Merged ECDHE-PSK ciphersuites
This commit is contained in:
Paul Bakker
commit
376e8153a0
11 changed files with 598 additions and 229 deletions
|
|
@ -195,15 +195,18 @@
|
|||
* TLS_RSA_WITH_NULL_SHA
|
||||
* TLS_RSA_WITH_NULL_SHA256
|
||||
* TLS_ECDHE_RSA_WITH_NULL_SHA
|
||||
* TLS_PSK_WITH_NULL
|
||||
* TLS_PSK_WITH_NULL256
|
||||
* TLS_PSK_WITH_NULL384
|
||||
* TLS_DHE_PSK_WITH_NULL
|
||||
* TLS_DHE_PSK_WITH_NULL256
|
||||
* TLS_DHE_PSK_WITH_NULL384
|
||||
* TLS_RSA_PSK_WITH_NULL
|
||||
* TLS_RSA_PSK_WITH_NULL256
|
||||
* TLS_RSA_PSK_WITH_NULL384
|
||||
* TLS_PSK_WITH_NULL_SHA
|
||||
* TLS_PSK_WITH_NULL_SHA256
|
||||
* TLS_PSK_WITH_NULL_SHA384
|
||||
* TLS_DHE_PSK_WITH_NULL_SHA
|
||||
* TLS_DHE_PSK_WITH_NULL_SHA256
|
||||
* TLS_DHE_PSK_WITH_NULL_SHA384
|
||||
* TLS_RSA_PSK_WITH_NULL_SHA
|
||||
* TLS_RSA_PSK_WITH_NULL_SHA256
|
||||
* TLS_RSA_PSK_WITH_NULL_SHA384
|
||||
* TLS_ECDHE_PSK_WITH_NULL_SHA
|
||||
* TLS_ECDHE_PSK_WITH_NULL_SHA256
|
||||
* TLS_ECDHE_PSK_WITH_NULL_SHA384
|
||||
*
|
||||
* Uncomment this macro to enable the NULL cipher and ciphersuites
|
||||
*/
|
||||
|
|
@ -294,6 +297,26 @@
|
|||
*/
|
||||
#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||
|
||||
/**
|
||||
* \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
*
|
||||
* Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* Requires: POLARSSL_ECDH_C
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* TLS_ECDHE_PSK_WITH_RC4_128_SHA
|
||||
* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
|
||||
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
|
||||
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
|
||||
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
|
||||
* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
|
||||
*/
|
||||
#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
|
||||
/**
|
||||
* \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||
*
|
||||
|
|
@ -1754,6 +1777,11 @@
|
|||
#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
|
||||
!defined(POLARSSL_ECDH_C)
|
||||
#error "POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
||||
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
|
||||
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
|
||||
|
|
|
|||
|
|
@ -614,7 +614,9 @@ struct _ssl_context
|
|||
void *p_vrfy; /*!< context for verification */
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
|
||||
void *p_psk; /*!< context for PSK retrieval */
|
||||
#endif
|
||||
|
|
@ -715,7 +717,9 @@ struct _ssl_context
|
|||
mpi dhm_G; /*!< generator for DHM */
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
/*
|
||||
* PSK values
|
||||
*/
|
||||
|
|
@ -1057,7 +1061,9 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
|
|||
rsa_key_len_func rsa_key_len );
|
||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
/**
|
||||
* \brief Set the Pre Shared Key (PSK) and the identity name connected
|
||||
* to it.
|
||||
|
|
@ -1097,7 +1103,9 @@ void ssl_set_psk_cb( ssl_context *ssl,
|
|||
int (*f_psk)(void *, ssl_context *, const unsigned char *,
|
||||
size_t),
|
||||
void *p_psk );
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED ||
|
||||
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ||
|
||||
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
|
||||
#if defined(POLARSSL_DHM_C)
|
||||
/**
|
||||
|
|
@ -1523,6 +1531,12 @@ int ssl_write_finished( ssl_context *ssl );
|
|||
|
||||
void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex );
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_PK_C)
|
||||
unsigned char ssl_sig_from_pk( pk_context *pk );
|
||||
pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
|
||||
|
|
|
|||
|
|
@ -144,18 +144,30 @@ extern "C" {
|
|||
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
|
||||
|
||||
#define TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! */
|
||||
#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */
|
||||
#define TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! TLS 1.2 */
|
||||
#define TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! TLS 1.2 */
|
||||
|
||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */
|
||||
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */
|
||||
|
||||
#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 /**< TLS 1.2 */
|
||||
#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 /**< TLS 1.2 */
|
||||
#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 /**< TLS 1.2 */
|
||||
#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /**< TLS 1.2 */
|
||||
#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /**< TLS 1.2 */
|
||||
#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /**< TLS 1.2 */
|
||||
#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 /**< TLS 1.2 */
|
||||
#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 /**< TLS 1.2 */
|
||||
#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 /**< TLS 1.2 */
|
||||
#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 /**< TLS 1.2 */
|
||||
#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 /**< TLS 1.2 */
|
||||
#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< TLS 1.2 */
|
||||
|
||||
typedef enum {
|
||||
POLARSSL_KEY_EXCHANGE_NONE = 0,
|
||||
|
|
@ -166,6 +178,7 @@ typedef enum {
|
|||
POLARSSL_KEY_EXCHANGE_PSK,
|
||||
POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||
POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||
POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
|
||||
} key_exchange_type_t;
|
||||
|
||||
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue