mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-05-29 08:42:28 +00:00
Implement RFC8442
This commit is contained in:
Justine Tunney
parent
2bc0901ce3
commit
4daafef63a
2 changed files with 42 additions and 13 deletions
49
third_party/mbedtls/ssl_ciphersuites.c
vendored
49
third_party/mbedtls/ssl_ciphersuites.c
vendored
|
|
@ -72,10 +72,9 @@ static const uint16_t ciphersuite_preference[] =
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
|
#ifdef MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
|
||||||
/* TODO(jart): RFC8442 */
|
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384,
|
||||||
/* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384, */
|
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
|
||||||
/* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, */
|
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256,
|
||||||
/* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256, */
|
|
||||||
MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||||
MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
||||||
|
|
@ -169,17 +168,25 @@ static const uint16_t ciphersuite_preference[] =
|
||||||
static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
{
|
{
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "ECDHE-ECDSA-AES128-GCM-SHA256",
|
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "ECDHE-ECDSA-AES256-GCM-SHA384",
|
||||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "ECDHE-ECDSA-AES256-GCM-SHA384",
|
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "ECDHE-RSA-AES256-GCM-SHA384",
|
||||||
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||||
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)
|
||||||
|
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "ECDHE-ECDSA-AES128-GCM-SHA256",
|
||||||
|
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
|
@ -193,9 +200,9 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
0 },
|
0 },
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "ECDHE-RSA-AES256-GCM-SHA384",
|
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384, "ECDHE-PSK-AES256-GCM-SHA384",
|
||||||
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
|
@ -271,6 +278,22 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||||
MBEDTLS_SHA256_C &&
|
MBEDTLS_SHA256_C &&
|
||||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)
|
||||||
|
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, "ECDHE-PSK-AES128-GCM-SHA256",
|
||||||
|
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_CCM_C) && defined(MBEDTLS_SHA512_C)
|
||||||
|
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256, "ECDHE-PSK-AES128-CCM-SHA256",
|
||||||
|
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||||
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
|
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||||
|
0 },
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||||
#if defined(MBEDTLS_AES_C)
|
#if defined(MBEDTLS_AES_C)
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
|
|
|
||||||
6
third_party/mbedtls/ssl_ciphersuites.h
vendored
6
third_party/mbedtls/ssl_ciphersuites.h
vendored
|
|
@ -255,6 +255,12 @@ COSMOPOLITAN_C_START_
|
||||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */
|
#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */
|
||||||
#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE /**< TLS 1.2 */
|
#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE /**< TLS 1.2 */
|
||||||
|
|
||||||
|
/* RFC 8442 */
|
||||||
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 0xD001 /**< TLS 1.2 */
|
||||||
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 0xD002 /**< TLS 1.2 */
|
||||||
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 0xD003 /**< TLS 1.2 */
|
||||||
|
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 0xD005 /**< TLS 1.2 */
|
||||||
|
|
||||||
/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
|
/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
|
||||||
* Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
|
* Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue