Added pre-shared key handling for the client side of SSL / TLS
Client side handling of the pure PSK ciphersuites is now in the base code.
This commit is contained in:
Paul Bakker
parent
f7abd422dc
commit
d4a56ec6bf
7 changed files with 381 additions and 26 deletions
|
|
@ -70,6 +70,12 @@ static const int ciphersuite_preference[] =
|
|||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
|
||||
/* The PSK ephemeral suites */
|
||||
TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
|
||||
TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
|
||||
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DHE_PSK_WITH_RC4_128_SHA,
|
||||
|
||||
/* All AES-256 suites */
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
|
|
@ -93,6 +99,18 @@ static const int ciphersuite_preference[] =
|
|||
TLS_RSA_WITH_RC4_128_SHA,
|
||||
TLS_RSA_WITH_RC4_128_MD5,
|
||||
|
||||
/* The RSA PSK suites */
|
||||
TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
|
||||
TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
|
||||
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_RSA_PSK_WITH_RC4_128_SHA,
|
||||
|
||||
/* The PSK suites */
|
||||
TLS_PSK_WITH_AES_256_CBC_SHA,
|
||||
TLS_PSK_WITH_AES_128_CBC_SHA,
|
||||
TLS_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_PSK_WITH_RC4_128_SHA,
|
||||
|
||||
/* Weak or NULL suites */
|
||||
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
||||
TLS_RSA_WITH_DES_CBC_SHA,
|
||||
|
|
@ -370,6 +388,100 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0 },
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||
#if defined(POLARSSL_AES_C)
|
||||
{ TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
{ TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
{ TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
|
||||
#if defined(POLARSSL_DHM_C)
|
||||
#if defined(POLARSSL_AES_C)
|
||||
{ TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
{ TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
{ TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
#endif /* POLARSSL_DHM_C */
|
||||
|
||||
#if defined(POLARSSL_AES_C)
|
||||
{ TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
|
||||
{ TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
|
||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
{ TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
{ TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
|
||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif /* POLARSSL_ARC4_C */
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
|
||||
|
||||
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
|
||||
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||
{ TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue