mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-05 14:05:50 +00:00
Merged ECDHE-PSK ciphersuites
This commit is contained in:
commit
376e8153a0
|
@ -3,6 +3,7 @@ PolarSSL ChangeLog (Sorted per branch, date)
|
||||||
= Branch 1.3
|
= Branch 1.3
|
||||||
Features
|
Features
|
||||||
* Support for Brainpool curves and TLS ciphersuites (RFC 7027)
|
* Support for Brainpool curves and TLS ciphersuites (RFC 7027)
|
||||||
|
* Support for ECDHE-PSK key-exchange and ciphersuites
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* RSA blinding locks for a smaller amount of time
|
* RSA blinding locks for a smaller amount of time
|
||||||
|
|
|
@ -195,15 +195,18 @@
|
||||||
* TLS_RSA_WITH_NULL_SHA
|
* TLS_RSA_WITH_NULL_SHA
|
||||||
* TLS_RSA_WITH_NULL_SHA256
|
* TLS_RSA_WITH_NULL_SHA256
|
||||||
* TLS_ECDHE_RSA_WITH_NULL_SHA
|
* TLS_ECDHE_RSA_WITH_NULL_SHA
|
||||||
* TLS_PSK_WITH_NULL
|
* TLS_PSK_WITH_NULL_SHA
|
||||||
* TLS_PSK_WITH_NULL256
|
* TLS_PSK_WITH_NULL_SHA256
|
||||||
* TLS_PSK_WITH_NULL384
|
* TLS_PSK_WITH_NULL_SHA384
|
||||||
* TLS_DHE_PSK_WITH_NULL
|
* TLS_DHE_PSK_WITH_NULL_SHA
|
||||||
* TLS_DHE_PSK_WITH_NULL256
|
* TLS_DHE_PSK_WITH_NULL_SHA256
|
||||||
* TLS_DHE_PSK_WITH_NULL384
|
* TLS_DHE_PSK_WITH_NULL_SHA384
|
||||||
* TLS_RSA_PSK_WITH_NULL
|
* TLS_RSA_PSK_WITH_NULL_SHA
|
||||||
* TLS_RSA_PSK_WITH_NULL256
|
* TLS_RSA_PSK_WITH_NULL_SHA256
|
||||||
* TLS_RSA_PSK_WITH_NULL384
|
* TLS_RSA_PSK_WITH_NULL_SHA384
|
||||||
|
* TLS_ECDHE_PSK_WITH_NULL_SHA
|
||||||
|
* TLS_ECDHE_PSK_WITH_NULL_SHA256
|
||||||
|
* TLS_ECDHE_PSK_WITH_NULL_SHA384
|
||||||
*
|
*
|
||||||
* Uncomment this macro to enable the NULL cipher and ciphersuites
|
* Uncomment this macro to enable the NULL cipher and ciphersuites
|
||||||
*/
|
*/
|
||||||
|
@ -294,6 +297,26 @@
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
|
#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||||
|
*
|
||||||
|
* Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
|
||||||
|
*
|
||||||
|
* Requires: POLARSSL_ECDH_C
|
||||||
|
*
|
||||||
|
* This enables the following ciphersuites (if other requisites are
|
||||||
|
* enabled as well):
|
||||||
|
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
|
||||||
|
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||||
|
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
|
||||||
|
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
|
||||||
|
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||||
|
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
|
||||||
|
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
*/
|
||||||
|
#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
|
* \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||||
*
|
*
|
||||||
|
@ -1754,6 +1777,11 @@
|
||||||
#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
|
#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
|
||||||
|
!defined(POLARSSL_ECDH_C)
|
||||||
|
#error "POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
||||||
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
|
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
|
||||||
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
|
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
|
||||||
|
|
|
@ -614,7 +614,9 @@ struct _ssl_context
|
||||||
void *p_vrfy; /*!< context for verification */
|
void *p_vrfy; /*!< context for verification */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
|
int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
|
||||||
void *p_psk; /*!< context for PSK retrieval */
|
void *p_psk; /*!< context for PSK retrieval */
|
||||||
#endif
|
#endif
|
||||||
|
@ -715,7 +717,9 @@ struct _ssl_context
|
||||||
mpi dhm_G; /*!< generator for DHM */
|
mpi dhm_G; /*!< generator for DHM */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
/*
|
/*
|
||||||
* PSK values
|
* PSK values
|
||||||
*/
|
*/
|
||||||
|
@ -1057,7 +1061,9 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
|
||||||
rsa_key_len_func rsa_key_len );
|
rsa_key_len_func rsa_key_len );
|
||||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
/**
|
/**
|
||||||
* \brief Set the Pre Shared Key (PSK) and the identity name connected
|
* \brief Set the Pre Shared Key (PSK) and the identity name connected
|
||||||
* to it.
|
* to it.
|
||||||
|
@ -1097,7 +1103,9 @@ void ssl_set_psk_cb( ssl_context *ssl,
|
||||||
int (*f_psk)(void *, ssl_context *, const unsigned char *,
|
int (*f_psk)(void *, ssl_context *, const unsigned char *,
|
||||||
size_t),
|
size_t),
|
||||||
void *p_psk );
|
void *p_psk );
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_DHM_C)
|
#if defined(POLARSSL_DHM_C)
|
||||||
/**
|
/**
|
||||||
|
@ -1523,6 +1531,12 @@ int ssl_write_finished( ssl_context *ssl );
|
||||||
|
|
||||||
void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
|
void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex );
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_PK_C)
|
#if defined(POLARSSL_PK_C)
|
||||||
unsigned char ssl_sig_from_pk( pk_context *pk );
|
unsigned char ssl_sig_from_pk( pk_context *pk );
|
||||||
pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
|
pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
|
||||||
|
|
|
@ -144,6 +144,16 @@ extern "C" {
|
||||||
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
|
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
|
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
|
||||||
|
|
||||||
|
#define TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */
|
||||||
|
#define TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! TLS 1.2 */
|
||||||
|
#define TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! TLS 1.2 */
|
||||||
|
|
||||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */
|
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */
|
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */
|
||||||
|
|
||||||
|
@ -156,6 +166,8 @@ extern "C" {
|
||||||
#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /**< TLS 1.2 */
|
#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /**< TLS 1.2 */
|
||||||
#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /**< TLS 1.2 */
|
#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /**< TLS 1.2 */
|
||||||
#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /**< TLS 1.2 */
|
#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< TLS 1.2 */
|
||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
POLARSSL_KEY_EXCHANGE_NONE = 0,
|
POLARSSL_KEY_EXCHANGE_NONE = 0,
|
||||||
|
@ -166,6 +178,7 @@ typedef enum {
|
||||||
POLARSSL_KEY_EXCHANGE_PSK,
|
POLARSSL_KEY_EXCHANGE_PSK,
|
||||||
POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||||
POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
} key_exchange_type_t;
|
} key_exchange_type_t;
|
||||||
|
|
||||||
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
|
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
|
||||||
|
|
|
@ -1178,7 +1178,7 @@ const cipher_definition_t cipher_definitions[] =
|
||||||
#endif /* POLARSSL_DES_C */
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
{ POLARSSL_CIPHER_NULL, &null_info },
|
{ POLARSSL_CIPHER_NULL, &null_cipher_info },
|
||||||
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
||||||
|
|
||||||
{ 0, NULL }
|
{ 0, NULL }
|
||||||
|
|
|
@ -77,7 +77,7 @@ static const int ciphersuite_preference[] =
|
||||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||||
|
|
||||||
/* All remaining > 128-bit ephemeral suites */
|
/* All remaining >= 128-bit ephemeral suites */
|
||||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
|
@ -85,6 +85,14 @@ static const int ciphersuite_preference[] =
|
||||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||||
|
|
||||||
/* The PSK ephemeral suites */
|
/* The PSK ephemeral suites */
|
||||||
|
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||||
|
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
|
||||||
|
TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
|
||||||
|
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||||
|
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
|
||||||
|
TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
|
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||||
|
TLS_ECDHE_PSK_WITH_RC4_128_SHA,
|
||||||
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
|
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||||
TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
|
TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
|
||||||
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
||||||
|
@ -114,7 +122,7 @@ static const int ciphersuite_preference[] =
|
||||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||||
|
|
||||||
/* All remaining > 128-bit suites */
|
/* All remaining >= 128-bit suites */
|
||||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_RSA_WITH_RC4_128_SHA,
|
TLS_RSA_WITH_RC4_128_SHA,
|
||||||
TLS_RSA_WITH_RC4_128_MD5,
|
TLS_RSA_WITH_RC4_128_MD5,
|
||||||
|
@ -143,23 +151,28 @@ static const int ciphersuite_preference[] =
|
||||||
TLS_PSK_WITH_3DES_EDE_CBC_SHA,
|
TLS_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_PSK_WITH_RC4_128_SHA,
|
TLS_PSK_WITH_RC4_128_SHA,
|
||||||
|
|
||||||
/* Weak or NULL suites */
|
/* Weak suites */
|
||||||
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
||||||
TLS_RSA_WITH_DES_CBC_SHA,
|
TLS_RSA_WITH_DES_CBC_SHA,
|
||||||
|
|
||||||
|
/* NULL suites */
|
||||||
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
||||||
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
||||||
TLS_RSA_WITH_NULL_SHA256,
|
TLS_ECDHE_PSK_WITH_NULL_SHA384,
|
||||||
TLS_RSA_WITH_NULL_SHA,
|
TLS_ECDHE_PSK_WITH_NULL_SHA256,
|
||||||
TLS_RSA_WITH_NULL_MD5,
|
TLS_ECDHE_PSK_WITH_NULL_SHA,
|
||||||
TLS_PSK_WITH_NULL_SHA384,
|
|
||||||
TLS_PSK_WITH_NULL_SHA256,
|
|
||||||
TLS_PSK_WITH_NULL_SHA,
|
|
||||||
TLS_DHE_PSK_WITH_NULL_SHA384,
|
TLS_DHE_PSK_WITH_NULL_SHA384,
|
||||||
TLS_DHE_PSK_WITH_NULL_SHA256,
|
TLS_DHE_PSK_WITH_NULL_SHA256,
|
||||||
TLS_DHE_PSK_WITH_NULL_SHA,
|
TLS_DHE_PSK_WITH_NULL_SHA,
|
||||||
|
TLS_RSA_WITH_NULL_SHA256,
|
||||||
|
TLS_RSA_WITH_NULL_SHA,
|
||||||
|
TLS_RSA_WITH_NULL_MD5,
|
||||||
TLS_RSA_PSK_WITH_NULL_SHA384,
|
TLS_RSA_PSK_WITH_NULL_SHA384,
|
||||||
TLS_RSA_PSK_WITH_NULL_SHA256,
|
TLS_RSA_PSK_WITH_NULL_SHA256,
|
||||||
TLS_RSA_PSK_WITH_NULL_SHA,
|
TLS_RSA_PSK_WITH_NULL_SHA,
|
||||||
|
TLS_PSK_WITH_NULL_SHA384,
|
||||||
|
TLS_PSK_WITH_NULL_SHA256,
|
||||||
|
TLS_PSK_WITH_NULL_SHA,
|
||||||
|
|
||||||
0
|
0
|
||||||
};
|
};
|
||||||
|
@ -172,6 +185,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
{
|
{
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
|
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
|
||||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||||
|
@ -184,6 +198,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#if defined(POLARSSL_SHA256_C)
|
#if defined(POLARSSL_SHA256_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
|
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
|
||||||
|
@ -239,33 +254,40 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
|
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
|
||||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_DES_C */
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
|
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
|
||||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_ARC4_C */
|
#endif /* POLARSSL_ARC4_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
|
{ TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
|
||||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_WEAK },
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
|
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
|
||||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
||||||
|
@ -278,6 +300,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#if defined(POLARSSL_SHA256_C)
|
#if defined(POLARSSL_SHA256_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
|
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
|
||||||
|
@ -333,28 +356,34 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_DES_C */
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
|
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
|
||||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_ARC4_C */
|
#endif /* POLARSSL_ARC4_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
|
{ TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
|
||||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_WEAK },
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
|
||||||
|
|
||||||
|
@ -393,6 +422,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#endif /* POLARSSL_SHA256_C */
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
|
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
|
||||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
|
@ -404,6 +434,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_AES_C */
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
|
@ -423,6 +454,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
0 },
|
0 },
|
||||||
#endif /* POLARSSL_SHA256_C */
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||||
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
|
@ -434,16 +466,19 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_CAMELLIA_C */
|
#endif /* POLARSSL_CAMELLIA_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_DES_C */
|
#endif /* POLARSSL_DES_C */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||||
|
@ -482,6 +517,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_SHA256_C */
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
{ TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
|
{ TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
|
||||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||||
|
@ -495,6 +531,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_AES_C */
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_CAMELLIA_C)
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
|
@ -513,6 +550,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
0 },
|
0 },
|
||||||
#endif /* POLARSSL_SHA256_C */
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||||
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
|
@ -524,31 +562,38 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_CAMELLIA_C */
|
#endif /* POLARSSL_CAMELLIA_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
|
{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_DES_C */
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
|
#if defined(POLARSSL_MD5_C)
|
||||||
{ TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
|
{ TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
|
||||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
|
{ TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
|
||||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif
|
||||||
#endif /* POLARSSL_ARC4_C */
|
#endif /* POLARSSL_ARC4_C */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
||||||
|
|
||||||
|
@ -589,6 +634,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
0 },
|
0 },
|
||||||
#endif /* POLARSSL_SHA512_C */
|
#endif /* POLARSSL_SHA512_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
|
{ TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
|
||||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
|
@ -600,6 +646,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_AES_C */
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
|
@ -625,20 +672,24 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
|
{ TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_DES_C */
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
|
{ TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
|
||||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_ARC4_C */
|
#endif /* POLARSSL_ARC4_C */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
||||||
|
|
||||||
|
@ -679,6 +730,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
0 },
|
0 },
|
||||||
#endif /* POLARSSL_SHA512_C */
|
#endif /* POLARSSL_SHA512_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
|
{ TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
|
||||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
|
@ -690,6 +742,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_AES_C */
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
|
@ -715,23 +768,106 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
|
{ TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_DES_C */
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
|
{ TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
|
||||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_ARC4_C */
|
#endif /* POLARSSL_ARC4_C */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
#if defined(POLARSSL_AES_C)
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA256_C)
|
||||||
|
{ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
|
||||||
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA512_C)
|
||||||
|
{ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
|
||||||
|
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA512_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
{ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
|
||||||
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
|
||||||
|
{ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
|
||||||
|
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA256_C)
|
||||||
|
{ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA512_C)
|
||||||
|
{ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA512_C */
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#endif /* POLARSSL_CAMELLIA_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
{ TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||||
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ARC4_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
{ TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
|
||||||
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
#endif /* POLARSSL_ARC4_C */
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
#if defined(POLARSSL_GCM_C)
|
#if defined(POLARSSL_GCM_C)
|
||||||
|
@ -769,6 +905,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
0 },
|
0 },
|
||||||
#endif /* POLARSSL_SHA512_C */
|
#endif /* POLARSSL_SHA512_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
|
{ TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
|
||||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
|
@ -780,6 +917,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_AES_C */
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
|
@ -805,86 +943,132 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
|
{ TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_DES_C */
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_ARC4_C)
|
#if defined(POLARSSL_ARC4_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
|
{ TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
|
||||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_ARC4_C */
|
#endif /* POLARSSL_ARC4_C */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
|
||||||
|
#if defined(POLARSSL_MD5_C)
|
||||||
{ TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
|
{ TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
|
||||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_WEAK },
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
|
{ TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
|
||||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_WEAK },
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA256_C)
|
||||||
{ TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
|
{ TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
|
||||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_WEAK },
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
|
{ TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
|
||||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_WEAK },
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
|
{ TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
|
||||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_WEAK },
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
{ TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
|
||||||
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA256_C)
|
||||||
|
{ TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
|
||||||
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_SHA512_C)
|
||||||
|
{ TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
|
||||||
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
|
{ TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
|
||||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_WEAK },
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||||
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C)
|
#if defined(POLARSSL_DES_C)
|
||||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
|
{ TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
|
||||||
POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_WEAK },
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
|
{ TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
|
||||||
POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_WEAK },
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
||||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
#endif /* POLARSSL_DES_C */
|
#endif /* POLARSSL_DES_C */
|
||||||
|
@ -1002,6 +1186,7 @@ int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
|
||||||
{
|
{
|
||||||
case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
|
case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
|
||||||
case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
|
case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||||
|
case POLARSSL_KEY_EXCHANGE_ECDHE_PSK:
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -1106,7 +1106,8 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
|
||||||
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
static int ssl_parse_server_ecdh_params( ssl_context *ssl,
|
static int ssl_parse_server_ecdh_params( ssl_context *ssl,
|
||||||
unsigned char **p,
|
unsigned char **p,
|
||||||
unsigned char *end )
|
unsigned char *end )
|
||||||
|
@ -1143,10 +1144,12 @@ static int ssl_parse_server_ecdh_params( ssl_context *ssl,
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
static int ssl_parse_server_psk_hint( ssl_context *ssl,
|
static int ssl_parse_server_psk_hint( ssl_context *ssl,
|
||||||
unsigned char **p,
|
unsigned char **p,
|
||||||
unsigned char *end )
|
unsigned char *end )
|
||||||
|
@ -1177,7 +1180,8 @@ static int ssl_parse_server_psk_hint( ssl_context *ssl,
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
||||||
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
|
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||||
|
@ -1254,7 +1258,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
||||||
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_RSA &&
|
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_RSA &&
|
||||||
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA &&
|
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA &&
|
||||||
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_PSK &&
|
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_PSK &&
|
||||||
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_PSK &&
|
||||||
|
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
@ -1352,6 +1357,25 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
|
{
|
||||||
|
unsigned char *p = ssl->in_msg + 4;
|
||||||
|
unsigned char *end = ssl->in_msg + ssl->in_hslen;
|
||||||
|
|
||||||
|
if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
|
}
|
||||||
|
if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
{
|
{
|
||||||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
}
|
}
|
||||||
|
@ -1778,108 +1802,91 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
{
|
{
|
||||||
unsigned char *p = ssl->handshake->premaster;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* PSK key exchange
|
|
||||||
*
|
|
||||||
* opaque psk_identity<0..2^16-1>;
|
* opaque psk_identity<0..2^16-1>;
|
||||||
*/
|
*/
|
||||||
if( ssl->psk == NULL )
|
if( ssl->psk == NULL || ssl->psk_identity == NULL )
|
||||||
return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
||||||
|
|
||||||
if( sizeof(ssl->handshake->premaster) < 4 + 2 * ssl->psk_len )
|
|
||||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
n = ssl->psk_identity_len;
|
|
||||||
|
|
||||||
ssl->out_msg[4] = (unsigned char)( n >> 8 );
|
|
||||||
ssl->out_msg[5] = (unsigned char)( n );
|
|
||||||
i = 6;
|
|
||||||
|
|
||||||
memcpy( ssl->out_msg + i, ssl->psk_identity, ssl->psk_identity_len );
|
|
||||||
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len );
|
|
||||||
p += ssl->psk_len;
|
|
||||||
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len );
|
|
||||||
memcpy( p, ssl->psk, ssl->psk_len );
|
|
||||||
p += ssl->psk_len;
|
|
||||||
|
|
||||||
ssl->handshake->pmslen = 4 + 2 * ssl->psk_len;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
|
||||||
{
|
|
||||||
unsigned char *p = ssl->handshake->premaster;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* DHE_PSK key exchange
|
|
||||||
*
|
|
||||||
* opaque psk_identity<0..2^16-1>;
|
|
||||||
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
|
|
||||||
*/
|
|
||||||
if( ssl->psk == NULL )
|
|
||||||
return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
|
||||||
|
|
||||||
if( sizeof(ssl->handshake->premaster) < 4 + ssl->psk_identity_len +
|
|
||||||
ssl->handshake->dhm_ctx.len )
|
|
||||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
i = 4;
|
i = 4;
|
||||||
n = ssl->psk_identity_len;
|
n = ssl->psk_identity_len;
|
||||||
ssl->out_msg[4] = (unsigned char)( n >> 8 );
|
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
||||||
ssl->out_msg[5] = (unsigned char)( n );
|
ssl->out_msg[i++] = (unsigned char)( n );
|
||||||
|
|
||||||
memcpy( ssl->out_msg + 6, ssl->psk_identity, ssl->psk_identity_len );
|
memcpy( ssl->out_msg + i, ssl->psk_identity, ssl->psk_identity_len );
|
||||||
|
i += ssl->psk_identity_len;
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
|
||||||
|
{
|
||||||
|
n = 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
|
||||||
|
*/
|
||||||
n = ssl->handshake->dhm_ctx.len;
|
n = ssl->handshake->dhm_ctx.len;
|
||||||
ssl->out_msg[6 + ssl->psk_identity_len] = (unsigned char)( n >> 8 );
|
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
||||||
ssl->out_msg[7 + ssl->psk_identity_len] = (unsigned char)( n );
|
ssl->out_msg[i++] = (unsigned char)( n );
|
||||||
|
|
||||||
ret = dhm_make_public( &ssl->handshake->dhm_ctx,
|
ret = dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||||
(int) mpi_size( &ssl->handshake->dhm_ctx.P ),
|
mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||||
&ssl->out_msg[8 + ssl->psk_identity_len], n,
|
&ssl->out_msg[i], n,
|
||||||
ssl->f_rng, ssl->p_rng );
|
ssl->f_rng, ssl->p_rng );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "dhm_make_public", ret );
|
SSL_DEBUG_RET( 1, "dhm_make_public", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
|
|
||||||
SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
|
|
||||||
|
|
||||||
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len >> 8 );
|
|
||||||
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len );
|
|
||||||
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
|
||||||
p, &n, ssl->f_rng, ssl->p_rng ) ) != 0 )
|
|
||||||
{
|
|
||||||
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
|
|
||||||
|
|
||||||
p += ssl->handshake->dhm_ctx.len;
|
|
||||||
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len );
|
|
||||||
memcpy( p, ssl->psk, ssl->psk_len );
|
|
||||||
p += ssl->psk_len;
|
|
||||||
|
|
||||||
ssl->handshake->pmslen = 4 + ssl->handshake->dhm_ctx.len + ssl->psk_len;
|
|
||||||
n = ssl->handshake->pmslen;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* ClientECDiffieHellmanPublic public;
|
||||||
|
*/
|
||||||
|
ret = ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
|
||||||
|
&ssl->out_msg[i], SSL_MAX_CONTENT_LEN - i,
|
||||||
|
ssl->f_rng, ssl->p_rng );
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "ecdh_make_public", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ret = ssl_psk_derive_premaster( ssl,
|
||||||
|
ciphersuite_info->key_exchange ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "ssl_psk_derive_premaster", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA )
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA )
|
||||||
{
|
{
|
||||||
|
@ -1966,6 +1973,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
|
||||||
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
|
||||||
|
@ -1990,6 +1998,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
|
||||||
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
|
||||||
|
|
|
@ -1751,7 +1751,8 @@ static int ssl_write_certificate_request( ssl_context *ssl )
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
|
||||||
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
@ -1777,6 +1778,7 @@ static int ssl_write_certificate_request( ssl_context *ssl )
|
||||||
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
|
||||||
ssl->authmode == SSL_VERIFY_NONE )
|
ssl->authmode == SSL_VERIFY_NONE )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
|
||||||
|
@ -1914,6 +1916,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||||
unsigned char *p = ssl->out_msg + 4;
|
unsigned char *p = ssl->out_msg + 4;
|
||||||
unsigned char *dig_signed = p;
|
unsigned char *dig_signed = p;
|
||||||
|
@ -1929,15 +1932,18 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||||
if( ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_RSA &&
|
if( ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_RSA &&
|
||||||
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_RSA &&
|
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_RSA &&
|
||||||
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA &&
|
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA &&
|
||||||
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_PSK &&
|
||||||
|
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
{
|
{
|
||||||
/* TODO: Support identity hints */
|
/* TODO: Support identity hints */
|
||||||
*(p++) = 0x00;
|
*(p++) = 0x00;
|
||||||
|
@ -1945,7 +1951,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||||
|
|
||||||
n += 2;
|
n += 2;
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||||
|
@ -1992,9 +1999,12 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||||
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Ephemeral ECDH parameters:
|
* Ephemeral ECDH parameters:
|
||||||
|
@ -2014,10 +2024,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||||
SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
|
SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
|
||||||
(int) ssl->handshake->ecdh_ctx.grp.nbits ) );
|
(int) ssl->handshake->ecdh_ctx.grp.nbits ) );
|
||||||
|
|
||||||
if( ( ret = ecdh_make_params( &ssl->handshake->ecdh_ctx,
|
if( ( ret = ecdh_make_params( &ssl->handshake->ecdh_ctx, &len,
|
||||||
&len,
|
p, SSL_MAX_CONTENT_LEN - n,
|
||||||
p,
|
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||||
1000, ssl->f_rng, ssl->p_rng ) ) != 0 )
|
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "ecdh_make_params", ret );
|
SSL_DEBUG_RET( 1, "ecdh_make_params", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -2032,7 +2041,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||||
SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
|
SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
|
@ -2278,39 +2288,6 @@ static int ssl_parse_client_dh_public( ssl_context *ssl, unsigned char **p,
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
||||||
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
|
||||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
|
||||||
static int ssl_parse_client_ecdh_public( ssl_context *ssl )
|
|
||||||
{
|
|
||||||
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
|
|
||||||
size_t n;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Receive client public key and calculate premaster
|
|
||||||
*/
|
|
||||||
n = ssl->in_msg[3];
|
|
||||||
|
|
||||||
if( n < 1 || n > mpi_size( &ssl->handshake->ecdh_ctx.grp.P ) * 2 + 2 ||
|
|
||||||
n + 4 != ssl->in_hslen )
|
|
||||||
{
|
|
||||||
SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ( ret = ecdh_read_public( &ssl->handshake->ecdh_ctx,
|
|
||||||
ssl->in_msg + 4, n ) ) != 0 )
|
|
||||||
{
|
|
||||||
SSL_DEBUG_RET( 1, "ecdh_read_public", ret );
|
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
|
|
||||||
}
|
|
||||||
|
|
||||||
SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
|
|
||||||
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
|
||||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
|
||||||
static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
|
static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
@ -2381,7 +2358,8 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
static int ssl_parse_client_psk_identity( ssl_context *ssl, unsigned char **p,
|
static int ssl_parse_client_psk_identity( ssl_context *ssl, unsigned char **p,
|
||||||
const unsigned char *end )
|
const unsigned char *end )
|
||||||
{
|
{
|
||||||
|
@ -2448,7 +2426,8 @@ static int ssl_parse_client_psk_identity( ssl_context *ssl, unsigned char **p,
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
||||||
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
@ -2491,7 +2470,6 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||||
|
|
||||||
ssl->handshake->pmslen = ssl->handshake->dhm_ctx.len;
|
ssl->handshake->pmslen = ssl->handshake->dhm_ctx.len;
|
||||||
|
|
||||||
/* No blinding needed for DHE, but will be needed for fixed DH! */
|
|
||||||
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||||
ssl->handshake->premaster,
|
ssl->handshake->premaster,
|
||||||
&ssl->handshake->pmslen,
|
&ssl->handshake->pmslen,
|
||||||
|
@ -2510,12 +2488,24 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
|
||||||
{
|
{
|
||||||
if( ( ret = ssl_parse_client_ecdh_public( ssl ) ) != 0 )
|
size_t n = ssl->in_msg[3];
|
||||||
|
|
||||||
|
if( n < 1 || n > mpi_size( &ssl->handshake->ecdh_ctx.grp.P ) * 2 + 2 ||
|
||||||
|
n + 4 != ssl->in_hslen )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, ( "ssl_parse_client_ecdh_public" ), ret );
|
SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
|
||||||
return( ret );
|
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( ( ret = ecdh_read_public( &ssl->handshake->ecdh_ctx,
|
||||||
|
ssl->in_msg + 4, n ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "ecdh_read_public", ret );
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
|
||||||
|
}
|
||||||
|
|
||||||
|
SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
|
||||||
|
|
||||||
if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
|
if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
|
||||||
&ssl->handshake->pmslen,
|
&ssl->handshake->pmslen,
|
||||||
ssl->handshake->premaster,
|
ssl->handshake->premaster,
|
||||||
|
@ -2543,26 +2533,18 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set up the premaster secret
|
if( ( ret = ssl_psk_derive_premaster( ssl,
|
||||||
//
|
ciphersuite_info->key_exchange ) ) != 0 )
|
||||||
p = ssl->handshake->premaster;
|
{
|
||||||
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
SSL_DEBUG_RET( 1, "ssl_psk_derive_premaster", ret );
|
||||||
*(p++) = (unsigned char)( ssl->psk_len );
|
return( ret );
|
||||||
p += ssl->psk_len;
|
}
|
||||||
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len );
|
|
||||||
memcpy( p, ssl->psk, ssl->psk_len );
|
|
||||||
p += ssl->psk_len;
|
|
||||||
|
|
||||||
ssl->handshake->pmslen = 4 + 2 * ssl->psk_len;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
||||||
{
|
{
|
||||||
size_t n;
|
|
||||||
unsigned char *p = ssl->in_msg + 4;
|
unsigned char *p = ssl->in_msg + 4;
|
||||||
unsigned char *end = ssl->in_msg + ssl->in_msglen;
|
unsigned char *end = ssl->in_msg + ssl->in_msglen;
|
||||||
|
|
||||||
|
@ -2577,41 +2559,51 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set up the premaster secret
|
if( ( ret = ssl_psk_derive_premaster( ssl,
|
||||||
//
|
ciphersuite_info->key_exchange ) ) != 0 )
|
||||||
p = ssl->handshake->premaster;
|
|
||||||
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len >> 8 );
|
|
||||||
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len );
|
|
||||||
|
|
||||||
n = ssl->handshake->dhm_ctx.len;
|
|
||||||
|
|
||||||
/* No blinding needed since this is ephemeral DHM */
|
|
||||||
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
|
||||||
p, &n, ssl->f_rng, ssl->p_rng ) ) != 0 )
|
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
|
SSL_DEBUG_RET( 1, "ssl_psk_derive_premaster", ret );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
|
|
||||||
|
|
||||||
p += ssl->handshake->dhm_ctx.len;
|
|
||||||
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
|
||||||
*(p++) = (unsigned char)( ssl->psk_len );
|
|
||||||
memcpy( p, ssl->psk, ssl->psk_len );
|
|
||||||
p += ssl->psk_len;
|
|
||||||
|
|
||||||
ssl->handshake->pmslen = 4 + ssl->handshake->dhm_ctx.len + ssl->psk_len;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
|
{
|
||||||
|
unsigned char *p = ssl->in_msg + 4;
|
||||||
|
unsigned char *end = ssl->in_msg + ssl->in_msglen;
|
||||||
|
|
||||||
|
if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ret = ecdh_read_public( &ssl->handshake->ecdh_ctx,
|
||||||
|
p, end - p ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "ecdh_read_public", ret );
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
|
||||||
|
}
|
||||||
|
|
||||||
|
SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
|
||||||
|
|
||||||
|
if( ( ret = ssl_psk_derive_premaster( ssl,
|
||||||
|
ciphersuite_info->key_exchange ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "ssl_psk_derive_premaster", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA )
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA )
|
||||||
{
|
{
|
||||||
if( ( ret = ssl_parse_encrypted_pms_secret( ssl ) ) != 0 )
|
if( ( ret = ssl_parse_encrypted_pms_secret( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, ( "ssl_parse_client_ecdh_public" ), ret );
|
SSL_DEBUG_RET( 1, ( "ssl_parse_parse_ecrypted_pms_secret" ), ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2647,6 +2639,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
|
||||||
SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
|
SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
|
||||||
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
|
||||||
|
@ -2674,6 +2667,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
|
||||||
SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
|
SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
|
||||||
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
|
||||||
|
|
|
@ -839,6 +839,97 @@ void ssl_calc_verify_tls_sha384( ssl_context *ssl, unsigned char hash[48] )
|
||||||
#endif /* POLARSSL_SHA512_C */
|
#endif /* POLARSSL_SHA512_C */
|
||||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex )
|
||||||
|
{
|
||||||
|
unsigned char *p = ssl->handshake->premaster;
|
||||||
|
unsigned char *end = p + sizeof( ssl->handshake->premaster );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* PMS = struct {
|
||||||
|
* opaque other_secret<0..2^16-1>;
|
||||||
|
* opaque psk<0..2^16-1>;
|
||||||
|
* };
|
||||||
|
* with "other_secret" depending on the particular key exchange
|
||||||
|
*/
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||||
|
if( key_ex == POLARSSL_KEY_EXCHANGE_PSK )
|
||||||
|
{
|
||||||
|
if( end - p < 2 + (int) ssl->psk_len )
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
||||||
|
*(p++) = (unsigned char)( ssl->psk_len );
|
||||||
|
p += ssl->psk_len;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||||
|
if( key_ex == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
size_t len = ssl->handshake->dhm_ctx.len;
|
||||||
|
|
||||||
|
if( end - p < 2 + (int) len )
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
*(p++) = (unsigned char)( len >> 8 );
|
||||||
|
*(p++) = (unsigned char)( len );
|
||||||
|
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||||
|
p, &len, ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
p += len;
|
||||||
|
|
||||||
|
SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
if( key_ex == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
size_t zlen;
|
||||||
|
|
||||||
|
if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
|
||||||
|
p + 2, end - (p + 2),
|
||||||
|
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "ecdh_calc_secret", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
*(p++) = (unsigned char)( zlen >> 8 );
|
||||||
|
*(p++) = (unsigned char)( zlen );
|
||||||
|
p += zlen;
|
||||||
|
|
||||||
|
SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* opaque psk<0..2^16-1>; */
|
||||||
|
*(p++) = (unsigned char)( ssl->psk_len >> 8 );
|
||||||
|
*(p++) = (unsigned char)( ssl->psk_len );
|
||||||
|
memcpy( p, ssl->psk, ssl->psk_len );
|
||||||
|
p += ssl->psk_len;
|
||||||
|
|
||||||
|
ssl->handshake->pmslen = p - ssl->handshake->premaster;
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||||
/*
|
/*
|
||||||
* SSLv3.0 MAC functions
|
* SSLv3.0 MAC functions
|
||||||
|
@ -2237,7 +2328,8 @@ int ssl_write_certificate( ssl_context *ssl )
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
|
||||||
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
@ -2256,7 +2348,8 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
|
SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
|
||||||
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
@ -2277,7 +2370,8 @@ int ssl_write_certificate( ssl_context *ssl )
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
|
||||||
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
@ -2386,7 +2480,8 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
|
SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
|
||||||
|
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
@ -3574,7 +3669,9 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
|
int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
|
||||||
const unsigned char *psk_identity, size_t psk_identity_len )
|
const unsigned char *psk_identity, size_t psk_identity_len )
|
||||||
{
|
{
|
||||||
|
@ -3610,7 +3707,9 @@ void ssl_set_psk_cb( ssl_context *ssl,
|
||||||
ssl->f_psk = f_psk;
|
ssl->f_psk = f_psk;
|
||||||
ssl->p_psk = p_psk;
|
ssl->p_psk = p_psk;
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_DHM_C)
|
#if defined(POLARSSL_DHM_C)
|
||||||
int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G )
|
int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G )
|
||||||
|
@ -4287,7 +4386,9 @@ void ssl_free( ssl_context *ssl )
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
if( ssl->psk != NULL )
|
if( ssl->psk != NULL )
|
||||||
{
|
{
|
||||||
memset( ssl->psk, 0, ssl->psk_len );
|
memset( ssl->psk, 0, ssl->psk_len );
|
||||||
|
|
|
@ -166,13 +166,17 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
|
||||||
#define USAGE_IO ""
|
#define USAGE_IO ""
|
||||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
#define USAGE_PSK \
|
#define USAGE_PSK \
|
||||||
" psk=%%s default: \"\" (in hex, without 0x)\n" \
|
" psk=%%s default: \"\" (in hex, without 0x)\n" \
|
||||||
" psk_identity=%%s default: \"Client_identity\"\n"
|
" psk_identity=%%s default: \"Client_identity\"\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_PSK ""
|
#define USAGE_PSK ""
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||||
#define USAGE_TICKETS \
|
#define USAGE_TICKETS \
|
||||||
|
@ -240,7 +244,9 @@ int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
int ret = 0, len, server_fd, i, written, frags;
|
int ret = 0, len, server_fd, i, written, frags;
|
||||||
unsigned char buf[1024];
|
unsigned char buf[1024];
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
unsigned char psk[256];
|
unsigned char psk[256];
|
||||||
size_t psk_len = 0;
|
size_t psk_len = 0;
|
||||||
#endif
|
#endif
|
||||||
|
@ -494,7 +500,9 @@ int main( int argc, char *argv[] )
|
||||||
opt.min_version = ciphersuite_info->min_minor_ver;
|
opt.min_version = ciphersuite_info->min_minor_ver;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
/*
|
/*
|
||||||
* Unhexify the pre-shared key if any is given
|
* Unhexify the pre-shared key if any is given
|
||||||
*/
|
*/
|
||||||
|
@ -542,7 +550,9 @@ int main( int argc, char *argv[] )
|
||||||
psk[ j / 2 ] |= c;
|
psk[ j / 2 ] |= c;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 0. Initialize the RNG and the session data
|
* 0. Initialize the RNG and the session data
|
||||||
|
@ -710,7 +720,9 @@ int main( int argc, char *argv[] )
|
||||||
ssl_set_own_cert( &ssl, &clicert, &pkey );
|
ssl_set_own_cert( &ssl, &clicert, &pkey );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity,
|
ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity,
|
||||||
strlen( opt.psk_identity ) );
|
strlen( opt.psk_identity ) );
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -144,13 +144,17 @@ static void my_debug( void *ctx, int level, const char *str )
|
||||||
#define USAGE_IO ""
|
#define USAGE_IO ""
|
||||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
#define USAGE_PSK \
|
#define USAGE_PSK \
|
||||||
" psk=%%s default: \"\" (in hex, without 0x)\n" \
|
" psk=%%s default: \"\" (in hex, without 0x)\n" \
|
||||||
" psk_identity=%%s default: \"Client_identity\"\n"
|
" psk_identity=%%s default: \"Client_identity\"\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_PSK ""
|
#define USAGE_PSK ""
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||||
#define USAGE_TICKETS \
|
#define USAGE_TICKETS \
|
||||||
|
@ -209,7 +213,9 @@ int main( int argc, char *argv[] )
|
||||||
int listen_fd;
|
int listen_fd;
|
||||||
int client_fd = -1;
|
int client_fd = -1;
|
||||||
unsigned char buf[1024];
|
unsigned char buf[1024];
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
unsigned char psk[256];
|
unsigned char psk[256];
|
||||||
size_t psk_len = 0;
|
size_t psk_len = 0;
|
||||||
#endif
|
#endif
|
||||||
|
@ -467,7 +473,9 @@ int main( int argc, char *argv[] )
|
||||||
opt.min_version = ciphersuite_info->min_minor_ver;
|
opt.min_version = ciphersuite_info->min_minor_ver;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
/*
|
/*
|
||||||
* Unhexify the pre-shared key if any is given
|
* Unhexify the pre-shared key if any is given
|
||||||
*/
|
*/
|
||||||
|
@ -515,7 +523,9 @@ int main( int argc, char *argv[] )
|
||||||
psk[ j / 2 ] |= c;
|
psk[ j / 2 ] |= c;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 0. Initialize the RNG and the session data
|
* 0. Initialize the RNG and the session data
|
||||||
|
@ -729,7 +739,9 @@ int main( int argc, char *argv[] )
|
||||||
ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
|
ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity,
|
ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity,
|
||||||
strlen( opt.psk_identity ) );
|
strlen( opt.psk_identity ) );
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in a new issue