mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 13:05:41 +01:00
Add ECDHE_PSK ciphersuites
This commit is contained in:
Manuel Pégourié-Gonnard
parent
3ce3bbdc00
commit
225d6aa786
@ -193,6 +193,9 @@
|
||||
* TLS_RSA_PSK_WITH_NULL
|
||||
* TLS_RSA_PSK_WITH_NULL256
|
||||
* TLS_RSA_PSK_WITH_NULL384
|
||||
* TLS_ECDHE_PSK_WITH_NULL_SHA
|
||||
* TLS_ECDHE_PSK_WITH_NULL_SHA256
|
||||
* TLS_ECDHE_PSK_WITH_NULL_SHA384
|
||||
*
|
||||
* Uncomment this macro to enable the NULL cipher and ciphersuites
|
||||
#define POLARSSL_CIPHER_NULL_CIPHER
|
||||
@ -289,6 +292,14 @@
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
|
||||
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
|
||||
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
|
||||
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
|
||||
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
|
||||
*/
|
||||
#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
|
||||
|
||||
@ -144,18 +144,30 @@ extern "C" {
|
||||
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
|
||||
|
||||
#define TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */
|
||||
#define TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! TLS 1.2 */
|
||||
#define TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! TLS 1.2 */
|
||||
|
||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */
|
||||
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */
|
||||
|
||||
#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 /**< TLS 1.2 */
|
||||
#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 /**< TLS 1.2 */
|
||||
#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 /**< TLS 1.2 */
|
||||
#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /**< TLS 1.2 */
|
||||
#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /**< TLS 1.2 */
|
||||
#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /**< TLS 1.2 */
|
||||
#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 /**< TLS 1.2 */
|
||||
#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 /**< TLS 1.2 */
|
||||
#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 /**< TLS 1.2 */
|
||||
#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /**< TLS 1.2 */
|
||||
#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /**< TLS 1.2 */
|
||||
#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< TLS 1.2 */
|
||||
|
||||
typedef enum {
|
||||
POLARSSL_KEY_EXCHANGE_NONE = 0,
|
||||
|
||||
@ -73,7 +73,7 @@ static const int ciphersuite_preference[] =
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
|
||||
/* All remaining > 128-bit ephemeral suites */
|
||||
/* All remaining >= 128-bit ephemeral suites */
|
||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
@ -81,6 +81,14 @@ static const int ciphersuite_preference[] =
|
||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
|
||||
/* The PSK ephemeral suites */
|
||||
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_PSK_WITH_RC4_128_SHA,
|
||||
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||
TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
|
||||
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
||||
@ -110,7 +118,7 @@ static const int ciphersuite_preference[] =
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
|
||||
/* All remaining > 128-bit suites */
|
||||
/* All remaining >= 128-bit suites */
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_RSA_WITH_RC4_128_SHA,
|
||||
TLS_RSA_WITH_RC4_128_MD5,
|
||||
@ -139,23 +147,28 @@ static const int ciphersuite_preference[] =
|
||||
TLS_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_PSK_WITH_RC4_128_SHA,
|
||||
|
||||
/* Weak or NULL suites */
|
||||
/* Weak suites */
|
||||
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
||||
TLS_RSA_WITH_DES_CBC_SHA,
|
||||
|
||||
/* NULL suites */
|
||||
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
||||
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
||||
TLS_RSA_WITH_NULL_SHA256,
|
||||
TLS_RSA_WITH_NULL_SHA,
|
||||
TLS_RSA_WITH_NULL_MD5,
|
||||
TLS_PSK_WITH_NULL_SHA384,
|
||||
TLS_PSK_WITH_NULL_SHA256,
|
||||
TLS_PSK_WITH_NULL_SHA,
|
||||
TLS_ECDHE_PSK_WITH_NULL_SHA384,
|
||||
TLS_ECDHE_PSK_WITH_NULL_SHA256,
|
||||
TLS_ECDHE_PSK_WITH_NULL_SHA,
|
||||
TLS_DHE_PSK_WITH_NULL_SHA384,
|
||||
TLS_DHE_PSK_WITH_NULL_SHA256,
|
||||
TLS_DHE_PSK_WITH_NULL_SHA,
|
||||
TLS_RSA_WITH_NULL_SHA256,
|
||||
TLS_RSA_WITH_NULL_SHA,
|
||||
TLS_RSA_WITH_NULL_MD5,
|
||||
TLS_RSA_PSK_WITH_NULL_SHA384,
|
||||
TLS_RSA_PSK_WITH_NULL_SHA256,
|
||||
TLS_RSA_PSK_WITH_NULL_SHA,
|
||||
TLS_PSK_WITH_NULL_SHA384,
|
||||
TLS_PSK_WITH_NULL_SHA256,
|
||||
TLS_PSK_WITH_NULL_SHA,
|
||||
|
||||
0
|
||||
};
|
||||
@ -728,6 +741,79 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#if defined(POLARSSL_AES_C)
|
||||
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
#if defined(POLARSSL_SHA256_C)
|
||||
{ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA256_C */
|
||||
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
{ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA512_C */
|
||||
|
||||
{ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
#if defined(POLARSSL_SHA256_C)
|
||||
{ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA256_C */
|
||||
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
{ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA512_C */
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
{ TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
{ TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||
#if defined(POLARSSL_AES_C)
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
@ -856,6 +942,30 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
POLARSSL_CIPHERSUITE_WEAK },
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
{ TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
|
||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_WEAK },
|
||||
|
||||
#if defined(POLARSSL_SHA256_C)
|
||||
{ TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
|
||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_WEAK },
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
{ TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
|
||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_WEAK },
|
||||
#endif
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||
{ TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
|
||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||
@ -998,6 +1108,7 @@ int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
|
||||
{
|
||||
case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
|
||||
case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||
case POLARSSL_KEY_EXCHANGE_ECDHE_PSK:
|
||||
return( 1 );
|
||||
|
||||
default:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user