3 * Copyright (C) 2006-2014 wolfSSL Inc.
5 * This file is part of CyaSSL.
7 * CyaSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * CyaSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
27 #include <cyassl/ctaocrypt/settings.h>
29 #include <cyassl/internal.h>
30 #include <cyassl/error-ssl.h>
40 int SetCipherSpecs(CYASSL* ssl)
42 #ifndef NO_CYASSL_CLIENT
43 if (ssl->options.side == CYASSL_CLIENT_END) {
44 /* server side verified before SetCipherSpecs call */
45 if (VerifyClientSuite(ssl) != 1) {
46 CYASSL_MSG("SetCipherSpecs() client has an unusuable suite");
47 return UNSUPPORTED_SUITE;
50 #endif /* NO_CYASSL_CLIENT */
52 /* ECC extensions, or AES-CCM */
53 if (ssl->options.cipherSuite0 == ECC_BYTE) {
55 switch (ssl->options.cipherSuite) {
59 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
60 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
61 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
62 ssl->specs.cipher_type = block;
63 ssl->specs.mac_algorithm = sha256_mac;
64 ssl->specs.kea = ecc_diffie_hellman_kea;
65 ssl->specs.sig_algo = rsa_sa_algo;
66 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
67 ssl->specs.pad_size = PAD_SHA;
68 ssl->specs.static_ecdh = 0;
69 ssl->specs.key_size = AES_128_KEY_SIZE;
70 ssl->specs.iv_size = AES_IV_SIZE;
71 ssl->specs.block_size = AES_BLOCK_SIZE;
75 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
76 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
77 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
78 ssl->specs.cipher_type = block;
79 ssl->specs.mac_algorithm = sha256_mac;
80 ssl->specs.kea = ecc_diffie_hellman_kea;
81 ssl->specs.sig_algo = ecc_dsa_sa_algo;
82 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
83 ssl->specs.pad_size = PAD_SHA;
84 ssl->specs.static_ecdh = 0;
85 ssl->specs.key_size = AES_128_KEY_SIZE;
86 ssl->specs.iv_size = AES_IV_SIZE;
87 ssl->specs.block_size = AES_BLOCK_SIZE;
91 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
92 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
93 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
94 ssl->specs.cipher_type = block;
95 ssl->specs.mac_algorithm = sha256_mac;
96 ssl->specs.kea = ecc_diffie_hellman_kea;
97 ssl->specs.sig_algo = rsa_sa_algo;
98 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
99 ssl->specs.pad_size = PAD_SHA;
100 ssl->specs.static_ecdh = 1;
101 ssl->specs.key_size = AES_128_KEY_SIZE;
102 ssl->specs.iv_size = AES_IV_SIZE;
103 ssl->specs.block_size = AES_BLOCK_SIZE;
107 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
108 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
109 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
110 ssl->specs.cipher_type = block;
111 ssl->specs.mac_algorithm = sha256_mac;
112 ssl->specs.kea = ecc_diffie_hellman_kea;
113 ssl->specs.sig_algo = ecc_dsa_sa_algo;
114 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
115 ssl->specs.pad_size = PAD_SHA;
116 ssl->specs.static_ecdh = 1;
117 ssl->specs.key_size = AES_128_KEY_SIZE;
118 ssl->specs.iv_size = AES_IV_SIZE;
119 ssl->specs.block_size = AES_BLOCK_SIZE;
123 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
124 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
125 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
126 ssl->specs.cipher_type = block;
127 ssl->specs.mac_algorithm = sha384_mac;
128 ssl->specs.kea = ecc_diffie_hellman_kea;
129 ssl->specs.sig_algo = rsa_sa_algo;
130 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
131 ssl->specs.pad_size = PAD_SHA;
132 ssl->specs.static_ecdh = 0;
133 ssl->specs.key_size = AES_256_KEY_SIZE;
134 ssl->specs.iv_size = AES_IV_SIZE;
135 ssl->specs.block_size = AES_BLOCK_SIZE;
139 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
140 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
141 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
142 ssl->specs.cipher_type = block;
143 ssl->specs.mac_algorithm = sha384_mac;
144 ssl->specs.kea = ecc_diffie_hellman_kea;
145 ssl->specs.sig_algo = ecc_dsa_sa_algo;
146 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
147 ssl->specs.pad_size = PAD_SHA;
148 ssl->specs.static_ecdh = 0;
149 ssl->specs.key_size = AES_256_KEY_SIZE;
150 ssl->specs.iv_size = AES_IV_SIZE;
151 ssl->specs.block_size = AES_BLOCK_SIZE;
155 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
156 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
157 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
158 ssl->specs.cipher_type = block;
159 ssl->specs.mac_algorithm = sha384_mac;
160 ssl->specs.kea = ecc_diffie_hellman_kea;
161 ssl->specs.sig_algo = rsa_sa_algo;
162 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
163 ssl->specs.pad_size = PAD_SHA;
164 ssl->specs.static_ecdh = 1;
165 ssl->specs.key_size = AES_256_KEY_SIZE;
166 ssl->specs.iv_size = AES_IV_SIZE;
167 ssl->specs.block_size = AES_BLOCK_SIZE;
171 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
172 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
173 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
174 ssl->specs.cipher_type = block;
175 ssl->specs.mac_algorithm = sha384_mac;
176 ssl->specs.kea = ecc_diffie_hellman_kea;
177 ssl->specs.sig_algo = ecc_dsa_sa_algo;
178 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
179 ssl->specs.pad_size = PAD_SHA;
180 ssl->specs.static_ecdh = 1;
181 ssl->specs.key_size = AES_256_KEY_SIZE;
182 ssl->specs.iv_size = AES_IV_SIZE;
183 ssl->specs.block_size = AES_BLOCK_SIZE;
187 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
188 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
189 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
190 ssl->specs.cipher_type = block;
191 ssl->specs.mac_algorithm = sha_mac;
192 ssl->specs.kea = ecc_diffie_hellman_kea;
193 ssl->specs.sig_algo = rsa_sa_algo;
194 ssl->specs.hash_size = SHA_DIGEST_SIZE;
195 ssl->specs.pad_size = PAD_SHA;
196 ssl->specs.static_ecdh = 0;
197 ssl->specs.key_size = AES_128_KEY_SIZE;
198 ssl->specs.block_size = AES_BLOCK_SIZE;
199 ssl->specs.iv_size = AES_IV_SIZE;
204 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
205 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
206 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
207 ssl->specs.cipher_type = block;
208 ssl->specs.mac_algorithm = sha_mac;
209 ssl->specs.kea = ecc_diffie_hellman_kea;
210 ssl->specs.sig_algo = rsa_sa_algo;
211 ssl->specs.hash_size = SHA_DIGEST_SIZE;
212 ssl->specs.pad_size = PAD_SHA;
213 ssl->specs.static_ecdh = 1;
214 ssl->specs.key_size = AES_128_KEY_SIZE;
215 ssl->specs.block_size = AES_BLOCK_SIZE;
216 ssl->specs.iv_size = AES_IV_SIZE;
221 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
222 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
223 ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
224 ssl->specs.cipher_type = block;
225 ssl->specs.mac_algorithm = sha_mac;
226 ssl->specs.kea = ecc_diffie_hellman_kea;
227 ssl->specs.sig_algo = rsa_sa_algo;
228 ssl->specs.hash_size = SHA_DIGEST_SIZE;
229 ssl->specs.pad_size = PAD_SHA;
230 ssl->specs.static_ecdh = 0;
231 ssl->specs.key_size = DES3_KEY_SIZE;
232 ssl->specs.block_size = DES_BLOCK_SIZE;
233 ssl->specs.iv_size = DES_IV_SIZE;
238 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
239 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
240 ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
241 ssl->specs.cipher_type = block;
242 ssl->specs.mac_algorithm = sha_mac;
243 ssl->specs.kea = ecc_diffie_hellman_kea;
244 ssl->specs.sig_algo = rsa_sa_algo;
245 ssl->specs.hash_size = SHA_DIGEST_SIZE;
246 ssl->specs.pad_size = PAD_SHA;
247 ssl->specs.static_ecdh = 1;
248 ssl->specs.key_size = DES3_KEY_SIZE;
249 ssl->specs.block_size = DES_BLOCK_SIZE;
250 ssl->specs.iv_size = DES_IV_SIZE;
255 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
256 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
257 ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
258 ssl->specs.cipher_type = stream;
259 ssl->specs.mac_algorithm = sha_mac;
260 ssl->specs.kea = ecc_diffie_hellman_kea;
261 ssl->specs.sig_algo = rsa_sa_algo;
262 ssl->specs.hash_size = SHA_DIGEST_SIZE;
263 ssl->specs.pad_size = PAD_SHA;
264 ssl->specs.static_ecdh = 0;
265 ssl->specs.key_size = RC4_KEY_SIZE;
266 ssl->specs.iv_size = 0;
267 ssl->specs.block_size = 0;
272 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
273 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
274 ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
275 ssl->specs.cipher_type = stream;
276 ssl->specs.mac_algorithm = sha_mac;
277 ssl->specs.kea = ecc_diffie_hellman_kea;
278 ssl->specs.sig_algo = rsa_sa_algo;
279 ssl->specs.hash_size = SHA_DIGEST_SIZE;
280 ssl->specs.pad_size = PAD_SHA;
281 ssl->specs.static_ecdh = 1;
282 ssl->specs.key_size = RC4_KEY_SIZE;
283 ssl->specs.iv_size = 0;
284 ssl->specs.block_size = 0;
289 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
290 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
291 ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
292 ssl->specs.cipher_type = block;
293 ssl->specs.mac_algorithm = sha_mac;
294 ssl->specs.kea = ecc_diffie_hellman_kea;
295 ssl->specs.sig_algo = ecc_dsa_sa_algo;
296 ssl->specs.hash_size = SHA_DIGEST_SIZE;
297 ssl->specs.pad_size = PAD_SHA;
298 ssl->specs.static_ecdh = 0;
299 ssl->specs.key_size = DES3_KEY_SIZE;
300 ssl->specs.block_size = DES_BLOCK_SIZE;
301 ssl->specs.iv_size = DES_IV_SIZE;
306 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
307 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
308 ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
309 ssl->specs.cipher_type = block;
310 ssl->specs.mac_algorithm = sha_mac;
311 ssl->specs.kea = ecc_diffie_hellman_kea;
312 ssl->specs.sig_algo = ecc_dsa_sa_algo;
313 ssl->specs.hash_size = SHA_DIGEST_SIZE;
314 ssl->specs.pad_size = PAD_SHA;
315 ssl->specs.static_ecdh = 1;
316 ssl->specs.key_size = DES3_KEY_SIZE;
317 ssl->specs.block_size = DES_BLOCK_SIZE;
318 ssl->specs.iv_size = DES_IV_SIZE;
323 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
324 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
325 ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
326 ssl->specs.cipher_type = stream;
327 ssl->specs.mac_algorithm = sha_mac;
328 ssl->specs.kea = ecc_diffie_hellman_kea;
329 ssl->specs.sig_algo = ecc_dsa_sa_algo;
330 ssl->specs.hash_size = SHA_DIGEST_SIZE;
331 ssl->specs.pad_size = PAD_SHA;
332 ssl->specs.static_ecdh = 0;
333 ssl->specs.key_size = RC4_KEY_SIZE;
334 ssl->specs.iv_size = 0;
335 ssl->specs.block_size = 0;
340 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
341 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
342 ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
343 ssl->specs.cipher_type = stream;
344 ssl->specs.mac_algorithm = sha_mac;
345 ssl->specs.kea = ecc_diffie_hellman_kea;
346 ssl->specs.sig_algo = ecc_dsa_sa_algo;
347 ssl->specs.hash_size = SHA_DIGEST_SIZE;
348 ssl->specs.pad_size = PAD_SHA;
349 ssl->specs.static_ecdh = 1;
350 ssl->specs.key_size = RC4_KEY_SIZE;
351 ssl->specs.iv_size = 0;
352 ssl->specs.block_size = 0;
357 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
358 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
359 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
360 ssl->specs.cipher_type = block;
361 ssl->specs.mac_algorithm = sha_mac;
362 ssl->specs.kea = ecc_diffie_hellman_kea;
363 ssl->specs.sig_algo = rsa_sa_algo;
364 ssl->specs.hash_size = SHA_DIGEST_SIZE;
365 ssl->specs.pad_size = PAD_SHA;
366 ssl->specs.static_ecdh = 0;
367 ssl->specs.key_size = AES_256_KEY_SIZE;
368 ssl->specs.block_size = AES_BLOCK_SIZE;
369 ssl->specs.iv_size = AES_IV_SIZE;
374 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
375 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
376 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
377 ssl->specs.cipher_type = block;
378 ssl->specs.mac_algorithm = sha_mac;
379 ssl->specs.kea = ecc_diffie_hellman_kea;
380 ssl->specs.sig_algo = rsa_sa_algo;
381 ssl->specs.hash_size = SHA_DIGEST_SIZE;
382 ssl->specs.pad_size = PAD_SHA;
383 ssl->specs.static_ecdh = 1;
384 ssl->specs.key_size = AES_256_KEY_SIZE;
385 ssl->specs.block_size = AES_BLOCK_SIZE;
386 ssl->specs.iv_size = AES_IV_SIZE;
391 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
392 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
393 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
394 ssl->specs.cipher_type = block;
395 ssl->specs.mac_algorithm = sha_mac;
396 ssl->specs.kea = ecc_diffie_hellman_kea;
397 ssl->specs.sig_algo = ecc_dsa_sa_algo;
398 ssl->specs.hash_size = SHA_DIGEST_SIZE;
399 ssl->specs.pad_size = PAD_SHA;
400 ssl->specs.static_ecdh = 0;
401 ssl->specs.key_size = AES_128_KEY_SIZE;
402 ssl->specs.block_size = AES_BLOCK_SIZE;
403 ssl->specs.iv_size = AES_IV_SIZE;
408 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
409 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
410 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
411 ssl->specs.cipher_type = block;
412 ssl->specs.mac_algorithm = sha_mac;
413 ssl->specs.kea = ecc_diffie_hellman_kea;
414 ssl->specs.sig_algo = ecc_dsa_sa_algo;
415 ssl->specs.hash_size = SHA_DIGEST_SIZE;
416 ssl->specs.pad_size = PAD_SHA;
417 ssl->specs.static_ecdh = 1;
418 ssl->specs.key_size = AES_128_KEY_SIZE;
419 ssl->specs.block_size = AES_BLOCK_SIZE;
420 ssl->specs.iv_size = AES_IV_SIZE;
425 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
426 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
427 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
428 ssl->specs.cipher_type = block;
429 ssl->specs.mac_algorithm = sha_mac;
430 ssl->specs.kea = ecc_diffie_hellman_kea;
431 ssl->specs.sig_algo = ecc_dsa_sa_algo;
432 ssl->specs.hash_size = SHA_DIGEST_SIZE;
433 ssl->specs.pad_size = PAD_SHA;
434 ssl->specs.static_ecdh = 0;
435 ssl->specs.key_size = AES_256_KEY_SIZE;
436 ssl->specs.block_size = AES_BLOCK_SIZE;
437 ssl->specs.iv_size = AES_IV_SIZE;
442 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
443 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
444 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
445 ssl->specs.cipher_type = block;
446 ssl->specs.mac_algorithm = sha_mac;
447 ssl->specs.kea = ecc_diffie_hellman_kea;
448 ssl->specs.sig_algo = ecc_dsa_sa_algo;
449 ssl->specs.hash_size = SHA_DIGEST_SIZE;
450 ssl->specs.pad_size = PAD_SHA;
451 ssl->specs.static_ecdh = 1;
452 ssl->specs.key_size = AES_256_KEY_SIZE;
453 ssl->specs.block_size = AES_BLOCK_SIZE;
454 ssl->specs.iv_size = AES_IV_SIZE;
459 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
460 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
461 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
462 ssl->specs.cipher_type = aead;
463 ssl->specs.mac_algorithm = sha256_mac;
464 ssl->specs.kea = ecc_diffie_hellman_kea;
465 ssl->specs.sig_algo = rsa_sa_algo;
466 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
467 ssl->specs.pad_size = PAD_SHA;
468 ssl->specs.static_ecdh = 0;
469 ssl->specs.key_size = AES_128_KEY_SIZE;
470 ssl->specs.block_size = AES_BLOCK_SIZE;
471 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
472 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
477 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
478 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
479 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
480 ssl->specs.cipher_type = aead;
481 ssl->specs.mac_algorithm = sha384_mac;
482 ssl->specs.kea = ecc_diffie_hellman_kea;
483 ssl->specs.sig_algo = rsa_sa_algo;
484 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
485 ssl->specs.pad_size = PAD_SHA;
486 ssl->specs.static_ecdh = 0;
487 ssl->specs.key_size = AES_256_KEY_SIZE;
488 ssl->specs.block_size = AES_BLOCK_SIZE;
489 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
490 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
495 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
496 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
497 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
498 ssl->specs.cipher_type = aead;
499 ssl->specs.mac_algorithm = sha256_mac;
500 ssl->specs.kea = ecc_diffie_hellman_kea;
501 ssl->specs.sig_algo = ecc_dsa_sa_algo;
502 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
503 ssl->specs.pad_size = PAD_SHA;
504 ssl->specs.static_ecdh = 0;
505 ssl->specs.key_size = AES_128_KEY_SIZE;
506 ssl->specs.block_size = AES_BLOCK_SIZE;
507 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
508 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
513 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
514 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
515 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
516 ssl->specs.cipher_type = aead;
517 ssl->specs.mac_algorithm = sha384_mac;
518 ssl->specs.kea = ecc_diffie_hellman_kea;
519 ssl->specs.sig_algo = ecc_dsa_sa_algo;
520 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
521 ssl->specs.pad_size = PAD_SHA;
522 ssl->specs.static_ecdh = 0;
523 ssl->specs.key_size = AES_256_KEY_SIZE;
524 ssl->specs.block_size = AES_BLOCK_SIZE;
525 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
526 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
531 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
532 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
533 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
534 ssl->specs.cipher_type = aead;
535 ssl->specs.mac_algorithm = sha256_mac;
536 ssl->specs.kea = ecc_diffie_hellman_kea;
537 ssl->specs.sig_algo = rsa_sa_algo;
538 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
539 ssl->specs.pad_size = PAD_SHA;
540 ssl->specs.static_ecdh = 1;
541 ssl->specs.key_size = AES_128_KEY_SIZE;
542 ssl->specs.block_size = AES_BLOCK_SIZE;
543 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
544 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
549 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
550 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
551 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
552 ssl->specs.cipher_type = aead;
553 ssl->specs.mac_algorithm = sha384_mac;
554 ssl->specs.kea = ecc_diffie_hellman_kea;
555 ssl->specs.sig_algo = rsa_sa_algo;
556 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
557 ssl->specs.pad_size = PAD_SHA;
558 ssl->specs.static_ecdh = 1;
559 ssl->specs.key_size = AES_256_KEY_SIZE;
560 ssl->specs.block_size = AES_BLOCK_SIZE;
561 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
562 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
567 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
568 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
569 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
570 ssl->specs.cipher_type = aead;
571 ssl->specs.mac_algorithm = sha256_mac;
572 ssl->specs.kea = ecc_diffie_hellman_kea;
573 ssl->specs.sig_algo = ecc_dsa_sa_algo;
574 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
575 ssl->specs.pad_size = PAD_SHA;
576 ssl->specs.static_ecdh = 1;
577 ssl->specs.key_size = AES_128_KEY_SIZE;
578 ssl->specs.block_size = AES_BLOCK_SIZE;
579 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
580 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
585 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
586 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
587 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
588 ssl->specs.cipher_type = aead;
589 ssl->specs.mac_algorithm = sha384_mac;
590 ssl->specs.kea = ecc_diffie_hellman_kea;
591 ssl->specs.sig_algo = ecc_dsa_sa_algo;
592 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
593 ssl->specs.pad_size = PAD_SHA;
594 ssl->specs.static_ecdh = 1;
595 ssl->specs.key_size = AES_256_KEY_SIZE;
596 ssl->specs.block_size = AES_BLOCK_SIZE;
597 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
598 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
603 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
604 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
605 ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
606 ssl->specs.cipher_type = aead;
607 ssl->specs.mac_algorithm = sha256_mac;
608 ssl->specs.kea = ecc_diffie_hellman_kea;
609 ssl->specs.sig_algo = ecc_dsa_sa_algo;
610 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
611 ssl->specs.pad_size = PAD_SHA;
612 ssl->specs.static_ecdh = 0;
613 ssl->specs.key_size = AES_128_KEY_SIZE;
614 ssl->specs.block_size = AES_BLOCK_SIZE;
615 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
616 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
621 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
622 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
623 ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
624 ssl->specs.cipher_type = aead;
625 ssl->specs.mac_algorithm = sha256_mac;
626 ssl->specs.kea = ecc_diffie_hellman_kea;
627 ssl->specs.sig_algo = ecc_dsa_sa_algo;
628 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
629 ssl->specs.pad_size = PAD_SHA;
630 ssl->specs.static_ecdh = 0;
631 ssl->specs.key_size = AES_256_KEY_SIZE;
632 ssl->specs.block_size = AES_BLOCK_SIZE;
633 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
634 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
638 #endif /* HAVE_ECC */
640 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
641 case TLS_RSA_WITH_AES_128_CCM_8 :
642 ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
643 ssl->specs.cipher_type = aead;
644 ssl->specs.mac_algorithm = sha256_mac;
645 ssl->specs.kea = rsa_kea;
646 ssl->specs.sig_algo = rsa_sa_algo;
647 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
648 ssl->specs.pad_size = PAD_SHA;
649 ssl->specs.static_ecdh = 0;
650 ssl->specs.key_size = AES_128_KEY_SIZE;
651 ssl->specs.block_size = AES_BLOCK_SIZE;
652 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
653 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
658 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
659 case TLS_RSA_WITH_AES_256_CCM_8 :
660 ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
661 ssl->specs.cipher_type = aead;
662 ssl->specs.mac_algorithm = sha256_mac;
663 ssl->specs.kea = rsa_kea;
664 ssl->specs.sig_algo = rsa_sa_algo;
665 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
666 ssl->specs.pad_size = PAD_SHA;
667 ssl->specs.static_ecdh = 0;
668 ssl->specs.key_size = AES_256_KEY_SIZE;
669 ssl->specs.block_size = AES_BLOCK_SIZE;
670 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
671 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
676 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
677 case TLS_PSK_WITH_AES_128_CCM_8 :
678 ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
679 ssl->specs.cipher_type = aead;
680 ssl->specs.mac_algorithm = sha256_mac;
681 ssl->specs.kea = psk_kea;
682 ssl->specs.sig_algo = anonymous_sa_algo;
683 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
684 ssl->specs.pad_size = PAD_SHA;
685 ssl->specs.static_ecdh = 0;
686 ssl->specs.key_size = AES_128_KEY_SIZE;
687 ssl->specs.block_size = AES_BLOCK_SIZE;
688 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
689 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
691 ssl->options.usingPSK_cipher = 1;
695 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
696 case TLS_PSK_WITH_AES_256_CCM_8 :
697 ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
698 ssl->specs.cipher_type = aead;
699 ssl->specs.mac_algorithm = sha256_mac;
700 ssl->specs.kea = psk_kea;
701 ssl->specs.sig_algo = anonymous_sa_algo;
702 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
703 ssl->specs.pad_size = PAD_SHA;
704 ssl->specs.static_ecdh = 0;
705 ssl->specs.key_size = AES_256_KEY_SIZE;
706 ssl->specs.block_size = AES_BLOCK_SIZE;
707 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
708 ssl->specs.aead_mac_size = AES_CCM_8_AUTH_SZ;
710 ssl->options.usingPSK_cipher = 1;
714 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
715 case TLS_PSK_WITH_AES_128_CCM :
716 ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
717 ssl->specs.cipher_type = aead;
718 ssl->specs.mac_algorithm = sha256_mac;
719 ssl->specs.kea = psk_kea;
720 ssl->specs.sig_algo = anonymous_sa_algo;
721 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
722 ssl->specs.pad_size = PAD_SHA;
723 ssl->specs.static_ecdh = 0;
724 ssl->specs.key_size = AES_128_KEY_SIZE;
725 ssl->specs.block_size = AES_BLOCK_SIZE;
726 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
727 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
729 ssl->options.usingPSK_cipher = 1;
733 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
734 case TLS_PSK_WITH_AES_256_CCM :
735 ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
736 ssl->specs.cipher_type = aead;
737 ssl->specs.mac_algorithm = sha256_mac;
738 ssl->specs.kea = psk_kea;
739 ssl->specs.sig_algo = anonymous_sa_algo;
740 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
741 ssl->specs.pad_size = PAD_SHA;
742 ssl->specs.static_ecdh = 0;
743 ssl->specs.key_size = AES_256_KEY_SIZE;
744 ssl->specs.block_size = AES_BLOCK_SIZE;
745 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
746 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
748 ssl->options.usingPSK_cipher = 1;
752 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
753 case TLS_DHE_PSK_WITH_AES_128_CCM :
754 ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
755 ssl->specs.cipher_type = aead;
756 ssl->specs.mac_algorithm = sha256_mac;
757 ssl->specs.kea = dhe_psk_kea;
758 ssl->specs.sig_algo = anonymous_sa_algo;
759 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
760 ssl->specs.pad_size = PAD_SHA;
761 ssl->specs.static_ecdh = 0;
762 ssl->specs.key_size = AES_128_KEY_SIZE;
763 ssl->specs.block_size = AES_BLOCK_SIZE;
764 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
765 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
767 ssl->options.usingPSK_cipher = 1;
771 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
772 case TLS_DHE_PSK_WITH_AES_256_CCM :
773 ssl->specs.bulk_cipher_algorithm = cyassl_aes_ccm;
774 ssl->specs.cipher_type = aead;
775 ssl->specs.mac_algorithm = sha256_mac;
776 ssl->specs.kea = dhe_psk_kea;
777 ssl->specs.sig_algo = anonymous_sa_algo;
778 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
779 ssl->specs.pad_size = PAD_SHA;
780 ssl->specs.static_ecdh = 0;
781 ssl->specs.key_size = AES_256_KEY_SIZE;
782 ssl->specs.block_size = AES_BLOCK_SIZE;
783 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
784 ssl->specs.aead_mac_size = AES_CCM_16_AUTH_SZ;
786 ssl->options.usingPSK_cipher = 1;
791 CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
792 return UNSUPPORTED_SUITE;
795 if (ssl->options.cipherSuite0 != ECC_BYTE) { /* normal suites */
796 switch (ssl->options.cipherSuite) {
798 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
799 case SSL_RSA_WITH_RC4_128_SHA :
800 ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
801 ssl->specs.cipher_type = stream;
802 ssl->specs.mac_algorithm = sha_mac;
803 ssl->specs.kea = rsa_kea;
804 ssl->specs.sig_algo = rsa_sa_algo;
805 ssl->specs.hash_size = SHA_DIGEST_SIZE;
806 ssl->specs.pad_size = PAD_SHA;
807 ssl->specs.static_ecdh = 0;
808 ssl->specs.key_size = RC4_KEY_SIZE;
809 ssl->specs.iv_size = 0;
810 ssl->specs.block_size = 0;
815 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
816 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
817 ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
818 ssl->specs.cipher_type = stream;
819 ssl->specs.mac_algorithm = sha_mac;
820 ssl->specs.kea = ntru_kea;
821 ssl->specs.sig_algo = rsa_sa_algo;
822 ssl->specs.hash_size = SHA_DIGEST_SIZE;
823 ssl->specs.pad_size = PAD_SHA;
824 ssl->specs.static_ecdh = 0;
825 ssl->specs.key_size = RC4_KEY_SIZE;
826 ssl->specs.iv_size = 0;
827 ssl->specs.block_size = 0;
832 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
833 case SSL_RSA_WITH_RC4_128_MD5 :
834 ssl->specs.bulk_cipher_algorithm = cyassl_rc4;
835 ssl->specs.cipher_type = stream;
836 ssl->specs.mac_algorithm = md5_mac;
837 ssl->specs.kea = rsa_kea;
838 ssl->specs.sig_algo = rsa_sa_algo;
839 ssl->specs.hash_size = MD5_DIGEST_SIZE;
840 ssl->specs.pad_size = PAD_MD5;
841 ssl->specs.static_ecdh = 0;
842 ssl->specs.key_size = RC4_KEY_SIZE;
843 ssl->specs.iv_size = 0;
844 ssl->specs.block_size = 0;
849 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
850 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
851 ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
852 ssl->specs.cipher_type = block;
853 ssl->specs.mac_algorithm = sha_mac;
854 ssl->specs.kea = rsa_kea;
855 ssl->specs.sig_algo = rsa_sa_algo;
856 ssl->specs.hash_size = SHA_DIGEST_SIZE;
857 ssl->specs.pad_size = PAD_SHA;
858 ssl->specs.static_ecdh = 0;
859 ssl->specs.key_size = DES3_KEY_SIZE;
860 ssl->specs.block_size = DES_BLOCK_SIZE;
861 ssl->specs.iv_size = DES_IV_SIZE;
866 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
867 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
868 ssl->specs.bulk_cipher_algorithm = cyassl_triple_des;
869 ssl->specs.cipher_type = block;
870 ssl->specs.mac_algorithm = sha_mac;
871 ssl->specs.kea = ntru_kea;
872 ssl->specs.sig_algo = rsa_sa_algo;
873 ssl->specs.hash_size = SHA_DIGEST_SIZE;
874 ssl->specs.pad_size = PAD_SHA;
875 ssl->specs.static_ecdh = 0;
876 ssl->specs.key_size = DES3_KEY_SIZE;
877 ssl->specs.block_size = DES_BLOCK_SIZE;
878 ssl->specs.iv_size = DES_IV_SIZE;
883 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
884 case TLS_RSA_WITH_AES_128_CBC_SHA :
885 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
886 ssl->specs.cipher_type = block;
887 ssl->specs.mac_algorithm = sha_mac;
888 ssl->specs.kea = rsa_kea;
889 ssl->specs.sig_algo = rsa_sa_algo;
890 ssl->specs.hash_size = SHA_DIGEST_SIZE;
891 ssl->specs.pad_size = PAD_SHA;
892 ssl->specs.static_ecdh = 0;
893 ssl->specs.key_size = AES_128_KEY_SIZE;
894 ssl->specs.block_size = AES_BLOCK_SIZE;
895 ssl->specs.iv_size = AES_IV_SIZE;
900 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
901 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
902 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
903 ssl->specs.cipher_type = block;
904 ssl->specs.mac_algorithm = sha256_mac;
905 ssl->specs.kea = rsa_kea;
906 ssl->specs.sig_algo = rsa_sa_algo;
907 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
908 ssl->specs.pad_size = PAD_SHA;
909 ssl->specs.static_ecdh = 0;
910 ssl->specs.key_size = AES_128_KEY_SIZE;
911 ssl->specs.block_size = AES_BLOCK_SIZE;
912 ssl->specs.iv_size = AES_IV_SIZE;
917 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
918 case TLS_RSA_WITH_NULL_SHA :
919 ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
920 ssl->specs.cipher_type = stream;
921 ssl->specs.mac_algorithm = sha_mac;
922 ssl->specs.kea = rsa_kea;
923 ssl->specs.sig_algo = rsa_sa_algo;
924 ssl->specs.hash_size = SHA_DIGEST_SIZE;
925 ssl->specs.pad_size = PAD_SHA;
926 ssl->specs.static_ecdh = 0;
927 ssl->specs.key_size = 0;
928 ssl->specs.block_size = 0;
929 ssl->specs.iv_size = 0;
934 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
935 case TLS_RSA_WITH_NULL_SHA256 :
936 ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
937 ssl->specs.cipher_type = stream;
938 ssl->specs.mac_algorithm = sha256_mac;
939 ssl->specs.kea = rsa_kea;
940 ssl->specs.sig_algo = rsa_sa_algo;
941 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
942 ssl->specs.pad_size = PAD_SHA;
943 ssl->specs.static_ecdh = 0;
944 ssl->specs.key_size = 0;
945 ssl->specs.block_size = 0;
946 ssl->specs.iv_size = 0;
951 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
952 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
953 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
954 ssl->specs.cipher_type = block;
955 ssl->specs.mac_algorithm = sha_mac;
956 ssl->specs.kea = ntru_kea;
957 ssl->specs.sig_algo = rsa_sa_algo;
958 ssl->specs.hash_size = SHA_DIGEST_SIZE;
959 ssl->specs.pad_size = PAD_SHA;
960 ssl->specs.static_ecdh = 0;
961 ssl->specs.key_size = AES_128_KEY_SIZE;
962 ssl->specs.block_size = AES_BLOCK_SIZE;
963 ssl->specs.iv_size = AES_IV_SIZE;
968 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
969 case TLS_RSA_WITH_AES_256_CBC_SHA :
970 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
971 ssl->specs.cipher_type = block;
972 ssl->specs.mac_algorithm = sha_mac;
973 ssl->specs.kea = rsa_kea;
974 ssl->specs.sig_algo = rsa_sa_algo;
975 ssl->specs.hash_size = SHA_DIGEST_SIZE;
976 ssl->specs.pad_size = PAD_SHA;
977 ssl->specs.static_ecdh = 0;
978 ssl->specs.key_size = AES_256_KEY_SIZE;
979 ssl->specs.block_size = AES_BLOCK_SIZE;
980 ssl->specs.iv_size = AES_IV_SIZE;
985 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
986 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
987 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
988 ssl->specs.cipher_type = block;
989 ssl->specs.mac_algorithm = sha256_mac;
990 ssl->specs.kea = rsa_kea;
991 ssl->specs.sig_algo = rsa_sa_algo;
992 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
993 ssl->specs.pad_size = PAD_SHA;
994 ssl->specs.static_ecdh = 0;
995 ssl->specs.key_size = AES_256_KEY_SIZE;
996 ssl->specs.block_size = AES_BLOCK_SIZE;
997 ssl->specs.iv_size = AES_IV_SIZE;
1002 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
1003 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
1004 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1005 ssl->specs.cipher_type = block;
1006 ssl->specs.mac_algorithm = sha_mac;
1007 ssl->specs.kea = ntru_kea;
1008 ssl->specs.sig_algo = rsa_sa_algo;
1009 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1010 ssl->specs.pad_size = PAD_SHA;
1011 ssl->specs.static_ecdh = 0;
1012 ssl->specs.key_size = AES_256_KEY_SIZE;
1013 ssl->specs.block_size = AES_BLOCK_SIZE;
1014 ssl->specs.iv_size = AES_IV_SIZE;
1019 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
1020 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
1021 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
1022 ssl->specs.cipher_type = aead;
1023 ssl->specs.mac_algorithm = sha256_mac;
1024 ssl->specs.kea = psk_kea;
1025 ssl->specs.sig_algo = anonymous_sa_algo;
1026 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1027 ssl->specs.pad_size = PAD_SHA;
1028 ssl->specs.static_ecdh = 0;
1029 ssl->specs.key_size = AES_128_KEY_SIZE;
1030 ssl->specs.block_size = AES_BLOCK_SIZE;
1031 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1032 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1034 ssl->options.usingPSK_cipher = 1;
1038 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
1039 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
1040 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
1041 ssl->specs.cipher_type = aead;
1042 ssl->specs.mac_algorithm = sha384_mac;
1043 ssl->specs.kea = psk_kea;
1044 ssl->specs.sig_algo = anonymous_sa_algo;
1045 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1046 ssl->specs.pad_size = PAD_SHA;
1047 ssl->specs.static_ecdh = 0;
1048 ssl->specs.key_size = AES_256_KEY_SIZE;
1049 ssl->specs.block_size = AES_BLOCK_SIZE;
1050 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1051 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1053 ssl->options.usingPSK_cipher = 1;
1057 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1058 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
1059 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
1060 ssl->specs.cipher_type = aead;
1061 ssl->specs.mac_algorithm = sha256_mac;
1062 ssl->specs.kea = dhe_psk_kea;
1063 ssl->specs.sig_algo = anonymous_sa_algo;
1064 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1065 ssl->specs.pad_size = PAD_SHA;
1066 ssl->specs.static_ecdh = 0;
1067 ssl->specs.key_size = AES_128_KEY_SIZE;
1068 ssl->specs.block_size = AES_BLOCK_SIZE;
1069 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1070 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1072 ssl->options.usingPSK_cipher = 1;
1076 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1077 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
1078 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
1079 ssl->specs.cipher_type = aead;
1080 ssl->specs.mac_algorithm = sha384_mac;
1081 ssl->specs.kea = dhe_psk_kea;
1082 ssl->specs.sig_algo = anonymous_sa_algo;
1083 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1084 ssl->specs.pad_size = PAD_SHA;
1085 ssl->specs.static_ecdh = 0;
1086 ssl->specs.key_size = AES_256_KEY_SIZE;
1087 ssl->specs.block_size = AES_BLOCK_SIZE;
1088 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1089 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1091 ssl->options.usingPSK_cipher = 1;
1095 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
1096 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
1097 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1098 ssl->specs.cipher_type = block;
1099 ssl->specs.mac_algorithm = sha256_mac;
1100 ssl->specs.kea = psk_kea;
1101 ssl->specs.sig_algo = anonymous_sa_algo;
1102 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1103 ssl->specs.pad_size = PAD_SHA;
1104 ssl->specs.static_ecdh = 0;
1105 ssl->specs.key_size = AES_128_KEY_SIZE;
1106 ssl->specs.block_size = AES_BLOCK_SIZE;
1107 ssl->specs.iv_size = AES_IV_SIZE;
1109 ssl->options.usingPSK_cipher = 1;
1113 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
1114 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
1115 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1116 ssl->specs.cipher_type = block;
1117 ssl->specs.mac_algorithm = sha384_mac;
1118 ssl->specs.kea = psk_kea;
1119 ssl->specs.sig_algo = anonymous_sa_algo;
1120 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1121 ssl->specs.pad_size = PAD_SHA;
1122 ssl->specs.static_ecdh = 0;
1123 ssl->specs.key_size = AES_256_KEY_SIZE;
1124 ssl->specs.block_size = AES_BLOCK_SIZE;
1125 ssl->specs.iv_size = AES_IV_SIZE;
1127 ssl->options.usingPSK_cipher = 1;
1131 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1132 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
1133 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1134 ssl->specs.cipher_type = block;
1135 ssl->specs.mac_algorithm = sha256_mac;
1136 ssl->specs.kea = dhe_psk_kea;
1137 ssl->specs.sig_algo = anonymous_sa_algo;
1138 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1139 ssl->specs.pad_size = PAD_SHA;
1140 ssl->specs.static_ecdh = 0;
1141 ssl->specs.key_size = AES_128_KEY_SIZE;
1142 ssl->specs.block_size = AES_BLOCK_SIZE;
1143 ssl->specs.iv_size = AES_IV_SIZE;
1145 ssl->options.usingPSK_cipher = 1;
1149 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1150 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
1151 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1152 ssl->specs.cipher_type = block;
1153 ssl->specs.mac_algorithm = sha384_mac;
1154 ssl->specs.kea = dhe_psk_kea;
1155 ssl->specs.sig_algo = anonymous_sa_algo;
1156 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1157 ssl->specs.pad_size = PAD_SHA;
1158 ssl->specs.static_ecdh = 0;
1159 ssl->specs.key_size = AES_256_KEY_SIZE;
1160 ssl->specs.block_size = AES_BLOCK_SIZE;
1161 ssl->specs.iv_size = AES_IV_SIZE;
1163 ssl->options.usingPSK_cipher = 1;
1167 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
1168 case TLS_PSK_WITH_AES_128_CBC_SHA :
1169 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1170 ssl->specs.cipher_type = block;
1171 ssl->specs.mac_algorithm = sha_mac;
1172 ssl->specs.kea = psk_kea;
1173 ssl->specs.sig_algo = anonymous_sa_algo;
1174 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1175 ssl->specs.pad_size = PAD_SHA;
1176 ssl->specs.static_ecdh = 0;
1177 ssl->specs.key_size = AES_128_KEY_SIZE;
1178 ssl->specs.block_size = AES_BLOCK_SIZE;
1179 ssl->specs.iv_size = AES_IV_SIZE;
1181 ssl->options.usingPSK_cipher = 1;
1185 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
1186 case TLS_PSK_WITH_AES_256_CBC_SHA :
1187 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1188 ssl->specs.cipher_type = block;
1189 ssl->specs.mac_algorithm = sha_mac;
1190 ssl->specs.kea = psk_kea;
1191 ssl->specs.sig_algo = anonymous_sa_algo;
1192 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1193 ssl->specs.pad_size = PAD_SHA;
1194 ssl->specs.static_ecdh = 0;
1195 ssl->specs.key_size = AES_256_KEY_SIZE;
1196 ssl->specs.block_size = AES_BLOCK_SIZE;
1197 ssl->specs.iv_size = AES_IV_SIZE;
1199 ssl->options.usingPSK_cipher = 1;
1203 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
1204 case TLS_PSK_WITH_NULL_SHA256 :
1205 ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
1206 ssl->specs.cipher_type = stream;
1207 ssl->specs.mac_algorithm = sha256_mac;
1208 ssl->specs.kea = psk_kea;
1209 ssl->specs.sig_algo = anonymous_sa_algo;
1210 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1211 ssl->specs.pad_size = PAD_SHA;
1212 ssl->specs.static_ecdh = 0;
1213 ssl->specs.key_size = 0;
1214 ssl->specs.block_size = 0;
1215 ssl->specs.iv_size = 0;
1217 ssl->options.usingPSK_cipher = 1;
1221 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
1222 case TLS_PSK_WITH_NULL_SHA384 :
1223 ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
1224 ssl->specs.cipher_type = stream;
1225 ssl->specs.mac_algorithm = sha384_mac;
1226 ssl->specs.kea = psk_kea;
1227 ssl->specs.sig_algo = anonymous_sa_algo;
1228 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1229 ssl->specs.pad_size = PAD_SHA;
1230 ssl->specs.static_ecdh = 0;
1231 ssl->specs.key_size = 0;
1232 ssl->specs.block_size = 0;
1233 ssl->specs.iv_size = 0;
1235 ssl->options.usingPSK_cipher = 1;
1239 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
1240 case TLS_PSK_WITH_NULL_SHA :
1241 ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
1242 ssl->specs.cipher_type = stream;
1243 ssl->specs.mac_algorithm = sha_mac;
1244 ssl->specs.kea = psk_kea;
1245 ssl->specs.sig_algo = anonymous_sa_algo;
1246 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1247 ssl->specs.pad_size = PAD_SHA;
1248 ssl->specs.static_ecdh = 0;
1249 ssl->specs.key_size = 0;
1250 ssl->specs.block_size = 0;
1251 ssl->specs.iv_size = 0;
1253 ssl->options.usingPSK_cipher = 1;
1257 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
1258 case TLS_DHE_PSK_WITH_NULL_SHA256 :
1259 ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
1260 ssl->specs.cipher_type = stream;
1261 ssl->specs.mac_algorithm = sha256_mac;
1262 ssl->specs.kea = dhe_psk_kea;
1263 ssl->specs.sig_algo = anonymous_sa_algo;
1264 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1265 ssl->specs.pad_size = PAD_SHA;
1266 ssl->specs.static_ecdh = 0;
1267 ssl->specs.key_size = 0;
1268 ssl->specs.block_size = 0;
1269 ssl->specs.iv_size = 0;
1271 ssl->options.usingPSK_cipher = 1;
1275 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
1276 case TLS_DHE_PSK_WITH_NULL_SHA384 :
1277 ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
1278 ssl->specs.cipher_type = stream;
1279 ssl->specs.mac_algorithm = sha384_mac;
1280 ssl->specs.kea = dhe_psk_kea;
1281 ssl->specs.sig_algo = anonymous_sa_algo;
1282 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1283 ssl->specs.pad_size = PAD_SHA;
1284 ssl->specs.static_ecdh = 0;
1285 ssl->specs.key_size = 0;
1286 ssl->specs.block_size = 0;
1287 ssl->specs.iv_size = 0;
1289 ssl->options.usingPSK_cipher = 1;
1293 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1294 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
1295 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1296 ssl->specs.cipher_type = block;
1297 ssl->specs.mac_algorithm = sha256_mac;
1298 ssl->specs.kea = diffie_hellman_kea;
1299 ssl->specs.sig_algo = rsa_sa_algo;
1300 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1301 ssl->specs.pad_size = PAD_SHA;
1302 ssl->specs.static_ecdh = 0;
1303 ssl->specs.key_size = AES_128_KEY_SIZE;
1304 ssl->specs.block_size = AES_BLOCK_SIZE;
1305 ssl->specs.iv_size = AES_IV_SIZE;
1310 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1311 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
1312 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1313 ssl->specs.cipher_type = block;
1314 ssl->specs.mac_algorithm = sha256_mac;
1315 ssl->specs.kea = diffie_hellman_kea;
1316 ssl->specs.sig_algo = rsa_sa_algo;
1317 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1318 ssl->specs.pad_size = PAD_SHA;
1319 ssl->specs.static_ecdh = 0;
1320 ssl->specs.key_size = AES_256_KEY_SIZE;
1321 ssl->specs.block_size = AES_BLOCK_SIZE;
1322 ssl->specs.iv_size = AES_IV_SIZE;
1327 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1328 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
1329 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1330 ssl->specs.cipher_type = block;
1331 ssl->specs.mac_algorithm = sha_mac;
1332 ssl->specs.kea = diffie_hellman_kea;
1333 ssl->specs.sig_algo = rsa_sa_algo;
1334 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1335 ssl->specs.pad_size = PAD_SHA;
1336 ssl->specs.static_ecdh = 0;
1337 ssl->specs.key_size = AES_128_KEY_SIZE;
1338 ssl->specs.block_size = AES_BLOCK_SIZE;
1339 ssl->specs.iv_size = AES_IV_SIZE;
1344 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1345 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
1346 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1347 ssl->specs.cipher_type = block;
1348 ssl->specs.mac_algorithm = sha_mac;
1349 ssl->specs.kea = diffie_hellman_kea;
1350 ssl->specs.sig_algo = rsa_sa_algo;
1351 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1352 ssl->specs.pad_size = PAD_SHA;
1353 ssl->specs.static_ecdh = 0;
1354 ssl->specs.key_size = AES_256_KEY_SIZE;
1355 ssl->specs.block_size = AES_BLOCK_SIZE;
1356 ssl->specs.iv_size = AES_IV_SIZE;
1361 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
1362 case TLS_RSA_WITH_HC_128_MD5 :
1363 ssl->specs.bulk_cipher_algorithm = cyassl_hc128;
1364 ssl->specs.cipher_type = stream;
1365 ssl->specs.mac_algorithm = md5_mac;
1366 ssl->specs.kea = rsa_kea;
1367 ssl->specs.sig_algo = rsa_sa_algo;
1368 ssl->specs.hash_size = MD5_DIGEST_SIZE;
1369 ssl->specs.pad_size = PAD_MD5;
1370 ssl->specs.static_ecdh = 0;
1371 ssl->specs.key_size = HC_128_KEY_SIZE;
1372 ssl->specs.block_size = 0;
1373 ssl->specs.iv_size = HC_128_IV_SIZE;
1378 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
1379 case TLS_RSA_WITH_HC_128_SHA :
1380 ssl->specs.bulk_cipher_algorithm = cyassl_hc128;
1381 ssl->specs.cipher_type = stream;
1382 ssl->specs.mac_algorithm = sha_mac;
1383 ssl->specs.kea = rsa_kea;
1384 ssl->specs.sig_algo = rsa_sa_algo;
1385 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1386 ssl->specs.pad_size = PAD_SHA;
1387 ssl->specs.static_ecdh = 0;
1388 ssl->specs.key_size = HC_128_KEY_SIZE;
1389 ssl->specs.block_size = 0;
1390 ssl->specs.iv_size = HC_128_IV_SIZE;
1395 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
1396 case TLS_RSA_WITH_HC_128_B2B256:
1397 ssl->specs.bulk_cipher_algorithm = cyassl_hc128;
1398 ssl->specs.cipher_type = stream;
1399 ssl->specs.mac_algorithm = blake2b_mac;
1400 ssl->specs.kea = rsa_kea;
1401 ssl->specs.sig_algo = rsa_sa_algo;
1402 ssl->specs.hash_size = BLAKE2B_256;
1403 ssl->specs.pad_size = PAD_SHA;
1404 ssl->specs.static_ecdh = 0;
1405 ssl->specs.key_size = HC_128_KEY_SIZE;
1406 ssl->specs.block_size = 0;
1407 ssl->specs.iv_size = HC_128_IV_SIZE;
1412 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
1413 case TLS_RSA_WITH_AES_128_CBC_B2B256:
1414 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1415 ssl->specs.cipher_type = block;
1416 ssl->specs.mac_algorithm = blake2b_mac;
1417 ssl->specs.kea = rsa_kea;
1418 ssl->specs.sig_algo = rsa_sa_algo;
1419 ssl->specs.hash_size = BLAKE2B_256;
1420 ssl->specs.pad_size = PAD_SHA;
1421 ssl->specs.static_ecdh = 0;
1422 ssl->specs.key_size = AES_128_KEY_SIZE;
1423 ssl->specs.iv_size = AES_IV_SIZE;
1424 ssl->specs.block_size = AES_BLOCK_SIZE;
1429 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
1430 case TLS_RSA_WITH_AES_256_CBC_B2B256:
1431 ssl->specs.bulk_cipher_algorithm = cyassl_aes;
1432 ssl->specs.cipher_type = block;
1433 ssl->specs.mac_algorithm = blake2b_mac;
1434 ssl->specs.kea = rsa_kea;
1435 ssl->specs.sig_algo = rsa_sa_algo;
1436 ssl->specs.hash_size = BLAKE2B_256;
1437 ssl->specs.pad_size = PAD_SHA;
1438 ssl->specs.static_ecdh = 0;
1439 ssl->specs.key_size = AES_256_KEY_SIZE;
1440 ssl->specs.iv_size = AES_IV_SIZE;
1441 ssl->specs.block_size = AES_BLOCK_SIZE;
1446 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
1447 case TLS_RSA_WITH_RABBIT_SHA :
1448 ssl->specs.bulk_cipher_algorithm = cyassl_rabbit;
1449 ssl->specs.cipher_type = stream;
1450 ssl->specs.mac_algorithm = sha_mac;
1451 ssl->specs.kea = rsa_kea;
1452 ssl->specs.sig_algo = rsa_sa_algo;
1453 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1454 ssl->specs.pad_size = PAD_SHA;
1455 ssl->specs.static_ecdh = 0;
1456 ssl->specs.key_size = RABBIT_KEY_SIZE;
1457 ssl->specs.block_size = 0;
1458 ssl->specs.iv_size = RABBIT_IV_SIZE;
1463 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
1464 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
1465 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
1466 ssl->specs.cipher_type = aead;
1467 ssl->specs.mac_algorithm = sha256_mac;
1468 ssl->specs.kea = rsa_kea;
1469 ssl->specs.sig_algo = rsa_sa_algo;
1470 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1471 ssl->specs.pad_size = PAD_SHA;
1472 ssl->specs.static_ecdh = 0;
1473 ssl->specs.key_size = AES_128_KEY_SIZE;
1474 ssl->specs.block_size = AES_BLOCK_SIZE;
1475 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1476 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1481 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
1482 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
1483 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
1484 ssl->specs.cipher_type = aead;
1485 ssl->specs.mac_algorithm = sha384_mac;
1486 ssl->specs.kea = rsa_kea;
1487 ssl->specs.sig_algo = rsa_sa_algo;
1488 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1489 ssl->specs.pad_size = PAD_SHA;
1490 ssl->specs.static_ecdh = 0;
1491 ssl->specs.key_size = AES_256_KEY_SIZE;
1492 ssl->specs.block_size = AES_BLOCK_SIZE;
1493 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1494 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1499 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1500 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
1501 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
1502 ssl->specs.cipher_type = aead;
1503 ssl->specs.mac_algorithm = sha256_mac;
1504 ssl->specs.kea = diffie_hellman_kea;
1505 ssl->specs.sig_algo = rsa_sa_algo;
1506 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1507 ssl->specs.pad_size = PAD_SHA;
1508 ssl->specs.static_ecdh = 0;
1509 ssl->specs.key_size = AES_128_KEY_SIZE;
1510 ssl->specs.block_size = AES_BLOCK_SIZE;
1511 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1512 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1517 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1518 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
1519 ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
1520 ssl->specs.cipher_type = aead;
1521 ssl->specs.mac_algorithm = sha384_mac;
1522 ssl->specs.kea = diffie_hellman_kea;
1523 ssl->specs.sig_algo = rsa_sa_algo;
1524 ssl->specs.hash_size = SHA384_DIGEST_SIZE;
1525 ssl->specs.pad_size = PAD_SHA;
1526 ssl->specs.static_ecdh = 0;
1527 ssl->specs.key_size = AES_256_KEY_SIZE;
1528 ssl->specs.block_size = AES_BLOCK_SIZE;
1529 ssl->specs.iv_size = AEAD_IMP_IV_SZ;
1530 ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
1535 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1536 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
1537 ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
1538 ssl->specs.cipher_type = block;
1539 ssl->specs.mac_algorithm = sha_mac;
1540 ssl->specs.kea = rsa_kea;
1541 ssl->specs.sig_algo = rsa_sa_algo;
1542 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1543 ssl->specs.pad_size = PAD_SHA;
1544 ssl->specs.static_ecdh = 0;
1545 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1546 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1547 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1552 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1553 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
1554 ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
1555 ssl->specs.cipher_type = block;
1556 ssl->specs.mac_algorithm = sha_mac;
1557 ssl->specs.kea = rsa_kea;
1558 ssl->specs.sig_algo = rsa_sa_algo;
1559 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1560 ssl->specs.pad_size = PAD_SHA;
1561 ssl->specs.static_ecdh = 0;
1562 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1563 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1564 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1569 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1570 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1571 ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
1572 ssl->specs.cipher_type = block;
1573 ssl->specs.mac_algorithm = sha256_mac;
1574 ssl->specs.kea = rsa_kea;
1575 ssl->specs.sig_algo = rsa_sa_algo;
1576 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1577 ssl->specs.pad_size = PAD_SHA;
1578 ssl->specs.static_ecdh = 0;
1579 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1580 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1581 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1586 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
1587 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
1588 ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
1589 ssl->specs.cipher_type = block;
1590 ssl->specs.mac_algorithm = sha256_mac;
1591 ssl->specs.kea = rsa_kea;
1592 ssl->specs.sig_algo = rsa_sa_algo;
1593 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1594 ssl->specs.pad_size = PAD_SHA;
1595 ssl->specs.static_ecdh = 0;
1596 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1597 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1598 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1603 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
1604 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
1605 ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
1606 ssl->specs.cipher_type = block;
1607 ssl->specs.mac_algorithm = sha_mac;
1608 ssl->specs.kea = diffie_hellman_kea;
1609 ssl->specs.sig_algo = rsa_sa_algo;
1610 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1611 ssl->specs.pad_size = PAD_SHA;
1612 ssl->specs.static_ecdh = 0;
1613 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1614 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1615 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1620 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1621 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
1622 ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
1623 ssl->specs.cipher_type = block;
1624 ssl->specs.mac_algorithm = sha_mac;
1625 ssl->specs.kea = diffie_hellman_kea;
1626 ssl->specs.sig_algo = rsa_sa_algo;
1627 ssl->specs.hash_size = SHA_DIGEST_SIZE;
1628 ssl->specs.pad_size = PAD_SHA;
1629 ssl->specs.static_ecdh = 0;
1630 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1631 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1632 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1637 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1638 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1639 ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
1640 ssl->specs.cipher_type = block;
1641 ssl->specs.mac_algorithm = sha256_mac;
1642 ssl->specs.kea = diffie_hellman_kea;
1643 ssl->specs.sig_algo = rsa_sa_algo;
1644 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1645 ssl->specs.pad_size = PAD_SHA;
1646 ssl->specs.static_ecdh = 0;
1647 ssl->specs.key_size = CAMELLIA_128_KEY_SIZE;
1648 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1649 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1654 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
1655 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
1656 ssl->specs.bulk_cipher_algorithm = cyassl_camellia;
1657 ssl->specs.cipher_type = block;
1658 ssl->specs.mac_algorithm = sha256_mac;
1659 ssl->specs.kea = diffie_hellman_kea;
1660 ssl->specs.sig_algo = rsa_sa_algo;
1661 ssl->specs.hash_size = SHA256_DIGEST_SIZE;
1662 ssl->specs.pad_size = PAD_SHA;
1663 ssl->specs.static_ecdh = 0;
1664 ssl->specs.key_size = CAMELLIA_256_KEY_SIZE;
1665 ssl->specs.block_size = CAMELLIA_BLOCK_SIZE;
1666 ssl->specs.iv_size = CAMELLIA_IV_SIZE;
1672 CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs");
1673 return UNSUPPORTED_SUITE;
1675 } /* if ECC / Normal suites else */
1677 /* set TLS if it hasn't been turned off */
1678 if (ssl->version.major == 3 && ssl->version.minor >= 1) {
1680 ssl->options.tls = 1;
1681 ssl->hmac = TLS_hmac;
1682 if (ssl->version.minor >= 2)
1683 ssl->options.tls1_1 = 1;
1688 if (ssl->options.dtls)
1689 ssl->hmac = TLS_hmac;
1698 PREFIX = 3, /* up to three letters for master prefix */
1699 KEY_PREFIX = 7 /* up to 7 prefix letters for key rounds */
1705 /* true or false, zero for error */
1706 static int SetPrefix(byte* sha_input, int idx)
1710 XMEMCPY(sha_input, "A", 1);
1713 XMEMCPY(sha_input, "BB", 2);
1716 XMEMCPY(sha_input, "CCC", 3);
1719 XMEMCPY(sha_input, "DDDD", 4);
1722 XMEMCPY(sha_input, "EEEEE", 5);
1725 XMEMCPY(sha_input, "FFFFFF", 6);
1728 XMEMCPY(sha_input, "GGGGGGG", 7);
1731 CYASSL_MSG("Set Prefix error, bad input");
1739 static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
1740 byte side, void* heap, int devId)
1743 word32 sz = specs->key_size;
1744 if (specs->bulk_cipher_algorithm == cyassl_rc4) {
1745 if (enc->arc4 == NULL)
1746 enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
1747 if (enc->arc4 == NULL)
1749 if (dec->arc4 == NULL)
1750 dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
1751 if (dec->arc4 == NULL)
1754 if (devId != NO_CAVIUM_DEVICE) {
1755 if (Arc4InitCavium(enc->arc4, devId) != 0) {
1756 CYASSL_MSG("Arc4InitCavium failed in SetKeys");
1757 return CAVIUM_INIT_E;
1759 if (Arc4InitCavium(dec->arc4, devId) != 0) {
1760 CYASSL_MSG("Arc4InitCavium failed in SetKeys");
1761 return CAVIUM_INIT_E;
1765 if (side == CYASSL_CLIENT_END) {
1766 Arc4SetKey(enc->arc4, keys->client_write_key, sz);
1767 Arc4SetKey(dec->arc4, keys->server_write_key, sz);
1770 Arc4SetKey(enc->arc4, keys->server_write_key, sz);
1771 Arc4SetKey(dec->arc4, keys->client_write_key, sz);
1779 if (specs->bulk_cipher_algorithm == cyassl_hc128) {
1781 if (enc->hc128 == NULL)
1783 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
1784 if (enc->hc128 == NULL)
1786 if (dec->hc128 == NULL)
1788 (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
1789 if (dec->hc128 == NULL)
1791 if (side == CYASSL_CLIENT_END) {
1792 hcRet = Hc128_SetKey(enc->hc128, keys->client_write_key,
1793 keys->client_write_IV);
1794 if (hcRet != 0) return hcRet;
1795 hcRet = Hc128_SetKey(dec->hc128, keys->server_write_key,
1796 keys->server_write_IV);
1797 if (hcRet != 0) return hcRet;
1800 hcRet = Hc128_SetKey(enc->hc128, keys->server_write_key,
1801 keys->server_write_IV);
1802 if (hcRet != 0) return hcRet;
1803 hcRet = Hc128_SetKey(dec->hc128, keys->client_write_key,
1804 keys->client_write_IV);
1805 if (hcRet != 0) return hcRet;
1813 if (specs->bulk_cipher_algorithm == cyassl_rabbit) {
1815 if (enc->rabbit == NULL)
1817 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
1818 if (enc->rabbit == NULL)
1820 if (dec->rabbit == NULL)
1822 (Rabbit*)XMALLOC(sizeof(Rabbit), heap, DYNAMIC_TYPE_CIPHER);
1823 if (dec->rabbit == NULL)
1825 if (side == CYASSL_CLIENT_END) {
1826 rabRet = RabbitSetKey(enc->rabbit, keys->client_write_key,
1827 keys->client_write_IV);
1828 if (rabRet != 0) return rabRet;
1829 rabRet = RabbitSetKey(dec->rabbit, keys->server_write_key,
1830 keys->server_write_IV);
1831 if (rabRet != 0) return rabRet;
1834 rabRet = RabbitSetKey(enc->rabbit, keys->server_write_key,
1835 keys->server_write_IV);
1836 if (rabRet != 0) return rabRet;
1837 rabRet = RabbitSetKey(dec->rabbit, keys->client_write_key,
1838 keys->client_write_IV);
1839 if (rabRet != 0) return rabRet;
1847 if (specs->bulk_cipher_algorithm == cyassl_triple_des) {
1850 if (enc->des3 == NULL)
1851 enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
1852 if (enc->des3 == NULL)
1854 if (dec->des3 == NULL)
1855 dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
1856 if (dec->des3 == NULL)
1859 if (devId != NO_CAVIUM_DEVICE) {
1860 if (Des3_InitCavium(enc->des3, devId) != 0) {
1861 CYASSL_MSG("Des3_InitCavium failed in SetKeys");
1862 return CAVIUM_INIT_E;
1864 if (Des3_InitCavium(dec->des3, devId) != 0) {
1865 CYASSL_MSG("Des3_InitCavium failed in SetKeys");
1866 return CAVIUM_INIT_E;
1870 if (side == CYASSL_CLIENT_END) {
1871 desRet = Des3_SetKey(enc->des3, keys->client_write_key,
1872 keys->client_write_IV, DES_ENCRYPTION);
1875 desRet = Des3_SetKey(dec->des3, keys->server_write_key,
1876 keys->server_write_IV, DES_DECRYPTION);
1881 desRet = Des3_SetKey(enc->des3, keys->server_write_key,
1882 keys->server_write_IV, DES_ENCRYPTION);
1885 desRet = Des3_SetKey(dec->des3, keys->client_write_key,
1886 keys->client_write_IV, DES_DECRYPTION);
1896 if (specs->bulk_cipher_algorithm == cyassl_aes) {
1899 if (enc->aes == NULL)
1900 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
1901 if (enc->aes == NULL)
1903 if (dec->aes == NULL)
1904 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
1905 if (dec->aes == NULL)
1908 if (devId != NO_CAVIUM_DEVICE) {
1909 if (AesInitCavium(enc->aes, devId) != 0) {
1910 CYASSL_MSG("AesInitCavium failed in SetKeys");
1911 return CAVIUM_INIT_E;
1913 if (AesInitCavium(dec->aes, devId) != 0) {
1914 CYASSL_MSG("AesInitCavium failed in SetKeys");
1915 return CAVIUM_INIT_E;
1919 if (side == CYASSL_CLIENT_END) {
1920 aesRet = AesSetKey(enc->aes, keys->client_write_key,
1921 specs->key_size, keys->client_write_IV,
1925 aesRet = AesSetKey(dec->aes, keys->server_write_key,
1926 specs->key_size, keys->server_write_IV,
1932 aesRet = AesSetKey(enc->aes, keys->server_write_key,
1933 specs->key_size, keys->server_write_IV,
1937 aesRet = AesSetKey(dec->aes, keys->client_write_key,
1938 specs->key_size, keys->client_write_IV,
1949 if (specs->bulk_cipher_algorithm == cyassl_aes_gcm) {
1950 if (enc->aes == NULL)
1951 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
1952 if (enc->aes == NULL)
1954 if (dec->aes == NULL)
1955 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
1956 if (dec->aes == NULL)
1959 if (side == CYASSL_CLIENT_END) {
1960 AesGcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
1961 XMEMCPY(keys->aead_enc_imp_IV,
1962 keys->client_write_IV, AEAD_IMP_IV_SZ);
1963 AesGcmSetKey(dec->aes, keys->server_write_key, specs->key_size);
1964 XMEMCPY(keys->aead_dec_imp_IV,
1965 keys->server_write_IV, AEAD_IMP_IV_SZ);
1968 AesGcmSetKey(enc->aes, keys->server_write_key, specs->key_size);
1969 XMEMCPY(keys->aead_enc_imp_IV,
1970 keys->server_write_IV, AEAD_IMP_IV_SZ);
1971 AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size);
1972 XMEMCPY(keys->aead_dec_imp_IV,
1973 keys->client_write_IV, AEAD_IMP_IV_SZ);
1981 if (specs->bulk_cipher_algorithm == cyassl_aes_ccm) {
1982 if (enc->aes == NULL)
1983 enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
1984 if (enc->aes == NULL)
1986 if (dec->aes == NULL)
1987 dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
1988 if (dec->aes == NULL)
1991 if (side == CYASSL_CLIENT_END) {
1992 AesCcmSetKey(enc->aes, keys->client_write_key, specs->key_size);
1993 XMEMCPY(keys->aead_enc_imp_IV,
1994 keys->client_write_IV, AEAD_IMP_IV_SZ);
1995 AesCcmSetKey(dec->aes, keys->server_write_key, specs->key_size);
1996 XMEMCPY(keys->aead_dec_imp_IV,
1997 keys->server_write_IV, AEAD_IMP_IV_SZ);
2000 AesCcmSetKey(enc->aes, keys->server_write_key, specs->key_size);
2001 XMEMCPY(keys->aead_enc_imp_IV,
2002 keys->server_write_IV, AEAD_IMP_IV_SZ);
2003 AesCcmSetKey(dec->aes, keys->client_write_key, specs->key_size);
2004 XMEMCPY(keys->aead_dec_imp_IV,
2005 keys->client_write_IV, AEAD_IMP_IV_SZ);
2012 #ifdef HAVE_CAMELLIA
2013 if (specs->bulk_cipher_algorithm == cyassl_camellia) {
2016 if (enc->cam == NULL)
2018 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2019 if (enc->cam == NULL)
2022 if (dec->cam == NULL)
2024 (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2025 if (dec->cam == NULL)
2028 if (side == CYASSL_CLIENT_END) {
2029 camRet = CamelliaSetKey(enc->cam, keys->client_write_key,
2030 specs->key_size, keys->client_write_IV);
2034 camRet = CamelliaSetKey(dec->cam, keys->server_write_key,
2035 specs->key_size, keys->server_write_IV);
2040 camRet = CamelliaSetKey(enc->cam, keys->server_write_key,
2041 specs->key_size, keys->server_write_IV);
2045 camRet = CamelliaSetKey(dec->cam, keys->client_write_key,
2046 specs->key_size, keys->client_write_IV);
2055 #ifdef HAVE_NULL_CIPHER
2056 if (specs->bulk_cipher_algorithm == cyassl_cipher_null) {
2062 keys->sequence_number = 0;
2063 keys->peer_sequence_number = 0;
2064 keys->encryptionOn = 0;
2076 /* TLS can call too */
2077 int StoreKeys(CYASSL* ssl, const byte* keyData)
2080 int devId = NO_CAVIUM_DEVICE;
2086 if (ssl->specs.cipher_type != aead) {
2087 sz = ssl->specs.hash_size;
2088 XMEMCPY(ssl->keys.client_write_MAC_secret,&keyData[i], sz);
2090 XMEMCPY(ssl->keys.server_write_MAC_secret,&keyData[i], sz);
2093 sz = ssl->specs.key_size;
2094 XMEMCPY(ssl->keys.client_write_key, &keyData[i], sz);
2096 XMEMCPY(ssl->keys.server_write_key, &keyData[i], sz);
2099 sz = ssl->specs.iv_size;
2100 XMEMCPY(ssl->keys.client_write_IV, &keyData[i], sz);
2102 XMEMCPY(ssl->keys.server_write_IV, &keyData[i], sz);
2105 if (ssl->specs.cipher_type == aead) {
2106 /* Initialize the AES-GCM/CCM explicit IV to a zero. */
2107 XMEMSET(ssl->keys.aead_exp_IV, 0, AEAD_EXP_IV_SZ);
2111 return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs,
2112 ssl->options.side, ssl->heap, devId);
2116 int DeriveKeys(CYASSL* ssl)
2118 int length = 2 * ssl->specs.hash_size +
2119 2 * ssl->specs.key_size +
2120 2 * ssl->specs.iv_size;
2121 int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
2124 byte shaOutput[SHA_DIGEST_SIZE];
2125 byte md5Input[SECRET_LEN + SHA_DIGEST_SIZE];
2126 byte shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
2131 byte keyData[KEY_PREFIX * MD5_DIGEST_SIZE]; /* max size */
2134 ret = InitSha(&sha);
2138 XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
2140 for (i = 0; i < rounds; ++i) {
2144 if (!SetPrefix(shaInput, i)) {
2145 return PREFIX_ERROR;
2148 XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
2150 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
2152 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
2154 ShaUpdate(&sha, shaInput, (word32)sizeof(shaInput) - KEY_PREFIX + j);
2155 ShaFinal(&sha, shaOutput);
2157 XMEMCPY(&md5Input[SECRET_LEN], shaOutput, SHA_DIGEST_SIZE);
2158 Md5Update(&md5, md5Input, sizeof(md5Input));
2159 Md5Final(&md5, keyData + i * MD5_DIGEST_SIZE);
2162 return StoreKeys(ssl, keyData);
2166 static int CleanPreMaster(CYASSL* ssl)
2168 int i, ret, sz = ssl->arrays->preMasterSz;
2170 for (i = 0; i < sz; i++)
2171 ssl->arrays->preMasterSecret[i] = 0;
2173 ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
2177 for (i = 0; i < sz; i++)
2178 ssl->arrays->preMasterSecret[i] = 0;
2184 /* Create and store the master secret see page 32, 6.1 */
2185 static int MakeSslMasterSecret(CYASSL* ssl)
2187 byte shaOutput[SHA_DIGEST_SIZE];
2188 byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
2189 byte shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
2192 word32 pmsSz = ssl->arrays->preMasterSz;
2200 printf("pre master secret: ");
2201 for (j = 0; j < pmsSz; j++)
2202 printf("%02x", ssl->arrays->preMasterSecret[j]);
2208 ret = InitSha(&sha);
2212 XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
2214 for (i = 0; i < MASTER_ROUNDS; ++i) {
2215 byte prefix[KEY_PREFIX]; /* only need PREFIX bytes but static */
2216 if (!SetPrefix(prefix, i)) { /* analysis thinks will overrun */
2217 return PREFIX_ERROR;
2221 XMEMCPY(shaInput, prefix, i + 1);
2224 XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
2226 XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
2228 XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
2230 ShaUpdate(&sha, shaInput, idx);
2231 ShaFinal(&sha, shaOutput);
2233 idx = pmsSz; /* preSz */
2234 XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
2235 idx += SHA_DIGEST_SIZE;
2236 Md5Update(&md5, md5Input, idx);
2237 Md5Final(&md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]);
2243 printf("master secret: ");
2244 for (j = 0; j < SECRET_LEN; j++)
2245 printf("%02x", ssl->arrays->masterSecret[j]);
2250 ret = DeriveKeys(ssl);
2252 /* always try to clean PreMaster */
2253 CleanPreMaster(ssl);
2257 return CleanPreMaster(ssl);
2262 /* Master wrapper, doesn't use SSL stack space in TLS mode */
2263 int MakeMasterSecret(CYASSL* ssl)
2266 return MakeTlsMasterSecret(ssl);
2267 #elif !defined(NO_TLS)
2268 if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
2272 return MakeSslMasterSecret(ssl);