mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 15:05:45 +01:00
Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites
This commit is contained in:
commit
fdf946928d
@ -6,6 +6,7 @@ Features
|
||||
* Support for adhering to client ciphersuite order preference
|
||||
(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||
* Support for Curve25519
|
||||
* Support for ECDH-RSA and ECDH-ECDSA key exchanges and ciphersuites
|
||||
|
||||
Changes
|
||||
* gen_prime() speedup
|
||||
|
@ -180,6 +180,8 @@
|
||||
*
|
||||
* Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
|
||||
* the following ciphersuites:
|
||||
* TLS_ECDH_ECDSA_WITH_NULL_SHA
|
||||
* TLS_ECDH_RSA_WITH_NULL_SHA
|
||||
* TLS_ECDHE_ECDSA_WITH_NULL_SHA
|
||||
* TLS_ECDHE_RSA_WITH_NULL_SHA
|
||||
* TLS_ECDHE_PSK_WITH_NULL_SHA384
|
||||
@ -458,6 +460,54 @@
|
||||
*/
|
||||
#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
|
||||
/**
|
||||
* \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
*
|
||||
* Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|
||||
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
||||
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
*/
|
||||
#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
|
||||
/**
|
||||
* \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
*
|
||||
* Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_ECDH_RSA_WITH_RC4_128_SHA
|
||||
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
|
||||
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
|
||||
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
||||
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|
||||
* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
|
||||
* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
*/
|
||||
#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
|
||||
/**
|
||||
* \def POLARSSL_ERROR_STRERROR_BC
|
||||
*
|
||||
@ -824,6 +874,18 @@
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|
||||
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
|
||||
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
|
||||
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
|
||||
* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
|
||||
* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
|
||||
* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
|
||||
* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||
* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|
||||
* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
@ -885,6 +947,8 @@
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_ECDH_ECDSA_WITH_RC4_128_SHA
|
||||
* TLS_ECDH_RSA_WITH_RC4_128_SHA
|
||||
* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
|
||||
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
|
||||
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
|
||||
@ -970,6 +1034,14 @@
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
@ -1072,6 +1144,8 @@
|
||||
*
|
||||
* This module enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
|
||||
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
@ -1873,6 +1947,16 @@
|
||||
#error "POLARSSL_HAVEGE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
|
||||
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_X509_CRT_PARSE_C) )
|
||||
#error "POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_X509_CRT_PARSE_C) )
|
||||
#error "POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM_C)
|
||||
#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -33,6 +33,15 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* When importing from an EC key, select if it is our key or the peer's key
|
||||
*/
|
||||
typedef enum
|
||||
{
|
||||
POLARSSL_ECDH_OURS,
|
||||
POLARSSL_ECDH_THEIRS,
|
||||
} ecdh_side;
|
||||
|
||||
/**
|
||||
* \brief ECDH context structure
|
||||
*/
|
||||
@ -134,6 +143,18 @@ int ecdh_make_params( ecdh_context *ctx, size_t *olen,
|
||||
int ecdh_read_params( ecdh_context *ctx,
|
||||
const unsigned char **buf, const unsigned char *end );
|
||||
|
||||
/**
|
||||
* \brief Setup an ECDH context from an EC key
|
||||
*
|
||||
* \param ctx ECDH constext to set
|
||||
* \param key EC key to use
|
||||
* \param ours Is it our key (1) or the peer's key (0) ?
|
||||
*
|
||||
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
|
||||
*/
|
||||
int ecdh_get_params( ecdh_context *ctx, const ecp_keypair *key,
|
||||
ecdh_side side );
|
||||
|
||||
/**
|
||||
* \brief Setup and export the client's public value
|
||||
*
|
||||
|
@ -120,12 +120,24 @@ extern "C" {
|
||||
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
|
||||
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
|
||||
|
||||
#define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
|
||||
#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 /**< Not in SSL3! */
|
||||
#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 /**< Not in SSL3! */
|
||||
#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /**< Not in SSL3! */
|
||||
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 /**< Not in SSL3! */
|
||||
|
||||
#define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
|
||||
#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */
|
||||
|
||||
#define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */
|
||||
#define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C /**< Not in SSL3! */
|
||||
#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D /**< Not in SSL3! */
|
||||
#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E /**< Not in SSL3! */
|
||||
#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F /**< Not in SSL3! */
|
||||
|
||||
#define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
|
||||
#define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */
|
||||
@ -134,15 +146,21 @@ extern "C" {
|
||||
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */
|
||||
|
||||
#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */
|
||||
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */
|
||||
#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */
|
||||
#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */
|
||||
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */
|
||||
|
||||
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */
|
||||
#define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
|
||||
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */
|
||||
#define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */
|
||||
|
||||
#define TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */
|
||||
@ -156,8 +174,12 @@ extern "C" {
|
||||
|
||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
|
||||
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */
|
||||
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< Not in SSL3! */
|
||||
#define TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 /**< Not in SSL3! */
|
||||
#define TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 /**< Not in SSL3! */
|
||||
|
||||
#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
|
||||
#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
|
||||
@ -165,10 +187,14 @@ extern "C" {
|
||||
#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
|
||||
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */
|
||||
#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */
|
||||
#define TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */
|
||||
#define TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */
|
||||
|
||||
#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08D /**< TLS 1.2 */
|
||||
#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */
|
||||
#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */
|
||||
#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */
|
||||
#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */
|
||||
@ -194,6 +220,8 @@ typedef enum {
|
||||
POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||
POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||
POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
} key_exchange_type_t;
|
||||
|
||||
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
|
||||
|
@ -165,6 +165,32 @@ int ecdh_read_params( ecdh_context *ctx,
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get parameters from a keypair
|
||||
*/
|
||||
int ecdh_get_params( ecdh_context *ctx, const ecp_keypair *key,
|
||||
ecdh_side side )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ( ret = ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
/* If it's not our key, just import the public part as Qp */
|
||||
if( side == POLARSSL_ECDH_THEIRS )
|
||||
return( ecp_copy( &ctx->Qp, &key->Q ) );
|
||||
|
||||
/* Our key: import public (as Q) and private parts */
|
||||
if( side != POLARSSL_ECDH_OURS )
|
||||
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = ecp_copy( &ctx->Q, &key->Q ) ) != 0 ||
|
||||
( ret = mpi_copy( &ctx->d, &key->d ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Setup and export the client public value
|
||||
*/
|
||||
|
@ -128,26 +128,50 @@ static const int ciphersuite_preference[] =
|
||||
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
|
||||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
|
||||
/* All CAMELLIA-256 suites */
|
||||
TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
|
||||
/* All AES-128 suites */
|
||||
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
|
||||
/* All CAMELLIA-128 suites */
|
||||
TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
|
||||
/* All remaining >= 128-bit suites */
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_RSA_WITH_RC4_128_SHA,
|
||||
TLS_RSA_WITH_RC4_128_MD5,
|
||||
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
|
||||
/* The RSA PSK suites */
|
||||
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
|
||||
@ -198,6 +222,8 @@ static const int ciphersuite_preference[] =
|
||||
TLS_RSA_WITH_NULL_SHA256,
|
||||
TLS_RSA_WITH_NULL_SHA,
|
||||
TLS_RSA_WITH_NULL_MD5,
|
||||
TLS_ECDH_RSA_WITH_NULL_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
TLS_RSA_PSK_WITH_NULL_SHA384,
|
||||
TLS_RSA_PSK_WITH_NULL_SHA256,
|
||||
TLS_RSA_PSK_WITH_NULL_SHA,
|
||||
@ -208,7 +234,7 @@ static const int ciphersuite_preference[] =
|
||||
0
|
||||
};
|
||||
|
||||
#define MAX_CIPHERSUITES 128
|
||||
#define MAX_CIPHERSUITES 160
|
||||
static int supported_ciphersuites[MAX_CIPHERSUITES];
|
||||
static int supported_init = 0;
|
||||
|
||||
@ -697,6 +723,244 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED)
|
||||
#if defined(POLARSSL_AES_C)
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#if defined(POLARSSL_SHA256_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
{ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
|
||||
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
#endif /* POLARSSL_SHA256_C */
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
{ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
{ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
|
||||
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
#endif /* POLARSSL_SHA512_C */
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
#if defined(POLARSSL_SHA256_C)
|
||||
{ TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA256_C */
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
{ TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA512_C */
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
#if defined(POLARSSL_SHA256_C)
|
||||
{ TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA256_C */
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
{ TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA512_C */
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
{ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA",
|
||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
{ TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA",
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
|
||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
{ TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
|
||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_WEAK },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
#if defined(POLARSSL_AES_C)
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#if defined(POLARSSL_SHA256_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
{ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
|
||||
POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
#endif /* POLARSSL_SHA256_C */
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
{ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
|
||||
POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
#endif /* POLARSSL_SHA512_C */
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
#if defined(POLARSSL_SHA256_C)
|
||||
{ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA256_C */
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
{ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
|
||||
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA512_C */
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
#if defined(POLARSSL_SHA256_C)
|
||||
{ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
POLARSSL_CIPHER_CAMELLIA_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA256_C */
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
{ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
POLARSSL_CIPHER_CAMELLIA_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA512_C */
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC)
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
{ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
|
||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA",
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
|
||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
{ TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
|
||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_WEAK },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||
#if defined(POLARSSL_AES_C)
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
@ -1376,6 +1640,10 @@ pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info )
|
||||
case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||
return( POLARSSL_PK_ECDSA );
|
||||
|
||||
case POLARSSL_KEY_EXCHANGE_ECDH_RSA:
|
||||
case POLARSSL_KEY_EXCHANGE_ECDH_ECDSA:
|
||||
return( POLARSSL_PK_ECKEY );
|
||||
|
||||
default:
|
||||
return( POLARSSL_PK_NONE );
|
||||
}
|
||||
@ -1389,6 +1657,8 @@ int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
|
||||
case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
|
||||
case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||
case POLARSSL_KEY_EXCHANGE_ECDHE_PSK:
|
||||
case POLARSSL_KEY_EXCHANGE_ECDH_RSA:
|
||||
case POLARSSL_KEY_EXCHANGE_ECDH_ECDSA:
|
||||
return( 1 );
|
||||
|
||||
default:
|
||||
|
@ -1113,6 +1113,29 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
||||
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
static int ssl_check_server_ecdh_params( const ssl_context *ssl )
|
||||
{
|
||||
SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
|
||||
(int) ssl->handshake->ecdh_ctx.grp.nbits ) );
|
||||
|
||||
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
|
||||
ssl->handshake->ecdh_ctx.grp.nbits > 521 )
|
||||
{
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
@ -1137,18 +1160,12 @@ static int ssl_parse_server_ecdh_params( ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
|
||||
(int) ssl->handshake->ecdh_ctx.grp.nbits ) );
|
||||
|
||||
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
|
||||
ssl->handshake->ecdh_ctx.grp.nbits > 521 )
|
||||
if( ssl_check_server_ecdh_params( ssl ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDH length)" ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||
@ -1307,6 +1324,41 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl,
|
||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
||||
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
static int ssl_get_ecdh_params_from_cert( ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
const ecp_keypair *peer_key;
|
||||
|
||||
if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk,
|
||||
POLARSSL_PK_ECKEY ) )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
|
||||
return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
|
||||
}
|
||||
|
||||
peer_key = pk_ec( ssl->session_negotiate->peer_cert->pk );
|
||||
|
||||
if( ( ret = ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
|
||||
POLARSSL_ECDH_THEIRS ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, ( "ecdh_get_params" ), ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ssl_check_server_ecdh_params( ssl ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH length)" ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||
}
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
|
||||
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
|
||||
static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
@ -1335,6 +1387,21 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
||||
((void) end);
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_RSA ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_ECDSA )
|
||||
{
|
||||
ssl_get_ecdh_params_from_cert( ssl );
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
((void) p);
|
||||
((void) end);
|
||||
#endif
|
||||
|
||||
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_read_record", ret );
|
||||
@ -1852,9 +1919,13 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||
else
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_RSA ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_ECDSA )
|
||||
{
|
||||
/*
|
||||
* ECDH key exchange -- send client public value
|
||||
@ -1887,7 +1958,9 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||
POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
||||
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
|
||||
|
@ -1962,6 +1962,31 @@ static int ssl_write_certificate_request( ssl_context *ssl )
|
||||
!POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
|
||||
!POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
static int ssl_get_ecdh_params_from_cert( ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ! pk_can_do( ssl_own_key( ssl ), POLARSSL_PK_ECKEY ) )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
|
||||
return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
|
||||
}
|
||||
|
||||
if( ( ret = ecdh_get_params( &ssl->handshake->ecdh_ctx,
|
||||
pk_ec( *ssl_own_key( ssl ) ),
|
||||
POLARSSL_ECDH_OURS ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, ( "ecdh_get_params" ), ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
|
||||
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
|
||||
static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
@ -1983,6 +2008,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK )
|
||||
@ -1991,6 +2019,20 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_RSA ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_ECDSA )
|
||||
{
|
||||
ssl_get_ecdh_params_from_cert( ssl );
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
@ -2533,9 +2575,13 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||
else
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_RSA ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_ECDSA )
|
||||
{
|
||||
size_t n = ssl->in_msg[3];
|
||||
|
||||
@ -2555,6 +2601,10 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||
|
||||
SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
|
||||
|
||||
SSL_DEBUG_MSG( 0, ( "ECDH: id %d", ssl->handshake->ecdh_ctx.grp.id ) );
|
||||
SSL_DEBUG_ECP( 0, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
|
||||
SSL_DEBUG_MPI( 0, "ECDH: d ", &ssl->handshake->ecdh_ctx.d );
|
||||
|
||||
if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
|
||||
&ssl->handshake->pmslen,
|
||||
ssl->handshake->premaster,
|
||||
@ -2569,7 +2619,9 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||
POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
||||
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
|
||||
{
|
||||
|
@ -2320,7 +2320,9 @@ int ssl_send_alert_message( ssl_context *ssl,
|
||||
!defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
|
||||
!defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
||||
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
|
||||
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
|
||||
!defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||
!defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
int ssl_write_certificate( ssl_context *ssl )
|
||||
{
|
||||
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
@ -2649,9 +2651,13 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED &&
|
||||
!POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED &&
|
||||
!POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
|
||||
#endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED
|
||||
!POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||
!POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
!POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
!POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
!POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
!POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
|
||||
int ssl_write_change_cipher_spec( ssl_context *ssl )
|
||||
{
|
||||
|
@ -120,6 +120,9 @@ echo "-----------"
|
||||
for TYPE in $TYPES;
|
||||
do
|
||||
|
||||
P_CIPHERS=""
|
||||
O_CIPHERS=""
|
||||
|
||||
case $TYPE in
|
||||
|
||||
"ECDSA")
|
||||
@ -129,21 +132,34 @@ case $TYPE in
|
||||
O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server5.crt -key data_files/server5.key"
|
||||
O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server6.crt -key data_files/server6.key"
|
||||
|
||||
P_CIPHERS=" \
|
||||
if [ "$MODE" != "ssl3" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
|
||||
TLS-ECDH-ECDSA-WITH-NULL-SHA \
|
||||
TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
|
||||
TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
|
||||
"
|
||||
|
||||
O_CIPHERS=" \
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
ECDHE-ECDSA-NULL-SHA \
|
||||
ECDHE-ECDSA-RC4-SHA \
|
||||
ECDHE-ECDSA-DES-CBC3-SHA \
|
||||
ECDHE-ECDSA-AES128-SHA \
|
||||
ECDHE-ECDSA-AES256-SHA \
|
||||
ECDH-ECDSA-NULL-SHA \
|
||||
ECDH-ECDSA-RC4-SHA \
|
||||
ECDH-ECDSA-DES-CBC3-SHA \
|
||||
ECDH-ECDSA-AES128-SHA \
|
||||
ECDH-ECDSA-AES256-SHA \
|
||||
"
|
||||
fi
|
||||
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
@ -152,13 +168,21 @@ case $TYPE in
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
|
||||
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
|
||||
"
|
||||
|
||||
O_CIPHERS=" \
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
ECDHE-ECDSA-AES128-SHA256 \
|
||||
ECDHE-ECDSA-AES256-SHA384 \
|
||||
ECDHE-ECDSA-AES128-GCM-SHA256 \
|
||||
ECDHE-ECDSA-AES256-GCM-SHA384 \
|
||||
ECDH-ECDSA-AES128-SHA256 \
|
||||
ECDH-ECDSA-AES256-SHA384 \
|
||||
ECDH-ECDSA-AES128-GCM-SHA256 \
|
||||
ECDH-ECDSA-AES256-GCM-SHA384 \
|
||||
"
|
||||
fi
|
||||
|
||||
@ -171,7 +195,7 @@ case $TYPE in
|
||||
O_SERVER_ARGS="$O_SERVER_BASE -cert data_files/server1.crt -key data_files/server1.key"
|
||||
O_CLIENT_ARGS="$O_CLIENT_BASE -cert data_files/server2.crt -key data_files/server2.key"
|
||||
|
||||
P_CIPHERS=" \
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
||||
@ -188,14 +212,9 @@ case $TYPE in
|
||||
TLS-RSA-WITH-NULL-SHA \
|
||||
TLS-RSA-WITH-DES-CBC-SHA \
|
||||
TLS-DHE-RSA-WITH-DES-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-RC4-128-SHA \
|
||||
TLS-ECDHE-RSA-WITH-NULL-SHA \
|
||||
"
|
||||
|
||||
O_CIPHERS=" \
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
DHE-RSA-AES128-SHA \
|
||||
DHE-RSA-AES256-SHA \
|
||||
DHE-RSA-CAMELLIA128-SHA \
|
||||
@ -212,12 +231,26 @@ case $TYPE in
|
||||
NULL-SHA \
|
||||
DES-CBC-SHA \
|
||||
EDH-RSA-DES-CBC-SHA \
|
||||
"
|
||||
|
||||
if [ "$MODE" != "ssl3" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-ECDHE-RSA-WITH-RC4-128-SHA \
|
||||
TLS-ECDHE-RSA-WITH-NULL-SHA \
|
||||
"
|
||||
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
ECDHE-RSA-AES256-SHA \
|
||||
ECDHE-RSA-AES128-SHA \
|
||||
ECDHE-RSA-DES-CBC3-SHA \
|
||||
ECDHE-RSA-RC4-SHA \
|
||||
ECDHE-RSA-NULL-SHA \
|
||||
"
|
||||
fi
|
||||
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
@ -264,14 +297,14 @@ case $TYPE in
|
||||
O_SERVER_ARGS="$O_SERVER_BASE -psk 6162636465666768696a6b6c6d6e6f70 -cert data_files/server1.crt -key data_files/server1.key"
|
||||
O_CLIENT_ARGS="$O_CLIENT_BASE -psk 6162636465666768696a6b6c6d6e6f70"
|
||||
|
||||
P_CIPHERS=" \
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-PSK-WITH-RC4-128-SHA \
|
||||
TLS-PSK-WITH-3DES-EDE-CBC-SHA \
|
||||
TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
TLS-PSK-WITH-AES-256-CBC-SHA \
|
||||
"
|
||||
|
||||
O_CIPHERS=" \
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
PSK-RC4-SHA \
|
||||
PSK-3DES-EDE-CBC-SHA \
|
||||
PSK-AES128-CBC-SHA \
|
||||
@ -374,6 +407,18 @@ case $TYPE in
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||
"
|
||||
fi
|
||||
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||
"
|
||||
fi
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user