Coverage Report

Created: 2022-08-24 06:37

/src/wolfssl-sp-math-all-8bit/src/keys.c
Line
Count
Source (jump to first uncovered line)
1
/* keys.c
2
 *
3
 * Copyright (C) 2006-2022 wolfSSL Inc.
4
 *
5
 * This file is part of wolfSSL.
6
 *
7
 * wolfSSL is free software; you can redistribute it and/or modify
8
 * it under the terms of the GNU General Public License as published by
9
 * the Free Software Foundation; either version 2 of the License, or
10
 * (at your option) any later version.
11
 *
12
 * wolfSSL is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
 * GNU General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU General Public License
18
 * along with this program; if not, write to the Free Software
19
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20
 */
21
22
23
/* Name change compatibility layer no longer needs to be included here */
24
25
#ifdef HAVE_CONFIG_H
26
    #include <config.h>
27
#endif
28
29
#include <wolfssl/wolfcrypt/settings.h>
30
31
#ifndef WOLFCRYPT_ONLY
32
33
#include <wolfssl/internal.h>
34
#include <wolfssl/error-ssl.h>
35
#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
36
    #ifndef NO_STDIO_FILESYSTEM
37
        #include <stdio.h>
38
    #endif
39
#endif
40
41
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
42
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
43
#endif
44
45
int SetCipherSpecs(WOLFSSL* ssl)
46
0
{
47
0
#ifndef NO_WOLFSSL_CLIENT
48
0
    if (ssl->options.side == WOLFSSL_CLIENT_END) {
49
        /* server side verified before SetCipherSpecs call */
50
0
        if (VerifyClientSuite(ssl) != 1) {
51
0
            WOLFSSL_MSG("SetCipherSpecs() client has an unusable suite");
52
0
            WOLFSSL_ERROR_VERBOSE(UNSUPPORTED_SUITE);
53
0
            return UNSUPPORTED_SUITE;
54
0
        }
55
0
    }
56
0
#endif /* NO_WOLFSSL_CLIENT */
57
58
    /* Chacha extensions, 0xcc */
59
0
    if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
60
61
0
    switch (ssl->options.cipherSuite) {
62
0
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
63
0
    case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
64
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
65
0
        ssl->specs.cipher_type           = aead;
66
0
        ssl->specs.mac_algorithm         = sha256_mac;
67
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
68
0
        ssl->specs.sig_algo              = rsa_sa_algo;
69
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
70
0
        ssl->specs.pad_size              = PAD_SHA;
71
0
        ssl->specs.static_ecdh           = 0;
72
0
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
73
0
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
74
0
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
75
0
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
76
0
        ssl->options.oldPoly             = 1; /* use old poly1305 padding */
77
78
0
        break;
79
0
#endif
80
81
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
82
0
    case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
83
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
84
0
        ssl->specs.cipher_type           = aead;
85
0
        ssl->specs.mac_algorithm         = sha256_mac;
86
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
87
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
88
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
89
0
        ssl->specs.pad_size              = PAD_SHA;
90
0
        ssl->specs.static_ecdh           = 0;
91
0
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
92
0
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
93
0
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
94
0
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
95
0
        ssl->options.oldPoly             = 1; /* use old poly1305 padding */
96
97
0
        break;
98
0
#endif
99
100
0
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
101
0
    case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
102
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
103
0
        ssl->specs.cipher_type           = aead;
104
0
        ssl->specs.mac_algorithm         = sha256_mac;
105
0
        ssl->specs.kea                   = diffie_hellman_kea;
106
0
        ssl->specs.sig_algo              = rsa_sa_algo;
107
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
108
0
        ssl->specs.pad_size              = PAD_SHA;
109
0
        ssl->specs.static_ecdh           = 0;
110
0
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
111
0
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
112
0
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
113
0
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
114
0
        ssl->options.oldPoly             = 1; /* use old poly1305 padding */
115
116
0
        break;
117
0
#endif
118
0
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
119
0
    case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
120
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
121
0
        ssl->specs.cipher_type           = aead;
122
0
        ssl->specs.mac_algorithm         = sha256_mac;
123
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
124
0
        ssl->specs.sig_algo              = rsa_sa_algo;
125
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
126
0
        ssl->specs.pad_size              = PAD_SHA;
127
0
        ssl->specs.static_ecdh           = 0;
128
0
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
129
0
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
130
0
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
131
0
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
132
0
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
133
134
0
        break;
135
0
#endif
136
137
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
138
0
    case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
139
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
140
0
        ssl->specs.cipher_type           = aead;
141
0
        ssl->specs.mac_algorithm         = sha256_mac;
142
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
143
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
144
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
145
0
        ssl->specs.pad_size              = PAD_SHA;
146
0
        ssl->specs.static_ecdh           = 0;
147
0
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
148
0
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
149
0
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
150
0
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
151
0
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
152
153
0
        break;
154
0
#endif
155
156
0
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
157
0
    case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
158
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
159
0
        ssl->specs.cipher_type           = aead;
160
0
        ssl->specs.mac_algorithm         = sha256_mac;
161
0
        ssl->specs.kea                   = diffie_hellman_kea;
162
0
        ssl->specs.sig_algo              = rsa_sa_algo;
163
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
164
0
        ssl->specs.pad_size              = PAD_SHA;
165
0
        ssl->specs.static_ecdh           = 0;
166
0
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
167
0
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
168
0
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
169
0
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
170
0
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
171
172
0
        break;
173
0
#endif
174
175
#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
176
    case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256:
177
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
178
        ssl->specs.cipher_type           = aead;
179
        ssl->specs.mac_algorithm         = sha256_mac;
180
        ssl->specs.kea                   = psk_kea;
181
        ssl->specs.sig_algo              = anonymous_sa_algo;
182
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
183
        ssl->specs.pad_size              = PAD_SHA;
184
        ssl->specs.static_ecdh           = 0;
185
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
186
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
187
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
188
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
189
190
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
191
        ssl->options.usingPSK_cipher     = 1;
192
        break;
193
#endif
194
195
#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
196
    case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
197
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
198
        ssl->specs.cipher_type           = aead;
199
        ssl->specs.mac_algorithm         = sha256_mac;
200
        ssl->specs.kea                   = ecdhe_psk_kea;
201
        ssl->specs.sig_algo              = anonymous_sa_algo;
202
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
203
        ssl->specs.pad_size              = PAD_SHA;
204
        ssl->specs.static_ecdh           = 0;
205
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
206
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
207
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
208
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
209
210
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
211
        ssl->options.usingPSK_cipher     = 1;
212
        break;
213
#endif
214
215
#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
216
    case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
217
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
218
        ssl->specs.cipher_type           = aead;
219
        ssl->specs.mac_algorithm         = sha256_mac;
220
        ssl->specs.kea                   = dhe_psk_kea;
221
        ssl->specs.sig_algo              = anonymous_sa_algo;
222
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
223
        ssl->specs.pad_size              = PAD_SHA;
224
        ssl->specs.static_ecdh           = 0;
225
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
226
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
227
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
228
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
229
230
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
231
        ssl->options.usingPSK_cipher     = 1;
232
        break;
233
#endif
234
0
    default:
235
0
        WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
236
0
        return UNSUPPORTED_SUITE;
237
0
    }
238
0
    }
239
240
    /* ECC extensions, AES-CCM or TLS 1.3 Integrity-only */
241
0
    if (ssl->options.cipherSuite0 == ECC_BYTE) {
242
243
0
    switch (ssl->options.cipherSuite) {
244
245
0
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
246
247
0
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
248
0
    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
249
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
250
0
        ssl->specs.cipher_type           = block;
251
0
        ssl->specs.mac_algorithm         = sha256_mac;
252
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
253
0
        ssl->specs.sig_algo              = rsa_sa_algo;
254
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
255
0
        ssl->specs.pad_size              = PAD_SHA;
256
0
        ssl->specs.static_ecdh           = 0;
257
0
        ssl->specs.key_size              = AES_128_KEY_SIZE;
258
0
        ssl->specs.iv_size               = AES_IV_SIZE;
259
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
260
261
0
        break;
262
0
#endif
263
264
0
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
265
0
    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
266
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
267
0
        ssl->specs.cipher_type           = block;
268
0
        ssl->specs.mac_algorithm         = sha384_mac;
269
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
270
0
        ssl->specs.sig_algo              = rsa_sa_algo;
271
0
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
272
0
        ssl->specs.pad_size              = PAD_SHA;
273
0
        ssl->specs.static_ecdh           = 0;
274
0
        ssl->specs.key_size              = AES_256_KEY_SIZE;
275
0
        ssl->specs.iv_size               = AES_IV_SIZE;
276
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
277
278
0
        break;
279
0
#endif
280
281
0
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
282
0
    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
283
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
284
0
        ssl->specs.cipher_type           = block;
285
0
        ssl->specs.mac_algorithm         = sha_mac;
286
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
287
0
        ssl->specs.sig_algo              = rsa_sa_algo;
288
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
289
0
        ssl->specs.pad_size              = PAD_SHA;
290
0
        ssl->specs.static_ecdh           = 0;
291
0
        ssl->specs.key_size              = AES_128_KEY_SIZE;
292
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
293
0
        ssl->specs.iv_size               = AES_IV_SIZE;
294
295
0
        break;
296
0
#endif
297
298
0
#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
299
0
    case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
300
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
301
0
        ssl->specs.cipher_type           = block;
302
0
        ssl->specs.mac_algorithm         = sha_mac;
303
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
304
0
        ssl->specs.sig_algo              = rsa_sa_algo;
305
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
306
0
        ssl->specs.pad_size              = PAD_SHA;
307
0
        ssl->specs.static_ecdh           = 0;
308
0
        ssl->specs.key_size              = DES3_KEY_SIZE;
309
0
        ssl->specs.block_size            = DES_BLOCK_SIZE;
310
/* DES_IV_SIZE is incorrectly 16 in FIPS v2. It should be 8, same as the
311
 * block size. */
312
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
313
        ssl->specs.iv_size               = DES_BLOCK_SIZE;
314
#else
315
0
        ssl->specs.iv_size               = DES_IV_SIZE;
316
0
#endif
317
318
0
        break;
319
0
#endif
320
321
0
#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
322
0
    case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
323
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
324
0
        ssl->specs.cipher_type           = stream;
325
0
        ssl->specs.mac_algorithm         = sha_mac;
326
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
327
0
        ssl->specs.sig_algo              = rsa_sa_algo;
328
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
329
0
        ssl->specs.pad_size              = PAD_SHA;
330
0
        ssl->specs.static_ecdh           = 0;
331
0
        ssl->specs.key_size              = RC4_KEY_SIZE;
332
0
        ssl->specs.iv_size               = 0;
333
0
        ssl->specs.block_size            = 0;
334
335
0
        break;
336
0
#endif
337
338
0
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
339
0
    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
340
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
341
0
        ssl->specs.cipher_type           = block;
342
0
        ssl->specs.mac_algorithm         = sha_mac;
343
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
344
0
        ssl->specs.sig_algo              = rsa_sa_algo;
345
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
346
0
        ssl->specs.pad_size              = PAD_SHA;
347
0
        ssl->specs.static_ecdh           = 0;
348
0
        ssl->specs.key_size              = AES_256_KEY_SIZE;
349
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
350
0
        ssl->specs.iv_size               = AES_IV_SIZE;
351
352
0
        break;
353
0
#endif
354
355
0
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
356
0
    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
357
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
358
0
        ssl->specs.cipher_type           = aead;
359
0
        ssl->specs.mac_algorithm         = sha256_mac;
360
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
361
0
        ssl->specs.sig_algo              = rsa_sa_algo;
362
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
363
0
        ssl->specs.pad_size              = PAD_SHA;
364
0
        ssl->specs.static_ecdh           = 0;
365
0
        ssl->specs.key_size              = AES_128_KEY_SIZE;
366
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
367
0
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
368
0
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
369
370
0
        break;
371
0
#endif
372
373
0
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
374
0
    case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
375
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
376
0
        ssl->specs.cipher_type           = aead;
377
0
        ssl->specs.mac_algorithm         = sha384_mac;
378
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
379
0
        ssl->specs.sig_algo              = rsa_sa_algo;
380
0
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
381
0
        ssl->specs.pad_size              = PAD_SHA;
382
0
        ssl->specs.static_ecdh           = 0;
383
0
        ssl->specs.key_size              = AES_256_KEY_SIZE;
384
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
385
0
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
386
0
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
387
388
0
        break;
389
0
#endif
390
391
#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
392
    case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
393
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
394
        ssl->specs.cipher_type           = stream;
395
        ssl->specs.mac_algorithm         = sha256_mac;
396
        ssl->specs.kea                   = ecdhe_psk_kea;
397
        ssl->specs.sig_algo              = anonymous_sa_algo;
398
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
399
        ssl->specs.pad_size              = PAD_SHA;
400
        ssl->specs.static_ecdh           = 0;
401
        ssl->specs.key_size              = 0;
402
        ssl->specs.block_size            = 0;
403
        ssl->specs.iv_size               = 0;
404
405
        ssl->options.usingPSK_cipher     = 1;
406
        break;
407
#endif
408
409
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
410
    case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
411
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
412
        ssl->specs.cipher_type           = block;
413
        ssl->specs.mac_algorithm         = sha256_mac;
414
        ssl->specs.kea                   = ecdhe_psk_kea;
415
        ssl->specs.sig_algo              = anonymous_sa_algo;
416
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
417
        ssl->specs.pad_size              = PAD_SHA;
418
        ssl->specs.static_ecdh           = 0;
419
        ssl->specs.key_size              = AES_128_KEY_SIZE;
420
        ssl->specs.block_size            = AES_BLOCK_SIZE;
421
        ssl->specs.iv_size               = AES_IV_SIZE;
422
423
        ssl->options.usingPSK_cipher     = 1;
424
        break;
425
#endif
426
427
0
#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
428
429
0
#if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \
430
0
                      || (defined(HAVE_CURVE448) && defined(HAVE_ED448))
431
432
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
433
0
    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
434
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
435
0
        ssl->specs.cipher_type           = block;
436
0
        ssl->specs.mac_algorithm         = sha256_mac;
437
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
438
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
439
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
440
0
        ssl->specs.pad_size              = PAD_SHA;
441
0
        ssl->specs.static_ecdh           = 0;
442
0
        ssl->specs.key_size              = AES_128_KEY_SIZE;
443
0
        ssl->specs.iv_size               = AES_IV_SIZE;
444
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
445
446
0
        break;
447
0
#endif
448
449
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
450
0
    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
451
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
452
0
        ssl->specs.cipher_type           = block;
453
0
        ssl->specs.mac_algorithm         = sha384_mac;
454
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
455
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
456
0
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
457
0
        ssl->specs.pad_size              = PAD_SHA;
458
0
        ssl->specs.static_ecdh           = 0;
459
0
        ssl->specs.key_size              = AES_256_KEY_SIZE;
460
0
        ssl->specs.iv_size               = AES_IV_SIZE;
461
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
462
463
0
        break;
464
0
#endif
465
466
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
467
0
    case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
468
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
469
0
        ssl->specs.cipher_type           = block;
470
0
        ssl->specs.mac_algorithm         = sha_mac;
471
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
472
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
473
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
474
0
        ssl->specs.pad_size              = PAD_SHA;
475
0
        ssl->specs.static_ecdh           = 0;
476
0
        ssl->specs.key_size              = DES3_KEY_SIZE;
477
0
        ssl->specs.block_size            = DES_BLOCK_SIZE;
478
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
479
        ssl->specs.iv_size               = DES_BLOCK_SIZE;
480
#else
481
0
        ssl->specs.iv_size               = DES_IV_SIZE;
482
0
#endif
483
484
0
        break;
485
0
#endif
486
487
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
488
0
    case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
489
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
490
0
        ssl->specs.cipher_type           = stream;
491
0
        ssl->specs.mac_algorithm         = sha_mac;
492
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
493
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
494
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
495
0
        ssl->specs.pad_size              = PAD_SHA;
496
0
        ssl->specs.static_ecdh           = 0;
497
0
        ssl->specs.key_size              = RC4_KEY_SIZE;
498
0
        ssl->specs.iv_size               = 0;
499
0
        ssl->specs.block_size            = 0;
500
501
0
        break;
502
0
#endif
503
504
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
505
0
    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
506
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
507
0
        ssl->specs.cipher_type           = block;
508
0
        ssl->specs.mac_algorithm         = sha_mac;
509
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
510
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
511
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
512
0
        ssl->specs.pad_size              = PAD_SHA;
513
0
        ssl->specs.static_ecdh           = 0;
514
0
        ssl->specs.key_size              = AES_128_KEY_SIZE;
515
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
516
0
        ssl->specs.iv_size               = AES_IV_SIZE;
517
518
0
        break;
519
0
#endif
520
521
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
522
0
    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
523
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
524
0
        ssl->specs.cipher_type           = block;
525
0
        ssl->specs.mac_algorithm         = sha_mac;
526
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
527
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
528
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
529
0
        ssl->specs.pad_size              = PAD_SHA;
530
0
        ssl->specs.static_ecdh           = 0;
531
0
        ssl->specs.key_size              = AES_256_KEY_SIZE;
532
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
533
0
        ssl->specs.iv_size               = AES_IV_SIZE;
534
535
0
        break;
536
0
#endif
537
538
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
539
0
    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
540
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
541
0
        ssl->specs.cipher_type           = aead;
542
0
        ssl->specs.mac_algorithm         = sha256_mac;
543
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
544
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
545
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
546
0
        ssl->specs.pad_size              = PAD_SHA;
547
0
        ssl->specs.static_ecdh           = 0;
548
0
        ssl->specs.key_size              = AES_128_KEY_SIZE;
549
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
550
0
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
551
0
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
552
553
0
        break;
554
0
#endif
555
556
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
557
0
    case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
558
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
559
0
        ssl->specs.cipher_type           = aead;
560
0
        ssl->specs.mac_algorithm         = sha384_mac;
561
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
562
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
563
0
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
564
0
        ssl->specs.pad_size              = PAD_SHA;
565
0
        ssl->specs.static_ecdh           = 0;
566
0
        ssl->specs.key_size              = AES_256_KEY_SIZE;
567
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
568
0
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
569
0
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
570
571
0
        break;
572
0
#endif
573
574
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
575
0
    case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
576
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
577
0
        ssl->specs.cipher_type           = aead;
578
0
        ssl->specs.mac_algorithm         = sha256_mac;
579
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
580
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
581
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
582
0
        ssl->specs.pad_size              = PAD_SHA;
583
0
        ssl->specs.static_ecdh           = 0;
584
0
        ssl->specs.key_size              = AES_128_KEY_SIZE;
585
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
586
0
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
587
0
        ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
588
589
0
        break;
590
0
#endif
591
592
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
593
0
    case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
594
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
595
0
        ssl->specs.cipher_type           = aead;
596
0
        ssl->specs.mac_algorithm         = sha256_mac;
597
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
598
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
599
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
600
0
        ssl->specs.pad_size              = PAD_SHA;
601
0
        ssl->specs.static_ecdh           = 0;
602
0
        ssl->specs.key_size              = AES_128_KEY_SIZE;
603
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
604
0
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
605
0
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
606
607
0
        break;
608
0
#endif
609
610
0
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
611
0
    case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
612
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
613
0
        ssl->specs.cipher_type           = aead;
614
0
        ssl->specs.mac_algorithm         = sha256_mac;
615
0
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
616
0
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
617
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
618
0
        ssl->specs.pad_size              = PAD_SHA;
619
0
        ssl->specs.static_ecdh           = 0;
620
0
        ssl->specs.key_size              = AES_256_KEY_SIZE;
621
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
622
0
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
623
0
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
624
625
0
        break;
626
0
#endif
627
628
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
629
    case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
630
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
631
        ssl->specs.cipher_type           = stream;
632
        ssl->specs.mac_algorithm         = sha_mac;
633
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
634
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
635
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
636
        ssl->specs.pad_size              = PAD_SHA;
637
        ssl->specs.static_ecdh           = 0;
638
        ssl->specs.key_size              = 0;
639
        ssl->specs.block_size            = 0;
640
        ssl->specs.iv_size               = 0;
641
642
    break;
643
#endif
644
645
0
#endif /* HAVE_ECC || (CURVE25519 && ED25519) || (CURVE448 && ED448) */
646
647
0
#if defined(HAVE_ECC)
648
649
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
650
    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
651
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
652
        ssl->specs.cipher_type           = block;
653
        ssl->specs.mac_algorithm         = sha256_mac;
654
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
655
        ssl->specs.sig_algo              = rsa_sa_algo;
656
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
657
        ssl->specs.pad_size              = PAD_SHA;
658
        ssl->specs.static_ecdh           = 1;
659
        ssl->specs.key_size              = AES_128_KEY_SIZE;
660
        ssl->specs.iv_size               = AES_IV_SIZE;
661
        ssl->specs.block_size            = AES_BLOCK_SIZE;
662
663
        break;
664
#endif
665
666
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
667
    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
668
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
669
        ssl->specs.cipher_type           = block;
670
        ssl->specs.mac_algorithm         = sha256_mac;
671
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
672
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
673
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
674
        ssl->specs.pad_size              = PAD_SHA;
675
        ssl->specs.static_ecdh           = 1;
676
        ssl->specs.key_size              = AES_128_KEY_SIZE;
677
        ssl->specs.iv_size               = AES_IV_SIZE;
678
        ssl->specs.block_size            = AES_BLOCK_SIZE;
679
680
        break;
681
#endif
682
683
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
684
    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
685
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
686
        ssl->specs.cipher_type           = block;
687
        ssl->specs.mac_algorithm         = sha384_mac;
688
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
689
        ssl->specs.sig_algo              = rsa_sa_algo;
690
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
691
        ssl->specs.pad_size              = PAD_SHA;
692
        ssl->specs.static_ecdh           = 1;
693
        ssl->specs.key_size              = AES_256_KEY_SIZE;
694
        ssl->specs.iv_size               = AES_IV_SIZE;
695
        ssl->specs.block_size            = AES_BLOCK_SIZE;
696
697
        break;
698
#endif
699
700
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
701
    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
702
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
703
        ssl->specs.cipher_type           = block;
704
        ssl->specs.mac_algorithm         = sha384_mac;
705
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
706
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
707
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
708
        ssl->specs.pad_size              = PAD_SHA;
709
        ssl->specs.static_ecdh           = 1;
710
        ssl->specs.key_size              = AES_256_KEY_SIZE;
711
        ssl->specs.iv_size               = AES_IV_SIZE;
712
        ssl->specs.block_size            = AES_BLOCK_SIZE;
713
714
        break;
715
#endif
716
717
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
718
    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
719
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
720
        ssl->specs.cipher_type           = block;
721
        ssl->specs.mac_algorithm         = sha_mac;
722
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
723
        ssl->specs.sig_algo              = rsa_sa_algo;
724
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
725
        ssl->specs.pad_size              = PAD_SHA;
726
        ssl->specs.static_ecdh           = 1;
727
        ssl->specs.key_size              = AES_128_KEY_SIZE;
728
        ssl->specs.block_size            = AES_BLOCK_SIZE;
729
        ssl->specs.iv_size               = AES_IV_SIZE;
730
731
        break;
732
#endif
733
734
#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
735
    case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
736
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
737
        ssl->specs.cipher_type           = block;
738
        ssl->specs.mac_algorithm         = sha_mac;
739
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
740
        ssl->specs.sig_algo              = rsa_sa_algo;
741
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
742
        ssl->specs.pad_size              = PAD_SHA;
743
        ssl->specs.static_ecdh           = 1;
744
        ssl->specs.key_size              = DES3_KEY_SIZE;
745
        ssl->specs.block_size            = DES_BLOCK_SIZE;
746
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
747
        ssl->specs.iv_size               = DES_BLOCK_SIZE;
748
#else
749
        ssl->specs.iv_size               = DES_IV_SIZE;
750
#endif
751
752
        break;
753
#endif
754
755
#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
756
    case TLS_ECDH_RSA_WITH_RC4_128_SHA :
757
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
758
        ssl->specs.cipher_type           = stream;
759
        ssl->specs.mac_algorithm         = sha_mac;
760
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
761
        ssl->specs.sig_algo              = rsa_sa_algo;
762
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
763
        ssl->specs.pad_size              = PAD_SHA;
764
        ssl->specs.static_ecdh           = 1;
765
        ssl->specs.key_size              = RC4_KEY_SIZE;
766
        ssl->specs.iv_size               = 0;
767
        ssl->specs.block_size            = 0;
768
769
        break;
770
#endif
771
772
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
773
    case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
774
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
775
        ssl->specs.cipher_type           = block;
776
        ssl->specs.mac_algorithm         = sha_mac;
777
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
778
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
779
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
780
        ssl->specs.pad_size              = PAD_SHA;
781
        ssl->specs.static_ecdh           = 1;
782
        ssl->specs.key_size              = DES3_KEY_SIZE;
783
        ssl->specs.block_size            = DES_BLOCK_SIZE;
784
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
785
        ssl->specs.iv_size               = DES_BLOCK_SIZE;
786
#else
787
        ssl->specs.iv_size               = DES_IV_SIZE;
788
#endif
789
790
        break;
791
#endif
792
793
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
794
    case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
795
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
796
        ssl->specs.cipher_type           = stream;
797
        ssl->specs.mac_algorithm         = sha_mac;
798
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
799
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
800
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
801
        ssl->specs.pad_size              = PAD_SHA;
802
        ssl->specs.static_ecdh           = 1;
803
        ssl->specs.key_size              = RC4_KEY_SIZE;
804
        ssl->specs.iv_size               = 0;
805
        ssl->specs.block_size            = 0;
806
807
        break;
808
#endif
809
810
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
811
    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
812
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
813
        ssl->specs.cipher_type           = block;
814
        ssl->specs.mac_algorithm         = sha_mac;
815
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
816
        ssl->specs.sig_algo              = rsa_sa_algo;
817
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
818
        ssl->specs.pad_size              = PAD_SHA;
819
        ssl->specs.static_ecdh           = 1;
820
        ssl->specs.key_size              = AES_256_KEY_SIZE;
821
        ssl->specs.block_size            = AES_BLOCK_SIZE;
822
        ssl->specs.iv_size               = AES_IV_SIZE;
823
824
        break;
825
#endif
826
827
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
828
    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
829
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
830
        ssl->specs.cipher_type           = block;
831
        ssl->specs.mac_algorithm         = sha_mac;
832
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
833
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
834
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
835
        ssl->specs.pad_size              = PAD_SHA;
836
        ssl->specs.static_ecdh           = 1;
837
        ssl->specs.key_size              = AES_128_KEY_SIZE;
838
        ssl->specs.block_size            = AES_BLOCK_SIZE;
839
        ssl->specs.iv_size               = AES_IV_SIZE;
840
841
        break;
842
#endif
843
844
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
845
    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
846
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
847
        ssl->specs.cipher_type           = block;
848
        ssl->specs.mac_algorithm         = sha_mac;
849
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
850
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
851
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
852
        ssl->specs.pad_size              = PAD_SHA;
853
        ssl->specs.static_ecdh           = 1;
854
        ssl->specs.key_size              = AES_256_KEY_SIZE;
855
        ssl->specs.block_size            = AES_BLOCK_SIZE;
856
        ssl->specs.iv_size               = AES_IV_SIZE;
857
858
        break;
859
#endif
860
861
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
862
    case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
863
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
864
        ssl->specs.cipher_type           = aead;
865
        ssl->specs.mac_algorithm         = sha256_mac;
866
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
867
        ssl->specs.sig_algo              = rsa_sa_algo;
868
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
869
        ssl->specs.pad_size              = PAD_SHA;
870
        ssl->specs.static_ecdh           = 1;
871
        ssl->specs.key_size              = AES_128_KEY_SIZE;
872
        ssl->specs.block_size            = AES_BLOCK_SIZE;
873
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
874
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
875
876
        break;
877
#endif
878
879
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
880
    case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
881
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
882
        ssl->specs.cipher_type           = aead;
883
        ssl->specs.mac_algorithm         = sha384_mac;
884
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
885
        ssl->specs.sig_algo              = rsa_sa_algo;
886
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
887
        ssl->specs.pad_size              = PAD_SHA;
888
        ssl->specs.static_ecdh           = 1;
889
        ssl->specs.key_size              = AES_256_KEY_SIZE;
890
        ssl->specs.block_size            = AES_BLOCK_SIZE;
891
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
892
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
893
894
        break;
895
#endif
896
897
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
898
    case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
899
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
900
        ssl->specs.cipher_type           = aead;
901
        ssl->specs.mac_algorithm         = sha256_mac;
902
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
903
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
904
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
905
        ssl->specs.pad_size              = PAD_SHA;
906
        ssl->specs.static_ecdh           = 1;
907
        ssl->specs.key_size              = AES_128_KEY_SIZE;
908
        ssl->specs.block_size            = AES_BLOCK_SIZE;
909
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
910
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
911
912
        break;
913
#endif
914
915
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
916
    case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
917
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
918
        ssl->specs.cipher_type           = aead;
919
        ssl->specs.mac_algorithm         = sha384_mac;
920
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
921
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
922
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
923
        ssl->specs.pad_size              = PAD_SHA;
924
        ssl->specs.static_ecdh           = 1;
925
        ssl->specs.key_size              = AES_256_KEY_SIZE;
926
        ssl->specs.block_size            = AES_BLOCK_SIZE;
927
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
928
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
929
930
        break;
931
#endif
932
933
0
#endif /* HAVE_ECC */
934
935
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
936
    case TLS_RSA_WITH_AES_128_CCM_8 :
937
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
938
        ssl->specs.cipher_type           = aead;
939
        ssl->specs.mac_algorithm         = sha256_mac;
940
        ssl->specs.kea                   = rsa_kea;
941
        ssl->specs.sig_algo              = rsa_sa_algo;
942
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
943
        ssl->specs.pad_size              = PAD_SHA;
944
        ssl->specs.static_ecdh           = 0;
945
        ssl->specs.key_size              = AES_128_KEY_SIZE;
946
        ssl->specs.block_size            = AES_BLOCK_SIZE;
947
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
948
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
949
950
        break;
951
#endif
952
953
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
954
    case TLS_RSA_WITH_AES_256_CCM_8 :
955
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
956
        ssl->specs.cipher_type           = aead;
957
        ssl->specs.mac_algorithm         = sha256_mac;
958
        ssl->specs.kea                   = rsa_kea;
959
        ssl->specs.sig_algo              = rsa_sa_algo;
960
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
961
        ssl->specs.pad_size              = PAD_SHA;
962
        ssl->specs.static_ecdh           = 0;
963
        ssl->specs.key_size              = AES_256_KEY_SIZE;
964
        ssl->specs.block_size            = AES_BLOCK_SIZE;
965
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
966
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
967
968
        break;
969
#endif
970
971
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
972
    case TLS_PSK_WITH_AES_128_CCM_8 :
973
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
974
        ssl->specs.cipher_type           = aead;
975
        ssl->specs.mac_algorithm         = sha256_mac;
976
        ssl->specs.kea                   = psk_kea;
977
        ssl->specs.sig_algo              = anonymous_sa_algo;
978
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
979
        ssl->specs.pad_size              = PAD_SHA;
980
        ssl->specs.static_ecdh           = 0;
981
        ssl->specs.key_size              = AES_128_KEY_SIZE;
982
        ssl->specs.block_size            = AES_BLOCK_SIZE;
983
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
984
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
985
986
        ssl->options.usingPSK_cipher     = 1;
987
        break;
988
#endif
989
990
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
991
    case TLS_PSK_WITH_AES_256_CCM_8 :
992
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
993
        ssl->specs.cipher_type           = aead;
994
        ssl->specs.mac_algorithm         = sha256_mac;
995
        ssl->specs.kea                   = psk_kea;
996
        ssl->specs.sig_algo              = anonymous_sa_algo;
997
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
998
        ssl->specs.pad_size              = PAD_SHA;
999
        ssl->specs.static_ecdh           = 0;
1000
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1001
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1002
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1003
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
1004
1005
        ssl->options.usingPSK_cipher     = 1;
1006
        break;
1007
#endif
1008
1009
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
1010
    case TLS_PSK_WITH_AES_128_CCM :
1011
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1012
        ssl->specs.cipher_type           = aead;
1013
        ssl->specs.mac_algorithm         = sha256_mac;
1014
        ssl->specs.kea                   = psk_kea;
1015
        ssl->specs.sig_algo              = anonymous_sa_algo;
1016
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1017
        ssl->specs.pad_size              = PAD_SHA;
1018
        ssl->specs.static_ecdh           = 0;
1019
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1020
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1021
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1022
        ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
1023
1024
        ssl->options.usingPSK_cipher     = 1;
1025
        break;
1026
#endif
1027
1028
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
1029
    case TLS_PSK_WITH_AES_256_CCM :
1030
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1031
        ssl->specs.cipher_type           = aead;
1032
        ssl->specs.mac_algorithm         = sha256_mac;
1033
        ssl->specs.kea                   = psk_kea;
1034
        ssl->specs.sig_algo              = anonymous_sa_algo;
1035
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1036
        ssl->specs.pad_size              = PAD_SHA;
1037
        ssl->specs.static_ecdh           = 0;
1038
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1039
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1040
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1041
        ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
1042
1043
        ssl->options.usingPSK_cipher     = 1;
1044
        break;
1045
#endif
1046
1047
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
1048
    case TLS_DHE_PSK_WITH_AES_128_CCM :
1049
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1050
        ssl->specs.cipher_type           = aead;
1051
        ssl->specs.mac_algorithm         = sha256_mac;
1052
        ssl->specs.kea                   = dhe_psk_kea;
1053
        ssl->specs.sig_algo              = anonymous_sa_algo;
1054
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1055
        ssl->specs.pad_size              = PAD_SHA;
1056
        ssl->specs.static_ecdh           = 0;
1057
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1058
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1059
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1060
        ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
1061
1062
        ssl->options.usingPSK_cipher     = 1;
1063
        break;
1064
#endif
1065
1066
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
1067
    case TLS_DHE_PSK_WITH_AES_256_CCM :
1068
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1069
        ssl->specs.cipher_type           = aead;
1070
        ssl->specs.mac_algorithm         = sha256_mac;
1071
        ssl->specs.kea                   = dhe_psk_kea;
1072
        ssl->specs.sig_algo              = anonymous_sa_algo;
1073
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1074
        ssl->specs.pad_size              = PAD_SHA;
1075
        ssl->specs.static_ecdh           = 0;
1076
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1077
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1078
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1079
        ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
1080
1081
        ssl->options.usingPSK_cipher     = 1;
1082
        break;
1083
#endif
1084
1085
#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
1086
    #ifdef BUILD_TLS_SHA256_SHA256
1087
    case TLS_SHA256_SHA256 :
1088
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1089
        ssl->specs.cipher_type           = aead;
1090
        ssl->specs.mac_algorithm         = sha256_mac;
1091
        ssl->specs.kea                   = 0;
1092
        ssl->specs.sig_algo              = 0;
1093
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1094
        ssl->specs.pad_size              = PAD_SHA;
1095
        ssl->specs.static_ecdh           = 0;
1096
        ssl->specs.key_size              = WC_SHA256_DIGEST_SIZE;
1097
        ssl->specs.block_size            = 0;
1098
        ssl->specs.iv_size               = HMAC_NONCE_SZ;
1099
        ssl->specs.aead_mac_size         = WC_SHA256_DIGEST_SIZE;
1100
1101
        break;
1102
    #endif
1103
1104
    #ifdef BUILD_TLS_SHA384_SHA384
1105
    case TLS_SHA384_SHA384 :
1106
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1107
        ssl->specs.cipher_type           = aead;
1108
        ssl->specs.mac_algorithm         = sha384_mac;
1109
        ssl->specs.kea                   = 0;
1110
        ssl->specs.sig_algo              = 0;
1111
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1112
        ssl->specs.pad_size              = PAD_SHA;
1113
        ssl->specs.static_ecdh           = 0;
1114
        ssl->specs.key_size              = WC_SHA384_DIGEST_SIZE;
1115
        ssl->specs.block_size            = 0;
1116
        ssl->specs.iv_size               = HMAC_NONCE_SZ;
1117
        ssl->specs.aead_mac_size         = WC_SHA384_DIGEST_SIZE;
1118
1119
        break;
1120
    #endif
1121
#endif
1122
1123
0
    default:
1124
0
        WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
1125
0
        return UNSUPPORTED_SUITE;
1126
0
    }   /* switch */
1127
0
    }   /* if     */
1128
1129
    /* TLSi v1.3 cipher suites, 0x13 */
1130
0
    if (ssl->options.cipherSuite0 == TLS13_BYTE) {
1131
0
        switch (ssl->options.cipherSuite) {
1132
1133
0
#ifdef WOLFSSL_TLS13
1134
0
    #ifdef BUILD_TLS_AES_128_GCM_SHA256
1135
0
        case TLS_AES_128_GCM_SHA256 :
1136
0
            ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1137
0
            ssl->specs.cipher_type           = aead;
1138
0
            ssl->specs.mac_algorithm         = sha256_mac;
1139
0
            ssl->specs.kea                   = 0;
1140
0
            ssl->specs.sig_algo              = 0;
1141
0
            ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1142
0
            ssl->specs.pad_size              = PAD_SHA;
1143
0
            ssl->specs.static_ecdh           = 0;
1144
0
            ssl->specs.key_size              = AES_128_KEY_SIZE;
1145
0
            ssl->specs.block_size            = AES_BLOCK_SIZE;
1146
0
            ssl->specs.iv_size               = AESGCM_NONCE_SZ;
1147
0
            ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1148
1149
0
            break;
1150
0
    #endif
1151
1152
0
    #ifdef BUILD_TLS_AES_256_GCM_SHA384
1153
0
        case TLS_AES_256_GCM_SHA384 :
1154
0
            ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1155
0
            ssl->specs.cipher_type           = aead;
1156
0
            ssl->specs.mac_algorithm         = sha384_mac;
1157
0
            ssl->specs.kea                   = 0;
1158
0
            ssl->specs.sig_algo              = 0;
1159
0
            ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1160
0
            ssl->specs.pad_size              = PAD_SHA;
1161
0
            ssl->specs.static_ecdh           = 0;
1162
0
            ssl->specs.key_size              = AES_256_KEY_SIZE;
1163
0
            ssl->specs.block_size            = AES_BLOCK_SIZE;
1164
0
            ssl->specs.iv_size               = AESGCM_NONCE_SZ;
1165
0
            ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1166
1167
0
            break;
1168
0
    #endif
1169
1170
0
    #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
1171
0
        case TLS_CHACHA20_POLY1305_SHA256 :
1172
0
            ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
1173
0
            ssl->specs.cipher_type           = aead;
1174
0
            ssl->specs.mac_algorithm         = sha256_mac;
1175
0
            ssl->specs.kea                   = 0;
1176
0
            ssl->specs.sig_algo              = 0;
1177
0
            ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1178
0
            ssl->specs.pad_size              = PAD_SHA;
1179
0
            ssl->specs.static_ecdh           = 0;
1180
0
            ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
1181
0
            ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
1182
0
            ssl->specs.iv_size               = CHACHA20_IV_SIZE;
1183
0
            ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
1184
0
            ssl->options.oldPoly             = 0; /* use recent padding RFC */
1185
1186
0
            break;
1187
0
    #endif
1188
1189
0
    #ifdef BUILD_TLS_AES_128_CCM_SHA256
1190
0
        case TLS_AES_128_CCM_SHA256 :
1191
0
            ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1192
0
            ssl->specs.cipher_type           = aead;
1193
0
            ssl->specs.mac_algorithm         = sha256_mac;
1194
0
            ssl->specs.kea                   = 0;
1195
0
            ssl->specs.sig_algo              = 0;
1196
0
            ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1197
0
            ssl->specs.pad_size              = PAD_SHA;
1198
0
            ssl->specs.static_ecdh           = 0;
1199
0
            ssl->specs.key_size              = AES_128_KEY_SIZE;
1200
0
            ssl->specs.block_size            = AES_BLOCK_SIZE;
1201
0
            ssl->specs.iv_size               = AESGCM_NONCE_SZ;
1202
0
            ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
1203
1204
0
            break;
1205
0
    #endif
1206
1207
0
    #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
1208
0
        case TLS_AES_128_CCM_8_SHA256 :
1209
0
            ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1210
0
            ssl->specs.cipher_type           = aead;
1211
0
            ssl->specs.mac_algorithm         = sha256_mac;
1212
0
            ssl->specs.kea                   = 0;
1213
0
            ssl->specs.sig_algo              = 0;
1214
0
            ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1215
0
            ssl->specs.pad_size              = PAD_SHA;
1216
0
            ssl->specs.static_ecdh           = 0;
1217
0
            ssl->specs.key_size              = AES_128_KEY_SIZE;
1218
0
            ssl->specs.block_size            = AES_BLOCK_SIZE;
1219
0
            ssl->specs.iv_size               = AESGCM_NONCE_SZ;
1220
0
            ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
1221
1222
0
            break;
1223
0
    #endif
1224
0
#endif /* WOLFSSL_TLS13 */
1225
0
        default:
1226
0
            break;
1227
0
        }
1228
0
    }
1229
1230
0
    if (ssl->options.cipherSuite0 == ECDHE_PSK_BYTE) {
1231
1232
0
    switch (ssl->options.cipherSuite) {
1233
1234
0
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
1235
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
1236
    case TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 :
1237
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1238
        ssl->specs.cipher_type           = aead;
1239
        ssl->specs.mac_algorithm         = sha256_mac;
1240
        ssl->specs.kea                   = ecdhe_psk_kea;
1241
        ssl->specs.sig_algo              = anonymous_sa_algo;
1242
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1243
        ssl->specs.pad_size              = PAD_SHA;
1244
        ssl->specs.static_ecdh           = 0;
1245
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1246
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1247
        ssl->specs.iv_size               = AES_IV_SIZE;
1248
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1249
1250
        ssl->options.usingPSK_cipher     = 1;
1251
        break;
1252
#endif
1253
0
#endif
1254
1255
0
    default:
1256
0
        break;
1257
0
    }
1258
0
    }
1259
1260
1261
0
    if (ssl->options.cipherSuite0 != ECC_BYTE &&
1262
0
        ssl->options.cipherSuite0 != ECDHE_PSK_BYTE &&
1263
0
        ssl->options.cipherSuite0 != CHACHA_BYTE &&
1264
0
        ssl->options.cipherSuite0 != TLS13_BYTE) {   /* normal suites */
1265
0
    switch (ssl->options.cipherSuite) {
1266
1267
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
1268
    case SSL_RSA_WITH_RC4_128_SHA :
1269
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1270
        ssl->specs.cipher_type           = stream;
1271
        ssl->specs.mac_algorithm         = sha_mac;
1272
        ssl->specs.kea                   = rsa_kea;
1273
        ssl->specs.sig_algo              = rsa_sa_algo;
1274
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1275
        ssl->specs.pad_size              = PAD_SHA;
1276
        ssl->specs.static_ecdh           = 0;
1277
        ssl->specs.key_size              = RC4_KEY_SIZE;
1278
        ssl->specs.iv_size               = 0;
1279
        ssl->specs.block_size            = 0;
1280
1281
        break;
1282
#endif
1283
1284
#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
1285
    case SSL_RSA_WITH_RC4_128_MD5 :
1286
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1287
        ssl->specs.cipher_type           = stream;
1288
        ssl->specs.mac_algorithm         = md5_mac;
1289
        ssl->specs.kea                   = rsa_kea;
1290
        ssl->specs.sig_algo              = rsa_sa_algo;
1291
        ssl->specs.hash_size             = WC_MD5_DIGEST_SIZE;
1292
        ssl->specs.pad_size              = PAD_MD5;
1293
        ssl->specs.static_ecdh           = 0;
1294
        ssl->specs.key_size              = RC4_KEY_SIZE;
1295
        ssl->specs.iv_size               = 0;
1296
        ssl->specs.block_size            = 0;
1297
1298
        break;
1299
#endif
1300
1301
#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
1302
    case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
1303
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1304
        ssl->specs.cipher_type           = block;
1305
        ssl->specs.mac_algorithm         = sha_mac;
1306
        ssl->specs.kea                   = rsa_kea;
1307
        ssl->specs.sig_algo              = rsa_sa_algo;
1308
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1309
        ssl->specs.pad_size              = PAD_SHA;
1310
        ssl->specs.static_ecdh           = 0;
1311
        ssl->specs.key_size              = DES3_KEY_SIZE;
1312
        ssl->specs.block_size            = DES_BLOCK_SIZE;
1313
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
1314
        ssl->specs.iv_size               = DES_BLOCK_SIZE;
1315
#else
1316
        ssl->specs.iv_size               = DES_IV_SIZE;
1317
#endif
1318
1319
        break;
1320
#endif
1321
1322
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
1323
    case TLS_RSA_WITH_AES_128_CBC_SHA :
1324
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1325
        ssl->specs.cipher_type           = block;
1326
        ssl->specs.mac_algorithm         = sha_mac;
1327
        ssl->specs.kea                   = rsa_kea;
1328
        ssl->specs.sig_algo              = rsa_sa_algo;
1329
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1330
        ssl->specs.pad_size              = PAD_SHA;
1331
        ssl->specs.static_ecdh           = 0;
1332
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1333
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1334
        ssl->specs.iv_size               = AES_IV_SIZE;
1335
1336
        break;
1337
#endif
1338
1339
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
1340
    case TLS_RSA_WITH_AES_128_CBC_SHA256 :
1341
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1342
        ssl->specs.cipher_type           = block;
1343
        ssl->specs.mac_algorithm         = sha256_mac;
1344
        ssl->specs.kea                   = rsa_kea;
1345
        ssl->specs.sig_algo              = rsa_sa_algo;
1346
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1347
        ssl->specs.pad_size              = PAD_SHA;
1348
        ssl->specs.static_ecdh           = 0;
1349
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1350
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1351
        ssl->specs.iv_size               = AES_IV_SIZE;
1352
1353
        break;
1354
#endif
1355
1356
#ifdef BUILD_TLS_RSA_WITH_NULL_MD5
1357
    case TLS_RSA_WITH_NULL_MD5 :
1358
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1359
        ssl->specs.cipher_type           = stream;
1360
        ssl->specs.mac_algorithm         = md5_mac;
1361
        ssl->specs.kea                   = rsa_kea;
1362
        ssl->specs.sig_algo              = rsa_sa_algo;
1363
        ssl->specs.hash_size             = WC_MD5_DIGEST_SIZE;
1364
        ssl->specs.pad_size              = PAD_MD5;
1365
        ssl->specs.static_ecdh           = 0;
1366
        ssl->specs.key_size              = 0;
1367
        ssl->specs.block_size            = 0;
1368
        ssl->specs.iv_size               = 0;
1369
1370
        break;
1371
#endif
1372
1373
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
1374
    case TLS_RSA_WITH_NULL_SHA :
1375
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1376
        ssl->specs.cipher_type           = stream;
1377
        ssl->specs.mac_algorithm         = sha_mac;
1378
        ssl->specs.kea                   = rsa_kea;
1379
        ssl->specs.sig_algo              = rsa_sa_algo;
1380
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1381
        ssl->specs.pad_size              = PAD_SHA;
1382
        ssl->specs.static_ecdh           = 0;
1383
        ssl->specs.key_size              = 0;
1384
        ssl->specs.block_size            = 0;
1385
        ssl->specs.iv_size               = 0;
1386
1387
        break;
1388
#endif
1389
1390
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
1391
    case TLS_RSA_WITH_NULL_SHA256 :
1392
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1393
        ssl->specs.cipher_type           = stream;
1394
        ssl->specs.mac_algorithm         = sha256_mac;
1395
        ssl->specs.kea                   = rsa_kea;
1396
        ssl->specs.sig_algo              = rsa_sa_algo;
1397
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1398
        ssl->specs.pad_size              = PAD_SHA;
1399
        ssl->specs.static_ecdh           = 0;
1400
        ssl->specs.key_size              = 0;
1401
        ssl->specs.block_size            = 0;
1402
        ssl->specs.iv_size               = 0;
1403
1404
        break;
1405
#endif
1406
1407
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
1408
    case TLS_RSA_WITH_AES_256_CBC_SHA :
1409
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1410
        ssl->specs.cipher_type           = block;
1411
        ssl->specs.mac_algorithm         = sha_mac;
1412
        ssl->specs.kea                   = rsa_kea;
1413
        ssl->specs.sig_algo              = rsa_sa_algo;
1414
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1415
        ssl->specs.pad_size              = PAD_SHA;
1416
        ssl->specs.static_ecdh           = 0;
1417
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1418
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1419
        ssl->specs.iv_size               = AES_IV_SIZE;
1420
1421
        break;
1422
#endif
1423
1424
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
1425
    case TLS_RSA_WITH_AES_256_CBC_SHA256 :
1426
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1427
        ssl->specs.cipher_type           = block;
1428
        ssl->specs.mac_algorithm         = sha256_mac;
1429
        ssl->specs.kea                   = rsa_kea;
1430
        ssl->specs.sig_algo              = rsa_sa_algo;
1431
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1432
        ssl->specs.pad_size              = PAD_SHA;
1433
        ssl->specs.static_ecdh           = 0;
1434
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1435
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1436
        ssl->specs.iv_size               = AES_IV_SIZE;
1437
1438
        break;
1439
#endif
1440
1441
#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
1442
    case TLS_PSK_WITH_AES_128_GCM_SHA256 :
1443
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1444
        ssl->specs.cipher_type           = aead;
1445
        ssl->specs.mac_algorithm         = sha256_mac;
1446
        ssl->specs.kea                   = psk_kea;
1447
        ssl->specs.sig_algo              = anonymous_sa_algo;
1448
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1449
        ssl->specs.pad_size              = PAD_SHA;
1450
        ssl->specs.static_ecdh           = 0;
1451
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1452
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1453
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1454
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1455
1456
        ssl->options.usingPSK_cipher     = 1;
1457
        break;
1458
#endif
1459
1460
#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
1461
    case TLS_PSK_WITH_AES_256_GCM_SHA384 :
1462
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1463
        ssl->specs.cipher_type           = aead;
1464
        ssl->specs.mac_algorithm         = sha384_mac;
1465
        ssl->specs.kea                   = psk_kea;
1466
        ssl->specs.sig_algo              = anonymous_sa_algo;
1467
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1468
        ssl->specs.pad_size              = PAD_SHA;
1469
        ssl->specs.static_ecdh           = 0;
1470
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1471
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1472
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1473
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1474
1475
        ssl->options.usingPSK_cipher     = 1;
1476
        break;
1477
#endif
1478
1479
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
1480
    case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
1481
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1482
        ssl->specs.cipher_type           = aead;
1483
        ssl->specs.mac_algorithm         = sha384_mac;
1484
        ssl->specs.kea                   = diffie_hellman_kea;
1485
        ssl->specs.sig_algo              = anonymous_sa_algo;
1486
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1487
        ssl->specs.pad_size              = PAD_SHA;
1488
        ssl->specs.static_ecdh           = 0;
1489
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1490
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1491
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1492
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1493
1494
         ssl->options.usingAnon_cipher    = 1;
1495
        break;
1496
#endif
1497
1498
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1499
    case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
1500
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1501
        ssl->specs.cipher_type           = aead;
1502
        ssl->specs.mac_algorithm         = sha256_mac;
1503
        ssl->specs.kea                   = dhe_psk_kea;
1504
        ssl->specs.sig_algo              = anonymous_sa_algo;
1505
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1506
        ssl->specs.pad_size              = PAD_SHA;
1507
        ssl->specs.static_ecdh           = 0;
1508
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1509
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1510
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1511
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1512
1513
        ssl->options.usingPSK_cipher     = 1;
1514
        break;
1515
#endif
1516
1517
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1518
    case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
1519
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1520
        ssl->specs.cipher_type           = aead;
1521
        ssl->specs.mac_algorithm         = sha384_mac;
1522
        ssl->specs.kea                   = dhe_psk_kea;
1523
        ssl->specs.sig_algo              = anonymous_sa_algo;
1524
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1525
        ssl->specs.pad_size              = PAD_SHA;
1526
        ssl->specs.static_ecdh           = 0;
1527
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1528
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1529
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1530
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1531
1532
        ssl->options.usingPSK_cipher     = 1;
1533
        break;
1534
#endif
1535
1536
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
1537
    case TLS_PSK_WITH_AES_128_CBC_SHA256 :
1538
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1539
        ssl->specs.cipher_type           = block;
1540
        ssl->specs.mac_algorithm         = sha256_mac;
1541
        ssl->specs.kea                   = psk_kea;
1542
        ssl->specs.sig_algo              = anonymous_sa_algo;
1543
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1544
        ssl->specs.pad_size              = PAD_SHA;
1545
        ssl->specs.static_ecdh           = 0;
1546
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1547
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1548
        ssl->specs.iv_size               = AES_IV_SIZE;
1549
1550
        ssl->options.usingPSK_cipher     = 1;
1551
        break;
1552
#endif
1553
1554
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
1555
    case TLS_PSK_WITH_AES_256_CBC_SHA384 :
1556
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1557
        ssl->specs.cipher_type           = block;
1558
        ssl->specs.mac_algorithm         = sha384_mac;
1559
        ssl->specs.kea                   = psk_kea;
1560
        ssl->specs.sig_algo              = anonymous_sa_algo;
1561
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1562
        ssl->specs.pad_size              = PAD_SHA;
1563
        ssl->specs.static_ecdh           = 0;
1564
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1565
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1566
        ssl->specs.iv_size               = AES_IV_SIZE;
1567
1568
        ssl->options.usingPSK_cipher     = 1;
1569
        break;
1570
#endif
1571
1572
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1573
    case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
1574
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1575
        ssl->specs.cipher_type           = block;
1576
        ssl->specs.mac_algorithm         = sha256_mac;
1577
        ssl->specs.kea                   = dhe_psk_kea;
1578
        ssl->specs.sig_algo              = anonymous_sa_algo;
1579
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1580
        ssl->specs.pad_size              = PAD_SHA;
1581
        ssl->specs.static_ecdh           = 0;
1582
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1583
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1584
        ssl->specs.iv_size               = AES_IV_SIZE;
1585
1586
        ssl->options.usingPSK_cipher     = 1;
1587
        break;
1588
#endif
1589
1590
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1591
    case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
1592
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1593
        ssl->specs.cipher_type           = block;
1594
        ssl->specs.mac_algorithm         = sha384_mac;
1595
        ssl->specs.kea                   = dhe_psk_kea;
1596
        ssl->specs.sig_algo              = anonymous_sa_algo;
1597
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1598
        ssl->specs.pad_size              = PAD_SHA;
1599
        ssl->specs.static_ecdh           = 0;
1600
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1601
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1602
        ssl->specs.iv_size               = AES_IV_SIZE;
1603
1604
        ssl->options.usingPSK_cipher     = 1;
1605
        break;
1606
#endif
1607
1608
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
1609
    case TLS_PSK_WITH_AES_128_CBC_SHA :
1610
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1611
        ssl->specs.cipher_type           = block;
1612
        ssl->specs.mac_algorithm         = sha_mac;
1613
        ssl->specs.kea                   = psk_kea;
1614
        ssl->specs.sig_algo              = anonymous_sa_algo;
1615
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1616
        ssl->specs.pad_size              = PAD_SHA;
1617
        ssl->specs.static_ecdh           = 0;
1618
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1619
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1620
        ssl->specs.iv_size               = AES_IV_SIZE;
1621
1622
        ssl->options.usingPSK_cipher     = 1;
1623
        break;
1624
#endif
1625
1626
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
1627
    case TLS_PSK_WITH_AES_256_CBC_SHA :
1628
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1629
        ssl->specs.cipher_type           = block;
1630
        ssl->specs.mac_algorithm         = sha_mac;
1631
        ssl->specs.kea                   = psk_kea;
1632
        ssl->specs.sig_algo              = anonymous_sa_algo;
1633
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1634
        ssl->specs.pad_size              = PAD_SHA;
1635
        ssl->specs.static_ecdh           = 0;
1636
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1637
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1638
        ssl->specs.iv_size               = AES_IV_SIZE;
1639
1640
        ssl->options.usingPSK_cipher     = 1;
1641
        break;
1642
#endif
1643
1644
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
1645
    case TLS_PSK_WITH_NULL_SHA256 :
1646
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1647
        ssl->specs.cipher_type           = stream;
1648
        ssl->specs.mac_algorithm         = sha256_mac;
1649
        ssl->specs.kea                   = psk_kea;
1650
        ssl->specs.sig_algo              = anonymous_sa_algo;
1651
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1652
        ssl->specs.pad_size              = PAD_SHA;
1653
        ssl->specs.static_ecdh           = 0;
1654
        ssl->specs.key_size              = 0;
1655
        ssl->specs.block_size            = 0;
1656
        ssl->specs.iv_size               = 0;
1657
1658
        ssl->options.usingPSK_cipher     = 1;
1659
        break;
1660
#endif
1661
1662
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
1663
    case TLS_PSK_WITH_NULL_SHA384 :
1664
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1665
        ssl->specs.cipher_type           = stream;
1666
        ssl->specs.mac_algorithm         = sha384_mac;
1667
        ssl->specs.kea                   = psk_kea;
1668
        ssl->specs.sig_algo              = anonymous_sa_algo;
1669
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1670
        ssl->specs.pad_size              = PAD_SHA;
1671
        ssl->specs.static_ecdh           = 0;
1672
        ssl->specs.key_size              = 0;
1673
        ssl->specs.block_size            = 0;
1674
        ssl->specs.iv_size               = 0;
1675
1676
        ssl->options.usingPSK_cipher     = 1;
1677
        break;
1678
#endif
1679
1680
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
1681
    case TLS_PSK_WITH_NULL_SHA :
1682
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1683
        ssl->specs.cipher_type           = stream;
1684
        ssl->specs.mac_algorithm         = sha_mac;
1685
        ssl->specs.kea                   = psk_kea;
1686
        ssl->specs.sig_algo              = anonymous_sa_algo;
1687
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1688
        ssl->specs.pad_size              = PAD_SHA;
1689
        ssl->specs.static_ecdh           = 0;
1690
        ssl->specs.key_size              = 0;
1691
        ssl->specs.block_size            = 0;
1692
        ssl->specs.iv_size               = 0;
1693
1694
        ssl->options.usingPSK_cipher     = 1;
1695
        break;
1696
#endif
1697
1698
#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
1699
    case TLS_DHE_PSK_WITH_NULL_SHA256 :
1700
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1701
        ssl->specs.cipher_type           = stream;
1702
        ssl->specs.mac_algorithm         = sha256_mac;
1703
        ssl->specs.kea                   = dhe_psk_kea;
1704
        ssl->specs.sig_algo              = anonymous_sa_algo;
1705
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1706
        ssl->specs.pad_size              = PAD_SHA;
1707
        ssl->specs.static_ecdh           = 0;
1708
        ssl->specs.key_size              = 0;
1709
        ssl->specs.block_size            = 0;
1710
        ssl->specs.iv_size               = 0;
1711
1712
        ssl->options.usingPSK_cipher     = 1;
1713
        break;
1714
#endif
1715
1716
#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
1717
    case TLS_DHE_PSK_WITH_NULL_SHA384 :
1718
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1719
        ssl->specs.cipher_type           = stream;
1720
        ssl->specs.mac_algorithm         = sha384_mac;
1721
        ssl->specs.kea                   = dhe_psk_kea;
1722
        ssl->specs.sig_algo              = anonymous_sa_algo;
1723
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1724
        ssl->specs.pad_size              = PAD_SHA;
1725
        ssl->specs.static_ecdh           = 0;
1726
        ssl->specs.key_size              = 0;
1727
        ssl->specs.block_size            = 0;
1728
        ssl->specs.iv_size               = 0;
1729
1730
        ssl->options.usingPSK_cipher     = 1;
1731
        break;
1732
#endif
1733
1734
0
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1735
0
    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
1736
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1737
0
        ssl->specs.cipher_type           = block;
1738
0
        ssl->specs.mac_algorithm         = sha256_mac;
1739
0
        ssl->specs.kea                   = diffie_hellman_kea;
1740
0
        ssl->specs.sig_algo              = rsa_sa_algo;
1741
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1742
0
        ssl->specs.pad_size              = PAD_SHA;
1743
0
        ssl->specs.static_ecdh           = 0;
1744
0
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1745
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1746
0
        ssl->specs.iv_size               = AES_IV_SIZE;
1747
1748
0
        break;
1749
0
#endif
1750
1751
0
#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
1752
0
    case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA :
1753
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1754
0
        ssl->specs.cipher_type           = block;
1755
0
        ssl->specs.mac_algorithm         = sha_mac;
1756
0
        ssl->specs.kea                   = diffie_hellman_kea;
1757
0
        ssl->specs.sig_algo              = rsa_sa_algo;
1758
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1759
0
        ssl->specs.pad_size              = PAD_SHA;
1760
0
        ssl->specs.static_ecdh           = 0;
1761
0
        ssl->specs.key_size              = DES3_KEY_SIZE;
1762
0
        ssl->specs.block_size            = DES_BLOCK_SIZE;
1763
0
        ssl->specs.iv_size               = DES_IV_SIZE;
1764
1765
0
        break;
1766
0
#endif
1767
1768
0
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1769
0
    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
1770
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1771
0
        ssl->specs.cipher_type           = block;
1772
0
        ssl->specs.mac_algorithm         = sha256_mac;
1773
0
        ssl->specs.kea                   = diffie_hellman_kea;
1774
0
        ssl->specs.sig_algo              = rsa_sa_algo;
1775
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1776
0
        ssl->specs.pad_size              = PAD_SHA;
1777
0
        ssl->specs.static_ecdh           = 0;
1778
0
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1779
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1780
0
        ssl->specs.iv_size               = AES_IV_SIZE;
1781
1782
0
        break;
1783
0
#endif
1784
1785
0
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1786
0
    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
1787
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1788
0
        ssl->specs.cipher_type           = block;
1789
0
        ssl->specs.mac_algorithm         = sha_mac;
1790
0
        ssl->specs.kea                   = diffie_hellman_kea;
1791
0
        ssl->specs.sig_algo              = rsa_sa_algo;
1792
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1793
0
        ssl->specs.pad_size              = PAD_SHA;
1794
0
        ssl->specs.static_ecdh           = 0;
1795
0
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1796
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1797
0
        ssl->specs.iv_size               = AES_IV_SIZE;
1798
1799
0
        break;
1800
0
#endif
1801
1802
0
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1803
0
    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
1804
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1805
0
        ssl->specs.cipher_type           = block;
1806
0
        ssl->specs.mac_algorithm         = sha_mac;
1807
0
        ssl->specs.kea                   = diffie_hellman_kea;
1808
0
        ssl->specs.sig_algo              = rsa_sa_algo;
1809
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1810
0
        ssl->specs.pad_size              = PAD_SHA;
1811
0
        ssl->specs.static_ecdh           = 0;
1812
0
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1813
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1814
0
        ssl->specs.iv_size               = AES_IV_SIZE;
1815
1816
0
        break;
1817
0
#endif
1818
1819
#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
1820
    case TLS_RSA_WITH_AES_128_GCM_SHA256 :
1821
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1822
        ssl->specs.cipher_type           = aead;
1823
        ssl->specs.mac_algorithm         = sha256_mac;
1824
        ssl->specs.kea                   = rsa_kea;
1825
        ssl->specs.sig_algo              = rsa_sa_algo;
1826
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1827
        ssl->specs.pad_size              = PAD_SHA;
1828
        ssl->specs.static_ecdh           = 0;
1829
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1830
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1831
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1832
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1833
1834
        break;
1835
#endif
1836
1837
#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
1838
    case TLS_RSA_WITH_AES_256_GCM_SHA384 :
1839
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1840
        ssl->specs.cipher_type           = aead;
1841
        ssl->specs.mac_algorithm         = sha384_mac;
1842
        ssl->specs.kea                   = rsa_kea;
1843
        ssl->specs.sig_algo              = rsa_sa_algo;
1844
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1845
        ssl->specs.pad_size              = PAD_SHA;
1846
        ssl->specs.static_ecdh           = 0;
1847
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1848
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1849
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1850
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1851
1852
        break;
1853
#endif
1854
1855
0
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1856
0
    case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
1857
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1858
0
        ssl->specs.cipher_type           = aead;
1859
0
        ssl->specs.mac_algorithm         = sha256_mac;
1860
0
        ssl->specs.kea                   = diffie_hellman_kea;
1861
0
        ssl->specs.sig_algo              = rsa_sa_algo;
1862
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1863
0
        ssl->specs.pad_size              = PAD_SHA;
1864
0
        ssl->specs.static_ecdh           = 0;
1865
0
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1866
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1867
0
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1868
0
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1869
1870
0
        break;
1871
0
#endif
1872
1873
0
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1874
0
    case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
1875
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1876
0
        ssl->specs.cipher_type           = aead;
1877
0
        ssl->specs.mac_algorithm         = sha384_mac;
1878
0
        ssl->specs.kea                   = diffie_hellman_kea;
1879
0
        ssl->specs.sig_algo              = rsa_sa_algo;
1880
0
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1881
0
        ssl->specs.pad_size              = PAD_SHA;
1882
0
        ssl->specs.static_ecdh           = 0;
1883
0
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1884
0
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1885
0
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1886
0
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1887
1888
0
        break;
1889
0
#endif
1890
1891
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1892
    case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
1893
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1894
        ssl->specs.cipher_type           = block;
1895
        ssl->specs.mac_algorithm         = sha_mac;
1896
        ssl->specs.kea                   = rsa_kea;
1897
        ssl->specs.sig_algo              = rsa_sa_algo;
1898
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1899
        ssl->specs.pad_size              = PAD_SHA;
1900
        ssl->specs.static_ecdh           = 0;
1901
        ssl->specs.key_size              = CAMELLIA_128_KEY_SIZE;
1902
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1903
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1904
1905
        break;
1906
#endif
1907
1908
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1909
    case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
1910
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1911
        ssl->specs.cipher_type           = block;
1912
        ssl->specs.mac_algorithm         = sha_mac;
1913
        ssl->specs.kea                   = rsa_kea;
1914
        ssl->specs.sig_algo              = rsa_sa_algo;
1915
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1916
        ssl->specs.pad_size              = PAD_SHA;
1917
        ssl->specs.static_ecdh           = 0;
1918
        ssl->specs.key_size              = CAMELLIA_256_KEY_SIZE;
1919
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1920
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1921
1922
        break;
1923
#endif
1924
1925
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1926
    case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1927
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1928
        ssl->specs.cipher_type           = block;
1929
        ssl->specs.mac_algorithm         = sha256_mac;
1930
        ssl->specs.kea                   = rsa_kea;
1931
        ssl->specs.sig_algo              = rsa_sa_algo;
1932
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1933
        ssl->specs.pad_size              = PAD_SHA;
1934
        ssl->specs.static_ecdh           = 0;
1935
        ssl->specs.key_size              = CAMELLIA_128_KEY_SIZE;
1936
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1937
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1938
1939
        break;
1940
#endif
1941
1942
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
1943
    case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
1944
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1945
        ssl->specs.cipher_type           = block;
1946
        ssl->specs.mac_algorithm         = sha256_mac;
1947
        ssl->specs.kea                   = rsa_kea;
1948
        ssl->specs.sig_algo              = rsa_sa_algo;
1949
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1950
        ssl->specs.pad_size              = PAD_SHA;
1951
        ssl->specs.static_ecdh           = 0;
1952
        ssl->specs.key_size              = CAMELLIA_256_KEY_SIZE;
1953
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1954
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1955
1956
        break;
1957
#endif
1958
1959
0
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
1960
0
    case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
1961
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1962
0
        ssl->specs.cipher_type           = block;
1963
0
        ssl->specs.mac_algorithm         = sha_mac;
1964
0
        ssl->specs.kea                   = diffie_hellman_kea;
1965
0
        ssl->specs.sig_algo              = rsa_sa_algo;
1966
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1967
0
        ssl->specs.pad_size              = PAD_SHA;
1968
0
        ssl->specs.static_ecdh           = 0;
1969
0
        ssl->specs.key_size              = CAMELLIA_128_KEY_SIZE;
1970
0
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1971
0
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1972
1973
0
        break;
1974
0
#endif
1975
1976
0
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1977
0
    case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
1978
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1979
0
        ssl->specs.cipher_type           = block;
1980
0
        ssl->specs.mac_algorithm         = sha_mac;
1981
0
        ssl->specs.kea                   = diffie_hellman_kea;
1982
0
        ssl->specs.sig_algo              = rsa_sa_algo;
1983
0
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1984
0
        ssl->specs.pad_size              = PAD_SHA;
1985
0
        ssl->specs.static_ecdh           = 0;
1986
0
        ssl->specs.key_size              = CAMELLIA_256_KEY_SIZE;
1987
0
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1988
0
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1989
1990
0
        break;
1991
0
#endif
1992
1993
0
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1994
0
    case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1995
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1996
0
        ssl->specs.cipher_type           = block;
1997
0
        ssl->specs.mac_algorithm         = sha256_mac;
1998
0
        ssl->specs.kea                   = diffie_hellman_kea;
1999
0
        ssl->specs.sig_algo              = rsa_sa_algo;
2000
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
2001
0
        ssl->specs.pad_size              = PAD_SHA;
2002
0
        ssl->specs.static_ecdh           = 0;
2003
0
        ssl->specs.key_size              = CAMELLIA_128_KEY_SIZE;
2004
0
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
2005
0
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
2006
2007
0
        break;
2008
0
#endif
2009
2010
0
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2011
0
    case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
2012
0
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2013
0
        ssl->specs.cipher_type           = block;
2014
0
        ssl->specs.mac_algorithm         = sha256_mac;
2015
0
        ssl->specs.kea                   = diffie_hellman_kea;
2016
0
        ssl->specs.sig_algo              = rsa_sa_algo;
2017
0
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
2018
0
        ssl->specs.pad_size              = PAD_SHA;
2019
0
        ssl->specs.static_ecdh           = 0;
2020
0
        ssl->specs.key_size              = CAMELLIA_256_KEY_SIZE;
2021
0
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
2022
0
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
2023
2024
0
        break;
2025
0
#endif
2026
2027
#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
2028
    case TLS_DH_anon_WITH_AES_128_CBC_SHA :
2029
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
2030
        ssl->specs.cipher_type           = block;
2031
        ssl->specs.mac_algorithm         = sha_mac;
2032
        ssl->specs.kea                   = diffie_hellman_kea;
2033
        ssl->specs.sig_algo              = anonymous_sa_algo;
2034
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
2035
        ssl->specs.pad_size              = PAD_SHA;
2036
        ssl->specs.static_ecdh           = 0;
2037
        ssl->specs.key_size              = AES_128_KEY_SIZE;
2038
        ssl->specs.block_size            = AES_BLOCK_SIZE;
2039
        ssl->specs.iv_size               = AES_IV_SIZE;
2040
2041
        ssl->options.usingAnon_cipher    = 1;
2042
        break;
2043
#endif
2044
2045
#ifdef BUILD_WDM_WITH_NULL_SHA256
2046
        case WDM_WITH_NULL_SHA256 :
2047
            ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
2048
            ssl->specs.cipher_type           = stream;
2049
            ssl->specs.mac_algorithm         = sha256_mac;
2050
            ssl->specs.kea                   = no_kea;
2051
            ssl->specs.sig_algo              = anonymous_sa_algo;
2052
            ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
2053
            ssl->specs.pad_size              = PAD_SHA;
2054
2055
            break;
2056
#endif
2057
2058
0
    default:
2059
0
        WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
2060
0
        WOLFSSL_ERROR_VERBOSE(UNSUPPORTED_SUITE);
2061
0
        return UNSUPPORTED_SUITE;
2062
0
    }  /* switch */
2063
0
    }  /* if ECC / Normal suites else */
2064
2065
    /* set TLS if it hasn't been turned off */
2066
0
    if (ssl->version.major == SSLv3_MAJOR &&
2067
0
            ssl->version.minor >= TLSv1_MINOR) {
2068
0
#ifndef NO_TLS
2069
0
        ssl->options.tls = 1;
2070
0
    #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
2071
0
        #if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
2072
0
            !defined(WOLFSSL_RENESAS_TSIP_TLS)
2073
0
        ssl->hmac = TLS_hmac;
2074
        #else
2075
        ssl->hmac = Renesas_cmn_TLS_hmac;
2076
        #endif
2077
0
    #endif
2078
0
        if (ssl->version.minor >= TLSv1_1_MINOR) {
2079
0
            ssl->options.tls1_1 = 1;
2080
0
            if (ssl->version.minor >= TLSv1_3_MINOR)
2081
0
                ssl->options.tls1_3 = 1;
2082
0
        }
2083
0
#endif
2084
0
    }
2085
2086
#ifdef WOLFSSL_DTLS13
2087
    if (ssl->options.dtls &&
2088
        ssl->version.major == DTLS_MAJOR &&
2089
        ssl->version.minor <= DTLSv1_3_MINOR) {
2090
            ssl->options.tls = 1;
2091
            ssl->options.tls1_3 = 1;
2092
    }
2093
#endif /* WOLFSSL_DTLS13 */
2094
2095
0
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
2096
0
    if (IsAtLeastTLSv1_3(ssl->version) || ssl->specs.cipher_type != block)
2097
0
       ssl->options.encThenMac = 0;
2098
0
#endif
2099
2100
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_AEAD_ONLY)
2101
    if (ssl->options.dtls)
2102
        #if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
2103
            !defined(WOLFSSL_RENESAS_TSIP_TLS)
2104
        ssl->hmac = TLS_hmac;
2105
        #else
2106
        ssl->hmac = Renesas_cmn_TLS_hmac;
2107
        #endif
2108
#endif
2109
2110
0
    if (ssl->specs.sig_algo == anonymous_sa_algo) {
2111
        /* CLIENT/SERVER: No peer authentication to be performed. */
2112
0
        ssl->options.peerAuthGood = 1;
2113
0
    }
2114
2115
0
    return 0;
2116
0
}
2117
2118
2119
enum KeyStuff {
2120
    MASTER_ROUNDS = 3,
2121
    PREFIX        = 3,     /* up to three letters for master prefix */
2122
    KEY_PREFIX    = 9      /* up to 9 prefix letters for key rounds */
2123
2124
2125
};
2126
2127
#ifndef NO_OLD_TLS
2128
/* true or false, zero for error */
2129
static int SetPrefix(byte* sha_input, int idx)
2130
0
{
2131
0
    switch (idx) {
2132
0
    case 0:
2133
0
        XMEMCPY(sha_input, "A", 1);
2134
0
        break;
2135
0
    case 1:
2136
0
        XMEMCPY(sha_input, "BB", 2);
2137
0
        break;
2138
0
    case 2:
2139
0
        XMEMCPY(sha_input, "CCC", 3);
2140
0
        break;
2141
0
    case 3:
2142
0
        XMEMCPY(sha_input, "DDDD", 4);
2143
0
        break;
2144
0
    case 4:
2145
0
        XMEMCPY(sha_input, "EEEEE", 5);
2146
0
        break;
2147
0
    case 5:
2148
0
        XMEMCPY(sha_input, "FFFFFF", 6);
2149
0
        break;
2150
0
    case 6:
2151
0
        XMEMCPY(sha_input, "GGGGGGG", 7);
2152
0
        break;
2153
0
    case 7:
2154
0
        XMEMCPY(sha_input, "HHHHHHHH", 8);
2155
0
        break;
2156
0
    case 8:
2157
0
        XMEMCPY(sha_input, "IIIIIIIII", 9);
2158
0
        break;
2159
0
    default:
2160
0
        WOLFSSL_MSG("Set Prefix error, bad input");
2161
0
        return 0;
2162
0
    }
2163
0
    return 1;
2164
0
}
2165
#endif
2166
2167
2168
static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
2169
                   int side, void* heap, int devId, WC_RNG* rng, int tls13)
2170
0
{
2171
0
    (void)rng;
2172
0
    (void)tls13;
2173
2174
0
#ifdef BUILD_ARC4
2175
0
    if (specs->bulk_cipher_algorithm == wolfssl_rc4) {
2176
0
        word32 sz = specs->key_size;
2177
0
        if (enc && enc->arc4 == NULL) {
2178
0
            enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2179
0
            if (enc->arc4 == NULL)
2180
0
                 return MEMORY_E;
2181
0
        }
2182
0
        if (dec && dec->arc4 == NULL) {
2183
0
            dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2184
0
            if (dec->arc4 == NULL)
2185
0
                return MEMORY_E;
2186
0
        }
2187
2188
0
        if (enc) {
2189
0
            if (wc_Arc4Init(enc->arc4, heap, devId) != 0) {
2190
0
                WOLFSSL_MSG("Arc4Init failed in SetKeys");
2191
0
                return ASYNC_INIT_E;
2192
0
            }
2193
0
        }
2194
0
        if (dec) {
2195
0
            if (wc_Arc4Init(dec->arc4, heap, devId) != 0) {
2196
0
                WOLFSSL_MSG("Arc4Init failed in SetKeys");
2197
0
                return ASYNC_INIT_E;
2198
0
            }
2199
0
        }
2200
2201
0
        if (side == WOLFSSL_CLIENT_END) {
2202
0
            if (enc)
2203
0
                wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
2204
0
            if (dec)
2205
0
                wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz);
2206
0
        }
2207
0
        else {
2208
0
            if (enc)
2209
0
                wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz);
2210
0
            if (dec)
2211
0
                wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz);
2212
0
        }
2213
0
        if (enc)
2214
0
            enc->setup = 1;
2215
0
        if (dec)
2216
0
            dec->setup = 1;
2217
0
    }
2218
0
#endif /* BUILD_ARC4 */
2219
2220
2221
0
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD)
2222
    /* Check that the max implicit iv size is sufficient */
2223
    #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2224
        #error AEAD_MAX_IMP_SZ is too small for ChaCha20
2225
    #endif
2226
    #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2227
        #error MAX_WRITE_IV_SZ is too small for ChaCha20
2228
    #endif
2229
2230
0
    if (specs->bulk_cipher_algorithm == wolfssl_chacha) {
2231
0
        int chachaRet;
2232
0
        if (enc && enc->chacha == NULL)
2233
0
            enc->chacha =
2234
0
                    (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2235
0
        if (enc && enc->chacha == NULL)
2236
0
            return MEMORY_E;
2237
    #ifdef WOLFSSL_CHECK_MEM_ZERO
2238
        if (enc) {
2239
            wc_MemZero_Add("SSL keys enc chacha", enc->chacha, sizeof(ChaCha));
2240
        }
2241
    #endif
2242
0
        if (dec && dec->chacha == NULL)
2243
0
            dec->chacha =
2244
0
                    (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2245
0
        if (dec && dec->chacha == NULL)
2246
0
            return MEMORY_E;
2247
    #ifdef WOLFSSL_CHECK_MEM_ZERO
2248
        if (dec) {
2249
            wc_MemZero_Add("SSL keys dec chacha", dec->chacha, sizeof(ChaCha));
2250
        }
2251
    #endif
2252
0
        if (side == WOLFSSL_CLIENT_END) {
2253
0
            if (enc) {
2254
0
                chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key,
2255
0
                                          specs->key_size);
2256
0
                XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2257
0
                        CHACHA20_IMP_IV_SZ);
2258
0
                if (chachaRet != 0) return chachaRet;
2259
0
            }
2260
0
            if (dec) {
2261
0
                chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key,
2262
0
                                          specs->key_size);
2263
0
                XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2264
0
                        CHACHA20_IMP_IV_SZ);
2265
0
                if (chachaRet != 0) return chachaRet;
2266
0
            }
2267
0
        }
2268
0
        else {
2269
0
            if (enc) {
2270
0
                chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key,
2271
0
                                          specs->key_size);
2272
0
                XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2273
0
                        CHACHA20_IMP_IV_SZ);
2274
0
                if (chachaRet != 0) return chachaRet;
2275
0
            }
2276
0
            if (dec) {
2277
0
                chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key,
2278
0
                                          specs->key_size);
2279
0
                XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2280
0
                        CHACHA20_IMP_IV_SZ);
2281
0
                if (chachaRet != 0) return chachaRet;
2282
0
            }
2283
0
        }
2284
2285
0
        if (enc)
2286
0
            enc->setup = 1;
2287
0
        if (dec)
2288
0
            dec->setup = 1;
2289
0
    }
2290
0
#endif /* HAVE_CHACHA && HAVE_POLY1305 */
2291
2292
0
#ifdef BUILD_DES3
2293
    /* check that buffer sizes are sufficient */
2294
    #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */
2295
        #error MAX_WRITE_IV_SZ too small for 3DES
2296
    #endif
2297
2298
0
    if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
2299
0
        int desRet = 0;
2300
2301
0
        if (enc) {
2302
0
            if (enc->des3 == NULL)
2303
0
                enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2304
0
            if (enc->des3 == NULL)
2305
0
                return MEMORY_E;
2306
0
            XMEMSET(enc->des3, 0, sizeof(Des3));
2307
0
        }
2308
0
        if (dec) {
2309
0
            if (dec->des3 == NULL)
2310
0
                dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2311
0
            if (dec->des3 == NULL)
2312
0
                return MEMORY_E;
2313
0
            XMEMSET(dec->des3, 0, sizeof(Des3));
2314
0
        }
2315
2316
0
        if (enc) {
2317
0
            if (wc_Des3Init(enc->des3, heap, devId) != 0) {
2318
0
                WOLFSSL_MSG("Des3Init failed in SetKeys");
2319
0
                return ASYNC_INIT_E;
2320
0
            }
2321
0
        }
2322
0
        if (dec) {
2323
0
            if (wc_Des3Init(dec->des3, heap, devId) != 0) {
2324
0
                WOLFSSL_MSG("Des3Init failed in SetKeys");
2325
0
                return ASYNC_INIT_E;
2326
0
            }
2327
0
        }
2328
2329
0
        if (side == WOLFSSL_CLIENT_END) {
2330
0
            if (enc) {
2331
0
                desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
2332
0
                                     keys->client_write_IV, DES_ENCRYPTION);
2333
0
                if (desRet != 0) return desRet;
2334
0
            }
2335
0
            if (dec) {
2336
0
                desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key,
2337
0
                                     keys->server_write_IV, DES_DECRYPTION);
2338
0
                if (desRet != 0) return desRet;
2339
0
            }
2340
0
        }
2341
0
        else {
2342
0
            if (enc) {
2343
0
                desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key,
2344
0
                                     keys->server_write_IV, DES_ENCRYPTION);
2345
0
                if (desRet != 0) return desRet;
2346
0
            }
2347
0
            if (dec) {
2348
0
                desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key,
2349
0
                                     keys->client_write_IV, DES_DECRYPTION);
2350
0
                if (desRet != 0) return desRet;
2351
0
            }
2352
0
        }
2353
0
        if (enc)
2354
0
            enc->setup = 1;
2355
0
        if (dec)
2356
0
            dec->setup = 1;
2357
0
    }
2358
0
#endif /* BUILD_DES3 */
2359
2360
0
#ifdef BUILD_AES
2361
    /* check that buffer sizes are sufficient */
2362
    #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */
2363
        #error MAX_WRITE_IV_SZ too small for AES
2364
    #endif
2365
2366
0
    if (specs->bulk_cipher_algorithm == wolfssl_aes) {
2367
0
        int aesRet = 0;
2368
2369
0
        if (enc) {
2370
0
            if (enc->aes == NULL) {
2371
0
                enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2372
0
                if (enc->aes == NULL)
2373
0
                    return MEMORY_E;
2374
0
            } else {
2375
0
                wc_AesFree(enc->aes);
2376
0
            }
2377
2378
0
            XMEMSET(enc->aes, 0, sizeof(Aes));
2379
0
        }
2380
0
        if (dec) {
2381
0
            if (dec->aes == NULL) {
2382
0
                dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2383
0
                if (dec->aes == NULL)
2384
0
                    return MEMORY_E;
2385
0
            } else {
2386
0
                wc_AesFree(dec->aes);
2387
0
            }
2388
2389
0
            XMEMSET(dec->aes, 0, sizeof(Aes));
2390
0
        }
2391
0
        if (enc) {
2392
0
            if (wc_AesInit(enc->aes, heap, devId) != 0) {
2393
0
                WOLFSSL_MSG("AesInit failed in SetKeys");
2394
0
                return ASYNC_INIT_E;
2395
0
            }
2396
0
        }
2397
0
        if (dec) {
2398
0
            if (wc_AesInit(dec->aes, heap, devId) != 0) {
2399
0
                WOLFSSL_MSG("AesInit failed in SetKeys");
2400
0
                return ASYNC_INIT_E;
2401
0
            }
2402
0
        }
2403
2404
0
        if (side == WOLFSSL_CLIENT_END) {
2405
0
            if (enc) {
2406
0
                aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
2407
0
                                   specs->key_size, keys->client_write_IV,
2408
0
                                   AES_ENCRYPTION);
2409
0
                if (aesRet != 0) return aesRet;
2410
0
            }
2411
0
            if (dec) {
2412
0
                aesRet = wc_AesSetKey(dec->aes, keys->server_write_key,
2413
0
                                   specs->key_size, keys->server_write_IV,
2414
0
                                   AES_DECRYPTION);
2415
0
                if (aesRet != 0) return aesRet;
2416
0
            }
2417
0
        }
2418
0
        else {
2419
0
            if (enc) {
2420
0
                aesRet = wc_AesSetKey(enc->aes, keys->server_write_key,
2421
0
                                   specs->key_size, keys->server_write_IV,
2422
0
                                   AES_ENCRYPTION);
2423
0
                if (aesRet != 0) return aesRet;
2424
0
            }
2425
0
            if (dec) {
2426
0
                aesRet = wc_AesSetKey(dec->aes, keys->client_write_key,
2427
0
                                   specs->key_size, keys->client_write_IV,
2428
0
                                   AES_DECRYPTION);
2429
0
                if (aesRet != 0) return aesRet;
2430
0
            }
2431
0
        }
2432
0
        if (enc)
2433
0
            enc->setup = 1;
2434
0
        if (dec)
2435
0
            dec->setup = 1;
2436
0
    }
2437
0
#endif /* BUILD_AES */
2438
2439
0
#ifdef BUILD_AESGCM
2440
    /* check that buffer sizes are sufficient */
2441
    #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2442
        #error AEAD_MAX_IMP_SZ too small for AESGCM
2443
    #endif
2444
    #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2445
        #error AEAD_MAX_EXP_SZ too small for AESGCM
2446
    #endif
2447
    #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2448
        #error MAX_WRITE_IV_SZ too small for AESGCM
2449
    #endif
2450
2451
0
    if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
2452
0
        int gcmRet;
2453
2454
0
        if (enc) {
2455
0
            if (enc->aes == NULL) {
2456
0
                enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2457
0
                if (enc->aes == NULL)
2458
0
                    return MEMORY_E;
2459
0
            } else {
2460
0
                wc_AesFree(enc->aes);
2461
0
            }
2462
2463
0
            XMEMSET(enc->aes, 0, sizeof(Aes));
2464
0
        }
2465
0
        if (dec) {
2466
0
            if (dec->aes == NULL) {
2467
0
                dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2468
0
                if (dec->aes == NULL)
2469
0
                    return MEMORY_E;
2470
0
            } else {
2471
0
                wc_AesFree(dec->aes);
2472
0
            }
2473
2474
0
            XMEMSET(dec->aes, 0, sizeof(Aes));
2475
0
        }
2476
2477
0
        if (enc) {
2478
0
            if (wc_AesInit(enc->aes, heap, devId) != 0) {
2479
0
                WOLFSSL_MSG("AesInit failed in SetKeys");
2480
0
                return ASYNC_INIT_E;
2481
0
            }
2482
0
        }
2483
0
        if (dec) {
2484
0
            if (wc_AesInit(dec->aes, heap, devId) != 0) {
2485
0
                WOLFSSL_MSG("AesInit failed in SetKeys");
2486
0
                return ASYNC_INIT_E;
2487
0
            }
2488
0
        }
2489
2490
0
        if (side == WOLFSSL_CLIENT_END) {
2491
0
            if (enc) {
2492
0
                gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key,
2493
0
                                      specs->key_size);
2494
0
                if (gcmRet != 0) return gcmRet;
2495
0
                XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2496
0
                        AEAD_MAX_IMP_SZ);
2497
0
#if !defined(NO_PUBLIC_GCM_SET_IV) && \
2498
0
    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2499
0
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2500
0
                if (!tls13) {
2501
0
                    gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ,
2502
0
                            keys->client_write_IV, AESGCM_IMP_IV_SZ, rng);
2503
0
                    if (gcmRet != 0) return gcmRet;
2504
0
                }
2505
0
#endif
2506
0
            }
2507
0
            if (dec) {
2508
0
                gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
2509
0
                                      specs->key_size);
2510
0
                if (gcmRet != 0) return gcmRet;
2511
0
                XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2512
0
                        AEAD_MAX_IMP_SZ);
2513
0
            }
2514
0
        }
2515
0
        else {
2516
0
            if (enc) {
2517
0
                gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key,
2518
0
                                      specs->key_size);
2519
0
                if (gcmRet != 0) return gcmRet;
2520
0
                XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2521
0
                        AEAD_MAX_IMP_SZ);
2522
0
#if !defined(NO_PUBLIC_GCM_SET_IV) && \
2523
0
    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2524
0
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2525
0
                if (!tls13) {
2526
0
                    gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ,
2527
0
                            keys->server_write_IV, AESGCM_IMP_IV_SZ, rng);
2528
0
                    if (gcmRet != 0) return gcmRet;
2529
0
                }
2530
0
#endif
2531
0
            }
2532
0
            if (dec) {
2533
0
                gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
2534
0
                                      specs->key_size);
2535
0
                if (gcmRet != 0) return gcmRet;
2536
0
                XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2537
0
                        AEAD_MAX_IMP_SZ);
2538
0
            }
2539
0
        }
2540
0
        if (enc)
2541
0
            enc->setup = 1;
2542
0
        if (dec)
2543
0
            dec->setup = 1;
2544
0
    }
2545
0
#endif /* BUILD_AESGCM */
2546
2547
0
#ifdef HAVE_AESCCM
2548
    /* check that buffer sizes are sufficient (CCM is same size as GCM) */
2549
    #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2550
        #error AEAD_MAX_IMP_SZ too small for AESCCM
2551
    #endif
2552
    #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2553
        #error AEAD_MAX_EXP_SZ too small for AESCCM
2554
    #endif
2555
    #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2556
        #error MAX_WRITE_IV_SZ too small for AESCCM
2557
    #endif
2558
2559
0
    if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
2560
0
        int CcmRet;
2561
2562
0
        if (enc) {
2563
0
            if (enc->aes == NULL) {
2564
0
                enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2565
0
                if (enc->aes == NULL)
2566
0
                    return MEMORY_E;
2567
0
            } else {
2568
0
                wc_AesFree(enc->aes);
2569
0
            }
2570
2571
0
            XMEMSET(enc->aes, 0, sizeof(Aes));
2572
0
        }
2573
0
        if (dec) {
2574
0
            if (dec->aes == NULL) {
2575
0
                dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2576
0
                if (dec->aes == NULL)
2577
0
                return MEMORY_E;
2578
0
            } else {
2579
0
                wc_AesFree(dec->aes);
2580
0
            }
2581
0
            XMEMSET(dec->aes, 0, sizeof(Aes));
2582
0
        }
2583
2584
0
        if (enc) {
2585
0
            if (wc_AesInit(enc->aes, heap, devId) != 0) {
2586
0
                WOLFSSL_MSG("AesInit failed in SetKeys");
2587
0
                return ASYNC_INIT_E;
2588
0
            }
2589
0
        }
2590
0
        if (dec) {
2591
0
            if (wc_AesInit(dec->aes, heap, devId) != 0) {
2592
0
                WOLFSSL_MSG("AesInit failed in SetKeys");
2593
0
                return ASYNC_INIT_E;
2594
0
            }
2595
0
        }
2596
2597
0
        if (side == WOLFSSL_CLIENT_END) {
2598
0
            if (enc) {
2599
0
                CcmRet = wc_AesCcmSetKey(enc->aes, keys->client_write_key,
2600
0
                                         specs->key_size);
2601
0
                if (CcmRet != 0) {
2602
0
                    return CcmRet;
2603
0
                }
2604
0
                XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2605
0
                        AEAD_MAX_IMP_SZ);
2606
0
#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \
2607
0
    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2608
0
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2609
0
                if (!tls13) {
2610
0
                    CcmRet = wc_AesCcmSetNonce(enc->aes, keys->client_write_IV,
2611
0
                            AEAD_MAX_IMP_SZ);
2612
0
                    if (CcmRet != 0) return CcmRet;
2613
0
                }
2614
0
#endif
2615
0
            }
2616
0
            if (dec) {
2617
0
                CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key,
2618
0
                                         specs->key_size);
2619
0
                if (CcmRet != 0) {
2620
0
                    return CcmRet;
2621
0
                }
2622
0
                XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2623
0
                        AEAD_MAX_IMP_SZ);
2624
0
            }
2625
0
        }
2626
0
        else {
2627
0
            if (enc) {
2628
0
                CcmRet = wc_AesCcmSetKey(enc->aes, keys->server_write_key,
2629
0
                                         specs->key_size);
2630
0
                if (CcmRet != 0) {
2631
0
                    return CcmRet;
2632
0
                }
2633
0
                XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2634
0
                        AEAD_MAX_IMP_SZ);
2635
0
#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \
2636
0
    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2637
0
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2638
0
                if (!tls13) {
2639
0
                    CcmRet = wc_AesCcmSetNonce(enc->aes, keys->server_write_IV,
2640
0
                            AEAD_MAX_IMP_SZ);
2641
0
                    if (CcmRet != 0) return CcmRet;
2642
0
                }
2643
0
#endif
2644
0
            }
2645
0
            if (dec) {
2646
0
                CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key,
2647
0
                                         specs->key_size);
2648
0
                if (CcmRet != 0) {
2649
0
                    return CcmRet;
2650
0
                }
2651
0
                XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2652
0
                        AEAD_MAX_IMP_SZ);
2653
0
            }
2654
0
        }
2655
0
        if (enc)
2656
0
            enc->setup = 1;
2657
0
        if (dec)
2658
0
            dec->setup = 1;
2659
0
    }
2660
0
#endif /* HAVE_AESCCM */
2661
2662
0
#ifdef HAVE_CAMELLIA
2663
    /* check that buffer sizes are sufficient */
2664
    #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */
2665
        #error MAX_WRITE_IV_SZ too small for CAMELLIA
2666
    #endif
2667
2668
0
    if (specs->bulk_cipher_algorithm == wolfssl_camellia) {
2669
0
        int camRet;
2670
2671
0
        if (enc && enc->cam == NULL)
2672
0
            enc->cam =
2673
0
                (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2674
0
        if (enc && enc->cam == NULL)
2675
0
            return MEMORY_E;
2676
2677
0
        if (dec && dec->cam == NULL)
2678
0
            dec->cam =
2679
0
                (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2680
0
        if (dec && dec->cam == NULL)
2681
0
            return MEMORY_E;
2682
2683
0
        if (side == WOLFSSL_CLIENT_END) {
2684
0
            if (enc) {
2685
0
                camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key,
2686
0
                                        specs->key_size, keys->client_write_IV);
2687
0
                if (camRet != 0) return camRet;
2688
0
            }
2689
0
            if (dec) {
2690
0
                camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key,
2691
0
                                        specs->key_size, keys->server_write_IV);
2692
0
                if (camRet != 0) return camRet;
2693
0
            }
2694
0
        }
2695
0
        else {
2696
0
            if (enc) {
2697
0
                camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key,
2698
0
                                        specs->key_size, keys->server_write_IV);
2699
0
                if (camRet != 0) return camRet;
2700
0
            }
2701
0
            if (dec) {
2702
0
                camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key,
2703
0
                                        specs->key_size, keys->client_write_IV);
2704
0
                if (camRet != 0) return camRet;
2705
0
            }
2706
0
        }
2707
0
        if (enc)
2708
0
            enc->setup = 1;
2709
0
        if (dec)
2710
0
            dec->setup = 1;
2711
0
    }
2712
0
#endif /* HAVE_CAMELLIA */
2713
2714
#ifdef HAVE_NULL_CIPHER
2715
    if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
2716
    #ifdef WOLFSSL_TLS13
2717
        if (tls13) {
2718
            int hmacRet;
2719
            int hashType = WC_HASH_TYPE_NONE;
2720
2721
            switch (specs->mac_algorithm) {
2722
                case sha256_mac:
2723
                    hashType = WC_SHA256;
2724
                    break;
2725
                case sha384_mac:
2726
                    hashType = WC_SHA384;
2727
                    break;
2728
                default:
2729
                    break;
2730
            }
2731
2732
            if (enc && enc->hmac == NULL) {
2733
                enc->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap,
2734
                                                           DYNAMIC_TYPE_CIPHER);
2735
                if (enc->hmac == NULL)
2736
                    return MEMORY_E;
2737
            }
2738
2739
            if (enc) {
2740
                if (wc_HmacInit(enc->hmac, heap, devId) != 0) {
2741
                    WOLFSSL_MSG("HmacInit failed in SetKeys");
2742
                    XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER);
2743
                    enc->hmac = NULL;
2744
                    return ASYNC_INIT_E;
2745
                }
2746
            }
2747
2748
            if (dec && dec->hmac == NULL) {
2749
                dec->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap,
2750
                                                           DYNAMIC_TYPE_CIPHER);
2751
                if (dec->hmac == NULL)
2752
                    return MEMORY_E;
2753
            }
2754
2755
            if (dec) {
2756
                if (wc_HmacInit(dec->hmac, heap, devId) != 0) {
2757
                    WOLFSSL_MSG("HmacInit failed in SetKeys");
2758
                    XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER);
2759
                    dec->hmac = NULL;
2760
                    return ASYNC_INIT_E;
2761
                }
2762
            }
2763
2764
            if (side == WOLFSSL_CLIENT_END) {
2765
                if (enc) {
2766
                    XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2767
                            HMAC_NONCE_SZ);
2768
                    hmacRet = wc_HmacSetKey(enc->hmac, hashType,
2769
                                       keys->client_write_key, specs->key_size);
2770
                    if (hmacRet != 0) return hmacRet;
2771
                }
2772
                if (dec) {
2773
                    XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2774
                            HMAC_NONCE_SZ);
2775
                    hmacRet = wc_HmacSetKey(dec->hmac, hashType,
2776
                                       keys->server_write_key, specs->key_size);
2777
                    if (hmacRet != 0) return hmacRet;
2778
                }
2779
            }
2780
            else {
2781
                if (enc) {
2782
                    XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2783
                            HMAC_NONCE_SZ);
2784
                    hmacRet = wc_HmacSetKey(enc->hmac, hashType,
2785
                                       keys->server_write_key, specs->key_size);
2786
                    if (hmacRet != 0) return hmacRet;
2787
                }
2788
                if (dec) {
2789
                    XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2790
                            HMAC_NONCE_SZ);
2791
                    hmacRet = wc_HmacSetKey(dec->hmac, hashType,
2792
                                       keys->client_write_key, specs->key_size);
2793
                    if (hmacRet != 0) return hmacRet;
2794
                }
2795
            }
2796
        }
2797
    #endif
2798
        if (enc)
2799
            enc->setup = 1;
2800
        if (dec)
2801
            dec->setup = 1;
2802
    }
2803
#endif
2804
2805
0
    if (enc) {
2806
0
        keys->sequence_number_hi      = 0;
2807
0
        keys->sequence_number_lo      = 0;
2808
0
    }
2809
0
    if (dec) {
2810
0
        keys->peer_sequence_number_hi = 0;
2811
0
        keys->peer_sequence_number_lo = 0;
2812
0
    }
2813
0
    (void)side;
2814
0
    (void)heap;
2815
0
    (void)enc;
2816
0
    (void)dec;
2817
0
    (void)specs;
2818
0
    (void)devId;
2819
2820
0
    return 0;
2821
0
}
2822
2823
2824
#ifdef HAVE_ONE_TIME_AUTH
2825
/* set one time authentication keys */
2826
static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
2827
                       CipherSpecs* specs, void* heap, int devId)
2828
0
{
2829
2830
0
#ifdef HAVE_POLY1305
2831
        /* set up memory space for poly1305 */
2832
0
        if (authentication && authentication->poly1305 == NULL)
2833
0
            authentication->poly1305 =
2834
0
                (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER);
2835
0
        if (authentication && authentication->poly1305 == NULL)
2836
0
            return MEMORY_E;
2837
    #ifdef WOLFSSL_CHECK_MEM_ZERO
2838
        wc_MemZero_Add("SSL auth keys poly1305", authentication->poly1305,
2839
            sizeof(Poly1305));
2840
    #endif
2841
0
        if (authentication)
2842
0
            authentication->setup = 1;
2843
0
#endif
2844
0
        (void)authentication;
2845
0
        (void)heap;
2846
0
        (void)keys;
2847
0
        (void)specs;
2848
0
        (void)devId;
2849
2850
0
        return 0;
2851
0
}
2852
#endif /* HAVE_ONE_TIME_AUTH */
2853
2854
#ifdef HAVE_SECURE_RENEGOTIATION
2855
/* function name is for cache_status++
2856
 * This function was added because of error incrementing enum type when
2857
 * compiling with a C++ compiler.
2858
 */
2859
static void CacheStatusPP(SecureRenegotiation* cache)
2860
{
2861
    switch (cache->cache_status) {
2862
        case SCR_CACHE_NULL:
2863
            cache->cache_status = SCR_CACHE_NEEDED;
2864
            break;
2865
2866
        case SCR_CACHE_NEEDED:
2867
            cache->cache_status = SCR_CACHE_COPY;
2868
            break;
2869
2870
        case SCR_CACHE_COPY:
2871
            cache->cache_status = SCR_CACHE_PARTIAL;
2872
            break;
2873
2874
        case SCR_CACHE_PARTIAL:
2875
            cache->cache_status = SCR_CACHE_COMPLETE;
2876
            break;
2877
2878
        case SCR_CACHE_COMPLETE:
2879
            WOLFSSL_MSG("SCR Cache state Complete");
2880
            break;
2881
2882
        default:
2883
            WOLFSSL_MSG("Unknown cache state!!");
2884
    }
2885
}
2886
#endif /* HAVE_SECURE_RENEGOTIATION */
2887
2888
2889
/* Set wc_encrypt/wc_decrypt or both sides of key setup
2890
 * note: use wc_encrypt to avoid shadowing global encrypt
2891
 * declared in unistd.h
2892
 */
2893
int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
2894
0
{
2895
0
    int ret, copy = 0;
2896
0
    Ciphers* wc_encrypt = NULL;
2897
0
    Ciphers* wc_decrypt = NULL;
2898
0
    Keys*    keys    = &ssl->keys;
2899
2900
0
    (void)copy;
2901
2902
#ifdef HAVE_SECURE_RENEGOTIATION
2903
    if (ssl->secure_renegotiation &&
2904
            ssl->secure_renegotiation->cache_status != SCR_CACHE_NULL) {
2905
        keys = &ssl->secure_renegotiation->tmp_keys;
2906
#ifdef WOLFSSL_DTLS
2907
        /* For DTLS, copy is done in StoreKeys */
2908
        if (!ssl->options.dtls)
2909
#endif
2910
            copy = 1;
2911
    }
2912
#endif /* HAVE_SECURE_RENEGOTIATION */
2913
2914
0
    switch (side) {
2915
0
        case ENCRYPT_SIDE_ONLY:
2916
#ifdef WOLFSSL_DEBUG_TLS
2917
            WOLFSSL_MSG("Provisioning ENCRYPT key");
2918
            if (ssl->options.side == WOLFSSL_CLIENT_END) {
2919
                WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
2920
            }
2921
            else {
2922
                WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
2923
            }
2924
#endif
2925
0
            wc_encrypt = &ssl->encrypt;
2926
0
            break;
2927
2928
0
        case DECRYPT_SIDE_ONLY:
2929
#ifdef WOLFSSL_DEBUG_TLS
2930
            WOLFSSL_MSG("Provisioning DECRYPT key");
2931
            if (ssl->options.side == WOLFSSL_CLIENT_END) {
2932
                WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
2933
            }
2934
            else {
2935
                WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
2936
            }
2937
#endif
2938
0
            wc_decrypt = &ssl->decrypt;
2939
0
            break;
2940
2941
0
        case ENCRYPT_AND_DECRYPT_SIDE:
2942
#ifdef WOLFSSL_DEBUG_TLS
2943
            WOLFSSL_MSG("Provisioning ENCRYPT key");
2944
            if (ssl->options.side == WOLFSSL_CLIENT_END) {
2945
                WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
2946
            }
2947
            else {
2948
                WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
2949
            }
2950
            WOLFSSL_MSG("Provisioning DECRYPT key");
2951
            if (ssl->options.side == WOLFSSL_CLIENT_END) {
2952
                WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
2953
            }
2954
            else {
2955
                WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
2956
            }
2957
#endif
2958
0
            wc_encrypt = &ssl->encrypt;
2959
0
            wc_decrypt = &ssl->decrypt;
2960
0
            break;
2961
2962
0
        default:
2963
0
            return BAD_FUNC_ARG;
2964
0
    }
2965
2966
0
#ifdef HAVE_ONE_TIME_AUTH
2967
0
    if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){
2968
0
        ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, ssl->devId);
2969
0
        if (ret != 0)
2970
0
           return ret;
2971
0
    }
2972
0
#endif
2973
2974
#if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS)
2975
    ret = PROTOCOLCB_UNAVAILABLE;
2976
    if (ssl->ctx->EncryptKeysCb) {
2977
        void* ctx = wolfSSL_GetEncryptKeysCtx(ssl);
2978
        ret = ssl->ctx->EncryptKeysCb(ssl, ctx);
2979
    }
2980
    if (!ssl->ctx->EncryptKeysCb || ret == PROTOCOLCB_UNAVAILABLE)
2981
#endif
2982
0
    {
2983
0
        ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
2984
0
                      ssl->heap, ssl->devId, ssl->rng, ssl->options.tls1_3);
2985
0
    }
2986
2987
#ifdef WOLFSSL_DTLS13
2988
    if (ret == 0 && ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version))
2989
        ret = Dtls13SetRecordNumberKeys(ssl, side);
2990
#endif /* WOLFSSL_DTLS13 */
2991
#ifdef WOLFSSL_QUIC
2992
    if (ret == 0 && WOLFSSL_IS_QUIC(ssl)) {
2993
        ret = wolfSSL_quic_keys_active(ssl, side);
2994
    }
2995
#endif /* WOLFSSL_QUIC */
2996
2997
#ifdef HAVE_SECURE_RENEGOTIATION
2998
#ifdef WOLFSSL_DTLS
2999
    if (ret == 0 && ssl->options.dtls && !ssl->options.tls1_3) {
3000
        if (wc_encrypt)
3001
            wc_encrypt->src = keys == &ssl->keys ? KEYS : SCR;
3002
        if (wc_decrypt)
3003
            wc_decrypt->src = keys == &ssl->keys ? KEYS : SCR;
3004
    }
3005
#endif
3006
3007
    if (copy) {
3008
        int clientCopy = 0;
3009
3010
        /* Sanity check that keys == ssl->secure_renegotiation->tmp_keys.
3011
         * Otherwise the memcpy calls would copy overlapping memory
3012
         * and cause UB. Fail early. */
3013
        if (keys == &ssl->keys)
3014
            return BAD_FUNC_ARG;
3015
3016
        if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt)
3017
            clientCopy = 1;
3018
        else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt)
3019
            clientCopy = 1;
3020
3021
        if (clientCopy) {
3022
    #ifndef WOLFSSL_AEAD_ONLY
3023
            XMEMCPY(ssl->keys.client_write_MAC_secret,
3024
                    keys->client_write_MAC_secret, WC_MAX_DIGEST_SIZE);
3025
    #endif
3026
            XMEMCPY(ssl->keys.client_write_key,
3027
                    keys->client_write_key, AES_256_KEY_SIZE);
3028
            XMEMCPY(ssl->keys.client_write_IV,
3029
                    keys->client_write_IV, MAX_WRITE_IV_SZ);
3030
        } else {
3031
    #ifndef WOLFSSL_AEAD_ONLY
3032
            XMEMCPY(ssl->keys.server_write_MAC_secret,
3033
                    keys->server_write_MAC_secret, WC_MAX_DIGEST_SIZE);
3034
    #endif
3035
            XMEMCPY(ssl->keys.server_write_key,
3036
                    keys->server_write_key, AES_256_KEY_SIZE);
3037
            XMEMCPY(ssl->keys.server_write_IV,
3038
                    keys->server_write_IV, MAX_WRITE_IV_SZ);
3039
        }
3040
        if (wc_encrypt) {
3041
            ssl->keys.sequence_number_hi = keys->sequence_number_hi;
3042
            ssl->keys.sequence_number_lo = keys->sequence_number_lo;
3043
            #ifdef HAVE_AEAD
3044
                if (ssl->specs.cipher_type == aead) {
3045
                    /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3046
                    XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
3047
                            AEAD_MAX_EXP_SZ);
3048
3049
                    /* Initialize encrypt implicit IV by encrypt side */
3050
                    if (ssl->options.side == WOLFSSL_CLIENT_END) {
3051
                        XMEMCPY(ssl->keys.aead_enc_imp_IV,
3052
                                keys->client_write_IV, AEAD_MAX_IMP_SZ);
3053
                    } else {
3054
                        XMEMCPY(ssl->keys.aead_enc_imp_IV,
3055
                                keys->server_write_IV, AEAD_MAX_IMP_SZ);
3056
                    }
3057
                }
3058
            #endif
3059
        }
3060
        if (wc_decrypt) {
3061
            ssl->keys.peer_sequence_number_hi = keys->peer_sequence_number_hi;
3062
            ssl->keys.peer_sequence_number_lo = keys->peer_sequence_number_lo;
3063
            #ifdef HAVE_AEAD
3064
                if (ssl->specs.cipher_type == aead) {
3065
                    /* Initialize decrypt implicit IV by decrypt side */
3066
                    if (ssl->options.side == WOLFSSL_SERVER_END) {
3067
                        XMEMCPY(ssl->keys.aead_dec_imp_IV,
3068
                                keys->client_write_IV, AEAD_MAX_IMP_SZ);
3069
                    } else {
3070
                        XMEMCPY(ssl->keys.aead_dec_imp_IV,
3071
                                keys->server_write_IV, AEAD_MAX_IMP_SZ);
3072
                    }
3073
                }
3074
            #endif
3075
        }
3076
        CacheStatusPP(ssl->secure_renegotiation);
3077
    }
3078
#endif /* HAVE_SECURE_RENEGOTIATION */
3079
3080
0
    return ret;
3081
0
}
3082
3083
3084
/* TLS can call too */
3085
int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
3086
0
{
3087
0
    int sz, i = 0;
3088
0
    Keys* keys = &ssl->keys;
3089
#ifdef WOLFSSL_DTLS
3090
    /* In case of DTLS, ssl->keys is updated here */
3091
    int scr_copy = 0;
3092
#endif
3093
3094
#ifdef HAVE_SECURE_RENEGOTIATION
3095
    if (ssl->secure_renegotiation &&
3096
            ssl->secure_renegotiation->cache_status == SCR_CACHE_NEEDED) {
3097
        keys = &ssl->secure_renegotiation->tmp_keys;
3098
#ifdef WOLFSSL_DTLS
3099
        if (ssl->options.dtls) {
3100
            /* epoch is incremented after StoreKeys is called */
3101
            ssl->secure_renegotiation->tmp_keys.dtls_epoch = ssl->keys.dtls_epoch + 1;
3102
            /* we only need to copy keys on second and future renegotiations */
3103
            if (ssl->keys.dtls_epoch > 1)
3104
                scr_copy = 1;
3105
            ssl->encrypt.src = KEYS_NOT_SET;
3106
            ssl->decrypt.src = KEYS_NOT_SET;
3107
        }
3108
#endif
3109
        CacheStatusPP(ssl->secure_renegotiation);
3110
    }
3111
#endif /* HAVE_SECURE_RENEGOTIATION */
3112
3113
#ifdef WOLFSSL_MULTICAST
3114
    if (ssl->options.haveMcast) {
3115
        /* Use the same keys for encrypt and decrypt. */
3116
        if (ssl->specs.cipher_type != aead) {
3117
            sz = ssl->specs.hash_size;
3118
    #ifndef WOLFSSL_AEAD_ONLY
3119
3120
    #ifdef WOLFSSL_DTLS
3121
            if (scr_copy) {
3122
                XMEMCPY(ssl->keys.client_write_MAC_secret,
3123
                        keys->client_write_MAC_secret, sz);
3124
                XMEMCPY(ssl->keys.server_write_MAC_secret,
3125
                        keys->server_write_MAC_secret, sz);
3126
            }
3127
    #endif
3128
            XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3129
            XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3130
    #endif
3131
            i += sz;
3132
        }
3133
        sz = ssl->specs.key_size;
3134
    #ifdef WOLFSSL_DTLS
3135
        if (scr_copy) {
3136
            XMEMCPY(ssl->keys.client_write_key,
3137
                    keys->client_write_key, sz);
3138
            XMEMCPY(ssl->keys.server_write_key,
3139
                    keys->server_write_key, sz);
3140
        }
3141
    #endif
3142
        XMEMCPY(keys->client_write_key, &keyData[i], sz);
3143
        XMEMCPY(keys->server_write_key, &keyData[i], sz);
3144
        i += sz;
3145
3146
        sz = ssl->specs.iv_size;
3147
    #ifdef WOLFSSL_DTLS
3148
        if (scr_copy) {
3149
            XMEMCPY(ssl->keys.client_write_IV,
3150
                    keys->client_write_IV, sz);
3151
            XMEMCPY(ssl->keys.server_write_IV,
3152
                    keys->server_write_IV, sz);
3153
        }
3154
    #endif
3155
        XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3156
        XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3157
3158
#ifdef HAVE_AEAD
3159
        if (ssl->specs.cipher_type == aead) {
3160
            /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3161
        #ifdef WOLFSSL_DTLS
3162
            if (scr_copy) {
3163
                XMEMCPY(ssl->keys.aead_exp_IV,
3164
                        keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
3165
            }
3166
        #endif
3167
            XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3168
        }
3169
#endif /* HAVE_AEAD */
3170
3171
        return 0;
3172
    }
3173
#endif /* WOLFSSL_MULTICAST */
3174
3175
0
    if (ssl->specs.cipher_type != aead) {
3176
0
        sz = ssl->specs.hash_size;
3177
0
        if (side & PROVISION_CLIENT) {
3178
0
    #ifndef WOLFSSL_AEAD_ONLY
3179
        #ifdef WOLFSSL_DTLS
3180
            if (scr_copy)
3181
                XMEMCPY(ssl->keys.client_write_MAC_secret,
3182
                        keys->client_write_MAC_secret, sz);
3183
        #endif
3184
0
            XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3185
0
    #endif
3186
0
            i += sz;
3187
0
        }
3188
0
        if (side & PROVISION_SERVER) {
3189
0
    #ifndef WOLFSSL_AEAD_ONLY
3190
        #ifdef WOLFSSL_DTLS
3191
            if (scr_copy)
3192
                XMEMCPY(ssl->keys.server_write_MAC_secret,
3193
                        keys->server_write_MAC_secret, sz);
3194
        #endif
3195
0
            XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3196
0
    #endif
3197
0
            i += sz;
3198
0
        }
3199
0
    }
3200
0
    sz = ssl->specs.key_size;
3201
0
    if (side & PROVISION_CLIENT) {
3202
    #ifdef WOLFSSL_DTLS
3203
        if (scr_copy)
3204
            XMEMCPY(ssl->keys.client_write_key,
3205
                    keys->client_write_key, sz);
3206
    #endif
3207
0
        XMEMCPY(keys->client_write_key, &keyData[i], sz);
3208
0
        i += sz;
3209
0
    }
3210
0
    if (side & PROVISION_SERVER) {
3211
    #ifdef WOLFSSL_DTLS
3212
        if (scr_copy)
3213
            XMEMCPY(ssl->keys.server_write_key,
3214
                    keys->server_write_key, sz);
3215
    #endif
3216
0
        XMEMCPY(keys->server_write_key, &keyData[i], sz);
3217
0
        i += sz;
3218
0
    }
3219
3220
0
    sz = ssl->specs.iv_size;
3221
0
    if (side & PROVISION_CLIENT) {
3222
    #ifdef WOLFSSL_DTLS
3223
        if (scr_copy)
3224
            XMEMCPY(ssl->keys.client_write_IV,
3225
                    keys->client_write_IV, sz);
3226
    #endif
3227
0
        XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3228
0
        i += sz;
3229
0
    }
3230
0
    if (side & PROVISION_SERVER) {
3231
    #ifdef WOLFSSL_DTLS
3232
        if (scr_copy)
3233
            XMEMCPY(ssl->keys.server_write_IV,
3234
                    keys->server_write_IV, sz);
3235
    #endif
3236
0
        XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3237
0
    }
3238
3239
0
#ifdef HAVE_AEAD
3240
0
    if (ssl->specs.cipher_type == aead) {
3241
        /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3242
    #ifdef WOLFSSL_DTLS
3243
        if (scr_copy)
3244
            XMEMMOVE(ssl->keys.aead_exp_IV,
3245
                    keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
3246
    #endif
3247
0
        XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3248
0
    }
3249
0
#endif
3250
3251
0
    return 0;
3252
0
}
3253
3254
#ifndef NO_OLD_TLS
3255
int DeriveKeys(WOLFSSL* ssl)
3256
0
{
3257
0
    int    length = 2 * ssl->specs.hash_size +
3258
0
                    2 * ssl->specs.key_size  +
3259
0
                    2 * ssl->specs.iv_size;
3260
0
    int    rounds = (length + WC_MD5_DIGEST_SIZE - 1 ) / WC_MD5_DIGEST_SIZE, i;
3261
0
    int    ret = 0;
3262
3263
0
#ifdef WOLFSSL_SMALL_STACK
3264
0
    byte*  shaOutput;
3265
0
    byte*  md5Input;
3266
0
    byte*  shaInput;
3267
0
    byte*  keyData;
3268
0
    wc_Md5* md5;
3269
0
    wc_Sha* sha;
3270
#else
3271
    byte   shaOutput[WC_SHA_DIGEST_SIZE];
3272
    byte   md5Input[SECRET_LEN + WC_SHA_DIGEST_SIZE];
3273
    byte   shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
3274
    byte   keyData[KEY_PREFIX * WC_MD5_DIGEST_SIZE];
3275
    wc_Md5 md5[1];
3276
    wc_Sha sha[1];
3277
#endif
3278
3279
0
#ifdef WOLFSSL_SMALL_STACK
3280
0
    shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3281
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3282
0
    md5Input  = (byte*)XMALLOC(SECRET_LEN + WC_SHA_DIGEST_SIZE,
3283
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3284
0
    shaInput  = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN,
3285
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3286
0
    keyData   = (byte*)XMALLOC(KEY_PREFIX * WC_MD5_DIGEST_SIZE,
3287
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3288
0
    md5       =  (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3289
0
    sha       =  (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3290
3291
0
    if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3292
0
        keyData   == NULL || md5      == NULL || sha      == NULL) {
3293
0
        if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3294
0
        if (md5Input)  XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3295
0
        if (shaInput)  XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3296
0
        if (keyData)   XFREE(keyData,   NULL, DYNAMIC_TYPE_TMP_BUFFER);
3297
0
        if (md5)       XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3298
0
        if (sha)       XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3299
3300
0
        return MEMORY_E;
3301
0
    }
3302
0
#endif
3303
0
    XMEMSET(shaOutput, 0, WC_SHA_DIGEST_SIZE);
3304
0
    ret = wc_InitMd5(md5);
3305
0
    if (ret == 0) {
3306
0
        ret = wc_InitSha(sha);
3307
0
    }
3308
0
    if (ret == 0) {
3309
0
        XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
3310
3311
0
        for (i = 0; i < rounds; ++i) {
3312
0
            int j   = i + 1;
3313
0
            int idx = j;
3314
3315
0
            if (!SetPrefix(shaInput, i)) {
3316
0
                ret = PREFIX_ERROR;
3317
0
                break;
3318
0
            }
3319
3320
0
            XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
3321
0
            idx += SECRET_LEN;
3322
0
            XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3323
0
            idx += RAN_LEN;
3324
0
            XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3325
0
            if (ret == 0) {
3326
0
                ret = wc_ShaUpdate(sha, shaInput,
3327
0
                    (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j);
3328
0
            }
3329
0
            if (ret == 0) {
3330
0
                ret = wc_ShaFinal(sha, shaOutput);
3331
0
            }
3332
3333
0
            XMEMCPY(md5Input + SECRET_LEN, shaOutput, WC_SHA_DIGEST_SIZE);
3334
0
            if (ret == 0) {
3335
0
                ret = wc_Md5Update(md5, md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE);
3336
0
            }
3337
0
            if (ret == 0) {
3338
0
                ret = wc_Md5Final(md5, keyData + i * WC_MD5_DIGEST_SIZE);
3339
0
            }
3340
0
        }
3341
3342
0
        if (ret == 0)
3343
0
            ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER);
3344
0
    }
3345
3346
0
#ifdef WOLFSSL_SMALL_STACK
3347
0
    XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3348
0
    XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3349
0
    XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3350
0
    XFREE(keyData,   NULL, DYNAMIC_TYPE_TMP_BUFFER);
3351
0
    XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3352
0
    XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3353
0
#endif
3354
3355
0
    return ret;
3356
0
}
3357
3358
3359
static int CleanPreMaster(WOLFSSL* ssl)
3360
0
{
3361
0
    int i, ret, sz = ssl->arrays->preMasterSz;
3362
3363
0
    for (i = 0; i < sz; i++)
3364
0
        ssl->arrays->preMasterSecret[i] = 0;
3365
3366
0
    ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
3367
0
    if (ret != 0)
3368
0
        return ret;
3369
3370
0
    for (i = 0; i < sz; i++)
3371
0
        ssl->arrays->preMasterSecret[i] = 0;
3372
3373
0
    XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
3374
0
    ssl->arrays->preMasterSecret = NULL;
3375
0
    ssl->arrays->preMasterSz = 0;
3376
3377
0
    return 0;
3378
0
}
3379
3380
3381
/* Create and store the master secret see page 32, 6.1 */
3382
static int MakeSslMasterSecret(WOLFSSL* ssl)
3383
0
{
3384
0
    int    i, ret;
3385
0
    word32 idx;
3386
0
    word32 pmsSz = ssl->arrays->preMasterSz;
3387
3388
0
#ifdef WOLFSSL_SMALL_STACK
3389
0
    byte*  shaOutput;
3390
0
    byte*  md5Input;
3391
0
    byte*  shaInput;
3392
0
    wc_Md5* md5;
3393
0
    wc_Sha* sha;
3394
#else
3395
    byte   shaOutput[WC_SHA_DIGEST_SIZE];
3396
    byte   md5Input[ENCRYPT_LEN + WC_SHA_DIGEST_SIZE];
3397
    byte   shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
3398
    wc_Md5 md5[1];
3399
    wc_Sha sha[1];
3400
#endif
3401
3402
0
    if (ssl->arrays->preMasterSecret == NULL) {
3403
0
        return BAD_FUNC_ARG;
3404
0
    }
3405
3406
#ifdef SHOW_SECRETS
3407
    {
3408
        word32 j;
3409
        printf("pre master secret: ");
3410
        for (j = 0; j < pmsSz; j++)
3411
            printf("%02x", ssl->arrays->preMasterSecret[j]);
3412
        printf("\n");
3413
    }
3414
#endif
3415
3416
0
#ifdef WOLFSSL_SMALL_STACK
3417
0
    shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3418
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3419
0
    md5Input  = (byte*)XMALLOC(ENCRYPT_LEN + WC_SHA_DIGEST_SIZE,
3420
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3421
0
    shaInput  = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN,
3422
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3423
0
    md5       =  (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3424
0
    sha       =  (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3425
3426
0
    if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3427
0
                             md5      == NULL || sha      == NULL) {
3428
0
        if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3429
0
        if (md5Input)  XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3430
0
        if (shaInput)  XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3431
0
        if (md5)       XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3432
0
        if (sha)       XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3433
3434
0
        return MEMORY_E;
3435
0
    }
3436
0
#endif
3437
0
    XMEMSET(shaOutput, 0, WC_SHA_DIGEST_SIZE);
3438
3439
0
    ret = wc_InitMd5(md5);
3440
0
    if (ret == 0) {
3441
0
        ret = wc_InitSha(sha);
3442
0
    }
3443
0
    if (ret == 0) {
3444
0
        XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
3445
3446
0
        for (i = 0; i < MASTER_ROUNDS; ++i) {
3447
0
            byte prefix[KEY_PREFIX];      /* only need PREFIX bytes but static */
3448
0
            if (!SetPrefix(prefix, i)) {  /* analysis thinks will overrun      */
3449
0
                ret = PREFIX_ERROR;
3450
0
                break;
3451
0
            }
3452
3453
0
            idx = 0;
3454
0
            XMEMCPY(shaInput, prefix, i + 1);
3455
0
            idx += i + 1;
3456
3457
0
            XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
3458
0
            idx += pmsSz;
3459
0
            XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3460
0
            idx += RAN_LEN;
3461
0
            XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3462
0
            idx += RAN_LEN;
3463
0
            if (ret == 0) {
3464
0
                ret = wc_ShaUpdate(sha, shaInput, idx);
3465
0
            }
3466
0
            if (ret == 0) {
3467
0
                ret = wc_ShaFinal(sha, shaOutput);
3468
0
            }
3469
0
            idx = pmsSz;  /* preSz */
3470
0
            XMEMCPY(md5Input + idx, shaOutput, WC_SHA_DIGEST_SIZE);
3471
0
            idx += WC_SHA_DIGEST_SIZE;
3472
0
            if (ret == 0) {
3473
0
                ret = wc_Md5Update(md5, md5Input, idx);
3474
0
            }
3475
0
            if (ret == 0) {
3476
0
                ret = wc_Md5Final(md5,
3477
0
                            &ssl->arrays->masterSecret[i * WC_MD5_DIGEST_SIZE]);
3478
0
            }
3479
0
        }
3480
3481
#ifdef SHOW_SECRETS
3482
        {
3483
            word32 j;
3484
            printf("master secret: ");
3485
            for (j = 0; j < SECRET_LEN; j++)
3486
                printf("%02x", ssl->arrays->masterSecret[j]);
3487
            printf("\n");
3488
        }
3489
#endif
3490
3491
0
        if (ret == 0)
3492
0
            ret = DeriveKeys(ssl);
3493
0
    }
3494
3495
0
#ifdef WOLFSSL_SMALL_STACK
3496
0
    XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3497
0
    XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3498
0
    XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3499
0
    XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3500
0
    XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3501
0
#endif
3502
3503
0
    if (ret == 0)
3504
0
        ret = CleanPreMaster(ssl);
3505
0
    else
3506
0
        CleanPreMaster(ssl);
3507
3508
0
    return ret;
3509
0
}
3510
#endif
3511
3512
3513
/* Master wrapper, doesn't use SSL stack space in TLS mode */
3514
int MakeMasterSecret(WOLFSSL* ssl)
3515
0
{
3516
    /* append secret to premaster : premaster | SerSi | CliSi */
3517
0
#ifndef NO_OLD_TLS
3518
0
    if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
3519
0
    return MakeSslMasterSecret(ssl);
3520
#elif !defined(WOLFSSL_NO_TLS12) && !defined(NO_TLS)
3521
    return MakeTlsMasterSecret(ssl);
3522
#else
3523
    (void)ssl;
3524
    return 0;
3525
#endif
3526
0
}
3527
3528
#endif /* WOLFCRYPT_ONLY */