mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-03 15:55:43 +00:00
Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites
This commit is contained in:
commit
fdf946928d
|
@ -6,6 +6,7 @@ Features
|
||||||
* Support for adhering to client ciphersuite order preference
|
* Support for adhering to client ciphersuite order preference
|
||||||
(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||||
* Support for Curve25519
|
* Support for Curve25519
|
||||||
|
* Support for ECDH-RSA and ECDH-ECDSA key exchanges and ciphersuites
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* gen_prime() speedup
|
* gen_prime() speedup
|
||||||
|
|
|
@ -180,6 +180,8 @@
|
||||||
*
|
*
|
||||||
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
|
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
|
||||||
* the following ciphersuites:
|
* the following ciphersuites:
|
||||||
|
* TLS_ECDH_ECDSA_WITH_NULL_SHA
|
||||||
|
* TLS_ECDH_RSA_WITH_NULL_SHA
|
||||||
* TLS_ECDHE_ECDSA_WITH_NULL_SHA
|
* TLS_ECDHE_ECDSA_WITH_NULL_SHA
|
||||||
* TLS_ECDHE_RSA_WITH_NULL_SHA
|
* TLS_ECDHE_RSA_WITH_NULL_SHA
|
||||||
* TLS_ECDHE_PSK_WITH_NULL_SHA384
|
* TLS_ECDHE_PSK_WITH_NULL_SHA384
|
||||||
|
@ -458,6 +460,54 @@
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||||
|
*
|
||||||
|
* Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
|
||||||
|
*
|
||||||
|
* Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
|
||||||
|
*
|
||||||
|
* This enables the following ciphersuites (if other requisites are
|
||||||
|
* enabled as well):
|
||||||
|
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|
||||||
|
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
|
||||||
|
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||||
|
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||||
|
*
|
||||||
|
* Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
|
||||||
|
*
|
||||||
|
* Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
|
||||||
|
*
|
||||||
|
* This enables the following ciphersuites (if other requisites are
|
||||||
|
* enabled as well):
|
||||||
|
* TLS_ECDH_RSA_WITH_RC4_128_SHA
|
||||||
|
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||||
|
* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||||
|
*/
|
||||||
|
#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def POLARSSL_ERROR_STRERROR_BC
|
* \def POLARSSL_ERROR_STRERROR_BC
|
||||||
*
|
*
|
||||||
|
@ -824,6 +874,18 @@
|
||||||
*
|
*
|
||||||
* This module enables the following ciphersuites (if other requisites are
|
* This module enables the following ciphersuites (if other requisites are
|
||||||
* enabled as well):
|
* enabled as well):
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
|
||||||
|
* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
|
||||||
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||||
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
@ -885,6 +947,8 @@
|
||||||
*
|
*
|
||||||
* This module enables the following ciphersuites (if other requisites are
|
* This module enables the following ciphersuites (if other requisites are
|
||||||
* enabled as well):
|
* enabled as well):
|
||||||
|
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|
||||||
|
* TLS_ECDH_RSA_WITH_RC4_128_SHA
|
||||||
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
|
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
|
||||||
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
|
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
|
||||||
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
|
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
|
||||||
|
@ -970,6 +1034,14 @@
|
||||||
*
|
*
|
||||||
* This module enables the following ciphersuites (if other requisites are
|
* This module enables the following ciphersuites (if other requisites are
|
||||||
* enabled as well):
|
* enabled as well):
|
||||||
|
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||||
|
* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||||
|
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||||
|
* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||||
|
* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||||
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
|
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||||
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||||
* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||||
|
@ -1072,6 +1144,8 @@
|
||||||
*
|
*
|
||||||
* This module enables the following ciphersuites (if other requisites are
|
* This module enables the following ciphersuites (if other requisites are
|
||||||
* enabled as well):
|
* enabled as well):
|
||||||
|
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||||
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
|
@ -1873,6 +1947,16 @@
|
||||||
#error "POLARSSL_HAVEGE_C defined, but not all prerequisites"
|
#error "POLARSSL_HAVEGE_C defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
|
||||||
|
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_X509_CRT_PARSE_C) )
|
||||||
|
#error "POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||||
|
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_X509_CRT_PARSE_C) )
|
||||||
|
#error "POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM_C)
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM_C)
|
||||||
#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
|
#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -33,6 +33,15 @@
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* When importing from an EC key, select if it is our key or the peer's key
|
||||||
|
*/
|
||||||
|
typedef enum
|
||||||
|
{
|
||||||
|
POLARSSL_ECDH_OURS,
|
||||||
|
POLARSSL_ECDH_THEIRS,
|
||||||
|
} ecdh_side;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief ECDH context structure
|
* \brief ECDH context structure
|
||||||
*/
|
*/
|
||||||
|
@ -134,6 +143,18 @@ int ecdh_make_params( ecdh_context *ctx, size_t *olen,
|
||||||
int ecdh_read_params( ecdh_context *ctx,
|
int ecdh_read_params( ecdh_context *ctx,
|
||||||
const unsigned char **buf, const unsigned char *end );
|
const unsigned char **buf, const unsigned char *end );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Setup an ECDH context from an EC key
|
||||||
|
*
|
||||||
|
* \param ctx ECDH constext to set
|
||||||
|
* \param key EC key to use
|
||||||
|
* \param ours Is it our key (1) or the peer's key (0) ?
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
|
||||||
|
*/
|
||||||
|
int ecdh_get_params( ecdh_context *ctx, const ecp_keypair *key,
|
||||||
|
ecdh_side side );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Setup and export the client's public value
|
* \brief Setup and export the client's public value
|
||||||
*
|
*
|
||||||
|
|
|
@ -120,12 +120,24 @@ extern "C" {
|
||||||
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
|
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
|
||||||
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
|
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
|
||||||
|
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 /**< Not in SSL3! */
|
||||||
|
|
||||||
#define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
|
#define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
|
||||||
#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */
|
#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */
|
||||||
#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */
|
#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */
|
||||||
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */
|
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */
|
||||||
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */
|
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */
|
||||||
|
|
||||||
|
#define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */
|
||||||
|
#define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F /**< Not in SSL3! */
|
||||||
|
|
||||||
#define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
|
#define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
|
||||||
#define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */
|
#define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */
|
||||||
#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */
|
#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */
|
||||||
|
@ -134,15 +146,21 @@ extern "C" {
|
||||||
|
|
||||||
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */
|
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */
|
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */
|
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */
|
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */
|
||||||
|
|
||||||
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */
|
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */
|
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
|
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
|
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */
|
||||||
|
|
||||||
#define TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */
|
#define TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */
|
||||||
#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */
|
#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */
|
||||||
|
@ -156,8 +174,12 @@ extern "C" {
|
||||||
|
|
||||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
|
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
|
||||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
|
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 /**< Not in SSL3! */
|
||||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< Not in SSL3! */
|
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< Not in SSL3! */
|
||||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< Not in SSL3! */
|
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 /**< Not in SSL3! */
|
||||||
|
#define TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 /**< Not in SSL3! */
|
||||||
|
|
||||||
#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
|
#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
|
||||||
#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
|
#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
|
||||||
|
@ -165,10 +187,14 @@ extern "C" {
|
||||||
#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */
|
#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
|
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
|
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */
|
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */
|
||||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */
|
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */
|
||||||
|
#define TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */
|
||||||
|
|
||||||
#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08D /**< TLS 1.2 */
|
#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */
|
||||||
#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */
|
#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */
|
||||||
#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */
|
#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */
|
||||||
#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */
|
#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */
|
||||||
|
@ -194,6 +220,8 @@ typedef enum {
|
||||||
POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||||
POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||||
POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
} key_exchange_type_t;
|
} key_exchange_type_t;
|
||||||
|
|
||||||
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
|
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
|
||||||
|
|
|
@ -165,6 +165,32 @@ int ecdh_read_params( ecdh_context *ctx,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Get parameters from a keypair
|
||||||
|
*/
|
||||||
|
int ecdh_get_params( ecdh_context *ctx, const ecp_keypair *key,
|
||||||
|
ecdh_side side )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if( ( ret = ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
/* If it's not our key, just import the public part as Qp */
|
||||||
|
if( side == POLARSSL_ECDH_THEIRS )
|
||||||
|
return( ecp_copy( &ctx->Qp, &key->Q ) );
|
||||||
|
|
||||||
|
/* Our key: import public (as Q) and private parts */
|
||||||
|
if( side != POLARSSL_ECDH_OURS )
|
||||||
|
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
if( ( ret = ecp_copy( &ctx->Q, &key->Q ) ) != 0 ||
|
||||||
|
( ret = mpi_copy( &ctx->d, &key->d ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Setup and export the client public value
|
* Setup and export the client public value
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -128,26 +128,50 @@ static const int ciphersuite_preference[] =
|
||||||
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
|
||||||
|
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
|
||||||
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||||
|
|
||||||
/* All CAMELLIA-256 suites */
|
/* All CAMELLIA-256 suites */
|
||||||
TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
|
TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||||
|
TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||||
|
TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||||
|
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||||
|
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||||
|
|
||||||
/* All AES-128 suites */
|
/* All AES-128 suites */
|
||||||
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
|
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
|
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||||
|
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||||
|
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||||
|
|
||||||
/* All CAMELLIA-128 suites */
|
/* All CAMELLIA-128 suites */
|
||||||
TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
|
TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||||
|
TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||||
|
TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
|
TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||||
|
TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
|
|
||||||
/* All remaining >= 128-bit suites */
|
/* All remaining >= 128-bit suites */
|
||||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_RSA_WITH_RC4_128_SHA,
|
TLS_RSA_WITH_RC4_128_SHA,
|
||||||
TLS_RSA_WITH_RC4_128_MD5,
|
TLS_RSA_WITH_RC4_128_MD5,
|
||||||
|
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
|
TLS_ECDH_RSA_WITH_RC4_128_SHA,
|
||||||
|
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
|
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||||
|
|
||||||
/* The RSA PSK suites */
|
/* The RSA PSK suites */
|
||||||
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
|
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
|
||||||
|
@ -198,6 +222,8 @@ static const int ciphersuite_preference[] =
|
||||||
TLS_RSA_WITH_NULL_SHA256,
|
TLS_RSA_WITH_NULL_SHA256,
|
||||||
TLS_RSA_WITH_NULL_SHA,
|
TLS_RSA_WITH_NULL_SHA,
|
||||||
TLS_RSA_WITH_NULL_MD5,
|
TLS_RSA_WITH_NULL_MD5,
|
||||||
|
TLS_ECDH_RSA_WITH_NULL_SHA,
|
||||||
|
TLS_ECDH_ECDSA_WITH_NULL_SHA,
|
||||||
TLS_RSA_PSK_WITH_NULL_SHA384,
|
TLS_RSA_PSK_WITH_NULL_SHA384,
|
||||||
TLS_RSA_PSK_WITH_NULL_SHA256,
|
TLS_RSA_PSK_WITH_NULL_SHA256,
|
||||||
TLS_RSA_PSK_WITH_NULL_SHA,
|
TLS_RSA_PSK_WITH_NULL_SHA,
|
||||||
|
@ -208,7 +234,7 @@ static const int ciphersuite_preference[] =
|
||||||
0
|
0
|
||||||
};
|
};
|
||||||
|
|
||||||
#define MAX_CIPHERSUITES 128
|
#define MAX_CIPHERSUITES 160
|
||||||
static int supported_ciphersuites[MAX_CIPHERSUITES];
|
static int supported_ciphersuites[MAX_CIPHERSUITES];
|
||||||
static int supported_init = 0;
|
static int supported_init = 0;
|
||||||
|
|
||||||
|
@ -697,6 +723,244 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
#endif /* POLARSSL_ARC4_C */
|
#endif /* POLARSSL_ARC4_C */
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED)
|
||||||
|
#if defined(POLARSSL_AES_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
|
||||||
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
{ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
|
||||||
|
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
#if defined(POLARSSL_SHA256_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
|
||||||
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#if defined(POLARSSL_GCM_C)
|
||||||
|
{ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
|
||||||
|
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_GCM_C */
|
||||||
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
#if defined(POLARSSL_SHA512_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
{ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
|
||||||
|
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#if defined(POLARSSL_GCM_C)
|
||||||
|
{ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
|
||||||
|
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_GCM_C */
|
||||||
|
#endif /* POLARSSL_SHA512_C */
|
||||||
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA256_C)
|
||||||
|
{ TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
#if defined(POLARSSL_SHA512_C)
|
||||||
|
{ TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA512_C */
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_GCM_C)
|
||||||
|
#if defined(POLARSSL_SHA256_C)
|
||||||
|
{ TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
#if defined(POLARSSL_SHA512_C)
|
||||||
|
{ TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA512_C */
|
||||||
|
#endif /* POLARSSL_GCM_C */
|
||||||
|
#endif /* POLARSSL_CAMELLIA_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
{ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||||
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ARC4_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
{ TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA",
|
||||||
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
#endif /* POLARSSL_ARC4_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
{ TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
|
||||||
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||||
|
#if defined(POLARSSL_AES_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
|
||||||
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
|
||||||
|
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
#if defined(POLARSSL_SHA256_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
|
||||||
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#if defined(POLARSSL_GCM_C)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
|
||||||
|
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_GCM_C */
|
||||||
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
#if defined(POLARSSL_SHA512_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
|
||||||
|
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#if defined(POLARSSL_GCM_C)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
|
||||||
|
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_GCM_C */
|
||||||
|
#endif /* POLARSSL_SHA512_C */
|
||||||
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CAMELLIA_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA256_C)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
#if defined(POLARSSL_SHA512_C)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA512_C */
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_GCM_C)
|
||||||
|
#if defined(POLARSSL_SHA256_C)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA256_C */
|
||||||
|
#if defined(POLARSSL_SHA512_C)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||||
|
POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA512_C */
|
||||||
|
#endif /* POLARSSL_GCM_C */
|
||||||
|
#endif /* POLARSSL_CAMELLIA_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
|
||||||
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||||
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ARC4_C)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA",
|
||||||
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
#endif /* POLARSSL_ARC4_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||||
|
#if defined(POLARSSL_SHA1_C)
|
||||||
|
{ TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
|
||||||
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||||
#if defined(POLARSSL_AES_C)
|
#if defined(POLARSSL_AES_C)
|
||||||
#if defined(POLARSSL_GCM_C)
|
#if defined(POLARSSL_GCM_C)
|
||||||
|
@ -1376,6 +1640,10 @@ pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info )
|
||||||
case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
|
case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||||
return( POLARSSL_PK_ECDSA );
|
return( POLARSSL_PK_ECDSA );
|
||||||
|
|
||||||
|
case POLARSSL_KEY_EXCHANGE_ECDH_RSA:
|
||||||
|
case POLARSSL_KEY_EXCHANGE_ECDH_ECDSA:
|
||||||
|
return( POLARSSL_PK_ECKEY );
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return( POLARSSL_PK_NONE );
|
return( POLARSSL_PK_NONE );
|
||||||
}
|
}
|
||||||
|
@ -1389,6 +1657,8 @@ int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
|
||||||
case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
|
case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
|
||||||
case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
|
case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||||
case POLARSSL_KEY_EXCHANGE_ECDHE_PSK:
|
case POLARSSL_KEY_EXCHANGE_ECDHE_PSK:
|
||||||
|
case POLARSSL_KEY_EXCHANGE_ECDH_RSA:
|
||||||
|
case POLARSSL_KEY_EXCHANGE_ECDH_ECDSA:
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -1113,6 +1113,29 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
||||||
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||||
|
static int ssl_check_server_ecdh_params( const ssl_context *ssl )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
|
||||||
|
(int) ssl->handshake->ecdh_ctx.grp.nbits ) );
|
||||||
|
|
||||||
|
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
|
||||||
|
ssl->handshake->ecdh_ctx.grp.nbits > 521 )
|
||||||
|
{
|
||||||
|
return( -1 );
|
||||||
|
}
|
||||||
|
|
||||||
|
SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
@ -1137,18 +1160,12 @@ static int ssl_parse_server_ecdh_params( ssl_context *ssl,
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
|
if( ssl_check_server_ecdh_params( ssl ) != 0 )
|
||||||
(int) ssl->handshake->ecdh_ctx.grp.nbits ) );
|
|
||||||
|
|
||||||
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
|
|
||||||
ssl->handshake->ecdh_ctx.grp.nbits > 521 )
|
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDH length)" ) );
|
SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDH length)" ) );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
|
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||||
|
@ -1307,6 +1324,41 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl,
|
||||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||||
|
static int ssl_get_ecdh_params_from_cert( ssl_context *ssl )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
const ecp_keypair *peer_key;
|
||||||
|
|
||||||
|
if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk,
|
||||||
|
POLARSSL_PK_ECKEY ) )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
|
||||||
|
}
|
||||||
|
|
||||||
|
peer_key = pk_ec( ssl->session_negotiate->peer_cert->pk );
|
||||||
|
|
||||||
|
if( ( ret = ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
|
||||||
|
POLARSSL_ECDH_THEIRS ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, ( "ecdh_get_params" ), ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ssl_check_server_ecdh_params( ssl ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH length)" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||||
|
|
||||||
static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
@ -1335,6 +1387,21 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
||||||
((void) end);
|
((void) end);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_RSA ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_ECDSA )
|
||||||
|
{
|
||||||
|
ssl_get_ecdh_params_from_cert( ssl );
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
|
||||||
|
ssl->state++;
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
((void) p);
|
||||||
|
((void) end);
|
||||||
|
#endif
|
||||||
|
|
||||||
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "ssl_read_record", ret );
|
SSL_DEBUG_RET( 1, "ssl_read_record", ret );
|
||||||
|
@ -1852,9 +1919,13 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_RSA ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_ECDSA )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* ECDH key exchange -- send client public value
|
* ECDH key exchange -- send client public value
|
||||||
|
@ -1887,7 +1958,9 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
|
||||||
|
|
|
@ -1962,6 +1962,31 @@ static int ssl_write_certificate_request( ssl_context *ssl )
|
||||||
!POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
|
!POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
|
||||||
!POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
!POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||||
|
static int ssl_get_ecdh_params_from_cert( ssl_context *ssl )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if( ! pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_ECKEY ) )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
|
||||||
|
return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ret = ecdh_get_params( &ssl->handshake->ecdh_ctx,
|
||||||
|
pk_ec( *ssl_own_key( ssl ) ),
|
||||||
|
POLARSSL_ECDH_OURS ) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, ( "ecdh_get_params" ), ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||||
|
|
||||||
static int ssl_write_server_key_exchange( ssl_context *ssl )
|
static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
@ -1983,6 +2008,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||||
|
|
||||||
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
|
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK )
|
||||||
|
@ -1991,6 +2019,20 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_RSA ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_ECDSA )
|
||||||
|
{
|
||||||
|
ssl_get_ecdh_params_from_cert( ssl );
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
|
||||||
|
ssl->state++;
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
|
@ -2533,9 +2575,13 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||||
|
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
|
||||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_RSA ||
|
||||||
|
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_ECDSA )
|
||||||
{
|
{
|
||||||
size_t n = ssl->in_msg[3];
|
size_t n = ssl->in_msg[3];
|
||||||
|
|
||||||
|
@ -2555,6 +2601,10 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||||
|
|
||||||
SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
|
SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
|
||||||
|
|
||||||
|
SSL_DEBUG_MSG( 0, ( "ECDH: id %d", ssl->handshake->ecdh_ctx.grp.id ) );
|
||||||
|
SSL_DEBUG_ECP( 0, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
|
||||||
|
SSL_DEBUG_MPI( 0, "ECDH: d ", &ssl->handshake->ecdh_ctx.d );
|
||||||
|
|
||||||
if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
|
if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
|
||||||
&ssl->handshake->pmslen,
|
&ssl->handshake->pmslen,
|
||||||
ssl->handshake->premaster,
|
ssl->handshake->premaster,
|
||||||
|
@ -2569,7 +2619,9 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
||||||
|
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
|
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
|
||||||
{
|
{
|
||||||
|
|
|
@ -2316,11 +2316,13 @@ int ssl_send_alert_message( ssl_context *ssl,
|
||||||
/*
|
/*
|
||||||
* Handshake functions
|
* Handshake functions
|
||||||
*/
|
*/
|
||||||
#if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
|
#if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
|
||||||
!defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
|
!defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
|
||||||
!defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
!defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
||||||
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
|
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
|
||||||
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
|
||||||
|
!defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||||
|
!defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||||
int ssl_write_certificate( ssl_context *ssl )
|
int ssl_write_certificate( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
|
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||||
|
@ -2649,9 +2651,13 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED &&
|
#endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED
|
||||||
!POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED &&
|
!POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||||
!POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
|
!POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||||
|
!POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
!POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
|
!POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||||
|
!POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||||
|
|
||||||
int ssl_write_change_cipher_spec( ssl_context *ssl )
|
int ssl_write_change_cipher_spec( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
|
103
tests/compat.sh
103
tests/compat.sh
|
@ -120,6 +120,9 @@ echo "-----------"
|
||||||
for TYPE in $TYPES;
|
for TYPE in $TYPES;
|
||||||
do
|
do
|
||||||
|
|
||||||
|
P_CIPHERS=""
|
||||||
|
O_CIPHERS=""
|
||||||
|
|
||||||
case $TYPE in
|
case $TYPE in
|
||||||
|
|
||||||
"ECDSA")
|
"ECDSA")
|
||||||
|
@ -129,21 +132,34 @@ case $TYPE in
|
||||||
O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server5.crt -key data_files/server5.key"
|
O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server5.crt -key data_files/server5.key"
|
||||||
O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server6.crt -key data_files/server6.key"
|
O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server6.crt -key data_files/server6.key"
|
||||||
|
|
||||||
P_CIPHERS=" \
|
if [ "$MODE" != "ssl3" ];
|
||||||
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
|
then
|
||||||
TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
|
P_CIPHERS="$P_CIPHERS \
|
||||||
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
|
TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
|
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
||||||
"
|
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
|
||||||
|
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
|
||||||
|
TLS-ECDH-ECDSA-WITH-NULL-SHA \
|
||||||
|
TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
|
||||||
|
TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
||||||
|
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
|
||||||
|
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
|
||||||
|
"
|
||||||
|
|
||||||
O_CIPHERS=" \
|
O_CIPHERS="$O_CIPHERS \
|
||||||
ECDHE-ECDSA-NULL-SHA \
|
ECDHE-ECDSA-NULL-SHA \
|
||||||
ECDHE-ECDSA-RC4-SHA \
|
ECDHE-ECDSA-RC4-SHA \
|
||||||
ECDHE-ECDSA-DES-CBC3-SHA \
|
ECDHE-ECDSA-DES-CBC3-SHA \
|
||||||
ECDHE-ECDSA-AES128-SHA \
|
ECDHE-ECDSA-AES128-SHA \
|
||||||
ECDHE-ECDSA-AES256-SHA \
|
ECDHE-ECDSA-AES256-SHA \
|
||||||
"
|
ECDH-ECDSA-NULL-SHA \
|
||||||
|
ECDH-ECDSA-RC4-SHA \
|
||||||
|
ECDH-ECDSA-DES-CBC3-SHA \
|
||||||
|
ECDH-ECDSA-AES128-SHA \
|
||||||
|
ECDH-ECDSA-AES256-SHA \
|
||||||
|
"
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$MODE" = "tls1_2" ];
|
if [ "$MODE" = "tls1_2" ];
|
||||||
then
|
then
|
||||||
|
@ -152,13 +168,21 @@ case $TYPE in
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
|
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
|
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
|
||||||
|
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||||
|
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||||
|
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||||
|
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
|
||||||
"
|
"
|
||||||
|
|
||||||
O_CIPHERS=" \
|
O_CIPHERS="$O_CIPHERS \
|
||||||
ECDHE-ECDSA-AES128-SHA256 \
|
ECDHE-ECDSA-AES128-SHA256 \
|
||||||
ECDHE-ECDSA-AES256-SHA384 \
|
ECDHE-ECDSA-AES256-SHA384 \
|
||||||
ECDHE-ECDSA-AES128-GCM-SHA256 \
|
ECDHE-ECDSA-AES128-GCM-SHA256 \
|
||||||
ECDHE-ECDSA-AES256-GCM-SHA384 \
|
ECDHE-ECDSA-AES256-GCM-SHA384 \
|
||||||
|
ECDH-ECDSA-AES128-SHA256 \
|
||||||
|
ECDH-ECDSA-AES256-SHA384 \
|
||||||
|
ECDH-ECDSA-AES128-GCM-SHA256 \
|
||||||
|
ECDH-ECDSA-AES256-GCM-SHA384 \
|
||||||
"
|
"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -171,7 +195,7 @@ case $TYPE in
|
||||||
O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server1.crt -key data_files/server1.key"
|
O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server1.crt -key data_files/server1.key"
|
||||||
O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server2.crt -key data_files/server2.key"
|
O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server2.crt -key data_files/server2.key"
|
||||||
|
|
||||||
P_CIPHERS=" \
|
P_CIPHERS="$P_CIPHERS \
|
||||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
|
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
|
||||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
||||||
|
@ -188,14 +212,9 @@ case $TYPE in
|
||||||
TLS-RSA-WITH-NULL-SHA \
|
TLS-RSA-WITH-NULL-SHA \
|
||||||
TLS-RSA-WITH-DES-CBC-SHA \
|
TLS-RSA-WITH-DES-CBC-SHA \
|
||||||
TLS-DHE-RSA-WITH-DES-CBC-SHA \
|
TLS-DHE-RSA-WITH-DES-CBC-SHA \
|
||||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
|
|
||||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
|
|
||||||
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
|
||||||
TLS-ECDHE-RSA-WITH-RC4-128-SHA \
|
|
||||||
TLS-ECDHE-RSA-WITH-NULL-SHA \
|
|
||||||
"
|
"
|
||||||
|
|
||||||
O_CIPHERS=" \
|
O_CIPHERS="$O_CIPHERS \
|
||||||
DHE-RSA-AES128-SHA \
|
DHE-RSA-AES128-SHA \
|
||||||
DHE-RSA-AES256-SHA \
|
DHE-RSA-AES256-SHA \
|
||||||
DHE-RSA-CAMELLIA128-SHA \
|
DHE-RSA-CAMELLIA128-SHA \
|
||||||
|
@ -212,13 +231,27 @@ case $TYPE in
|
||||||
NULL-SHA \
|
NULL-SHA \
|
||||||
DES-CBC-SHA \
|
DES-CBC-SHA \
|
||||||
EDH-RSA-DES-CBC-SHA \
|
EDH-RSA-DES-CBC-SHA \
|
||||||
ECDHE-RSA-AES256-SHA \
|
|
||||||
ECDHE-RSA-AES128-SHA \
|
|
||||||
ECDHE-RSA-DES-CBC3-SHA \
|
|
||||||
ECDHE-RSA-RC4-SHA \
|
|
||||||
ECDHE-RSA-NULL-SHA \
|
|
||||||
"
|
"
|
||||||
|
|
||||||
|
if [ "$MODE" != "ssl3" ];
|
||||||
|
then
|
||||||
|
P_CIPHERS="$P_CIPHERS \
|
||||||
|
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
|
||||||
|
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
|
||||||
|
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||||
|
TLS-ECDHE-RSA-WITH-RC4-128-SHA \
|
||||||
|
TLS-ECDHE-RSA-WITH-NULL-SHA \
|
||||||
|
"
|
||||||
|
|
||||||
|
O_CIPHERS="$O_CIPHERS \
|
||||||
|
ECDHE-RSA-AES256-SHA \
|
||||||
|
ECDHE-RSA-AES128-SHA \
|
||||||
|
ECDHE-RSA-DES-CBC3-SHA \
|
||||||
|
ECDHE-RSA-RC4-SHA \
|
||||||
|
ECDHE-RSA-NULL-SHA \
|
||||||
|
"
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$MODE" = "tls1_2" ];
|
if [ "$MODE" = "tls1_2" ];
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
P_CIPHERS="$P_CIPHERS \
|
||||||
|
@ -264,14 +297,14 @@ case $TYPE in
|
||||||
O_SERVER_ARGS="$O_SERVER_BASE -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
|
O_SERVER_ARGS="$O_SERVER_BASE -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
|
||||||
O_CLIENT_ARGS="$O_CLIENT_BASE -psk 6162636465666768696a6b6c6d6e6f70"
|
O_CLIENT_ARGS="$O_CLIENT_BASE -psk 6162636465666768696a6b6c6d6e6f70"
|
||||||
|
|
||||||
P_CIPHERS=" \
|
P_CIPHERS="$P_CIPHERS \
|
||||||
TLS-PSK-WITH-RC4-128-SHA \
|
TLS-PSK-WITH-RC4-128-SHA \
|
||||||
TLS-PSK-WITH-3DES-EDE-CBC-SHA \
|
TLS-PSK-WITH-3DES-EDE-CBC-SHA \
|
||||||
TLS-PSK-WITH-AES-128-CBC-SHA \
|
TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||||
TLS-PSK-WITH-AES-256-CBC-SHA \
|
TLS-PSK-WITH-AES-256-CBC-SHA \
|
||||||
"
|
"
|
||||||
|
|
||||||
O_CIPHERS=" \
|
O_CIPHERS="$O_CIPHERS \
|
||||||
PSK-RC4-SHA \
|
PSK-RC4-SHA \
|
||||||
PSK-3DES-EDE-CBC-SHA \
|
PSK-3DES-EDE-CBC-SHA \
|
||||||
PSK-AES128-CBC-SHA \
|
PSK-AES128-CBC-SHA \
|
||||||
|
@ -374,6 +407,18 @@ case $TYPE in
|
||||||
P_CIPHERS="$P_CIPHERS \
|
P_CIPHERS="$P_CIPHERS \
|
||||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
|
"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$MODE" = "tls1_2" ];
|
||||||
|
then
|
||||||
|
P_CIPHERS="$P_CIPHERS \
|
||||||
|
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
|
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||||
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||||
"
|
"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue