Coverage Report

Created: 2022-08-24 06:37

/src/wolfssl-sp-math-all/src/keys.c
Line
Count
Source (jump to first uncovered line)
1
/* keys.c
2
 *
3
 * Copyright (C) 2006-2022 wolfSSL Inc.
4
 *
5
 * This file is part of wolfSSL.
6
 *
7
 * wolfSSL is free software; you can redistribute it and/or modify
8
 * it under the terms of the GNU General Public License as published by
9
 * the Free Software Foundation; either version 2 of the License, or
10
 * (at your option) any later version.
11
 *
12
 * wolfSSL is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
 * GNU General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU General Public License
18
 * along with this program; if not, write to the Free Software
19
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20
 */
21
22
23
/* Name change compatibility layer no longer needs to be included here */
24
25
#ifdef HAVE_CONFIG_H
26
    #include <config.h>
27
#endif
28
29
#include <wolfssl/wolfcrypt/settings.h>
30
31
#ifndef WOLFCRYPT_ONLY
32
33
#include <wolfssl/internal.h>
34
#include <wolfssl/error-ssl.h>
35
#if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
36
    #ifndef NO_STDIO_FILESYSTEM
37
        #include <stdio.h>
38
    #endif
39
#endif
40
41
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
42
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
43
#endif
44
45
int SetCipherSpecs(WOLFSSL* ssl)
46
{
47
#ifndef NO_WOLFSSL_CLIENT
48
    if (ssl->options.side == WOLFSSL_CLIENT_END) {
49
        /* server side verified before SetCipherSpecs call */
50
        if (VerifyClientSuite(ssl) != 1) {
51
            WOLFSSL_MSG("SetCipherSpecs() client has an unusable suite");
52
            WOLFSSL_ERROR_VERBOSE(UNSUPPORTED_SUITE);
53
            return UNSUPPORTED_SUITE;
54
        }
55
    }
56
#endif /* NO_WOLFSSL_CLIENT */
57
58
    /* Chacha extensions, 0xcc */
59
    if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
60
61
    switch (ssl->options.cipherSuite) {
62
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
63
    case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
64
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
65
        ssl->specs.cipher_type           = aead;
66
        ssl->specs.mac_algorithm         = sha256_mac;
67
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
68
        ssl->specs.sig_algo              = rsa_sa_algo;
69
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
70
        ssl->specs.pad_size              = PAD_SHA;
71
        ssl->specs.static_ecdh           = 0;
72
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
73
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
74
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
75
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
76
        ssl->options.oldPoly             = 1; /* use old poly1305 padding */
77
78
        break;
79
#endif
80
81
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
82
    case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
83
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
84
        ssl->specs.cipher_type           = aead;
85
        ssl->specs.mac_algorithm         = sha256_mac;
86
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
87
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
88
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
89
        ssl->specs.pad_size              = PAD_SHA;
90
        ssl->specs.static_ecdh           = 0;
91
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
92
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
93
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
94
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
95
        ssl->options.oldPoly             = 1; /* use old poly1305 padding */
96
97
        break;
98
#endif
99
100
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
101
    case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
102
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
103
        ssl->specs.cipher_type           = aead;
104
        ssl->specs.mac_algorithm         = sha256_mac;
105
        ssl->specs.kea                   = diffie_hellman_kea;
106
        ssl->specs.sig_algo              = rsa_sa_algo;
107
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
108
        ssl->specs.pad_size              = PAD_SHA;
109
        ssl->specs.static_ecdh           = 0;
110
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
111
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
112
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
113
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
114
        ssl->options.oldPoly             = 1; /* use old poly1305 padding */
115
116
        break;
117
#endif
118
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
119
    case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
120
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
121
        ssl->specs.cipher_type           = aead;
122
        ssl->specs.mac_algorithm         = sha256_mac;
123
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
124
        ssl->specs.sig_algo              = rsa_sa_algo;
125
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
126
        ssl->specs.pad_size              = PAD_SHA;
127
        ssl->specs.static_ecdh           = 0;
128
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
129
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
130
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
131
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
132
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
133
134
        break;
135
#endif
136
137
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
138
    case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
139
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
140
        ssl->specs.cipher_type           = aead;
141
        ssl->specs.mac_algorithm         = sha256_mac;
142
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
143
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
144
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
145
        ssl->specs.pad_size              = PAD_SHA;
146
        ssl->specs.static_ecdh           = 0;
147
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
148
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
149
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
150
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
151
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
152
153
        break;
154
#endif
155
156
#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
157
    case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
158
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
159
        ssl->specs.cipher_type           = aead;
160
        ssl->specs.mac_algorithm         = sha256_mac;
161
        ssl->specs.kea                   = diffie_hellman_kea;
162
        ssl->specs.sig_algo              = rsa_sa_algo;
163
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
164
        ssl->specs.pad_size              = PAD_SHA;
165
        ssl->specs.static_ecdh           = 0;
166
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
167
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
168
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
169
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
170
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
171
172
        break;
173
#endif
174
175
#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
176
    case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256:
177
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
178
        ssl->specs.cipher_type           = aead;
179
        ssl->specs.mac_algorithm         = sha256_mac;
180
        ssl->specs.kea                   = psk_kea;
181
        ssl->specs.sig_algo              = anonymous_sa_algo;
182
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
183
        ssl->specs.pad_size              = PAD_SHA;
184
        ssl->specs.static_ecdh           = 0;
185
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
186
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
187
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
188
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
189
190
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
191
        ssl->options.usingPSK_cipher     = 1;
192
        break;
193
#endif
194
195
#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
196
    case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
197
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
198
        ssl->specs.cipher_type           = aead;
199
        ssl->specs.mac_algorithm         = sha256_mac;
200
        ssl->specs.kea                   = ecdhe_psk_kea;
201
        ssl->specs.sig_algo              = anonymous_sa_algo;
202
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
203
        ssl->specs.pad_size              = PAD_SHA;
204
        ssl->specs.static_ecdh           = 0;
205
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
206
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
207
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
208
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
209
210
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
211
        ssl->options.usingPSK_cipher     = 1;
212
        break;
213
#endif
214
215
#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
216
    case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
217
        ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
218
        ssl->specs.cipher_type           = aead;
219
        ssl->specs.mac_algorithm         = sha256_mac;
220
        ssl->specs.kea                   = dhe_psk_kea;
221
        ssl->specs.sig_algo              = anonymous_sa_algo;
222
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
223
        ssl->specs.pad_size              = PAD_SHA;
224
        ssl->specs.static_ecdh           = 0;
225
        ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
226
        ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
227
        ssl->specs.iv_size               = CHACHA20_IV_SIZE;
228
        ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
229
230
        ssl->options.oldPoly             = 0; /* use recent padding RFC */
231
        ssl->options.usingPSK_cipher     = 1;
232
        break;
233
#endif
234
    default:
235
        WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha");
236
        return UNSUPPORTED_SUITE;
237
    }
238
    }
239
240
    /* ECC extensions, AES-CCM or TLS 1.3 Integrity-only */
241
    if (ssl->options.cipherSuite0 == ECC_BYTE) {
242
243
    switch (ssl->options.cipherSuite) {
244
245
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
246
247
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
248
    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
249
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
250
        ssl->specs.cipher_type           = block;
251
        ssl->specs.mac_algorithm         = sha256_mac;
252
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
253
        ssl->specs.sig_algo              = rsa_sa_algo;
254
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
255
        ssl->specs.pad_size              = PAD_SHA;
256
        ssl->specs.static_ecdh           = 0;
257
        ssl->specs.key_size              = AES_128_KEY_SIZE;
258
        ssl->specs.iv_size               = AES_IV_SIZE;
259
        ssl->specs.block_size            = AES_BLOCK_SIZE;
260
261
        break;
262
#endif
263
264
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
265
    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
266
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
267
        ssl->specs.cipher_type           = block;
268
        ssl->specs.mac_algorithm         = sha384_mac;
269
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
270
        ssl->specs.sig_algo              = rsa_sa_algo;
271
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
272
        ssl->specs.pad_size              = PAD_SHA;
273
        ssl->specs.static_ecdh           = 0;
274
        ssl->specs.key_size              = AES_256_KEY_SIZE;
275
        ssl->specs.iv_size               = AES_IV_SIZE;
276
        ssl->specs.block_size            = AES_BLOCK_SIZE;
277
278
        break;
279
#endif
280
281
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
282
    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
283
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
284
        ssl->specs.cipher_type           = block;
285
        ssl->specs.mac_algorithm         = sha_mac;
286
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
287
        ssl->specs.sig_algo              = rsa_sa_algo;
288
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
289
        ssl->specs.pad_size              = PAD_SHA;
290
        ssl->specs.static_ecdh           = 0;
291
        ssl->specs.key_size              = AES_128_KEY_SIZE;
292
        ssl->specs.block_size            = AES_BLOCK_SIZE;
293
        ssl->specs.iv_size               = AES_IV_SIZE;
294
295
        break;
296
#endif
297
298
#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
299
    case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
300
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
301
        ssl->specs.cipher_type           = block;
302
        ssl->specs.mac_algorithm         = sha_mac;
303
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
304
        ssl->specs.sig_algo              = rsa_sa_algo;
305
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
306
        ssl->specs.pad_size              = PAD_SHA;
307
        ssl->specs.static_ecdh           = 0;
308
        ssl->specs.key_size              = DES3_KEY_SIZE;
309
        ssl->specs.block_size            = DES_BLOCK_SIZE;
310
/* DES_IV_SIZE is incorrectly 16 in FIPS v2. It should be 8, same as the
311
 * block size. */
312
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
313
        ssl->specs.iv_size               = DES_BLOCK_SIZE;
314
#else
315
        ssl->specs.iv_size               = DES_IV_SIZE;
316
#endif
317
318
        break;
319
#endif
320
321
#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
322
    case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
323
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
324
        ssl->specs.cipher_type           = stream;
325
        ssl->specs.mac_algorithm         = sha_mac;
326
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
327
        ssl->specs.sig_algo              = rsa_sa_algo;
328
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
329
        ssl->specs.pad_size              = PAD_SHA;
330
        ssl->specs.static_ecdh           = 0;
331
        ssl->specs.key_size              = RC4_KEY_SIZE;
332
        ssl->specs.iv_size               = 0;
333
        ssl->specs.block_size            = 0;
334
335
        break;
336
#endif
337
338
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
339
    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
340
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
341
        ssl->specs.cipher_type           = block;
342
        ssl->specs.mac_algorithm         = sha_mac;
343
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
344
        ssl->specs.sig_algo              = rsa_sa_algo;
345
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
346
        ssl->specs.pad_size              = PAD_SHA;
347
        ssl->specs.static_ecdh           = 0;
348
        ssl->specs.key_size              = AES_256_KEY_SIZE;
349
        ssl->specs.block_size            = AES_BLOCK_SIZE;
350
        ssl->specs.iv_size               = AES_IV_SIZE;
351
352
        break;
353
#endif
354
355
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
356
    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
357
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
358
        ssl->specs.cipher_type           = aead;
359
        ssl->specs.mac_algorithm         = sha256_mac;
360
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
361
        ssl->specs.sig_algo              = rsa_sa_algo;
362
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
363
        ssl->specs.pad_size              = PAD_SHA;
364
        ssl->specs.static_ecdh           = 0;
365
        ssl->specs.key_size              = AES_128_KEY_SIZE;
366
        ssl->specs.block_size            = AES_BLOCK_SIZE;
367
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
368
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
369
370
        break;
371
#endif
372
373
#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
374
    case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
375
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
376
        ssl->specs.cipher_type           = aead;
377
        ssl->specs.mac_algorithm         = sha384_mac;
378
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
379
        ssl->specs.sig_algo              = rsa_sa_algo;
380
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
381
        ssl->specs.pad_size              = PAD_SHA;
382
        ssl->specs.static_ecdh           = 0;
383
        ssl->specs.key_size              = AES_256_KEY_SIZE;
384
        ssl->specs.block_size            = AES_BLOCK_SIZE;
385
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
386
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
387
388
        break;
389
#endif
390
391
#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
392
    case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
393
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
394
        ssl->specs.cipher_type           = stream;
395
        ssl->specs.mac_algorithm         = sha256_mac;
396
        ssl->specs.kea                   = ecdhe_psk_kea;
397
        ssl->specs.sig_algo              = anonymous_sa_algo;
398
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
399
        ssl->specs.pad_size              = PAD_SHA;
400
        ssl->specs.static_ecdh           = 0;
401
        ssl->specs.key_size              = 0;
402
        ssl->specs.block_size            = 0;
403
        ssl->specs.iv_size               = 0;
404
405
        ssl->options.usingPSK_cipher     = 1;
406
        break;
407
#endif
408
409
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
410
    case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
411
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
412
        ssl->specs.cipher_type           = block;
413
        ssl->specs.mac_algorithm         = sha256_mac;
414
        ssl->specs.kea                   = ecdhe_psk_kea;
415
        ssl->specs.sig_algo              = anonymous_sa_algo;
416
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
417
        ssl->specs.pad_size              = PAD_SHA;
418
        ssl->specs.static_ecdh           = 0;
419
        ssl->specs.key_size              = AES_128_KEY_SIZE;
420
        ssl->specs.block_size            = AES_BLOCK_SIZE;
421
        ssl->specs.iv_size               = AES_IV_SIZE;
422
423
        ssl->options.usingPSK_cipher     = 1;
424
        break;
425
#endif
426
427
#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
428
429
#if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) \
430
                      || (defined(HAVE_CURVE448) && defined(HAVE_ED448))
431
432
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
433
    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
434
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
435
        ssl->specs.cipher_type           = block;
436
        ssl->specs.mac_algorithm         = sha256_mac;
437
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
438
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
439
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
440
        ssl->specs.pad_size              = PAD_SHA;
441
        ssl->specs.static_ecdh           = 0;
442
        ssl->specs.key_size              = AES_128_KEY_SIZE;
443
        ssl->specs.iv_size               = AES_IV_SIZE;
444
        ssl->specs.block_size            = AES_BLOCK_SIZE;
445
446
        break;
447
#endif
448
449
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
450
    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
451
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
452
        ssl->specs.cipher_type           = block;
453
        ssl->specs.mac_algorithm         = sha384_mac;
454
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
455
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
456
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
457
        ssl->specs.pad_size              = PAD_SHA;
458
        ssl->specs.static_ecdh           = 0;
459
        ssl->specs.key_size              = AES_256_KEY_SIZE;
460
        ssl->specs.iv_size               = AES_IV_SIZE;
461
        ssl->specs.block_size            = AES_BLOCK_SIZE;
462
463
        break;
464
#endif
465
466
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
467
    case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
468
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
469
        ssl->specs.cipher_type           = block;
470
        ssl->specs.mac_algorithm         = sha_mac;
471
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
472
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
473
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
474
        ssl->specs.pad_size              = PAD_SHA;
475
        ssl->specs.static_ecdh           = 0;
476
        ssl->specs.key_size              = DES3_KEY_SIZE;
477
        ssl->specs.block_size            = DES_BLOCK_SIZE;
478
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
479
        ssl->specs.iv_size               = DES_BLOCK_SIZE;
480
#else
481
        ssl->specs.iv_size               = DES_IV_SIZE;
482
#endif
483
484
        break;
485
#endif
486
487
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
488
    case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
489
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
490
        ssl->specs.cipher_type           = stream;
491
        ssl->specs.mac_algorithm         = sha_mac;
492
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
493
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
494
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
495
        ssl->specs.pad_size              = PAD_SHA;
496
        ssl->specs.static_ecdh           = 0;
497
        ssl->specs.key_size              = RC4_KEY_SIZE;
498
        ssl->specs.iv_size               = 0;
499
        ssl->specs.block_size            = 0;
500
501
        break;
502
#endif
503
504
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
505
    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
506
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
507
        ssl->specs.cipher_type           = block;
508
        ssl->specs.mac_algorithm         = sha_mac;
509
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
510
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
511
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
512
        ssl->specs.pad_size              = PAD_SHA;
513
        ssl->specs.static_ecdh           = 0;
514
        ssl->specs.key_size              = AES_128_KEY_SIZE;
515
        ssl->specs.block_size            = AES_BLOCK_SIZE;
516
        ssl->specs.iv_size               = AES_IV_SIZE;
517
518
        break;
519
#endif
520
521
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
522
    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
523
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
524
        ssl->specs.cipher_type           = block;
525
        ssl->specs.mac_algorithm         = sha_mac;
526
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
527
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
528
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
529
        ssl->specs.pad_size              = PAD_SHA;
530
        ssl->specs.static_ecdh           = 0;
531
        ssl->specs.key_size              = AES_256_KEY_SIZE;
532
        ssl->specs.block_size            = AES_BLOCK_SIZE;
533
        ssl->specs.iv_size               = AES_IV_SIZE;
534
535
        break;
536
#endif
537
538
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
539
    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
540
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
541
        ssl->specs.cipher_type           = aead;
542
        ssl->specs.mac_algorithm         = sha256_mac;
543
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
544
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
545
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
546
        ssl->specs.pad_size              = PAD_SHA;
547
        ssl->specs.static_ecdh           = 0;
548
        ssl->specs.key_size              = AES_128_KEY_SIZE;
549
        ssl->specs.block_size            = AES_BLOCK_SIZE;
550
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
551
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
552
553
        break;
554
#endif
555
556
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
557
    case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
558
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
559
        ssl->specs.cipher_type           = aead;
560
        ssl->specs.mac_algorithm         = sha384_mac;
561
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
562
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
563
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
564
        ssl->specs.pad_size              = PAD_SHA;
565
        ssl->specs.static_ecdh           = 0;
566
        ssl->specs.key_size              = AES_256_KEY_SIZE;
567
        ssl->specs.block_size            = AES_BLOCK_SIZE;
568
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
569
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
570
571
        break;
572
#endif
573
574
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
575
    case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
576
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
577
        ssl->specs.cipher_type           = aead;
578
        ssl->specs.mac_algorithm         = sha256_mac;
579
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
580
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
581
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
582
        ssl->specs.pad_size              = PAD_SHA;
583
        ssl->specs.static_ecdh           = 0;
584
        ssl->specs.key_size              = AES_128_KEY_SIZE;
585
        ssl->specs.block_size            = AES_BLOCK_SIZE;
586
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
587
        ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
588
589
        break;
590
#endif
591
592
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
593
    case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
594
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
595
        ssl->specs.cipher_type           = aead;
596
        ssl->specs.mac_algorithm         = sha256_mac;
597
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
598
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
599
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
600
        ssl->specs.pad_size              = PAD_SHA;
601
        ssl->specs.static_ecdh           = 0;
602
        ssl->specs.key_size              = AES_128_KEY_SIZE;
603
        ssl->specs.block_size            = AES_BLOCK_SIZE;
604
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
605
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
606
607
        break;
608
#endif
609
610
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
611
    case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
612
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
613
        ssl->specs.cipher_type           = aead;
614
        ssl->specs.mac_algorithm         = sha256_mac;
615
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
616
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
617
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
618
        ssl->specs.pad_size              = PAD_SHA;
619
        ssl->specs.static_ecdh           = 0;
620
        ssl->specs.key_size              = AES_256_KEY_SIZE;
621
        ssl->specs.block_size            = AES_BLOCK_SIZE;
622
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
623
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
624
625
        break;
626
#endif
627
628
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
629
    case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
630
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
631
        ssl->specs.cipher_type           = stream;
632
        ssl->specs.mac_algorithm         = sha_mac;
633
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
634
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
635
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
636
        ssl->specs.pad_size              = PAD_SHA;
637
        ssl->specs.static_ecdh           = 0;
638
        ssl->specs.key_size              = 0;
639
        ssl->specs.block_size            = 0;
640
        ssl->specs.iv_size               = 0;
641
642
    break;
643
#endif
644
645
#endif /* HAVE_ECC || (CURVE25519 && ED25519) || (CURVE448 && ED448) */
646
647
#if defined(HAVE_ECC)
648
649
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
650
    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
651
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
652
        ssl->specs.cipher_type           = block;
653
        ssl->specs.mac_algorithm         = sha256_mac;
654
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
655
        ssl->specs.sig_algo              = rsa_sa_algo;
656
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
657
        ssl->specs.pad_size              = PAD_SHA;
658
        ssl->specs.static_ecdh           = 1;
659
        ssl->specs.key_size              = AES_128_KEY_SIZE;
660
        ssl->specs.iv_size               = AES_IV_SIZE;
661
        ssl->specs.block_size            = AES_BLOCK_SIZE;
662
663
        break;
664
#endif
665
666
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
667
    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
668
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
669
        ssl->specs.cipher_type           = block;
670
        ssl->specs.mac_algorithm         = sha256_mac;
671
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
672
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
673
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
674
        ssl->specs.pad_size              = PAD_SHA;
675
        ssl->specs.static_ecdh           = 1;
676
        ssl->specs.key_size              = AES_128_KEY_SIZE;
677
        ssl->specs.iv_size               = AES_IV_SIZE;
678
        ssl->specs.block_size            = AES_BLOCK_SIZE;
679
680
        break;
681
#endif
682
683
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
684
    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
685
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
686
        ssl->specs.cipher_type           = block;
687
        ssl->specs.mac_algorithm         = sha384_mac;
688
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
689
        ssl->specs.sig_algo              = rsa_sa_algo;
690
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
691
        ssl->specs.pad_size              = PAD_SHA;
692
        ssl->specs.static_ecdh           = 1;
693
        ssl->specs.key_size              = AES_256_KEY_SIZE;
694
        ssl->specs.iv_size               = AES_IV_SIZE;
695
        ssl->specs.block_size            = AES_BLOCK_SIZE;
696
697
        break;
698
#endif
699
700
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
701
    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
702
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
703
        ssl->specs.cipher_type           = block;
704
        ssl->specs.mac_algorithm         = sha384_mac;
705
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
706
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
707
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
708
        ssl->specs.pad_size              = PAD_SHA;
709
        ssl->specs.static_ecdh           = 1;
710
        ssl->specs.key_size              = AES_256_KEY_SIZE;
711
        ssl->specs.iv_size               = AES_IV_SIZE;
712
        ssl->specs.block_size            = AES_BLOCK_SIZE;
713
714
        break;
715
#endif
716
717
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
718
    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
719
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
720
        ssl->specs.cipher_type           = block;
721
        ssl->specs.mac_algorithm         = sha_mac;
722
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
723
        ssl->specs.sig_algo              = rsa_sa_algo;
724
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
725
        ssl->specs.pad_size              = PAD_SHA;
726
        ssl->specs.static_ecdh           = 1;
727
        ssl->specs.key_size              = AES_128_KEY_SIZE;
728
        ssl->specs.block_size            = AES_BLOCK_SIZE;
729
        ssl->specs.iv_size               = AES_IV_SIZE;
730
731
        break;
732
#endif
733
734
#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
735
    case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
736
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
737
        ssl->specs.cipher_type           = block;
738
        ssl->specs.mac_algorithm         = sha_mac;
739
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
740
        ssl->specs.sig_algo              = rsa_sa_algo;
741
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
742
        ssl->specs.pad_size              = PAD_SHA;
743
        ssl->specs.static_ecdh           = 1;
744
        ssl->specs.key_size              = DES3_KEY_SIZE;
745
        ssl->specs.block_size            = DES_BLOCK_SIZE;
746
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
747
        ssl->specs.iv_size               = DES_BLOCK_SIZE;
748
#else
749
        ssl->specs.iv_size               = DES_IV_SIZE;
750
#endif
751
752
        break;
753
#endif
754
755
#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
756
    case TLS_ECDH_RSA_WITH_RC4_128_SHA :
757
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
758
        ssl->specs.cipher_type           = stream;
759
        ssl->specs.mac_algorithm         = sha_mac;
760
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
761
        ssl->specs.sig_algo              = rsa_sa_algo;
762
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
763
        ssl->specs.pad_size              = PAD_SHA;
764
        ssl->specs.static_ecdh           = 1;
765
        ssl->specs.key_size              = RC4_KEY_SIZE;
766
        ssl->specs.iv_size               = 0;
767
        ssl->specs.block_size            = 0;
768
769
        break;
770
#endif
771
772
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
773
    case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
774
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
775
        ssl->specs.cipher_type           = block;
776
        ssl->specs.mac_algorithm         = sha_mac;
777
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
778
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
779
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
780
        ssl->specs.pad_size              = PAD_SHA;
781
        ssl->specs.static_ecdh           = 1;
782
        ssl->specs.key_size              = DES3_KEY_SIZE;
783
        ssl->specs.block_size            = DES_BLOCK_SIZE;
784
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
785
        ssl->specs.iv_size               = DES_BLOCK_SIZE;
786
#else
787
        ssl->specs.iv_size               = DES_IV_SIZE;
788
#endif
789
790
        break;
791
#endif
792
793
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
794
    case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
795
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
796
        ssl->specs.cipher_type           = stream;
797
        ssl->specs.mac_algorithm         = sha_mac;
798
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
799
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
800
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
801
        ssl->specs.pad_size              = PAD_SHA;
802
        ssl->specs.static_ecdh           = 1;
803
        ssl->specs.key_size              = RC4_KEY_SIZE;
804
        ssl->specs.iv_size               = 0;
805
        ssl->specs.block_size            = 0;
806
807
        break;
808
#endif
809
810
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
811
    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
812
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
813
        ssl->specs.cipher_type           = block;
814
        ssl->specs.mac_algorithm         = sha_mac;
815
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
816
        ssl->specs.sig_algo              = rsa_sa_algo;
817
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
818
        ssl->specs.pad_size              = PAD_SHA;
819
        ssl->specs.static_ecdh           = 1;
820
        ssl->specs.key_size              = AES_256_KEY_SIZE;
821
        ssl->specs.block_size            = AES_BLOCK_SIZE;
822
        ssl->specs.iv_size               = AES_IV_SIZE;
823
824
        break;
825
#endif
826
827
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
828
    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
829
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
830
        ssl->specs.cipher_type           = block;
831
        ssl->specs.mac_algorithm         = sha_mac;
832
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
833
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
834
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
835
        ssl->specs.pad_size              = PAD_SHA;
836
        ssl->specs.static_ecdh           = 1;
837
        ssl->specs.key_size              = AES_128_KEY_SIZE;
838
        ssl->specs.block_size            = AES_BLOCK_SIZE;
839
        ssl->specs.iv_size               = AES_IV_SIZE;
840
841
        break;
842
#endif
843
844
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
845
    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
846
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
847
        ssl->specs.cipher_type           = block;
848
        ssl->specs.mac_algorithm         = sha_mac;
849
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
850
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
851
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
852
        ssl->specs.pad_size              = PAD_SHA;
853
        ssl->specs.static_ecdh           = 1;
854
        ssl->specs.key_size              = AES_256_KEY_SIZE;
855
        ssl->specs.block_size            = AES_BLOCK_SIZE;
856
        ssl->specs.iv_size               = AES_IV_SIZE;
857
858
        break;
859
#endif
860
861
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
862
    case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
863
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
864
        ssl->specs.cipher_type           = aead;
865
        ssl->specs.mac_algorithm         = sha256_mac;
866
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
867
        ssl->specs.sig_algo              = rsa_sa_algo;
868
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
869
        ssl->specs.pad_size              = PAD_SHA;
870
        ssl->specs.static_ecdh           = 1;
871
        ssl->specs.key_size              = AES_128_KEY_SIZE;
872
        ssl->specs.block_size            = AES_BLOCK_SIZE;
873
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
874
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
875
876
        break;
877
#endif
878
879
#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
880
    case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
881
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
882
        ssl->specs.cipher_type           = aead;
883
        ssl->specs.mac_algorithm         = sha384_mac;
884
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
885
        ssl->specs.sig_algo              = rsa_sa_algo;
886
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
887
        ssl->specs.pad_size              = PAD_SHA;
888
        ssl->specs.static_ecdh           = 1;
889
        ssl->specs.key_size              = AES_256_KEY_SIZE;
890
        ssl->specs.block_size            = AES_BLOCK_SIZE;
891
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
892
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
893
894
        break;
895
#endif
896
897
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
898
    case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
899
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
900
        ssl->specs.cipher_type           = aead;
901
        ssl->specs.mac_algorithm         = sha256_mac;
902
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
903
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
904
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
905
        ssl->specs.pad_size              = PAD_SHA;
906
        ssl->specs.static_ecdh           = 1;
907
        ssl->specs.key_size              = AES_128_KEY_SIZE;
908
        ssl->specs.block_size            = AES_BLOCK_SIZE;
909
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
910
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
911
912
        break;
913
#endif
914
915
#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
916
    case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
917
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
918
        ssl->specs.cipher_type           = aead;
919
        ssl->specs.mac_algorithm         = sha384_mac;
920
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
921
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
922
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
923
        ssl->specs.pad_size              = PAD_SHA;
924
        ssl->specs.static_ecdh           = 1;
925
        ssl->specs.key_size              = AES_256_KEY_SIZE;
926
        ssl->specs.block_size            = AES_BLOCK_SIZE;
927
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
928
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
929
930
        break;
931
#endif
932
933
#endif /* HAVE_ECC */
934
935
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
936
    case TLS_RSA_WITH_AES_128_CCM_8 :
937
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
938
        ssl->specs.cipher_type           = aead;
939
        ssl->specs.mac_algorithm         = sha256_mac;
940
        ssl->specs.kea                   = rsa_kea;
941
        ssl->specs.sig_algo              = rsa_sa_algo;
942
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
943
        ssl->specs.pad_size              = PAD_SHA;
944
        ssl->specs.static_ecdh           = 0;
945
        ssl->specs.key_size              = AES_128_KEY_SIZE;
946
        ssl->specs.block_size            = AES_BLOCK_SIZE;
947
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
948
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
949
950
        break;
951
#endif
952
953
#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
954
    case TLS_RSA_WITH_AES_256_CCM_8 :
955
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
956
        ssl->specs.cipher_type           = aead;
957
        ssl->specs.mac_algorithm         = sha256_mac;
958
        ssl->specs.kea                   = rsa_kea;
959
        ssl->specs.sig_algo              = rsa_sa_algo;
960
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
961
        ssl->specs.pad_size              = PAD_SHA;
962
        ssl->specs.static_ecdh           = 0;
963
        ssl->specs.key_size              = AES_256_KEY_SIZE;
964
        ssl->specs.block_size            = AES_BLOCK_SIZE;
965
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
966
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
967
968
        break;
969
#endif
970
971
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
972
    case TLS_PSK_WITH_AES_128_CCM_8 :
973
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
974
        ssl->specs.cipher_type           = aead;
975
        ssl->specs.mac_algorithm         = sha256_mac;
976
        ssl->specs.kea                   = psk_kea;
977
        ssl->specs.sig_algo              = anonymous_sa_algo;
978
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
979
        ssl->specs.pad_size              = PAD_SHA;
980
        ssl->specs.static_ecdh           = 0;
981
        ssl->specs.key_size              = AES_128_KEY_SIZE;
982
        ssl->specs.block_size            = AES_BLOCK_SIZE;
983
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
984
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
985
986
        ssl->options.usingPSK_cipher     = 1;
987
        break;
988
#endif
989
990
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
991
    case TLS_PSK_WITH_AES_256_CCM_8 :
992
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
993
        ssl->specs.cipher_type           = aead;
994
        ssl->specs.mac_algorithm         = sha256_mac;
995
        ssl->specs.kea                   = psk_kea;
996
        ssl->specs.sig_algo              = anonymous_sa_algo;
997
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
998
        ssl->specs.pad_size              = PAD_SHA;
999
        ssl->specs.static_ecdh           = 0;
1000
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1001
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1002
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1003
        ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
1004
1005
        ssl->options.usingPSK_cipher     = 1;
1006
        break;
1007
#endif
1008
1009
#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
1010
    case TLS_PSK_WITH_AES_128_CCM :
1011
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1012
        ssl->specs.cipher_type           = aead;
1013
        ssl->specs.mac_algorithm         = sha256_mac;
1014
        ssl->specs.kea                   = psk_kea;
1015
        ssl->specs.sig_algo              = anonymous_sa_algo;
1016
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1017
        ssl->specs.pad_size              = PAD_SHA;
1018
        ssl->specs.static_ecdh           = 0;
1019
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1020
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1021
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1022
        ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
1023
1024
        ssl->options.usingPSK_cipher     = 1;
1025
        break;
1026
#endif
1027
1028
#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
1029
    case TLS_PSK_WITH_AES_256_CCM :
1030
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1031
        ssl->specs.cipher_type           = aead;
1032
        ssl->specs.mac_algorithm         = sha256_mac;
1033
        ssl->specs.kea                   = psk_kea;
1034
        ssl->specs.sig_algo              = anonymous_sa_algo;
1035
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1036
        ssl->specs.pad_size              = PAD_SHA;
1037
        ssl->specs.static_ecdh           = 0;
1038
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1039
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1040
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1041
        ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
1042
1043
        ssl->options.usingPSK_cipher     = 1;
1044
        break;
1045
#endif
1046
1047
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
1048
    case TLS_DHE_PSK_WITH_AES_128_CCM :
1049
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1050
        ssl->specs.cipher_type           = aead;
1051
        ssl->specs.mac_algorithm         = sha256_mac;
1052
        ssl->specs.kea                   = dhe_psk_kea;
1053
        ssl->specs.sig_algo              = anonymous_sa_algo;
1054
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1055
        ssl->specs.pad_size              = PAD_SHA;
1056
        ssl->specs.static_ecdh           = 0;
1057
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1058
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1059
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1060
        ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
1061
1062
        ssl->options.usingPSK_cipher     = 1;
1063
        break;
1064
#endif
1065
1066
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
1067
    case TLS_DHE_PSK_WITH_AES_256_CCM :
1068
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1069
        ssl->specs.cipher_type           = aead;
1070
        ssl->specs.mac_algorithm         = sha256_mac;
1071
        ssl->specs.kea                   = dhe_psk_kea;
1072
        ssl->specs.sig_algo              = anonymous_sa_algo;
1073
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1074
        ssl->specs.pad_size              = PAD_SHA;
1075
        ssl->specs.static_ecdh           = 0;
1076
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1077
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1078
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1079
        ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
1080
1081
        ssl->options.usingPSK_cipher     = 1;
1082
        break;
1083
#endif
1084
1085
#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
1086
    #ifdef BUILD_TLS_SHA256_SHA256
1087
    case TLS_SHA256_SHA256 :
1088
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1089
        ssl->specs.cipher_type           = aead;
1090
        ssl->specs.mac_algorithm         = sha256_mac;
1091
        ssl->specs.kea                   = 0;
1092
        ssl->specs.sig_algo              = 0;
1093
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1094
        ssl->specs.pad_size              = PAD_SHA;
1095
        ssl->specs.static_ecdh           = 0;
1096
        ssl->specs.key_size              = WC_SHA256_DIGEST_SIZE;
1097
        ssl->specs.block_size            = 0;
1098
        ssl->specs.iv_size               = HMAC_NONCE_SZ;
1099
        ssl->specs.aead_mac_size         = WC_SHA256_DIGEST_SIZE;
1100
1101
        break;
1102
    #endif
1103
1104
    #ifdef BUILD_TLS_SHA384_SHA384
1105
    case TLS_SHA384_SHA384 :
1106
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1107
        ssl->specs.cipher_type           = aead;
1108
        ssl->specs.mac_algorithm         = sha384_mac;
1109
        ssl->specs.kea                   = 0;
1110
        ssl->specs.sig_algo              = 0;
1111
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1112
        ssl->specs.pad_size              = PAD_SHA;
1113
        ssl->specs.static_ecdh           = 0;
1114
        ssl->specs.key_size              = WC_SHA384_DIGEST_SIZE;
1115
        ssl->specs.block_size            = 0;
1116
        ssl->specs.iv_size               = HMAC_NONCE_SZ;
1117
        ssl->specs.aead_mac_size         = WC_SHA384_DIGEST_SIZE;
1118
1119
        break;
1120
    #endif
1121
#endif
1122
1123
    default:
1124
        WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
1125
        return UNSUPPORTED_SUITE;
1126
    }   /* switch */
1127
    }   /* if     */
1128
1129
    /* TLSi v1.3 cipher suites, 0x13 */
1130
    if (ssl->options.cipherSuite0 == TLS13_BYTE) {
1131
        switch (ssl->options.cipherSuite) {
1132
1133
#ifdef WOLFSSL_TLS13
1134
    #ifdef BUILD_TLS_AES_128_GCM_SHA256
1135
        case TLS_AES_128_GCM_SHA256 :
1136
            ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1137
            ssl->specs.cipher_type           = aead;
1138
            ssl->specs.mac_algorithm         = sha256_mac;
1139
            ssl->specs.kea                   = 0;
1140
            ssl->specs.sig_algo              = 0;
1141
            ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1142
            ssl->specs.pad_size              = PAD_SHA;
1143
            ssl->specs.static_ecdh           = 0;
1144
            ssl->specs.key_size              = AES_128_KEY_SIZE;
1145
            ssl->specs.block_size            = AES_BLOCK_SIZE;
1146
            ssl->specs.iv_size               = AESGCM_NONCE_SZ;
1147
            ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1148
1149
            break;
1150
    #endif
1151
1152
    #ifdef BUILD_TLS_AES_256_GCM_SHA384
1153
        case TLS_AES_256_GCM_SHA384 :
1154
            ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1155
            ssl->specs.cipher_type           = aead;
1156
            ssl->specs.mac_algorithm         = sha384_mac;
1157
            ssl->specs.kea                   = 0;
1158
            ssl->specs.sig_algo              = 0;
1159
            ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1160
            ssl->specs.pad_size              = PAD_SHA;
1161
            ssl->specs.static_ecdh           = 0;
1162
            ssl->specs.key_size              = AES_256_KEY_SIZE;
1163
            ssl->specs.block_size            = AES_BLOCK_SIZE;
1164
            ssl->specs.iv_size               = AESGCM_NONCE_SZ;
1165
            ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1166
1167
            break;
1168
    #endif
1169
1170
    #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
1171
        case TLS_CHACHA20_POLY1305_SHA256 :
1172
            ssl->specs.bulk_cipher_algorithm = wolfssl_chacha;
1173
            ssl->specs.cipher_type           = aead;
1174
            ssl->specs.mac_algorithm         = sha256_mac;
1175
            ssl->specs.kea                   = 0;
1176
            ssl->specs.sig_algo              = 0;
1177
            ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1178
            ssl->specs.pad_size              = PAD_SHA;
1179
            ssl->specs.static_ecdh           = 0;
1180
            ssl->specs.key_size              = CHACHA20_256_KEY_SIZE;
1181
            ssl->specs.block_size            = CHACHA20_BLOCK_SIZE;
1182
            ssl->specs.iv_size               = CHACHA20_IV_SIZE;
1183
            ssl->specs.aead_mac_size         = POLY1305_AUTH_SZ;
1184
            ssl->options.oldPoly             = 0; /* use recent padding RFC */
1185
1186
            break;
1187
    #endif
1188
1189
    #ifdef BUILD_TLS_AES_128_CCM_SHA256
1190
        case TLS_AES_128_CCM_SHA256 :
1191
            ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1192
            ssl->specs.cipher_type           = aead;
1193
            ssl->specs.mac_algorithm         = sha256_mac;
1194
            ssl->specs.kea                   = 0;
1195
            ssl->specs.sig_algo              = 0;
1196
            ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1197
            ssl->specs.pad_size              = PAD_SHA;
1198
            ssl->specs.static_ecdh           = 0;
1199
            ssl->specs.key_size              = AES_128_KEY_SIZE;
1200
            ssl->specs.block_size            = AES_BLOCK_SIZE;
1201
            ssl->specs.iv_size               = AESGCM_NONCE_SZ;
1202
            ssl->specs.aead_mac_size         = AES_CCM_16_AUTH_SZ;
1203
1204
            break;
1205
    #endif
1206
1207
    #ifdef BUILD_TLS_AES_128_CCM_8_SHA256
1208
        case TLS_AES_128_CCM_8_SHA256 :
1209
            ssl->specs.bulk_cipher_algorithm = wolfssl_aes_ccm;
1210
            ssl->specs.cipher_type           = aead;
1211
            ssl->specs.mac_algorithm         = sha256_mac;
1212
            ssl->specs.kea                   = 0;
1213
            ssl->specs.sig_algo              = 0;
1214
            ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1215
            ssl->specs.pad_size              = PAD_SHA;
1216
            ssl->specs.static_ecdh           = 0;
1217
            ssl->specs.key_size              = AES_128_KEY_SIZE;
1218
            ssl->specs.block_size            = AES_BLOCK_SIZE;
1219
            ssl->specs.iv_size               = AESGCM_NONCE_SZ;
1220
            ssl->specs.aead_mac_size         = AES_CCM_8_AUTH_SZ;
1221
1222
            break;
1223
    #endif
1224
#endif /* WOLFSSL_TLS13 */
1225
        default:
1226
            break;
1227
        }
1228
    }
1229
1230
    if (ssl->options.cipherSuite0 == ECDHE_PSK_BYTE) {
1231
1232
    switch (ssl->options.cipherSuite) {
1233
1234
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
1235
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
1236
    case TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 :
1237
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1238
        ssl->specs.cipher_type           = aead;
1239
        ssl->specs.mac_algorithm         = sha256_mac;
1240
        ssl->specs.kea                   = ecdhe_psk_kea;
1241
        ssl->specs.sig_algo              = anonymous_sa_algo;
1242
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1243
        ssl->specs.pad_size              = PAD_SHA;
1244
        ssl->specs.static_ecdh           = 0;
1245
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1246
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1247
        ssl->specs.iv_size               = AES_IV_SIZE;
1248
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1249
1250
        ssl->options.usingPSK_cipher     = 1;
1251
        break;
1252
#endif
1253
#endif
1254
1255
    default:
1256
        break;
1257
    }
1258
    }
1259
1260
1261
    if (ssl->options.cipherSuite0 != ECC_BYTE &&
1262
        ssl->options.cipherSuite0 != ECDHE_PSK_BYTE &&
1263
        ssl->options.cipherSuite0 != CHACHA_BYTE &&
1264
        ssl->options.cipherSuite0 != TLS13_BYTE) {   /* normal suites */
1265
    switch (ssl->options.cipherSuite) {
1266
1267
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
1268
    case SSL_RSA_WITH_RC4_128_SHA :
1269
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1270
        ssl->specs.cipher_type           = stream;
1271
        ssl->specs.mac_algorithm         = sha_mac;
1272
        ssl->specs.kea                   = rsa_kea;
1273
        ssl->specs.sig_algo              = rsa_sa_algo;
1274
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1275
        ssl->specs.pad_size              = PAD_SHA;
1276
        ssl->specs.static_ecdh           = 0;
1277
        ssl->specs.key_size              = RC4_KEY_SIZE;
1278
        ssl->specs.iv_size               = 0;
1279
        ssl->specs.block_size            = 0;
1280
1281
        break;
1282
#endif
1283
1284
#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
1285
    case SSL_RSA_WITH_RC4_128_MD5 :
1286
        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
1287
        ssl->specs.cipher_type           = stream;
1288
        ssl->specs.mac_algorithm         = md5_mac;
1289
        ssl->specs.kea                   = rsa_kea;
1290
        ssl->specs.sig_algo              = rsa_sa_algo;
1291
        ssl->specs.hash_size             = WC_MD5_DIGEST_SIZE;
1292
        ssl->specs.pad_size              = PAD_MD5;
1293
        ssl->specs.static_ecdh           = 0;
1294
        ssl->specs.key_size              = RC4_KEY_SIZE;
1295
        ssl->specs.iv_size               = 0;
1296
        ssl->specs.block_size            = 0;
1297
1298
        break;
1299
#endif
1300
1301
#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
1302
    case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
1303
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1304
        ssl->specs.cipher_type           = block;
1305
        ssl->specs.mac_algorithm         = sha_mac;
1306
        ssl->specs.kea                   = rsa_kea;
1307
        ssl->specs.sig_algo              = rsa_sa_algo;
1308
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1309
        ssl->specs.pad_size              = PAD_SHA;
1310
        ssl->specs.static_ecdh           = 0;
1311
        ssl->specs.key_size              = DES3_KEY_SIZE;
1312
        ssl->specs.block_size            = DES_BLOCK_SIZE;
1313
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2)
1314
        ssl->specs.iv_size               = DES_BLOCK_SIZE;
1315
#else
1316
        ssl->specs.iv_size               = DES_IV_SIZE;
1317
#endif
1318
1319
        break;
1320
#endif
1321
1322
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
1323
    case TLS_RSA_WITH_AES_128_CBC_SHA :
1324
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1325
        ssl->specs.cipher_type           = block;
1326
        ssl->specs.mac_algorithm         = sha_mac;
1327
        ssl->specs.kea                   = rsa_kea;
1328
        ssl->specs.sig_algo              = rsa_sa_algo;
1329
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1330
        ssl->specs.pad_size              = PAD_SHA;
1331
        ssl->specs.static_ecdh           = 0;
1332
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1333
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1334
        ssl->specs.iv_size               = AES_IV_SIZE;
1335
1336
        break;
1337
#endif
1338
1339
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
1340
    case TLS_RSA_WITH_AES_128_CBC_SHA256 :
1341
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1342
        ssl->specs.cipher_type           = block;
1343
        ssl->specs.mac_algorithm         = sha256_mac;
1344
        ssl->specs.kea                   = rsa_kea;
1345
        ssl->specs.sig_algo              = rsa_sa_algo;
1346
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1347
        ssl->specs.pad_size              = PAD_SHA;
1348
        ssl->specs.static_ecdh           = 0;
1349
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1350
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1351
        ssl->specs.iv_size               = AES_IV_SIZE;
1352
1353
        break;
1354
#endif
1355
1356
#ifdef BUILD_TLS_RSA_WITH_NULL_MD5
1357
    case TLS_RSA_WITH_NULL_MD5 :
1358
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1359
        ssl->specs.cipher_type           = stream;
1360
        ssl->specs.mac_algorithm         = md5_mac;
1361
        ssl->specs.kea                   = rsa_kea;
1362
        ssl->specs.sig_algo              = rsa_sa_algo;
1363
        ssl->specs.hash_size             = WC_MD5_DIGEST_SIZE;
1364
        ssl->specs.pad_size              = PAD_MD5;
1365
        ssl->specs.static_ecdh           = 0;
1366
        ssl->specs.key_size              = 0;
1367
        ssl->specs.block_size            = 0;
1368
        ssl->specs.iv_size               = 0;
1369
1370
        break;
1371
#endif
1372
1373
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
1374
    case TLS_RSA_WITH_NULL_SHA :
1375
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1376
        ssl->specs.cipher_type           = stream;
1377
        ssl->specs.mac_algorithm         = sha_mac;
1378
        ssl->specs.kea                   = rsa_kea;
1379
        ssl->specs.sig_algo              = rsa_sa_algo;
1380
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1381
        ssl->specs.pad_size              = PAD_SHA;
1382
        ssl->specs.static_ecdh           = 0;
1383
        ssl->specs.key_size              = 0;
1384
        ssl->specs.block_size            = 0;
1385
        ssl->specs.iv_size               = 0;
1386
1387
        break;
1388
#endif
1389
1390
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
1391
    case TLS_RSA_WITH_NULL_SHA256 :
1392
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1393
        ssl->specs.cipher_type           = stream;
1394
        ssl->specs.mac_algorithm         = sha256_mac;
1395
        ssl->specs.kea                   = rsa_kea;
1396
        ssl->specs.sig_algo              = rsa_sa_algo;
1397
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1398
        ssl->specs.pad_size              = PAD_SHA;
1399
        ssl->specs.static_ecdh           = 0;
1400
        ssl->specs.key_size              = 0;
1401
        ssl->specs.block_size            = 0;
1402
        ssl->specs.iv_size               = 0;
1403
1404
        break;
1405
#endif
1406
1407
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
1408
    case TLS_RSA_WITH_AES_256_CBC_SHA :
1409
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1410
        ssl->specs.cipher_type           = block;
1411
        ssl->specs.mac_algorithm         = sha_mac;
1412
        ssl->specs.kea                   = rsa_kea;
1413
        ssl->specs.sig_algo              = rsa_sa_algo;
1414
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1415
        ssl->specs.pad_size              = PAD_SHA;
1416
        ssl->specs.static_ecdh           = 0;
1417
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1418
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1419
        ssl->specs.iv_size               = AES_IV_SIZE;
1420
1421
        break;
1422
#endif
1423
1424
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
1425
    case TLS_RSA_WITH_AES_256_CBC_SHA256 :
1426
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1427
        ssl->specs.cipher_type           = block;
1428
        ssl->specs.mac_algorithm         = sha256_mac;
1429
        ssl->specs.kea                   = rsa_kea;
1430
        ssl->specs.sig_algo              = rsa_sa_algo;
1431
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1432
        ssl->specs.pad_size              = PAD_SHA;
1433
        ssl->specs.static_ecdh           = 0;
1434
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1435
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1436
        ssl->specs.iv_size               = AES_IV_SIZE;
1437
1438
        break;
1439
#endif
1440
1441
#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
1442
    case TLS_PSK_WITH_AES_128_GCM_SHA256 :
1443
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1444
        ssl->specs.cipher_type           = aead;
1445
        ssl->specs.mac_algorithm         = sha256_mac;
1446
        ssl->specs.kea                   = psk_kea;
1447
        ssl->specs.sig_algo              = anonymous_sa_algo;
1448
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1449
        ssl->specs.pad_size              = PAD_SHA;
1450
        ssl->specs.static_ecdh           = 0;
1451
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1452
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1453
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1454
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1455
1456
        ssl->options.usingPSK_cipher     = 1;
1457
        break;
1458
#endif
1459
1460
#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
1461
    case TLS_PSK_WITH_AES_256_GCM_SHA384 :
1462
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1463
        ssl->specs.cipher_type           = aead;
1464
        ssl->specs.mac_algorithm         = sha384_mac;
1465
        ssl->specs.kea                   = psk_kea;
1466
        ssl->specs.sig_algo              = anonymous_sa_algo;
1467
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1468
        ssl->specs.pad_size              = PAD_SHA;
1469
        ssl->specs.static_ecdh           = 0;
1470
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1471
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1472
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1473
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1474
1475
        ssl->options.usingPSK_cipher     = 1;
1476
        break;
1477
#endif
1478
1479
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
1480
    case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
1481
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1482
        ssl->specs.cipher_type           = aead;
1483
        ssl->specs.mac_algorithm         = sha384_mac;
1484
        ssl->specs.kea                   = diffie_hellman_kea;
1485
        ssl->specs.sig_algo              = anonymous_sa_algo;
1486
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1487
        ssl->specs.pad_size              = PAD_SHA;
1488
        ssl->specs.static_ecdh           = 0;
1489
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1490
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1491
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1492
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1493
1494
         ssl->options.usingAnon_cipher    = 1;
1495
        break;
1496
#endif
1497
1498
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
1499
    case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
1500
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1501
        ssl->specs.cipher_type           = aead;
1502
        ssl->specs.mac_algorithm         = sha256_mac;
1503
        ssl->specs.kea                   = dhe_psk_kea;
1504
        ssl->specs.sig_algo              = anonymous_sa_algo;
1505
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1506
        ssl->specs.pad_size              = PAD_SHA;
1507
        ssl->specs.static_ecdh           = 0;
1508
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1509
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1510
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1511
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1512
1513
        ssl->options.usingPSK_cipher     = 1;
1514
        break;
1515
#endif
1516
1517
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
1518
    case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
1519
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1520
        ssl->specs.cipher_type           = aead;
1521
        ssl->specs.mac_algorithm         = sha384_mac;
1522
        ssl->specs.kea                   = dhe_psk_kea;
1523
        ssl->specs.sig_algo              = anonymous_sa_algo;
1524
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1525
        ssl->specs.pad_size              = PAD_SHA;
1526
        ssl->specs.static_ecdh           = 0;
1527
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1528
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1529
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1530
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1531
1532
        ssl->options.usingPSK_cipher     = 1;
1533
        break;
1534
#endif
1535
1536
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
1537
    case TLS_PSK_WITH_AES_128_CBC_SHA256 :
1538
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1539
        ssl->specs.cipher_type           = block;
1540
        ssl->specs.mac_algorithm         = sha256_mac;
1541
        ssl->specs.kea                   = psk_kea;
1542
        ssl->specs.sig_algo              = anonymous_sa_algo;
1543
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1544
        ssl->specs.pad_size              = PAD_SHA;
1545
        ssl->specs.static_ecdh           = 0;
1546
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1547
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1548
        ssl->specs.iv_size               = AES_IV_SIZE;
1549
1550
        ssl->options.usingPSK_cipher     = 1;
1551
        break;
1552
#endif
1553
1554
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
1555
    case TLS_PSK_WITH_AES_256_CBC_SHA384 :
1556
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1557
        ssl->specs.cipher_type           = block;
1558
        ssl->specs.mac_algorithm         = sha384_mac;
1559
        ssl->specs.kea                   = psk_kea;
1560
        ssl->specs.sig_algo              = anonymous_sa_algo;
1561
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1562
        ssl->specs.pad_size              = PAD_SHA;
1563
        ssl->specs.static_ecdh           = 0;
1564
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1565
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1566
        ssl->specs.iv_size               = AES_IV_SIZE;
1567
1568
        ssl->options.usingPSK_cipher     = 1;
1569
        break;
1570
#endif
1571
1572
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
1573
    case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
1574
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1575
        ssl->specs.cipher_type           = block;
1576
        ssl->specs.mac_algorithm         = sha256_mac;
1577
        ssl->specs.kea                   = dhe_psk_kea;
1578
        ssl->specs.sig_algo              = anonymous_sa_algo;
1579
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1580
        ssl->specs.pad_size              = PAD_SHA;
1581
        ssl->specs.static_ecdh           = 0;
1582
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1583
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1584
        ssl->specs.iv_size               = AES_IV_SIZE;
1585
1586
        ssl->options.usingPSK_cipher     = 1;
1587
        break;
1588
#endif
1589
1590
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
1591
    case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
1592
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1593
        ssl->specs.cipher_type           = block;
1594
        ssl->specs.mac_algorithm         = sha384_mac;
1595
        ssl->specs.kea                   = dhe_psk_kea;
1596
        ssl->specs.sig_algo              = anonymous_sa_algo;
1597
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1598
        ssl->specs.pad_size              = PAD_SHA;
1599
        ssl->specs.static_ecdh           = 0;
1600
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1601
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1602
        ssl->specs.iv_size               = AES_IV_SIZE;
1603
1604
        ssl->options.usingPSK_cipher     = 1;
1605
        break;
1606
#endif
1607
1608
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
1609
    case TLS_PSK_WITH_AES_128_CBC_SHA :
1610
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1611
        ssl->specs.cipher_type           = block;
1612
        ssl->specs.mac_algorithm         = sha_mac;
1613
        ssl->specs.kea                   = psk_kea;
1614
        ssl->specs.sig_algo              = anonymous_sa_algo;
1615
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1616
        ssl->specs.pad_size              = PAD_SHA;
1617
        ssl->specs.static_ecdh           = 0;
1618
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1619
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1620
        ssl->specs.iv_size               = AES_IV_SIZE;
1621
1622
        ssl->options.usingPSK_cipher     = 1;
1623
        break;
1624
#endif
1625
1626
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
1627
    case TLS_PSK_WITH_AES_256_CBC_SHA :
1628
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1629
        ssl->specs.cipher_type           = block;
1630
        ssl->specs.mac_algorithm         = sha_mac;
1631
        ssl->specs.kea                   = psk_kea;
1632
        ssl->specs.sig_algo              = anonymous_sa_algo;
1633
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1634
        ssl->specs.pad_size              = PAD_SHA;
1635
        ssl->specs.static_ecdh           = 0;
1636
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1637
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1638
        ssl->specs.iv_size               = AES_IV_SIZE;
1639
1640
        ssl->options.usingPSK_cipher     = 1;
1641
        break;
1642
#endif
1643
1644
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
1645
    case TLS_PSK_WITH_NULL_SHA256 :
1646
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1647
        ssl->specs.cipher_type           = stream;
1648
        ssl->specs.mac_algorithm         = sha256_mac;
1649
        ssl->specs.kea                   = psk_kea;
1650
        ssl->specs.sig_algo              = anonymous_sa_algo;
1651
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1652
        ssl->specs.pad_size              = PAD_SHA;
1653
        ssl->specs.static_ecdh           = 0;
1654
        ssl->specs.key_size              = 0;
1655
        ssl->specs.block_size            = 0;
1656
        ssl->specs.iv_size               = 0;
1657
1658
        ssl->options.usingPSK_cipher     = 1;
1659
        break;
1660
#endif
1661
1662
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
1663
    case TLS_PSK_WITH_NULL_SHA384 :
1664
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1665
        ssl->specs.cipher_type           = stream;
1666
        ssl->specs.mac_algorithm         = sha384_mac;
1667
        ssl->specs.kea                   = psk_kea;
1668
        ssl->specs.sig_algo              = anonymous_sa_algo;
1669
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1670
        ssl->specs.pad_size              = PAD_SHA;
1671
        ssl->specs.static_ecdh           = 0;
1672
        ssl->specs.key_size              = 0;
1673
        ssl->specs.block_size            = 0;
1674
        ssl->specs.iv_size               = 0;
1675
1676
        ssl->options.usingPSK_cipher     = 1;
1677
        break;
1678
#endif
1679
1680
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
1681
    case TLS_PSK_WITH_NULL_SHA :
1682
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1683
        ssl->specs.cipher_type           = stream;
1684
        ssl->specs.mac_algorithm         = sha_mac;
1685
        ssl->specs.kea                   = psk_kea;
1686
        ssl->specs.sig_algo              = anonymous_sa_algo;
1687
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1688
        ssl->specs.pad_size              = PAD_SHA;
1689
        ssl->specs.static_ecdh           = 0;
1690
        ssl->specs.key_size              = 0;
1691
        ssl->specs.block_size            = 0;
1692
        ssl->specs.iv_size               = 0;
1693
1694
        ssl->options.usingPSK_cipher     = 1;
1695
        break;
1696
#endif
1697
1698
#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
1699
    case TLS_DHE_PSK_WITH_NULL_SHA256 :
1700
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1701
        ssl->specs.cipher_type           = stream;
1702
        ssl->specs.mac_algorithm         = sha256_mac;
1703
        ssl->specs.kea                   = dhe_psk_kea;
1704
        ssl->specs.sig_algo              = anonymous_sa_algo;
1705
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1706
        ssl->specs.pad_size              = PAD_SHA;
1707
        ssl->specs.static_ecdh           = 0;
1708
        ssl->specs.key_size              = 0;
1709
        ssl->specs.block_size            = 0;
1710
        ssl->specs.iv_size               = 0;
1711
1712
        ssl->options.usingPSK_cipher     = 1;
1713
        break;
1714
#endif
1715
1716
#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
1717
    case TLS_DHE_PSK_WITH_NULL_SHA384 :
1718
        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
1719
        ssl->specs.cipher_type           = stream;
1720
        ssl->specs.mac_algorithm         = sha384_mac;
1721
        ssl->specs.kea                   = dhe_psk_kea;
1722
        ssl->specs.sig_algo              = anonymous_sa_algo;
1723
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1724
        ssl->specs.pad_size              = PAD_SHA;
1725
        ssl->specs.static_ecdh           = 0;
1726
        ssl->specs.key_size              = 0;
1727
        ssl->specs.block_size            = 0;
1728
        ssl->specs.iv_size               = 0;
1729
1730
        ssl->options.usingPSK_cipher     = 1;
1731
        break;
1732
#endif
1733
1734
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
1735
    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
1736
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1737
        ssl->specs.cipher_type           = block;
1738
        ssl->specs.mac_algorithm         = sha256_mac;
1739
        ssl->specs.kea                   = diffie_hellman_kea;
1740
        ssl->specs.sig_algo              = rsa_sa_algo;
1741
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1742
        ssl->specs.pad_size              = PAD_SHA;
1743
        ssl->specs.static_ecdh           = 0;
1744
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1745
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1746
        ssl->specs.iv_size               = AES_IV_SIZE;
1747
1748
        break;
1749
#endif
1750
1751
#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
1752
    case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA :
1753
        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
1754
        ssl->specs.cipher_type           = block;
1755
        ssl->specs.mac_algorithm         = sha_mac;
1756
        ssl->specs.kea                   = diffie_hellman_kea;
1757
        ssl->specs.sig_algo              = rsa_sa_algo;
1758
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1759
        ssl->specs.pad_size              = PAD_SHA;
1760
        ssl->specs.static_ecdh           = 0;
1761
        ssl->specs.key_size              = DES3_KEY_SIZE;
1762
        ssl->specs.block_size            = DES_BLOCK_SIZE;
1763
        ssl->specs.iv_size               = DES_IV_SIZE;
1764
1765
        break;
1766
#endif
1767
1768
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
1769
    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
1770
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1771
        ssl->specs.cipher_type           = block;
1772
        ssl->specs.mac_algorithm         = sha256_mac;
1773
        ssl->specs.kea                   = diffie_hellman_kea;
1774
        ssl->specs.sig_algo              = rsa_sa_algo;
1775
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1776
        ssl->specs.pad_size              = PAD_SHA;
1777
        ssl->specs.static_ecdh           = 0;
1778
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1779
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1780
        ssl->specs.iv_size               = AES_IV_SIZE;
1781
1782
        break;
1783
#endif
1784
1785
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1786
    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
1787
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1788
        ssl->specs.cipher_type           = block;
1789
        ssl->specs.mac_algorithm         = sha_mac;
1790
        ssl->specs.kea                   = diffie_hellman_kea;
1791
        ssl->specs.sig_algo              = rsa_sa_algo;
1792
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1793
        ssl->specs.pad_size              = PAD_SHA;
1794
        ssl->specs.static_ecdh           = 0;
1795
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1796
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1797
        ssl->specs.iv_size               = AES_IV_SIZE;
1798
1799
        break;
1800
#endif
1801
1802
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1803
    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
1804
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
1805
        ssl->specs.cipher_type           = block;
1806
        ssl->specs.mac_algorithm         = sha_mac;
1807
        ssl->specs.kea                   = diffie_hellman_kea;
1808
        ssl->specs.sig_algo              = rsa_sa_algo;
1809
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1810
        ssl->specs.pad_size              = PAD_SHA;
1811
        ssl->specs.static_ecdh           = 0;
1812
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1813
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1814
        ssl->specs.iv_size               = AES_IV_SIZE;
1815
1816
        break;
1817
#endif
1818
1819
#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
1820
    case TLS_RSA_WITH_AES_128_GCM_SHA256 :
1821
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1822
        ssl->specs.cipher_type           = aead;
1823
        ssl->specs.mac_algorithm         = sha256_mac;
1824
        ssl->specs.kea                   = rsa_kea;
1825
        ssl->specs.sig_algo              = rsa_sa_algo;
1826
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1827
        ssl->specs.pad_size              = PAD_SHA;
1828
        ssl->specs.static_ecdh           = 0;
1829
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1830
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1831
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1832
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1833
1834
        break;
1835
#endif
1836
1837
#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
1838
    case TLS_RSA_WITH_AES_256_GCM_SHA384 :
1839
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1840
        ssl->specs.cipher_type           = aead;
1841
        ssl->specs.mac_algorithm         = sha384_mac;
1842
        ssl->specs.kea                   = rsa_kea;
1843
        ssl->specs.sig_algo              = rsa_sa_algo;
1844
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1845
        ssl->specs.pad_size              = PAD_SHA;
1846
        ssl->specs.static_ecdh           = 0;
1847
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1848
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1849
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1850
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1851
1852
        break;
1853
#endif
1854
1855
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
1856
    case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
1857
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1858
        ssl->specs.cipher_type           = aead;
1859
        ssl->specs.mac_algorithm         = sha256_mac;
1860
        ssl->specs.kea                   = diffie_hellman_kea;
1861
        ssl->specs.sig_algo              = rsa_sa_algo;
1862
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1863
        ssl->specs.pad_size              = PAD_SHA;
1864
        ssl->specs.static_ecdh           = 0;
1865
        ssl->specs.key_size              = AES_128_KEY_SIZE;
1866
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1867
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1868
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1869
1870
        break;
1871
#endif
1872
1873
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
1874
    case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
1875
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
1876
        ssl->specs.cipher_type           = aead;
1877
        ssl->specs.mac_algorithm         = sha384_mac;
1878
        ssl->specs.kea                   = diffie_hellman_kea;
1879
        ssl->specs.sig_algo              = rsa_sa_algo;
1880
        ssl->specs.hash_size             = WC_SHA384_DIGEST_SIZE;
1881
        ssl->specs.pad_size              = PAD_SHA;
1882
        ssl->specs.static_ecdh           = 0;
1883
        ssl->specs.key_size              = AES_256_KEY_SIZE;
1884
        ssl->specs.block_size            = AES_BLOCK_SIZE;
1885
        ssl->specs.iv_size               = AESGCM_IMP_IV_SZ;
1886
        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
1887
1888
        break;
1889
#endif
1890
1891
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
1892
    case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
1893
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1894
        ssl->specs.cipher_type           = block;
1895
        ssl->specs.mac_algorithm         = sha_mac;
1896
        ssl->specs.kea                   = rsa_kea;
1897
        ssl->specs.sig_algo              = rsa_sa_algo;
1898
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1899
        ssl->specs.pad_size              = PAD_SHA;
1900
        ssl->specs.static_ecdh           = 0;
1901
        ssl->specs.key_size              = CAMELLIA_128_KEY_SIZE;
1902
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1903
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1904
1905
        break;
1906
#endif
1907
1908
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
1909
    case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
1910
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1911
        ssl->specs.cipher_type           = block;
1912
        ssl->specs.mac_algorithm         = sha_mac;
1913
        ssl->specs.kea                   = rsa_kea;
1914
        ssl->specs.sig_algo              = rsa_sa_algo;
1915
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1916
        ssl->specs.pad_size              = PAD_SHA;
1917
        ssl->specs.static_ecdh           = 0;
1918
        ssl->specs.key_size              = CAMELLIA_256_KEY_SIZE;
1919
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1920
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1921
1922
        break;
1923
#endif
1924
1925
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
1926
    case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1927
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1928
        ssl->specs.cipher_type           = block;
1929
        ssl->specs.mac_algorithm         = sha256_mac;
1930
        ssl->specs.kea                   = rsa_kea;
1931
        ssl->specs.sig_algo              = rsa_sa_algo;
1932
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1933
        ssl->specs.pad_size              = PAD_SHA;
1934
        ssl->specs.static_ecdh           = 0;
1935
        ssl->specs.key_size              = CAMELLIA_128_KEY_SIZE;
1936
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1937
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1938
1939
        break;
1940
#endif
1941
1942
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
1943
    case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
1944
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1945
        ssl->specs.cipher_type           = block;
1946
        ssl->specs.mac_algorithm         = sha256_mac;
1947
        ssl->specs.kea                   = rsa_kea;
1948
        ssl->specs.sig_algo              = rsa_sa_algo;
1949
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
1950
        ssl->specs.pad_size              = PAD_SHA;
1951
        ssl->specs.static_ecdh           = 0;
1952
        ssl->specs.key_size              = CAMELLIA_256_KEY_SIZE;
1953
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1954
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1955
1956
        break;
1957
#endif
1958
1959
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
1960
    case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
1961
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1962
        ssl->specs.cipher_type           = block;
1963
        ssl->specs.mac_algorithm         = sha_mac;
1964
        ssl->specs.kea                   = diffie_hellman_kea;
1965
        ssl->specs.sig_algo              = rsa_sa_algo;
1966
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1967
        ssl->specs.pad_size              = PAD_SHA;
1968
        ssl->specs.static_ecdh           = 0;
1969
        ssl->specs.key_size              = CAMELLIA_128_KEY_SIZE;
1970
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1971
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1972
1973
        break;
1974
#endif
1975
1976
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1977
    case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
1978
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1979
        ssl->specs.cipher_type           = block;
1980
        ssl->specs.mac_algorithm         = sha_mac;
1981
        ssl->specs.kea                   = diffie_hellman_kea;
1982
        ssl->specs.sig_algo              = rsa_sa_algo;
1983
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
1984
        ssl->specs.pad_size              = PAD_SHA;
1985
        ssl->specs.static_ecdh           = 0;
1986
        ssl->specs.key_size              = CAMELLIA_256_KEY_SIZE;
1987
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
1988
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
1989
1990
        break;
1991
#endif
1992
1993
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
1994
    case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
1995
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
1996
        ssl->specs.cipher_type           = block;
1997
        ssl->specs.mac_algorithm         = sha256_mac;
1998
        ssl->specs.kea                   = diffie_hellman_kea;
1999
        ssl->specs.sig_algo              = rsa_sa_algo;
2000
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
2001
        ssl->specs.pad_size              = PAD_SHA;
2002
        ssl->specs.static_ecdh           = 0;
2003
        ssl->specs.key_size              = CAMELLIA_128_KEY_SIZE;
2004
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
2005
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
2006
2007
        break;
2008
#endif
2009
2010
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
2011
    case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
2012
        ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
2013
        ssl->specs.cipher_type           = block;
2014
        ssl->specs.mac_algorithm         = sha256_mac;
2015
        ssl->specs.kea                   = diffie_hellman_kea;
2016
        ssl->specs.sig_algo              = rsa_sa_algo;
2017
        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
2018
        ssl->specs.pad_size              = PAD_SHA;
2019
        ssl->specs.static_ecdh           = 0;
2020
        ssl->specs.key_size              = CAMELLIA_256_KEY_SIZE;
2021
        ssl->specs.block_size            = CAMELLIA_BLOCK_SIZE;
2022
        ssl->specs.iv_size               = CAMELLIA_IV_SIZE;
2023
2024
        break;
2025
#endif
2026
2027
#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
2028
    case TLS_DH_anon_WITH_AES_128_CBC_SHA :
2029
        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
2030
        ssl->specs.cipher_type           = block;
2031
        ssl->specs.mac_algorithm         = sha_mac;
2032
        ssl->specs.kea                   = diffie_hellman_kea;
2033
        ssl->specs.sig_algo              = anonymous_sa_algo;
2034
        ssl->specs.hash_size             = WC_SHA_DIGEST_SIZE;
2035
        ssl->specs.pad_size              = PAD_SHA;
2036
        ssl->specs.static_ecdh           = 0;
2037
        ssl->specs.key_size              = AES_128_KEY_SIZE;
2038
        ssl->specs.block_size            = AES_BLOCK_SIZE;
2039
        ssl->specs.iv_size               = AES_IV_SIZE;
2040
2041
        ssl->options.usingAnon_cipher    = 1;
2042
        break;
2043
#endif
2044
2045
#ifdef BUILD_WDM_WITH_NULL_SHA256
2046
        case WDM_WITH_NULL_SHA256 :
2047
            ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
2048
            ssl->specs.cipher_type           = stream;
2049
            ssl->specs.mac_algorithm         = sha256_mac;
2050
            ssl->specs.kea                   = no_kea;
2051
            ssl->specs.sig_algo              = anonymous_sa_algo;
2052
            ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
2053
            ssl->specs.pad_size              = PAD_SHA;
2054
2055
            break;
2056
#endif
2057
2058
    default:
2059
        WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
2060
        WOLFSSL_ERROR_VERBOSE(UNSUPPORTED_SUITE);
2061
        return UNSUPPORTED_SUITE;
2062
    }  /* switch */
2063
    }  /* if ECC / Normal suites else */
2064
2065
    /* set TLS if it hasn't been turned off */
2066
    if (ssl->version.major == SSLv3_MAJOR &&
2067
            ssl->version.minor >= TLSv1_MINOR) {
2068
#ifndef NO_TLS
2069
        ssl->options.tls = 1;
2070
    #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
2071
        #if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
2072
            !defined(WOLFSSL_RENESAS_TSIP_TLS)
2073
        ssl->hmac = TLS_hmac;
2074
        #else
2075
        ssl->hmac = Renesas_cmn_TLS_hmac;
2076
        #endif
2077
    #endif
2078
        if (ssl->version.minor >= TLSv1_1_MINOR) {
2079
            ssl->options.tls1_1 = 1;
2080
            if (ssl->version.minor >= TLSv1_3_MINOR)
2081
                ssl->options.tls1_3 = 1;
2082
        }
2083
#endif
2084
    }
2085
2086
#ifdef WOLFSSL_DTLS13
2087
    if (ssl->options.dtls &&
2088
        ssl->version.major == DTLS_MAJOR &&
2089
        ssl->version.minor <= DTLSv1_3_MINOR) {
2090
            ssl->options.tls = 1;
2091
            ssl->options.tls1_3 = 1;
2092
    }
2093
#endif /* WOLFSSL_DTLS13 */
2094
2095
#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
2096
    if (IsAtLeastTLSv1_3(ssl->version) || ssl->specs.cipher_type != block)
2097
       ssl->options.encThenMac = 0;
2098
#endif
2099
2100
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_AEAD_ONLY)
2101
    if (ssl->options.dtls)
2102
        #if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \
2103
            !defined(WOLFSSL_RENESAS_TSIP_TLS)
2104
        ssl->hmac = TLS_hmac;
2105
        #else
2106
        ssl->hmac = Renesas_cmn_TLS_hmac;
2107
        #endif
2108
#endif
2109
2110
    if (ssl->specs.sig_algo == anonymous_sa_algo) {
2111
        /* CLIENT/SERVER: No peer authentication to be performed. */
2112
        ssl->options.peerAuthGood = 1;
2113
    }
2114
2115
    return 0;
2116
}
2117
2118
2119
enum KeyStuff {
2120
    MASTER_ROUNDS = 3,
2121
    PREFIX        = 3,     /* up to three letters for master prefix */
2122
    KEY_PREFIX    = 9      /* up to 9 prefix letters for key rounds */
2123
2124
2125
};
2126
2127
#ifndef NO_OLD_TLS
2128
/* true or false, zero for error */
2129
static int SetPrefix(byte* sha_input, int idx)
2130
0
{
2131
0
    switch (idx) {
2132
0
    case 0:
2133
0
        XMEMCPY(sha_input, "A", 1);
2134
0
        break;
2135
0
    case 1:
2136
0
        XMEMCPY(sha_input, "BB", 2);
2137
0
        break;
2138
0
    case 2:
2139
0
        XMEMCPY(sha_input, "CCC", 3);
2140
0
        break;
2141
0
    case 3:
2142
0
        XMEMCPY(sha_input, "DDDD", 4);
2143
0
        break;
2144
0
    case 4:
2145
0
        XMEMCPY(sha_input, "EEEEE", 5);
2146
0
        break;
2147
0
    case 5:
2148
0
        XMEMCPY(sha_input, "FFFFFF", 6);
2149
0
        break;
2150
0
    case 6:
2151
0
        XMEMCPY(sha_input, "GGGGGGG", 7);
2152
0
        break;
2153
0
    case 7:
2154
0
        XMEMCPY(sha_input, "HHHHHHHH", 8);
2155
0
        break;
2156
0
    case 8:
2157
0
        XMEMCPY(sha_input, "IIIIIIIII", 9);
2158
0
        break;
2159
0
    default:
2160
0
        WOLFSSL_MSG("Set Prefix error, bad input");
2161
0
        return 0;
2162
0
    }
2163
0
    return 1;
2164
0
}
2165
#endif
2166
2167
2168
static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
2169
                   int side, void* heap, int devId, WC_RNG* rng, int tls13)
2170
{
2171
    (void)rng;
2172
    (void)tls13;
2173
2174
#ifdef BUILD_ARC4
2175
    if (specs->bulk_cipher_algorithm == wolfssl_rc4) {
2176
        word32 sz = specs->key_size;
2177
        if (enc && enc->arc4 == NULL) {
2178
            enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2179
            if (enc->arc4 == NULL)
2180
                 return MEMORY_E;
2181
        }
2182
        if (dec && dec->arc4 == NULL) {
2183
            dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
2184
            if (dec->arc4 == NULL)
2185
                return MEMORY_E;
2186
        }
2187
2188
        if (enc) {
2189
            if (wc_Arc4Init(enc->arc4, heap, devId) != 0) {
2190
                WOLFSSL_MSG("Arc4Init failed in SetKeys");
2191
                return ASYNC_INIT_E;
2192
            }
2193
        }
2194
        if (dec) {
2195
            if (wc_Arc4Init(dec->arc4, heap, devId) != 0) {
2196
                WOLFSSL_MSG("Arc4Init failed in SetKeys");
2197
                return ASYNC_INIT_E;
2198
            }
2199
        }
2200
2201
        if (side == WOLFSSL_CLIENT_END) {
2202
            if (enc)
2203
                wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
2204
            if (dec)
2205
                wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz);
2206
        }
2207
        else {
2208
            if (enc)
2209
                wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz);
2210
            if (dec)
2211
                wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz);
2212
        }
2213
        if (enc)
2214
            enc->setup = 1;
2215
        if (dec)
2216
            dec->setup = 1;
2217
    }
2218
#endif /* BUILD_ARC4 */
2219
2220
2221
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD)
2222
    /* Check that the max implicit iv size is sufficient */
2223
    #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2224
        #error AEAD_MAX_IMP_SZ is too small for ChaCha20
2225
    #endif
2226
    #if (MAX_WRITE_IV_SZ < 12) /* CHACHA20_IMP_IV_SZ */
2227
        #error MAX_WRITE_IV_SZ is too small for ChaCha20
2228
    #endif
2229
2230
    if (specs->bulk_cipher_algorithm == wolfssl_chacha) {
2231
        int chachaRet;
2232
        if (enc && enc->chacha == NULL)
2233
            enc->chacha =
2234
                    (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2235
        if (enc && enc->chacha == NULL)
2236
            return MEMORY_E;
2237
    #ifdef WOLFSSL_CHECK_MEM_ZERO
2238
        if (enc) {
2239
            wc_MemZero_Add("SSL keys enc chacha", enc->chacha, sizeof(ChaCha));
2240
        }
2241
    #endif
2242
        if (dec && dec->chacha == NULL)
2243
            dec->chacha =
2244
                    (ChaCha*)XMALLOC(sizeof(ChaCha), heap, DYNAMIC_TYPE_CIPHER);
2245
        if (dec && dec->chacha == NULL)
2246
            return MEMORY_E;
2247
    #ifdef WOLFSSL_CHECK_MEM_ZERO
2248
        if (dec) {
2249
            wc_MemZero_Add("SSL keys dec chacha", dec->chacha, sizeof(ChaCha));
2250
        }
2251
    #endif
2252
        if (side == WOLFSSL_CLIENT_END) {
2253
            if (enc) {
2254
                chachaRet = wc_Chacha_SetKey(enc->chacha, keys->client_write_key,
2255
                                          specs->key_size);
2256
                XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2257
                        CHACHA20_IMP_IV_SZ);
2258
                if (chachaRet != 0) return chachaRet;
2259
            }
2260
            if (dec) {
2261
                chachaRet = wc_Chacha_SetKey(dec->chacha, keys->server_write_key,
2262
                                          specs->key_size);
2263
                XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2264
                        CHACHA20_IMP_IV_SZ);
2265
                if (chachaRet != 0) return chachaRet;
2266
            }
2267
        }
2268
        else {
2269
            if (enc) {
2270
                chachaRet = wc_Chacha_SetKey(enc->chacha, keys->server_write_key,
2271
                                          specs->key_size);
2272
                XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2273
                        CHACHA20_IMP_IV_SZ);
2274
                if (chachaRet != 0) return chachaRet;
2275
            }
2276
            if (dec) {
2277
                chachaRet = wc_Chacha_SetKey(dec->chacha, keys->client_write_key,
2278
                                          specs->key_size);
2279
                XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2280
                        CHACHA20_IMP_IV_SZ);
2281
                if (chachaRet != 0) return chachaRet;
2282
            }
2283
        }
2284
2285
        if (enc)
2286
            enc->setup = 1;
2287
        if (dec)
2288
            dec->setup = 1;
2289
    }
2290
#endif /* HAVE_CHACHA && HAVE_POLY1305 */
2291
2292
#ifdef BUILD_DES3
2293
    /* check that buffer sizes are sufficient */
2294
    #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */
2295
        #error MAX_WRITE_IV_SZ too small for 3DES
2296
    #endif
2297
2298
    if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
2299
        int desRet = 0;
2300
2301
        if (enc) {
2302
            if (enc->des3 == NULL)
2303
                enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2304
            if (enc->des3 == NULL)
2305
                return MEMORY_E;
2306
            XMEMSET(enc->des3, 0, sizeof(Des3));
2307
        }
2308
        if (dec) {
2309
            if (dec->des3 == NULL)
2310
                dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
2311
            if (dec->des3 == NULL)
2312
                return MEMORY_E;
2313
            XMEMSET(dec->des3, 0, sizeof(Des3));
2314
        }
2315
2316
        if (enc) {
2317
            if (wc_Des3Init(enc->des3, heap, devId) != 0) {
2318
                WOLFSSL_MSG("Des3Init failed in SetKeys");
2319
                return ASYNC_INIT_E;
2320
            }
2321
        }
2322
        if (dec) {
2323
            if (wc_Des3Init(dec->des3, heap, devId) != 0) {
2324
                WOLFSSL_MSG("Des3Init failed in SetKeys");
2325
                return ASYNC_INIT_E;
2326
            }
2327
        }
2328
2329
        if (side == WOLFSSL_CLIENT_END) {
2330
            if (enc) {
2331
                desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
2332
                                     keys->client_write_IV, DES_ENCRYPTION);
2333
                if (desRet != 0) return desRet;
2334
            }
2335
            if (dec) {
2336
                desRet = wc_Des3_SetKey(dec->des3, keys->server_write_key,
2337
                                     keys->server_write_IV, DES_DECRYPTION);
2338
                if (desRet != 0) return desRet;
2339
            }
2340
        }
2341
        else {
2342
            if (enc) {
2343
                desRet = wc_Des3_SetKey(enc->des3, keys->server_write_key,
2344
                                     keys->server_write_IV, DES_ENCRYPTION);
2345
                if (desRet != 0) return desRet;
2346
            }
2347
            if (dec) {
2348
                desRet = wc_Des3_SetKey(dec->des3, keys->client_write_key,
2349
                                     keys->client_write_IV, DES_DECRYPTION);
2350
                if (desRet != 0) return desRet;
2351
            }
2352
        }
2353
        if (enc)
2354
            enc->setup = 1;
2355
        if (dec)
2356
            dec->setup = 1;
2357
    }
2358
#endif /* BUILD_DES3 */
2359
2360
#ifdef BUILD_AES
2361
    /* check that buffer sizes are sufficient */
2362
    #if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */
2363
        #error MAX_WRITE_IV_SZ too small for AES
2364
    #endif
2365
2366
    if (specs->bulk_cipher_algorithm == wolfssl_aes) {
2367
        int aesRet = 0;
2368
2369
        if (enc) {
2370
            if (enc->aes == NULL) {
2371
                enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2372
                if (enc->aes == NULL)
2373
                    return MEMORY_E;
2374
            } else {
2375
                wc_AesFree(enc->aes);
2376
            }
2377
2378
            XMEMSET(enc->aes, 0, sizeof(Aes));
2379
        }
2380
        if (dec) {
2381
            if (dec->aes == NULL) {
2382
                dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2383
                if (dec->aes == NULL)
2384
                    return MEMORY_E;
2385
            } else {
2386
                wc_AesFree(dec->aes);
2387
            }
2388
2389
            XMEMSET(dec->aes, 0, sizeof(Aes));
2390
        }
2391
        if (enc) {
2392
            if (wc_AesInit(enc->aes, heap, devId) != 0) {
2393
                WOLFSSL_MSG("AesInit failed in SetKeys");
2394
                return ASYNC_INIT_E;
2395
            }
2396
        }
2397
        if (dec) {
2398
            if (wc_AesInit(dec->aes, heap, devId) != 0) {
2399
                WOLFSSL_MSG("AesInit failed in SetKeys");
2400
                return ASYNC_INIT_E;
2401
            }
2402
        }
2403
2404
        if (side == WOLFSSL_CLIENT_END) {
2405
            if (enc) {
2406
                aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
2407
                                   specs->key_size, keys->client_write_IV,
2408
                                   AES_ENCRYPTION);
2409
                if (aesRet != 0) return aesRet;
2410
            }
2411
            if (dec) {
2412
                aesRet = wc_AesSetKey(dec->aes, keys->server_write_key,
2413
                                   specs->key_size, keys->server_write_IV,
2414
                                   AES_DECRYPTION);
2415
                if (aesRet != 0) return aesRet;
2416
            }
2417
        }
2418
        else {
2419
            if (enc) {
2420
                aesRet = wc_AesSetKey(enc->aes, keys->server_write_key,
2421
                                   specs->key_size, keys->server_write_IV,
2422
                                   AES_ENCRYPTION);
2423
                if (aesRet != 0) return aesRet;
2424
            }
2425
            if (dec) {
2426
                aesRet = wc_AesSetKey(dec->aes, keys->client_write_key,
2427
                                   specs->key_size, keys->client_write_IV,
2428
                                   AES_DECRYPTION);
2429
                if (aesRet != 0) return aesRet;
2430
            }
2431
        }
2432
        if (enc)
2433
            enc->setup = 1;
2434
        if (dec)
2435
            dec->setup = 1;
2436
    }
2437
#endif /* BUILD_AES */
2438
2439
#ifdef BUILD_AESGCM
2440
    /* check that buffer sizes are sufficient */
2441
    #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2442
        #error AEAD_MAX_IMP_SZ too small for AESGCM
2443
    #endif
2444
    #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2445
        #error AEAD_MAX_EXP_SZ too small for AESGCM
2446
    #endif
2447
    #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2448
        #error MAX_WRITE_IV_SZ too small for AESGCM
2449
    #endif
2450
2451
    if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
2452
        int gcmRet;
2453
2454
        if (enc) {
2455
            if (enc->aes == NULL) {
2456
                enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2457
                if (enc->aes == NULL)
2458
                    return MEMORY_E;
2459
            } else {
2460
                wc_AesFree(enc->aes);
2461
            }
2462
2463
            XMEMSET(enc->aes, 0, sizeof(Aes));
2464
        }
2465
        if (dec) {
2466
            if (dec->aes == NULL) {
2467
                dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2468
                if (dec->aes == NULL)
2469
                    return MEMORY_E;
2470
            } else {
2471
                wc_AesFree(dec->aes);
2472
            }
2473
2474
            XMEMSET(dec->aes, 0, sizeof(Aes));
2475
        }
2476
2477
        if (enc) {
2478
            if (wc_AesInit(enc->aes, heap, devId) != 0) {
2479
                WOLFSSL_MSG("AesInit failed in SetKeys");
2480
                return ASYNC_INIT_E;
2481
            }
2482
        }
2483
        if (dec) {
2484
            if (wc_AesInit(dec->aes, heap, devId) != 0) {
2485
                WOLFSSL_MSG("AesInit failed in SetKeys");
2486
                return ASYNC_INIT_E;
2487
            }
2488
        }
2489
2490
        if (side == WOLFSSL_CLIENT_END) {
2491
            if (enc) {
2492
                gcmRet = wc_AesGcmSetKey(enc->aes, keys->client_write_key,
2493
                                      specs->key_size);
2494
                if (gcmRet != 0) return gcmRet;
2495
                XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2496
                        AEAD_MAX_IMP_SZ);
2497
#if !defined(NO_PUBLIC_GCM_SET_IV) && \
2498
    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2499
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2500
                if (!tls13) {
2501
                    gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ,
2502
                            keys->client_write_IV, AESGCM_IMP_IV_SZ, rng);
2503
                    if (gcmRet != 0) return gcmRet;
2504
                }
2505
#endif
2506
            }
2507
            if (dec) {
2508
                gcmRet = wc_AesGcmSetKey(dec->aes, keys->server_write_key,
2509
                                      specs->key_size);
2510
                if (gcmRet != 0) return gcmRet;
2511
                XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2512
                        AEAD_MAX_IMP_SZ);
2513
            }
2514
        }
2515
        else {
2516
            if (enc) {
2517
                gcmRet = wc_AesGcmSetKey(enc->aes, keys->server_write_key,
2518
                                      specs->key_size);
2519
                if (gcmRet != 0) return gcmRet;
2520
                XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2521
                        AEAD_MAX_IMP_SZ);
2522
#if !defined(NO_PUBLIC_GCM_SET_IV) && \
2523
    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2524
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2525
                if (!tls13) {
2526
                    gcmRet = wc_AesGcmSetIV(enc->aes, AESGCM_NONCE_SZ,
2527
                            keys->server_write_IV, AESGCM_IMP_IV_SZ, rng);
2528
                    if (gcmRet != 0) return gcmRet;
2529
                }
2530
#endif
2531
            }
2532
            if (dec) {
2533
                gcmRet = wc_AesGcmSetKey(dec->aes, keys->client_write_key,
2534
                                      specs->key_size);
2535
                if (gcmRet != 0) return gcmRet;
2536
                XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2537
                        AEAD_MAX_IMP_SZ);
2538
            }
2539
        }
2540
        if (enc)
2541
            enc->setup = 1;
2542
        if (dec)
2543
            dec->setup = 1;
2544
    }
2545
#endif /* BUILD_AESGCM */
2546
2547
#ifdef HAVE_AESCCM
2548
    /* check that buffer sizes are sufficient (CCM is same size as GCM) */
2549
    #if (AEAD_MAX_IMP_SZ < 4) /* AESGCM_IMP_IV_SZ */
2550
        #error AEAD_MAX_IMP_SZ too small for AESCCM
2551
    #endif
2552
    #if (AEAD_MAX_EXP_SZ < 8) /* AESGCM_EXP_IV_SZ */
2553
        #error AEAD_MAX_EXP_SZ too small for AESCCM
2554
    #endif
2555
    #if (MAX_WRITE_IV_SZ < 4) /* AESGCM_IMP_IV_SZ */
2556
        #error MAX_WRITE_IV_SZ too small for AESCCM
2557
    #endif
2558
2559
    if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
2560
        int CcmRet;
2561
2562
        if (enc) {
2563
            if (enc->aes == NULL) {
2564
                enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2565
                if (enc->aes == NULL)
2566
                    return MEMORY_E;
2567
            } else {
2568
                wc_AesFree(enc->aes);
2569
            }
2570
2571
            XMEMSET(enc->aes, 0, sizeof(Aes));
2572
        }
2573
        if (dec) {
2574
            if (dec->aes == NULL) {
2575
                dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
2576
                if (dec->aes == NULL)
2577
                return MEMORY_E;
2578
            } else {
2579
                wc_AesFree(dec->aes);
2580
            }
2581
            XMEMSET(dec->aes, 0, sizeof(Aes));
2582
        }
2583
2584
        if (enc) {
2585
            if (wc_AesInit(enc->aes, heap, devId) != 0) {
2586
                WOLFSSL_MSG("AesInit failed in SetKeys");
2587
                return ASYNC_INIT_E;
2588
            }
2589
        }
2590
        if (dec) {
2591
            if (wc_AesInit(dec->aes, heap, devId) != 0) {
2592
                WOLFSSL_MSG("AesInit failed in SetKeys");
2593
                return ASYNC_INIT_E;
2594
            }
2595
        }
2596
2597
        if (side == WOLFSSL_CLIENT_END) {
2598
            if (enc) {
2599
                CcmRet = wc_AesCcmSetKey(enc->aes, keys->client_write_key,
2600
                                         specs->key_size);
2601
                if (CcmRet != 0) {
2602
                    return CcmRet;
2603
                }
2604
                XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2605
                        AEAD_MAX_IMP_SZ);
2606
#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \
2607
    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2608
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2609
                if (!tls13) {
2610
                    CcmRet = wc_AesCcmSetNonce(enc->aes, keys->client_write_IV,
2611
                            AEAD_MAX_IMP_SZ);
2612
                    if (CcmRet != 0) return CcmRet;
2613
                }
2614
#endif
2615
            }
2616
            if (dec) {
2617
                CcmRet = wc_AesCcmSetKey(dec->aes, keys->server_write_key,
2618
                                         specs->key_size);
2619
                if (CcmRet != 0) {
2620
                    return CcmRet;
2621
                }
2622
                XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2623
                        AEAD_MAX_IMP_SZ);
2624
            }
2625
        }
2626
        else {
2627
            if (enc) {
2628
                CcmRet = wc_AesCcmSetKey(enc->aes, keys->server_write_key,
2629
                                         specs->key_size);
2630
                if (CcmRet != 0) {
2631
                    return CcmRet;
2632
                }
2633
                XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2634
                        AEAD_MAX_IMP_SZ);
2635
#if !defined(NO_PUBLIC_CCM_SET_NONCE) && \
2636
    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
2637
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
2638
                if (!tls13) {
2639
                    CcmRet = wc_AesCcmSetNonce(enc->aes, keys->server_write_IV,
2640
                            AEAD_MAX_IMP_SZ);
2641
                    if (CcmRet != 0) return CcmRet;
2642
                }
2643
#endif
2644
            }
2645
            if (dec) {
2646
                CcmRet = wc_AesCcmSetKey(dec->aes, keys->client_write_key,
2647
                                         specs->key_size);
2648
                if (CcmRet != 0) {
2649
                    return CcmRet;
2650
                }
2651
                XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2652
                        AEAD_MAX_IMP_SZ);
2653
            }
2654
        }
2655
        if (enc)
2656
            enc->setup = 1;
2657
        if (dec)
2658
            dec->setup = 1;
2659
    }
2660
#endif /* HAVE_AESCCM */
2661
2662
#ifdef HAVE_CAMELLIA
2663
    /* check that buffer sizes are sufficient */
2664
    #if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */
2665
        #error MAX_WRITE_IV_SZ too small for CAMELLIA
2666
    #endif
2667
2668
    if (specs->bulk_cipher_algorithm == wolfssl_camellia) {
2669
        int camRet;
2670
2671
        if (enc && enc->cam == NULL)
2672
            enc->cam =
2673
                (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2674
        if (enc && enc->cam == NULL)
2675
            return MEMORY_E;
2676
2677
        if (dec && dec->cam == NULL)
2678
            dec->cam =
2679
                (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER);
2680
        if (dec && dec->cam == NULL)
2681
            return MEMORY_E;
2682
2683
        if (side == WOLFSSL_CLIENT_END) {
2684
            if (enc) {
2685
                camRet = wc_CamelliaSetKey(enc->cam, keys->client_write_key,
2686
                                        specs->key_size, keys->client_write_IV);
2687
                if (camRet != 0) return camRet;
2688
            }
2689
            if (dec) {
2690
                camRet = wc_CamelliaSetKey(dec->cam, keys->server_write_key,
2691
                                        specs->key_size, keys->server_write_IV);
2692
                if (camRet != 0) return camRet;
2693
            }
2694
        }
2695
        else {
2696
            if (enc) {
2697
                camRet = wc_CamelliaSetKey(enc->cam, keys->server_write_key,
2698
                                        specs->key_size, keys->server_write_IV);
2699
                if (camRet != 0) return camRet;
2700
            }
2701
            if (dec) {
2702
                camRet = wc_CamelliaSetKey(dec->cam, keys->client_write_key,
2703
                                        specs->key_size, keys->client_write_IV);
2704
                if (camRet != 0) return camRet;
2705
            }
2706
        }
2707
        if (enc)
2708
            enc->setup = 1;
2709
        if (dec)
2710
            dec->setup = 1;
2711
    }
2712
#endif /* HAVE_CAMELLIA */
2713
2714
#ifdef HAVE_NULL_CIPHER
2715
    if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
2716
    #ifdef WOLFSSL_TLS13
2717
        if (tls13) {
2718
            int hmacRet;
2719
            int hashType = WC_HASH_TYPE_NONE;
2720
2721
            switch (specs->mac_algorithm) {
2722
                case sha256_mac:
2723
                    hashType = WC_SHA256;
2724
                    break;
2725
                case sha384_mac:
2726
                    hashType = WC_SHA384;
2727
                    break;
2728
                default:
2729
                    break;
2730
            }
2731
2732
            if (enc && enc->hmac == NULL) {
2733
                enc->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap,
2734
                                                           DYNAMIC_TYPE_CIPHER);
2735
                if (enc->hmac == NULL)
2736
                    return MEMORY_E;
2737
            }
2738
2739
            if (enc) {
2740
                if (wc_HmacInit(enc->hmac, heap, devId) != 0) {
2741
                    WOLFSSL_MSG("HmacInit failed in SetKeys");
2742
                    XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER);
2743
                    enc->hmac = NULL;
2744
                    return ASYNC_INIT_E;
2745
                }
2746
            }
2747
2748
            if (dec && dec->hmac == NULL) {
2749
                dec->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap,
2750
                                                           DYNAMIC_TYPE_CIPHER);
2751
                if (dec->hmac == NULL)
2752
                    return MEMORY_E;
2753
            }
2754
2755
            if (dec) {
2756
                if (wc_HmacInit(dec->hmac, heap, devId) != 0) {
2757
                    WOLFSSL_MSG("HmacInit failed in SetKeys");
2758
                    XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER);
2759
                    dec->hmac = NULL;
2760
                    return ASYNC_INIT_E;
2761
                }
2762
            }
2763
2764
            if (side == WOLFSSL_CLIENT_END) {
2765
                if (enc) {
2766
                    XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
2767
                            HMAC_NONCE_SZ);
2768
                    hmacRet = wc_HmacSetKey(enc->hmac, hashType,
2769
                                       keys->client_write_key, specs->key_size);
2770
                    if (hmacRet != 0) return hmacRet;
2771
                }
2772
                if (dec) {
2773
                    XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
2774
                            HMAC_NONCE_SZ);
2775
                    hmacRet = wc_HmacSetKey(dec->hmac, hashType,
2776
                                       keys->server_write_key, specs->key_size);
2777
                    if (hmacRet != 0) return hmacRet;
2778
                }
2779
            }
2780
            else {
2781
                if (enc) {
2782
                    XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
2783
                            HMAC_NONCE_SZ);
2784
                    hmacRet = wc_HmacSetKey(enc->hmac, hashType,
2785
                                       keys->server_write_key, specs->key_size);
2786
                    if (hmacRet != 0) return hmacRet;
2787
                }
2788
                if (dec) {
2789
                    XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
2790
                            HMAC_NONCE_SZ);
2791
                    hmacRet = wc_HmacSetKey(dec->hmac, hashType,
2792
                                       keys->client_write_key, specs->key_size);
2793
                    if (hmacRet != 0) return hmacRet;
2794
                }
2795
            }
2796
        }
2797
    #endif
2798
        if (enc)
2799
            enc->setup = 1;
2800
        if (dec)
2801
            dec->setup = 1;
2802
    }
2803
#endif
2804
2805
    if (enc) {
2806
        keys->sequence_number_hi      = 0;
2807
        keys->sequence_number_lo      = 0;
2808
    }
2809
    if (dec) {
2810
        keys->peer_sequence_number_hi = 0;
2811
        keys->peer_sequence_number_lo = 0;
2812
    }
2813
    (void)side;
2814
    (void)heap;
2815
    (void)enc;
2816
    (void)dec;
2817
    (void)specs;
2818
    (void)devId;
2819
2820
    return 0;
2821
}
2822
2823
2824
#ifdef HAVE_ONE_TIME_AUTH
2825
/* set one time authentication keys */
2826
static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
2827
                       CipherSpecs* specs, void* heap, int devId)
2828
526
{
2829
2830
526
#ifdef HAVE_POLY1305
2831
        /* set up memory space for poly1305 */
2832
526
        if (authentication && authentication->poly1305 == NULL)
2833
526
            authentication->poly1305 =
2834
526
                (Poly1305*)XMALLOC(sizeof(Poly1305), heap, DYNAMIC_TYPE_CIPHER);
2835
526
        if (authentication && authentication->poly1305 == NULL)
2836
3
            return MEMORY_E;
2837
    #ifdef WOLFSSL_CHECK_MEM_ZERO
2838
        wc_MemZero_Add("SSL auth keys poly1305", authentication->poly1305,
2839
            sizeof(Poly1305));
2840
    #endif
2841
523
        if (authentication)
2842
523
            authentication->setup = 1;
2843
523
#endif
2844
523
        (void)authentication;
2845
523
        (void)heap;
2846
523
        (void)keys;
2847
523
        (void)specs;
2848
523
        (void)devId;
2849
2850
523
        return 0;
2851
526
}
2852
#endif /* HAVE_ONE_TIME_AUTH */
2853
2854
#ifdef HAVE_SECURE_RENEGOTIATION
2855
/* function name is for cache_status++
2856
 * This function was added because of error incrementing enum type when
2857
 * compiling with a C++ compiler.
2858
 */
2859
static void CacheStatusPP(SecureRenegotiation* cache)
2860
{
2861
    switch (cache->cache_status) {
2862
        case SCR_CACHE_NULL:
2863
            cache->cache_status = SCR_CACHE_NEEDED;
2864
            break;
2865
2866
        case SCR_CACHE_NEEDED:
2867
            cache->cache_status = SCR_CACHE_COPY;
2868
            break;
2869
2870
        case SCR_CACHE_COPY:
2871
            cache->cache_status = SCR_CACHE_PARTIAL;
2872
            break;
2873
2874
        case SCR_CACHE_PARTIAL:
2875
            cache->cache_status = SCR_CACHE_COMPLETE;
2876
            break;
2877
2878
        case SCR_CACHE_COMPLETE:
2879
            WOLFSSL_MSG("SCR Cache state Complete");
2880
            break;
2881
2882
        default:
2883
            WOLFSSL_MSG("Unknown cache state!!");
2884
    }
2885
}
2886
#endif /* HAVE_SECURE_RENEGOTIATION */
2887
2888
2889
/* Set wc_encrypt/wc_decrypt or both sides of key setup
2890
 * note: use wc_encrypt to avoid shadowing global encrypt
2891
 * declared in unistd.h
2892
 */
2893
int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
2894
{
2895
    int ret, copy = 0;
2896
    Ciphers* wc_encrypt = NULL;
2897
    Ciphers* wc_decrypt = NULL;
2898
    Keys*    keys    = &ssl->keys;
2899
2900
    (void)copy;
2901
2902
#ifdef HAVE_SECURE_RENEGOTIATION
2903
    if (ssl->secure_renegotiation &&
2904
            ssl->secure_renegotiation->cache_status != SCR_CACHE_NULL) {
2905
        keys = &ssl->secure_renegotiation->tmp_keys;
2906
#ifdef WOLFSSL_DTLS
2907
        /* For DTLS, copy is done in StoreKeys */
2908
        if (!ssl->options.dtls)
2909
#endif
2910
            copy = 1;
2911
    }
2912
#endif /* HAVE_SECURE_RENEGOTIATION */
2913
2914
    switch (side) {
2915
        case ENCRYPT_SIDE_ONLY:
2916
#ifdef WOLFSSL_DEBUG_TLS
2917
            WOLFSSL_MSG("Provisioning ENCRYPT key");
2918
            if (ssl->options.side == WOLFSSL_CLIENT_END) {
2919
                WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
2920
            }
2921
            else {
2922
                WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
2923
            }
2924
#endif
2925
            wc_encrypt = &ssl->encrypt;
2926
            break;
2927
2928
        case DECRYPT_SIDE_ONLY:
2929
#ifdef WOLFSSL_DEBUG_TLS
2930
            WOLFSSL_MSG("Provisioning DECRYPT key");
2931
            if (ssl->options.side == WOLFSSL_CLIENT_END) {
2932
                WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
2933
            }
2934
            else {
2935
                WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
2936
            }
2937
#endif
2938
            wc_decrypt = &ssl->decrypt;
2939
            break;
2940
2941
        case ENCRYPT_AND_DECRYPT_SIDE:
2942
#ifdef WOLFSSL_DEBUG_TLS
2943
            WOLFSSL_MSG("Provisioning ENCRYPT key");
2944
            if (ssl->options.side == WOLFSSL_CLIENT_END) {
2945
                WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
2946
            }
2947
            else {
2948
                WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
2949
            }
2950
            WOLFSSL_MSG("Provisioning DECRYPT key");
2951
            if (ssl->options.side == WOLFSSL_CLIENT_END) {
2952
                WOLFSSL_BUFFER(keys->server_write_key, ssl->specs.key_size);
2953
            }
2954
            else {
2955
                WOLFSSL_BUFFER(keys->client_write_key, ssl->specs.key_size);
2956
            }
2957
#endif
2958
            wc_encrypt = &ssl->encrypt;
2959
            wc_decrypt = &ssl->decrypt;
2960
            break;
2961
2962
        default:
2963
            return BAD_FUNC_ARG;
2964
    }
2965
2966
#ifdef HAVE_ONE_TIME_AUTH
2967
    if (!ssl->auth.setup && ssl->specs.bulk_cipher_algorithm == wolfssl_chacha){
2968
        ret = SetAuthKeys(&ssl->auth, keys, &ssl->specs, ssl->heap, ssl->devId);
2969
        if (ret != 0)
2970
           return ret;
2971
    }
2972
#endif
2973
2974
#if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS)
2975
    ret = PROTOCOLCB_UNAVAILABLE;
2976
    if (ssl->ctx->EncryptKeysCb) {
2977
        void* ctx = wolfSSL_GetEncryptKeysCtx(ssl);
2978
        ret = ssl->ctx->EncryptKeysCb(ssl, ctx);
2979
    }
2980
    if (!ssl->ctx->EncryptKeysCb || ret == PROTOCOLCB_UNAVAILABLE)
2981
#endif
2982
    {
2983
        ret = SetKeys(wc_encrypt, wc_decrypt, keys, &ssl->specs, ssl->options.side,
2984
                      ssl->heap, ssl->devId, ssl->rng, ssl->options.tls1_3);
2985
    }
2986
2987
#ifdef WOLFSSL_DTLS13
2988
    if (ret == 0 && ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version))
2989
        ret = Dtls13SetRecordNumberKeys(ssl, side);
2990
#endif /* WOLFSSL_DTLS13 */
2991
#ifdef WOLFSSL_QUIC
2992
    if (ret == 0 && WOLFSSL_IS_QUIC(ssl)) {
2993
        ret = wolfSSL_quic_keys_active(ssl, side);
2994
    }
2995
#endif /* WOLFSSL_QUIC */
2996
2997
#ifdef HAVE_SECURE_RENEGOTIATION
2998
#ifdef WOLFSSL_DTLS
2999
    if (ret == 0 && ssl->options.dtls && !ssl->options.tls1_3) {
3000
        if (wc_encrypt)
3001
            wc_encrypt->src = keys == &ssl->keys ? KEYS : SCR;
3002
        if (wc_decrypt)
3003
            wc_decrypt->src = keys == &ssl->keys ? KEYS : SCR;
3004
    }
3005
#endif
3006
3007
    if (copy) {
3008
        int clientCopy = 0;
3009
3010
        /* Sanity check that keys == ssl->secure_renegotiation->tmp_keys.
3011
         * Otherwise the memcpy calls would copy overlapping memory
3012
         * and cause UB. Fail early. */
3013
        if (keys == &ssl->keys)
3014
            return BAD_FUNC_ARG;
3015
3016
        if (ssl->options.side == WOLFSSL_CLIENT_END && wc_encrypt)
3017
            clientCopy = 1;
3018
        else if (ssl->options.side == WOLFSSL_SERVER_END && wc_decrypt)
3019
            clientCopy = 1;
3020
3021
        if (clientCopy) {
3022
    #ifndef WOLFSSL_AEAD_ONLY
3023
            XMEMCPY(ssl->keys.client_write_MAC_secret,
3024
                    keys->client_write_MAC_secret, WC_MAX_DIGEST_SIZE);
3025
    #endif
3026
            XMEMCPY(ssl->keys.client_write_key,
3027
                    keys->client_write_key, AES_256_KEY_SIZE);
3028
            XMEMCPY(ssl->keys.client_write_IV,
3029
                    keys->client_write_IV, MAX_WRITE_IV_SZ);
3030
        } else {
3031
    #ifndef WOLFSSL_AEAD_ONLY
3032
            XMEMCPY(ssl->keys.server_write_MAC_secret,
3033
                    keys->server_write_MAC_secret, WC_MAX_DIGEST_SIZE);
3034
    #endif
3035
            XMEMCPY(ssl->keys.server_write_key,
3036
                    keys->server_write_key, AES_256_KEY_SIZE);
3037
            XMEMCPY(ssl->keys.server_write_IV,
3038
                    keys->server_write_IV, MAX_WRITE_IV_SZ);
3039
        }
3040
        if (wc_encrypt) {
3041
            ssl->keys.sequence_number_hi = keys->sequence_number_hi;
3042
            ssl->keys.sequence_number_lo = keys->sequence_number_lo;
3043
            #ifdef HAVE_AEAD
3044
                if (ssl->specs.cipher_type == aead) {
3045
                    /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3046
                    XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
3047
                            AEAD_MAX_EXP_SZ);
3048
3049
                    /* Initialize encrypt implicit IV by encrypt side */
3050
                    if (ssl->options.side == WOLFSSL_CLIENT_END) {
3051
                        XMEMCPY(ssl->keys.aead_enc_imp_IV,
3052
                                keys->client_write_IV, AEAD_MAX_IMP_SZ);
3053
                    } else {
3054
                        XMEMCPY(ssl->keys.aead_enc_imp_IV,
3055
                                keys->server_write_IV, AEAD_MAX_IMP_SZ);
3056
                    }
3057
                }
3058
            #endif
3059
        }
3060
        if (wc_decrypt) {
3061
            ssl->keys.peer_sequence_number_hi = keys->peer_sequence_number_hi;
3062
            ssl->keys.peer_sequence_number_lo = keys->peer_sequence_number_lo;
3063
            #ifdef HAVE_AEAD
3064
                if (ssl->specs.cipher_type == aead) {
3065
                    /* Initialize decrypt implicit IV by decrypt side */
3066
                    if (ssl->options.side == WOLFSSL_SERVER_END) {
3067
                        XMEMCPY(ssl->keys.aead_dec_imp_IV,
3068
                                keys->client_write_IV, AEAD_MAX_IMP_SZ);
3069
                    } else {
3070
                        XMEMCPY(ssl->keys.aead_dec_imp_IV,
3071
                                keys->server_write_IV, AEAD_MAX_IMP_SZ);
3072
                    }
3073
                }
3074
            #endif
3075
        }
3076
        CacheStatusPP(ssl->secure_renegotiation);
3077
    }
3078
#endif /* HAVE_SECURE_RENEGOTIATION */
3079
3080
    return ret;
3081
}
3082
3083
3084
/* TLS can call too */
3085
int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
3086
{
3087
    int sz, i = 0;
3088
    Keys* keys = &ssl->keys;
3089
#ifdef WOLFSSL_DTLS
3090
    /* In case of DTLS, ssl->keys is updated here */
3091
    int scr_copy = 0;
3092
#endif
3093
3094
#ifdef HAVE_SECURE_RENEGOTIATION
3095
    if (ssl->secure_renegotiation &&
3096
            ssl->secure_renegotiation->cache_status == SCR_CACHE_NEEDED) {
3097
        keys = &ssl->secure_renegotiation->tmp_keys;
3098
#ifdef WOLFSSL_DTLS
3099
        if (ssl->options.dtls) {
3100
            /* epoch is incremented after StoreKeys is called */
3101
            ssl->secure_renegotiation->tmp_keys.dtls_epoch = ssl->keys.dtls_epoch + 1;
3102
            /* we only need to copy keys on second and future renegotiations */
3103
            if (ssl->keys.dtls_epoch > 1)
3104
                scr_copy = 1;
3105
            ssl->encrypt.src = KEYS_NOT_SET;
3106
            ssl->decrypt.src = KEYS_NOT_SET;
3107
        }
3108
#endif
3109
        CacheStatusPP(ssl->secure_renegotiation);
3110
    }
3111
#endif /* HAVE_SECURE_RENEGOTIATION */
3112
3113
#ifdef WOLFSSL_MULTICAST
3114
    if (ssl->options.haveMcast) {
3115
        /* Use the same keys for encrypt and decrypt. */
3116
        if (ssl->specs.cipher_type != aead) {
3117
            sz = ssl->specs.hash_size;
3118
    #ifndef WOLFSSL_AEAD_ONLY
3119
3120
    #ifdef WOLFSSL_DTLS
3121
            if (scr_copy) {
3122
                XMEMCPY(ssl->keys.client_write_MAC_secret,
3123
                        keys->client_write_MAC_secret, sz);
3124
                XMEMCPY(ssl->keys.server_write_MAC_secret,
3125
                        keys->server_write_MAC_secret, sz);
3126
            }
3127
    #endif
3128
            XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3129
            XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3130
    #endif
3131
            i += sz;
3132
        }
3133
        sz = ssl->specs.key_size;
3134
    #ifdef WOLFSSL_DTLS
3135
        if (scr_copy) {
3136
            XMEMCPY(ssl->keys.client_write_key,
3137
                    keys->client_write_key, sz);
3138
            XMEMCPY(ssl->keys.server_write_key,
3139
                    keys->server_write_key, sz);
3140
        }
3141
    #endif
3142
        XMEMCPY(keys->client_write_key, &keyData[i], sz);
3143
        XMEMCPY(keys->server_write_key, &keyData[i], sz);
3144
        i += sz;
3145
3146
        sz = ssl->specs.iv_size;
3147
    #ifdef WOLFSSL_DTLS
3148
        if (scr_copy) {
3149
            XMEMCPY(ssl->keys.client_write_IV,
3150
                    keys->client_write_IV, sz);
3151
            XMEMCPY(ssl->keys.server_write_IV,
3152
                    keys->server_write_IV, sz);
3153
        }
3154
    #endif
3155
        XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3156
        XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3157
3158
#ifdef HAVE_AEAD
3159
        if (ssl->specs.cipher_type == aead) {
3160
            /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3161
        #ifdef WOLFSSL_DTLS
3162
            if (scr_copy) {
3163
                XMEMCPY(ssl->keys.aead_exp_IV,
3164
                        keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
3165
            }
3166
        #endif
3167
            XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3168
        }
3169
#endif /* HAVE_AEAD */
3170
3171
        return 0;
3172
    }
3173
#endif /* WOLFSSL_MULTICAST */
3174
3175
    if (ssl->specs.cipher_type != aead) {
3176
        sz = ssl->specs.hash_size;
3177
        if (side & PROVISION_CLIENT) {
3178
    #ifndef WOLFSSL_AEAD_ONLY
3179
        #ifdef WOLFSSL_DTLS
3180
            if (scr_copy)
3181
                XMEMCPY(ssl->keys.client_write_MAC_secret,
3182
                        keys->client_write_MAC_secret, sz);
3183
        #endif
3184
            XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz);
3185
    #endif
3186
            i += sz;
3187
        }
3188
        if (side & PROVISION_SERVER) {
3189
    #ifndef WOLFSSL_AEAD_ONLY
3190
        #ifdef WOLFSSL_DTLS
3191
            if (scr_copy)
3192
                XMEMCPY(ssl->keys.server_write_MAC_secret,
3193
                        keys->server_write_MAC_secret, sz);
3194
        #endif
3195
            XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz);
3196
    #endif
3197
            i += sz;
3198
        }
3199
    }
3200
    sz = ssl->specs.key_size;
3201
    if (side & PROVISION_CLIENT) {
3202
    #ifdef WOLFSSL_DTLS
3203
        if (scr_copy)
3204
            XMEMCPY(ssl->keys.client_write_key,
3205
                    keys->client_write_key, sz);
3206
    #endif
3207
        XMEMCPY(keys->client_write_key, &keyData[i], sz);
3208
        i += sz;
3209
    }
3210
    if (side & PROVISION_SERVER) {
3211
    #ifdef WOLFSSL_DTLS
3212
        if (scr_copy)
3213
            XMEMCPY(ssl->keys.server_write_key,
3214
                    keys->server_write_key, sz);
3215
    #endif
3216
        XMEMCPY(keys->server_write_key, &keyData[i], sz);
3217
        i += sz;
3218
    }
3219
3220
    sz = ssl->specs.iv_size;
3221
    if (side & PROVISION_CLIENT) {
3222
    #ifdef WOLFSSL_DTLS
3223
        if (scr_copy)
3224
            XMEMCPY(ssl->keys.client_write_IV,
3225
                    keys->client_write_IV, sz);
3226
    #endif
3227
        XMEMCPY(keys->client_write_IV, &keyData[i], sz);
3228
        i += sz;
3229
    }
3230
    if (side & PROVISION_SERVER) {
3231
    #ifdef WOLFSSL_DTLS
3232
        if (scr_copy)
3233
            XMEMCPY(ssl->keys.server_write_IV,
3234
                    keys->server_write_IV, sz);
3235
    #endif
3236
        XMEMCPY(keys->server_write_IV, &keyData[i], sz);
3237
    }
3238
3239
#ifdef HAVE_AEAD
3240
    if (ssl->specs.cipher_type == aead) {
3241
        /* Initialize the AES-GCM/CCM explicit IV to a zero. */
3242
    #ifdef WOLFSSL_DTLS
3243
        if (scr_copy)
3244
            XMEMMOVE(ssl->keys.aead_exp_IV,
3245
                    keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
3246
    #endif
3247
        XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);
3248
    }
3249
#endif
3250
3251
    return 0;
3252
}
3253
3254
#ifndef NO_OLD_TLS
3255
int DeriveKeys(WOLFSSL* ssl)
3256
0
{
3257
0
    int    length = 2 * ssl->specs.hash_size +
3258
0
                    2 * ssl->specs.key_size  +
3259
0
                    2 * ssl->specs.iv_size;
3260
0
    int    rounds = (length + WC_MD5_DIGEST_SIZE - 1 ) / WC_MD5_DIGEST_SIZE, i;
3261
0
    int    ret = 0;
3262
3263
0
#ifdef WOLFSSL_SMALL_STACK
3264
0
    byte*  shaOutput;
3265
0
    byte*  md5Input;
3266
0
    byte*  shaInput;
3267
0
    byte*  keyData;
3268
0
    wc_Md5* md5;
3269
0
    wc_Sha* sha;
3270
#else
3271
    byte   shaOutput[WC_SHA_DIGEST_SIZE];
3272
    byte   md5Input[SECRET_LEN + WC_SHA_DIGEST_SIZE];
3273
    byte   shaInput[KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN];
3274
    byte   keyData[KEY_PREFIX * WC_MD5_DIGEST_SIZE];
3275
    wc_Md5 md5[1];
3276
    wc_Sha sha[1];
3277
#endif
3278
3279
0
#ifdef WOLFSSL_SMALL_STACK
3280
0
    shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3281
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3282
0
    md5Input  = (byte*)XMALLOC(SECRET_LEN + WC_SHA_DIGEST_SIZE,
3283
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3284
0
    shaInput  = (byte*)XMALLOC(KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN,
3285
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3286
0
    keyData   = (byte*)XMALLOC(KEY_PREFIX * WC_MD5_DIGEST_SIZE,
3287
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3288
0
    md5       =  (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3289
0
    sha       =  (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3290
3291
0
    if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3292
0
        keyData   == NULL || md5      == NULL || sha      == NULL) {
3293
0
        if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3294
0
        if (md5Input)  XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3295
0
        if (shaInput)  XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3296
0
        if (keyData)   XFREE(keyData,   NULL, DYNAMIC_TYPE_TMP_BUFFER);
3297
0
        if (md5)       XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3298
0
        if (sha)       XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3299
3300
0
        return MEMORY_E;
3301
0
    }
3302
0
#endif
3303
0
    XMEMSET(shaOutput, 0, WC_SHA_DIGEST_SIZE);
3304
0
    ret = wc_InitMd5(md5);
3305
0
    if (ret == 0) {
3306
0
        ret = wc_InitSha(sha);
3307
0
    }
3308
0
    if (ret == 0) {
3309
0
        XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN);
3310
3311
0
        for (i = 0; i < rounds; ++i) {
3312
0
            int j   = i + 1;
3313
0
            int idx = j;
3314
3315
0
            if (!SetPrefix(shaInput, i)) {
3316
0
                ret = PREFIX_ERROR;
3317
0
                break;
3318
0
            }
3319
3320
0
            XMEMCPY(shaInput + idx, ssl->arrays->masterSecret, SECRET_LEN);
3321
0
            idx += SECRET_LEN;
3322
0
            XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3323
0
            idx += RAN_LEN;
3324
0
            XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3325
0
            if (ret == 0) {
3326
0
                ret = wc_ShaUpdate(sha, shaInput,
3327
0
                    (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j);
3328
0
            }
3329
0
            if (ret == 0) {
3330
0
                ret = wc_ShaFinal(sha, shaOutput);
3331
0
            }
3332
3333
0
            XMEMCPY(md5Input + SECRET_LEN, shaOutput, WC_SHA_DIGEST_SIZE);
3334
0
            if (ret == 0) {
3335
0
                ret = wc_Md5Update(md5, md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE);
3336
0
            }
3337
0
            if (ret == 0) {
3338
0
                ret = wc_Md5Final(md5, keyData + i * WC_MD5_DIGEST_SIZE);
3339
0
            }
3340
0
        }
3341
3342
0
        if (ret == 0)
3343
0
            ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER);
3344
0
    }
3345
3346
0
#ifdef WOLFSSL_SMALL_STACK
3347
0
    XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3348
0
    XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3349
0
    XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3350
0
    XFREE(keyData,   NULL, DYNAMIC_TYPE_TMP_BUFFER);
3351
0
    XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3352
0
    XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3353
0
#endif
3354
3355
0
    return ret;
3356
0
}
3357
3358
3359
static int CleanPreMaster(WOLFSSL* ssl)
3360
0
{
3361
0
    int i, ret, sz = ssl->arrays->preMasterSz;
3362
3363
0
    for (i = 0; i < sz; i++)
3364
0
        ssl->arrays->preMasterSecret[i] = 0;
3365
3366
0
    ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
3367
0
    if (ret != 0)
3368
0
        return ret;
3369
3370
0
    for (i = 0; i < sz; i++)
3371
0
        ssl->arrays->preMasterSecret[i] = 0;
3372
3373
0
    XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
3374
0
    ssl->arrays->preMasterSecret = NULL;
3375
0
    ssl->arrays->preMasterSz = 0;
3376
3377
0
    return 0;
3378
0
}
3379
3380
3381
/* Create and store the master secret see page 32, 6.1 */
3382
static int MakeSslMasterSecret(WOLFSSL* ssl)
3383
0
{
3384
0
    int    i, ret;
3385
0
    word32 idx;
3386
0
    word32 pmsSz = ssl->arrays->preMasterSz;
3387
3388
0
#ifdef WOLFSSL_SMALL_STACK
3389
0
    byte*  shaOutput;
3390
0
    byte*  md5Input;
3391
0
    byte*  shaInput;
3392
0
    wc_Md5* md5;
3393
0
    wc_Sha* sha;
3394
#else
3395
    byte   shaOutput[WC_SHA_DIGEST_SIZE];
3396
    byte   md5Input[ENCRYPT_LEN + WC_SHA_DIGEST_SIZE];
3397
    byte   shaInput[PREFIX + ENCRYPT_LEN + 2 * RAN_LEN];
3398
    wc_Md5 md5[1];
3399
    wc_Sha sha[1];
3400
#endif
3401
3402
0
    if (ssl->arrays->preMasterSecret == NULL) {
3403
0
        return BAD_FUNC_ARG;
3404
0
    }
3405
3406
#ifdef SHOW_SECRETS
3407
    {
3408
        word32 j;
3409
        printf("pre master secret: ");
3410
        for (j = 0; j < pmsSz; j++)
3411
            printf("%02x", ssl->arrays->preMasterSecret[j]);
3412
        printf("\n");
3413
    }
3414
#endif
3415
3416
0
#ifdef WOLFSSL_SMALL_STACK
3417
0
    shaOutput = (byte*)XMALLOC(WC_SHA_DIGEST_SIZE,
3418
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3419
0
    md5Input  = (byte*)XMALLOC(ENCRYPT_LEN + WC_SHA_DIGEST_SIZE,
3420
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3421
0
    shaInput  = (byte*)XMALLOC(PREFIX + ENCRYPT_LEN + 2 * RAN_LEN,
3422
0
                                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
3423
0
    md5       =  (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3424
0
    sha       =  (wc_Sha*)XMALLOC(sizeof(wc_Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
3425
3426
0
    if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
3427
0
                             md5      == NULL || sha      == NULL) {
3428
0
        if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3429
0
        if (md5Input)  XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3430
0
        if (shaInput)  XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3431
0
        if (md5)       XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3432
0
        if (sha)       XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3433
3434
0
        return MEMORY_E;
3435
0
    }
3436
0
#endif
3437
0
    XMEMSET(shaOutput, 0, WC_SHA_DIGEST_SIZE);
3438
3439
0
    ret = wc_InitMd5(md5);
3440
0
    if (ret == 0) {
3441
0
        ret = wc_InitSha(sha);
3442
0
    }
3443
0
    if (ret == 0) {
3444
0
        XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
3445
3446
0
        for (i = 0; i < MASTER_ROUNDS; ++i) {
3447
0
            byte prefix[KEY_PREFIX];      /* only need PREFIX bytes but static */
3448
0
            if (!SetPrefix(prefix, i)) {  /* analysis thinks will overrun      */
3449
0
                ret = PREFIX_ERROR;
3450
0
                break;
3451
0
            }
3452
3453
0
            idx = 0;
3454
0
            XMEMCPY(shaInput, prefix, i + 1);
3455
0
            idx += i + 1;
3456
3457
0
            XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz);
3458
0
            idx += pmsSz;
3459
0
            XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN);
3460
0
            idx += RAN_LEN;
3461
0
            XMEMCPY(shaInput + idx, ssl->arrays->serverRandom, RAN_LEN);
3462
0
            idx += RAN_LEN;
3463
0
            if (ret == 0) {
3464
0
                ret = wc_ShaUpdate(sha, shaInput, idx);
3465
0
            }
3466
0
            if (ret == 0) {
3467
0
                ret = wc_ShaFinal(sha, shaOutput);
3468
0
            }
3469
0
            idx = pmsSz;  /* preSz */
3470
0
            XMEMCPY(md5Input + idx, shaOutput, WC_SHA_DIGEST_SIZE);
3471
0
            idx += WC_SHA_DIGEST_SIZE;
3472
0
            if (ret == 0) {
3473
0
                ret = wc_Md5Update(md5, md5Input, idx);
3474
0
            }
3475
0
            if (ret == 0) {
3476
0
                ret = wc_Md5Final(md5,
3477
0
                            &ssl->arrays->masterSecret[i * WC_MD5_DIGEST_SIZE]);
3478
0
            }
3479
0
        }
3480
3481
#ifdef SHOW_SECRETS
3482
        {
3483
            word32 j;
3484
            printf("master secret: ");
3485
            for (j = 0; j < SECRET_LEN; j++)
3486
                printf("%02x", ssl->arrays->masterSecret[j]);
3487
            printf("\n");
3488
        }
3489
#endif
3490
3491
0
        if (ret == 0)
3492
0
            ret = DeriveKeys(ssl);
3493
0
    }
3494
3495
0
#ifdef WOLFSSL_SMALL_STACK
3496
0
    XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3497
0
    XFREE(md5Input,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3498
0
    XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
3499
0
    XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3500
0
    XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
3501
0
#endif
3502
3503
0
    if (ret == 0)
3504
0
        ret = CleanPreMaster(ssl);
3505
0
    else
3506
0
        CleanPreMaster(ssl);
3507
3508
0
    return ret;
3509
0
}
3510
#endif
3511
3512
3513
/* Master wrapper, doesn't use SSL stack space in TLS mode */
3514
int MakeMasterSecret(WOLFSSL* ssl)
3515
2.01k
{
3516
    /* append secret to premaster : premaster | SerSi | CliSi */
3517
2.01k
#ifndef NO_OLD_TLS
3518
2.01k
    if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
3519
0
    return MakeSslMasterSecret(ssl);
3520
#elif !defined(WOLFSSL_NO_TLS12) && !defined(NO_TLS)
3521
    return MakeTlsMasterSecret(ssl);
3522
#else
3523
    (void)ssl;
3524
    return 0;
3525
#endif
3526
2.01k
}
3527
3528
#endif /* WOLFCRYPT_ONLY */