 ssl->specs.pad_size = PAD_SHA;
425 ssl->specs.static_ecdh = 1;
426 ssl->specs.key_size = AES_128_KEY_SIZE;
427 ssl->specs.block_size = AES_BLOCK_SIZE;
428 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
433 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
434 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
435 ssl->specs.bulk_cipher_algorithm = aes_gcm;
436 ssl->specs.cipher_type = aead;
437 ssl->specs.mac_algorithm = sha384_mac;
438 ssl->specs.kea = ecc_diffie_hellman_kea;
439 ssl->specs.sig_algo = ecc_dsa_sa_algo;
440 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
441 ssl->specs.pad_size = PAD_SHA;
442 ssl->specs.static_ecdh = 1;
443 ssl->specs.key_size = AES_256_KEY_SIZE;
444 ssl->specs.block_size = AES_BLOCK_SIZE;
445 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
451 CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
452 return UNSUPPORTED_SUITE;
455 #endif /* HAVE_ECC */
456 if (ssl->options.cipherSuite0 != ECC_BYTE) { /* normal suites */
457 switch (ssl->options.cipherSuite) {
459 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
460 case SSL_RSA_WITH_RC4_128_SHA :
461 ssl->specs.bulk_cipher_algorithm = rc4;
462 ssl->specs.cipher_type = stream;
463 ssl->specs.mac_algorithm = sha_mac;
464 ssl->specs.kea = rsa_kea;
465 ssl->specs.hash_size = SHA_DIGEST_SIZE;
466 ssl->specs.pad_size = PAD_SHA;
467 ssl->specs.static_ecdh = 0;
468 ssl->specs.key_size = RC4_KEY_SIZE;
469 ssl->specs.iv_size = 0;
470 ssl->specs.block_size = 0;
475 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
476 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
477 ssl->specs.bulk_cipher_algorithm = rc4;
478 ssl->specs.cipher_type = stream;
479 ssl->specs.mac_algorithm = sha_mac;
480 ssl->specs.kea = ntru_kea;
481 ssl->specs.hash_size = SHA_DIGEST_SIZE;
482 ssl->specs.pad_size = PAD_SHA;
483 ssl->specs.static_ecdh = 0;
484 ssl->specs.key_size = RC4_KEY_SIZE;
485 ssl->specs.iv_size = 0;
486 ssl->specs.block_size = 0;
491 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
492 case SSL_RSA_WITH_RC4_128_MD5 :
493 ssl->specs.bulk_cipher_algorithm = rc4;
494 ssl->specs.cipher_type = stream;
495 ssl->specs.mac_algorithm = md5_mac;
496 ssl->specs.kea = rsa_kea;
497 ssl->specs.hash_size = MD5_DIGEST_SIZE;
498 ssl->specs.pad_size = PAD_MD5;
499 ssl->specs.static_ecdh = 0;
500 ssl->specs.key_size = RC4_KEY_SIZE;
501 ssl->specs.iv_size = 0;
502 ssl->specs.block_size = 0;
507 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
508 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
509 ssl->specs.bulk_cipher_algorithm = triple_des;
510 ssl->specs.cipher_type = block;
511 ssl->specs.mac_algorithm = sha_mac;
512 ssl->specs.kea = rsa_kea;
513 ssl->specs.hash_size = SHA_DIGEST_SIZE;
514 ssl->specs.pad_size = PAD_SHA;
515 ssl->specs.static_ecdh = 0;
516 ssl->specs.key_size = DES3_KEY_SIZE;
517 ssl->specs.block_size = DES_BLOCK_SIZE;
518 ssl->specs.iv_size = DES_IV_SIZE;
523 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
524 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
525 ssl->specs.bulk_cipher_algorithm = triple_des;
526 ssl->specs.cipher_type = block;
527 ssl->specs.mac_algorithm = sha_mac;
528 ssl->specs.kea = ntru_kea;
529 ssl->specs.hash_size = SHA_DIGEST_SIZE;
530 ssl->specs.pad_size = PAD_SHA;
531 ssl->specs.static_ecdh = 0;
532 ssl->specs.key_size = DES3_KEY_SIZE;
533 ssl->specs.block_size = DES_BLOCK_SIZE;
534 ssl->specs.iv_size = DES_IV_SIZE;
539 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
540 case TLS_RSA_WITH_AES_128_CBC_SHA :
541 ssl->specs.bulk_cipher_algorithm = aes;
542 ssl->specs.cipher_type = block;
543 ssl->specs.mac_algorithm = sha_mac;
544 ssl->specs.kea = rsa_kea;
545 ssl->specs.hash_size = SHA_DIGEST_SIZE;
546 ssl->specs.pad_size = PAD_SHA;
547 ssl->specs.static_ecdh = 0;
548 ssl->specs.key_size = AES_128_KEY_SIZE;
549 ssl->specs.block_size = AES_BLOCK_SIZE;
550 ssl->specs.iv_size = AES_IV_SIZE;
555 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
556 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
557 ssl->specs.bulk_cipher_algorithm = aes;
558 ssl->specs.cipher_type = block;
559 ssl->specs.mac_algorithm = sha256_mac;
560 ssl->specs.kea = rsa_kea;
561 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
562 ssl->specs.pad_size = PAD_SHA;
563 ssl->specs.static_ecdh = 0;
564 ssl->specs.key_size = AES_128_KEY_SIZE;
565 ssl->specs.block_size = AES_BLOCK_SIZE;
566 ssl->specs.iv_size = AES_IV_SIZE;
571 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
572 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
573 ssl->specs.bulk_cipher_algorithm = aes;
574 ssl->specs.cipher_type = block;
575 ssl->specs.mac_algorithm = sha_mac;
576 ssl->specs.kea = ntru_kea;
577 ssl->specs.hash_size = SHA_DIGEST_SIZE;
578 ssl->specs.pad_size = PAD_SHA;
579 ssl->specs.static_ecdh = 0;
580 ssl->specs.key_size = AES_128_KEY_SIZE;
581 ssl->specs.block_size = AES_BLOCK_SIZE;
582 ssl->specs.iv_size = AES_IV_SIZE;
587 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
588 case TLS_RSA_WITH_AES_256_CBC_SHA :
589 ssl->specs.bulk_cipher_algorithm = aes;
590 ssl->specs.cipher_type = block;
591 ssl->specs.mac_algorithm = sha_mac;
592 ssl->specs.kea = rsa_kea;
593 ssl->specs.hash_size = SHA_DIGEST_SIZE;
594 ssl->specs.pad_size = PAD_SHA;
595 ssl->specs.static_ecdh = 0;
596 ssl->specs.key_size = AES_256_KEY_SIZE;
597 ssl->specs.block_size = AES_BLOCK_SIZE;
598 ssl->specs.iv_size = AES_IV_SIZE;
603 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
604 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
605 ssl->specs.bulk_cipher_algorithm = aes;
606 ssl->specs.cipher_type = block;
607 ssl->specs.mac_algorithm = sha256_mac;
608 ssl->specs.kea = rsa_kea;
609 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
610 ssl->specs.pad_size = PAD_SHA;
611 ssl->specs.static_ecdh = 0;
612 ssl->specs.key_size = AES_256_KEY_SIZE;
613 ssl->specs.block_size = AES_BLOCK_SIZE;
614 ssl->specs.iv_size = AES_IV_SIZE;
619 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
620 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
621 ssl->specs.bulk_cipher_algorithm = aes;
622 ssl->specs.cipher_type = block;
623 ssl->specs.mac_algorithm = sha_mac;
624 ssl->specs.kea = ntru_kea;
625 ssl->specs.hash_size = SHA_DIGEST_SIZE;
626 ssl->specs.pad_size = PAD_SHA;
627 ssl->specs.static_ecdh = 0;
628 ssl->specs.key_size = AES_256_KEY_SIZE;
629 ssl->specs.block_size = AES_BLOCK_SIZE;
630 ssl->specs.iv_size = AES_IV_SIZE;
635 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
636 case TLS_PSK_WITH_AES_128_CBC_SHA :
637 ssl->specs.bulk_cipher_algorithm = aes;
638 ssl->specs.cipher_type = block;
639 ssl->specs.mac_algorithm = sha_mac;
640 ssl->specs.kea = psk_kea;
641 ssl->specs.hash_size = SHA_DIGEST_SIZE;
642 ssl->specs.pad_size = PAD_SHA;
643 ssl->specs.static_ecdh = 0;
644 ssl->specs.key_size = AES_128_KEY_SIZE;
645 ssl->specs.block_size = AES_BLOCK_SIZE;
646 ssl->specs.iv_size = AES_IV_SIZE;
648 ssl->options.usingPSK_cipher = 1;
652 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
653 case TLS_PSK_WITH_AES_256_CBC_SHA :
654 ssl->specs.bulk_cipher_algorithm = aes;
655 ssl->specs.cipher_type = block;
656 ssl->specs.mac_algorithm = sha_mac;
657 ssl->specs.kea = psk_kea;
658 ssl->specs.hash_size = SHA_DIGEST_SIZE;
659 ssl->specs.pad_size = PAD_SHA;
660 ssl->specs.static_ecdh = 0;
661 ssl->specs.key_size = AES_256_KEY_SIZE;
662 ssl->specs.block_size = AES_BLOCK_SIZE;
663 ssl->specs.iv_size = AES_IV_SIZE;
665 ssl->options.usingPSK_cipher = 1;
669 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
670 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
671 ssl->specs.bulk_cipher_algorithm = aes;
672 ssl->specs.cipher_type = block;
673 ssl->specs.mac_algorithm = sha256_mac;
674 ssl->specs.kea = diffie_hellman_kea;
675 ssl->specs.sig_algo = rsa_sa_algo;
676 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
677 ssl->specs.pad_size = PAD_SHA;
678 ssl->specs.static_ecdh = 0;
679 ssl->specs.key_size = AES_128_KEY_SIZE;
680 ssl->specs.block_size = AES_BLOCK_SIZE;
681 ssl->specs.iv_size = AES_IV_SIZE;
686 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
687 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
688 ssl->specs.bulk_cipher_algorithm = aes;
689 ssl->specs.cipher_type = block;
690 ssl->specs.mac_algorithm = sha256_mac;
691 ssl->specs.kea = diffie_hellman_kea;
692 ssl->specs.sig_algo = rsa_sa_algo;
693 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
694 ssl->specs.pad_size = PAD_SHA;
695 ssl->specs.static_ecdh = 0;
696 ssl->specs.key_size = AES_256_KEY_SIZE;
697 ssl->specs.block_size = AES_BLOCK_SIZE;
698 ssl->specs.iv_size = AES_IV_SIZE;
703 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
704 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
705 ssl->specs.bulk_cipher_algorithm = aes;
706 ssl->specs.cipher_type = block;
707 ssl->specs.mac_algorithm = sha_mac;
708 ssl->specs.kea = diffie_hellman_kea;
709 ssl->specs.sig_algo = rsa_sa_algo;
710 ssl->specs.hash_size = SHA_DIGEST_SIZE;
711 ssl->specs.pad_size = PAD_SHA;
712 ssl->specs.static_ecdh = 0;
713 ssl->specs.key_size = AES_128_KEY_SIZE;
714 ssl->specs.block_size = AES_BLOCK_SIZE;
715 ssl->specs.iv_size = AES_IV_SIZE;
720 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
721 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
722 ssl->specs.bulk_cipher_algorithm = aes;
723 ssl->specs.cipher_type = block;
724 ssl->specs.mac_algorithm = sha_mac;
725 ssl->specs.kea = diffie_hellman_kea;
726 ssl->specs.sig_algo = rsa_sa_algo;
727 ssl->specs.hash_size = SHA_DIGEST_SIZE;
728 ssl->specs.pad_size = PAD_SHA;
729 ssl->specs.static_ecdh = 0;
730 ssl->specs.key_size = AES_256_KEY_SIZE;
731 ssl->specs.block_size = AES_BLOCK_SIZE;
732 ssl->specs.iv_size = AES_IV_SIZE;
737 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
738 case TLS_RSA_WITH_HC_128_CBC_MD5 :
739 ssl->specs.bulk_cipher_algorithm = hc128;
740 ssl->specs.cipher_type = stream;
741 ssl->specs.mac_algorithm = md5_mac;
742 ssl->specs.kea = rsa_kea;
743 ssl->specs.hash_size = MD5_DIGEST_SIZE;
744 ssl->specs.pad_size = PAD_MD5;
745 ssl->specs.static_ecdh = 0;
746 ssl->specs.key_size = HC_128_KEY_SIZE;
747 ssl->specs.block_size = 0;
748 ssl->specs.iv_size = HC_128_IV_SIZE;
753 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
754 case TLS_RSA_WITH_HC_128_CBC_SHA :
755 ssl->specs.bulk_cipher_algorithm = hc128;
756 ssl->specs.cipher_type = stream;
757 ssl->specs.mac_algorithm = sha_mac;
758 ssl->specs.kea = rsa_kea;
759 ssl->specs.hash_size = SHA_DIGEST_SIZE;
760 ssl->specs.pad_size = PAD_SHA;
761 ssl->specs.static_ecdh = 0;
762 ssl->specs.key_size = HC_128_KEY_SIZE;
763 ssl->specs.block_size = 0;
764 ssl->specs.iv_size = HC_128_IV_SIZE;
769 #ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
770 case TLS_RSA_WITH_RABBIT_CBC_SHA :
771 ssl->specs.bulk_cipher_algorithm = rabbit;
772 ssl->specs.cipher_type = stream;
773 ssl->specs.mac_algorithm = sha_mac;
774 ssl->specs.kea = rsa_kea;
775 ssl->specs.hash_size = SHA_DIGEST_SIZE;
776 ssl->specs.pad_size = PAD_SHA;
777 ssl->specs.static_ecdh = 0;
778 ssl->specs.key_size = RABBIT_KEY_SIZE;
779 ssl->specs.block_size = 0;
780 ssl->specs.iv_size = RABBIT_IV_SIZE;
785 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
786 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
787 ssl->specs.bulk_cipher_algorithm = aes_gcm;
788 ssl->specs.cipher_type = aead;
789 ssl->specs.mac_algorithm = sha256_mac;
790 ssl->specs.kea = rsa_kea;
791 ssl->specs.sig_algo = rsa_sa_algo;
792 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
793 ssl->specs.pad_size = PAD_SHA;
794 ssl->specs.static_ecdh = 0;
795 ssl->specs.key_size = AES_128_KEY_SIZE;
796 ssl->specs.block_size = AES_BLOCK_SIZE;
797 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
802 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
803 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
804 ssl->specs.bulk_cipher_algorithm = aes_gcm;
805 ssl->specs.cipher_type = aead;
806 ssl->specs.mac_algorithm = sha384_mac;
807 ssl->specs.kea = rsa_kea;
808 ssl->specs.sig_algo = rsa_sa_algo;
809 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
810 ssl->specs.pad_size = PAD_SHA;
811 ssl->specs.static_ecdh = 0;
812 ssl->specs.key_size = AES_256_KEY_SIZE;
813 ssl->specs.block_size = AES_BLOCK_SIZE;
814 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
819 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
820 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
821 ssl->specs.bulk_cipher_algorithm = aes_gcm;
822 ssl->specs.cipher_type = aead;
823 ssl->specs.mac_algorithm = sha256_mac;
824 ssl->specs.kea = diffie_hellman_kea;
825 ssl->specs.sig_algo = rsa_sa_algo;
826 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
827 ssl->specs.pad_size = PAD_SHA;
828 ssl->specs.static_ecdh = 0;
829 ssl->specs.key_size = AES_128_KEY_SIZE;
830 ssl->specs.block_size = AES_BLOCK_SIZE;
831 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
836 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
837 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
838 ssl->specs.bulk_cipher_algorithm = aes_gcm;
839 ssl->specs.cipher_type = aead;
840 ssl->specs.mac_algorithm = sha384_mac;
841 ssl->specs.kea = diffie_hellman_kea;
842 ssl->specs.sig_algo = rsa_sa_algo;
843 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
844 ssl->specs.pad_size = PAD_SHA;
845 ssl->specs.static_ecdh = 0;
846 ssl->specs.key_size = AES_256_KEY_SIZE;
847 ssl->specs.block_size = AES_BLOCK_SIZE;
848 ssl->specs.iv_size = AES_GCM_IMP_IV_SZ;
854 CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs");
855 return UNSUPPORTED_SUITE;
857 } /* if ECC / Normal suites else */
859 /* set TLS if it hasn't been turned off */
860 if (ssl->version.major == 3 && ssl->version.minor >= 1) {
862 ssl->options.tls = 1;
863 ssl->hmac = TLS_hmac;
864 if (ssl->version.minor >= 2)
865 ssl->options.tls1_1 = 1;
870 if (ssl->options.dtls)
871 ssl->hmac = TLS_hmac;
880 PREFIX = 3, /* up to three letters for master prefix */
881 KEY_PREFIX = 7 /* up to 7 prefix letters for key rounds */
887 /* true or false, zero for error */
888 static int SetPrefix(byte* sha_input, int idx)
892 XMEMCPY(sha_input, "A", 1);
895 XMEMCPY(sha_input, "BB", 2);
898 XMEMCPY(sha_input, "CCC", 3);
901 XMEMCPY(sha_input, "DDDD", 4);
904 XMEMCPY(sha_input, "EEEEE", 5);
907 XMEMCPY(sha_input, "FFFFFF", 6);
910 XMEMCPY(sha_input, "GGGGGGG", 7);
913 CYASSL_MSG("Set Prefix error, bad input");
920 static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
924 word32 sz = specs->key_size;
925 if (specs->bulk_cipher_algorithm == rc4) {
926 if (side == CLIENT_END) {
927 Arc4SetKey(&enc->arc4, keys->client_write_key, sz);
928 Arc4SetKey(&dec->arc4, keys->server_write_key, sz);
931 Arc4SetKey(&enc->arc4, keys->server_write_key, sz);
932 Arc4SetKey(&dec->arc4, keys->client_write_key, sz);
938 if (specs->bulk_cipher_algorithm == hc128) {
939 if (side == CLIENT_END) {
940 Hc128_SetKey(&enc->hc128, keys->client_write_key,
941 keys->client_write_IV);
942 Hc128_SetKey(&dec->hc128, keys->server_write_key,
943 keys->server_write_IV);
946 Hc128_SetKey(&enc->hc128, keys->server_write_key,
947 keys->server_write_IV);
948 Hc128_SetKey(&dec->hc128, keys->client_write_key,
949 keys->client_write_IV);
955 if (specs->bulk_cipher_algorithm == rabbit) {
956 if (side == CLIENT_END) {
957 RabbitSetKey(&enc->rabbit, keys->client_write_key,
958 keys->client_write_IV);
959 RabbitSetKey(&dec->rabbit, keys->server_write_key,
960 keys->server_write_IV);
963 RabbitSetKey(&enc->rabbit, keys->server_write_key,
964 keys->server_write_IV);
965 RabbitSetKey(&dec->rabbit, keys->client_write_key,
966 keys->client_write_IV);
972 if (specs->bulk_cipher_algorithm == triple_des) {
973 if (side == CLIENT_END) {
974 Des3_SetKey(&enc->des3, keys->client_write_key,
975 keys->client_write_IV, DES_ENCRYPTION);
976 Des3_SetKey(&dec->des3, keys->server_write_key,
977 keys->server_write_IV, DES_DECRYPTION);
980 Des3_SetKey(&enc->des3, keys->server_write_key,
981 keys->server_write_IV, DES_ENCRYPTION);
982 Des3_SetKey(&dec->des3, keys->client_write_key,
983 keys->client_write_IV, DES_DECRYPTION);
989 if (specs->bulk_cipher_algorithm == aes) {
990 if (side == CLIENT_END) {
991 AesSetKey(&enc->aes, keys->client_write_key,
992 specs->key_size, keys->client_write_IV,
994 AesSetKey(&dec->aes, keys->server_write_key,
995 specs->key_size, keys->server_write_IV,
999 AesSetKey(&enc->aes, keys->server_write_key,
1000 specs->key_size, keys->server_write_IV,
1002 AesSetKey(&dec->aes, keys->client_write_key,
1003 specs->key_size, keys->client_write_IV,
1010 if (specs->bulk_cipher_algorithm == aes_gcm) {
1011 if (side == CLIENT_END) {
1012 AesGcmSetKey(&enc->aes, keys->client_write_key, specs->key_size,
1013 keys->client_write_IV);
1014 AesGcmSetKey(&dec->aes, keys->server_write_key, specs->key_size,
1015 keys->server_write_IV);
1018 AesGcmSetKey(&enc->aes, keys->server_write_key, specs->key_size,
1019 keys->server_write_IV);
1020 AesGcmSetKey(&dec->aes, keys->client_write_key, specs->key_size,
1021 keys->client_write_IV);
1026 keys->sequence_number = 0;
1027 keys->peer_sequence_number = 0;
1028 keys->encryptionOn = 0;
1034 /* TLS can call too */
1035 int StoreKeys(CYASSL* ssl, const byte* keyData)
1039 if (ssl->specs.cipher_type != aead) {
1040 sz = ssl->specs.hash_size;
1041 XMEMCPY(ssl->keys.client_write_MAC_secret,&keyData[i], sz);
1043 XMEMCPY(ssl->keys.server_write_MAC_secret,&keyData[i], sz);
1047 else if (ssl->specs.bulk_cipher_algorithm == aes_gcm) {
1048 byte iv[AES_GCM_EXP_IV_SZ];
1050 /* Initialize the AES-GCM explicit IV to a random number. */
1051 RNG_GenerateBlock(&ssl->rng, iv, sizeof(iv));
1052 AesGcmSetExpIV(&ssl->encrypt.aes, iv);
1056 sz = ssl->specs.key_size;
1057 XMEMCPY(ssl->keys.client_write_key, &keyData[i], sz);
1059 XMEMCPY(ssl->keys.server_write_key, &keyData[i], sz);
1062 sz = ssl->specs.iv_size;
1063 XMEMCPY(ssl->keys.client_write_IV, &keyData[i], sz);
1065 XMEMCPY(ssl->keys.server_write_IV, &keyData[i], sz);
1067 return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs,
1072 int DeriveKeys(CYASSL* ssl)
1074 int length = 2 * ssl->specs.hash_size +
1075 2 * ssl->specs.key_size +
1076 2 * ssl->specs.iv_size;
1077 int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
1079 byte shaOutput[SHA_DIGEST_SIZE];
1080 byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE];
1081 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
1086 byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE]; /* max size */
1091 XMEMCPY(md5Input, ssl->arrays.masterSecret, SECRET_LEN);
1093 for (i = 0; i < rounds; ++i) {
1097 if (!SetPrefix(shaInput, i)) {
1098 return PREFIX_ERROR;
1101 XMEMCPY(shaInput + idx, ssl->arrays.masterSecret, SECRET_LEN);
1103 XMEMCPY(shaInput + idx, ssl->arrays.serverRandom, RAN_LEN);
1105 XMEMCPY(shaInput + idx, ssl->arrays.clientRandom, RAN_LEN);
1108 ShaUpdate(&sha, shaInput, sizeof(shaInput) - KEY_PREFIX + j);
1109 ShaFinal(&sha, shaOutput);
1111 XMEMCPY(&md5Input[SECRET_LEN], shaOutput, SHA_DIGEST_SIZE);
1112 Md5Update(&md5, md5Input, sizeof(md5Input));
1113 Md5Final(&md5, keyData + i * MD5_DIGEST_SIZE);
1116 return StoreKeys(ssl, keyData);
1120 static void CleanPreMaster(CYASSL* ssl)
1122 int i, sz = ssl->arrays.preMasterSz;
1124 for (i = 0; i < sz; i++)
1125 ssl->arrays.preMasterSecret[i] = 0;
1127 RNG_GenerateBlock(&ssl->rng, ssl->arrays.preMasterSecret, sz);
1129 for (i = 0; i < sz; i++)
1130 ssl->arrays.preMasterSecret[i] = 0;
1135 /* Create and store the master secret see page 32, 6.1 */
1136 int MakeMasterSecret(CYASSL* ssl)
1138 byte shaOutput[SHA_DIGEST_SIZE];
1139 byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
1140 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
1143 word32 pmsSz = ssl->arrays.preMasterSz;
1151 printf("pre master secret: ");
1152 for (j = 0; j < pmsSz; j++)
1153 printf("%02x", ssl->arrays.preMasterSecret[j]);
1159 if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
1165 XMEMCPY(md5Input, ssl->arrays.preMasterSecret, pmsSz);
1167 for (i = 0; i < MASTER_ROUNDS; ++i) {
1168 byte prefix[PREFIX];
1169 if (!SetPrefix(prefix, i)) {
1170 return PREFIX_ERROR;
1174 XMEMCPY(shaInput, prefix, i + 1);
1177 XMEMCPY(shaInput + idx, ssl->arrays.preMasterSecret, pmsSz);
1179 XMEMCPY(shaInput + idx, ssl->arrays.clientRandom, RAN_LEN);
1181 XMEMCPY(shaInput + idx, ssl->arrays.serverRandom, RAN_LEN);
1183 ShaUpdate(&sha, shaInput, idx);
1184 ShaFinal(&sha, shaOutput);
1186 idx = pmsSz; /* preSz */
1187 XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
1188 idx += SHA_DIGEST_SIZE;
1189 Md5Update(&md5, md5Input, idx);
1190 Md5Final(&md5, &ssl->arrays.masterSecret[i * MD5_DIGEST_SIZE]);
1196 printf("master secret: ");
1197 for (i = 0; i < SECRET_LEN; i++)
1198 printf("%02x", ssl->arrays.masterSecret[i]);
1203 ret = DeriveKeys(ssl);
1204 CleanPreMaster(ssl);