*
******************************************************************/
+
#include "iotivity_config.h"
+
#define _GNU_SOURCE
#include <stddef.h>
*/
#define RANDOM_LEN (32)
/**
- * @def RANDOM_LEN
- * @brief PSK generated keyblock length
+ * @def SHA384_MAC_KEY_LENGTH
+ * @brief MAC key length for SHA384 cipher suites
*/
-#define KEY_BLOCK_LEN (96)
-
-/**@def SSL_CLOSE_NOTIFY(peer, ret)
- *
- * Notifies of existing \a peer about closing TLS connection.
- *
- * @param[in] peer remote peer
- * @param[in] ret used internaly
+#define SHA384_MAC_KEY_LENGTH (48)
+/**
+ * @def SHA256_MAC_KEY_LENGTH
+ * @brief MAC key length for SHA256 cipher suites
+ */
+#define SHA256_MAC_KEY_LENGTH (32)
+/**
+ * @def CCM_MAC_KEY_LENGTH
+ * @brief MAC key length for CCM cipher suites
+ */
+#define CCM_MAC_KEY_LENGTH (0)
+/**
+ * @def AES256_KEY_LENGTH
+ * @brief key material length for AES256 cipher suites
+ */
+#define AES256_KEY_LENGTH (32)
+/**
+ * @def AES128_KEY_LENGTH
+ * @brief key material length for AES128 cipher suites
+ */
+#define AES128_KEY_LENGTH (16)
+/**
+ * @def GCM_IV_LENGTH
+ * @brief length of nonce for GCM cipher suites
*/
+#define GCM_IV_LENGTH (12)
+/**
+ * @def CCM_IV_LENGTH
+ * @brief length of nonce for CCM cipher suites
+ */
+#define CCM_IV_LENGTH (4)
+/**
+ * @def CBC_IV_LENGTH
+ * @brief length of nonce for CBC cipher suites
+ */
+#define CBC_IV_LENGTH (0)
/**
* @var RETRANSMISSION_TIME
*/
#define RETRANSMISSION_TIME 1
+/**@def SSL_CLOSE_NOTIFY(peer, ret)
+ *
+ * Notifies of existing \a peer about closing TLS connection.
+ *
+ * @param[in] peer remote peer
+ * @param[in] ret used internaly
+ */
#define SSL_CLOSE_NOTIFY(peer, ret) \
do \
{ \
return (error); \
} \
}
+/**@def CONF_SSL(clientConf, serverConf, fn, ...)
+ *
+ * Calls \a fn for \a clientConf and \a serverConf.
+ *
+ */
+#define CONF_SSL(clientConf, serverConf, fn, ...) do { \
+fn((clientConf), __VA_ARGS__); \
+fn((serverConf), __VA_ARGS__); \
+} while (0)
+
/** @def CHECK_MBEDTLS_RET(f, ...)
* A macro that checks \a f function return code
*
if (0 != ret) { \
OIC_LOG_V(ERROR, NET_SSL_TAG, "%s returned -0x%04x\n", __func__, -(ret)); \
goto exit; \
-} } while(0)
+} } while (0)
typedef enum
{
- ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA,
- ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
- ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256,
- ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
- ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
- ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
- ADAPTER_CIPHER_MAX
-} AdapterCipher_t;
+ SSL_RSA_WITH_AES_256_CBC_SHA256,
+ SSL_RSA_WITH_AES_128_GCM_SHA256,
+ SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ SSL_ECDHE_ECDSA_WITH_AES_128_CCM,
+ SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+ SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256,
+ SSL_CIPHER_MAX
+} SslCipher_t;
typedef enum
{
ADAPTER_CURVE_MAX
} AdapterCurve_t;
-int tlsCipher[ADAPTER_CIPHER_MAX][2] =
+static const int tlsCipher[SSL_CIPHER_MAX][2] =
{
- {MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, 0},
+ {MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, 0},
+ {MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, 0},
+ {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
{MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, 0},
-#ifdef MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256
- {MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256, 0},
-#endif
- {MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 0},
{MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, 0},
- {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0}
+ {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0},
+ {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 0},
+ {MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0},
+ {MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, 0},
+ {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0},
+ {MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256, 0}
};
-static int g_cipherSuitesList[ADAPTER_CIPHER_MAX];
+static int g_cipherSuitesList[SSL_CIPHER_MAX];
mbedtls_ecp_group_id curve[ADAPTER_CURVE_MAX][2] =
{
mbedtls_ssl_config clientDtlsConf;
mbedtls_ssl_config serverDtlsConf;
- AdapterCipher_t cipher;
+ SslCipher_t cipher;
SslCallbacks_t adapterCallbacks[MAX_SUPPORTED_ADAPTERS];
mbedtls_x509_crl crl;
bool cipherFlag[2];
if(0 != ret)
{
OIC_LOG(WARNING, NET_SSL_TAG, "CRL parsing error");
- mbedtls_ssl_conf_ca_chain(clientConf, &g_caSslContext->ca, NULL);
- mbedtls_ssl_conf_ca_chain(serverConf, &g_caSslContext->ca, NULL);
+ CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain, &g_caSslContext->ca, NULL);
}
else
{
- mbedtls_ssl_conf_ca_chain(clientConf, &g_caSslContext->ca, &g_caSslContext->crl);
- mbedtls_ssl_conf_ca_chain(serverConf, &g_caSslContext->ca, &g_caSslContext->crl);
+ CONF_SSL(clientConf, serverConf, mbedtls_ssl_conf_ca_chain,
+ &g_caSslContext->ca, &g_caSslContext->crl);
}
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
// Retrieve the PSK credential from SRM
- // PIN OTM if (true == g_caSslContext->cipherFlag[0] && 0 != InitPskIdentity(config))
if (0 != InitPskIdentity(config))
{
OIC_LOG(ERROR, NET_SSL_TAG, "PSK identity initialization failed!");
}
- // Retrieve the ECC credential from SRM
- if (true == g_caSslContext->cipherFlag[1] || ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA == g_caSslContext->cipher)
+ // Retrieve the Cert credential from SRM
+ if (true == g_caSslContext->cipherFlag[1])
{
int ret = InitPKIX(adapter);
if (0 != ret)
}
memset(g_cipherSuitesList, 0, sizeof(g_cipherSuitesList));
- if (ADAPTER_CIPHER_MAX != g_caSslContext->cipher)
+ if (SSL_CIPHER_MAX != g_caSslContext->cipher)
{
g_cipherSuitesList[index] = tlsCipher[g_caSslContext->cipher][0];
- index ++;
}
- if (true == g_caSslContext->cipherFlag[1])
+ else
{
- g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
- index ++;
- }
- if (true == g_caSslContext->cipherFlag[0])
+ if (true == g_caSslContext->cipherFlag[1])
{
- g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
+ for (int i = 2; i < SSL_CIPHER_MAX - 2; i++)
+ {
+ g_cipherSuitesList[index] = tlsCipher[i][0];
+ index ++;
+ }
+ }
+ if (true == g_caSslContext->cipherFlag[0])
+ {
+ g_cipherSuitesList[index] = MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
+ }
}
mbedtls_ssl_conf_ciphersuites(config, g_cipherSuitesList);
#endif // __WITH_DTLS__
// set default cipher
- g_caSslContext->cipher = ADAPTER_CIPHER_MAX;
+ g_caSslContext->cipher = SSL_CIPHER_MAX;
// init X.509
mbedtls_x509_crt_init(&g_caSslContext->ca);
SendCacheMessages(peer);
}
- if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 == g_caSslContext->selectedCipher ||
- MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA == g_caSslContext->selectedCipher)
+ if (MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != g_caSslContext->selectedCipher &&
+ MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 != g_caSslContext->selectedCipher)
{
char uuid[UUID_LENGTH * 2 + 5] = {0};
void * uuidPos = NULL;
return;
}
-// if (MAX_SUPPORTED_ADAPTERS > type)
+ switch (type)
{
switch (type)
{
oc_mutex_unlock(g_sslContextMutex);
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
}
+/**
+ * Gets index of the TLS ciphersuite in the SslCipher_t enum.
+ *
+ * @param[in] cipher TLS chiphersuite code
+ *
+ * @return corresponding enum
+ */
-CAResult_t CAsetTlsCipherSuite(const uint32_t cipher)
+static SslCipher_t GetCipherIndex(const uint32_t cipher)
{
- OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
- VERIFY_NON_NULL_RET(g_getCredentialTypesCallback, NET_SSL_TAG, "Param callback is null", CA_STATUS_FAILED);
- g_getCredentialTypesCallback(g_caSslContext->cipherFlag);
switch(cipher)
{
- case MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA:
+ case MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256:
{
-#ifdef __WITH_TLS__
- //todo check that Cred with RSA cert exists
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
- tlsCipher[ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
- tlsCipher[ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA]);
-#endif
-#ifdef __WITH_DTLS__
- //todo check that Cred with RSA cert exists
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientDtlsConf,
- tlsCipher[ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverDtlsConf,
- tlsCipher[ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA]);
-#endif
- g_caSslContext->cipher = ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA;
- break;
+ return SSL_RSA_WITH_AES_256_CBC_SHA256;
}
- case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
+ case MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256:
{
- if (false == g_caSslContext->cipherFlag[1])
- {
- OIC_LOG(ERROR, NET_SSL_TAG, "No Credential for ECC");
- return CA_STATUS_FAILED;
- }
-#ifdef __WITH_TLS__
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
-#endif
-#ifdef __WITH_DTLS__
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientDtlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverDtlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]);
-#endif
- g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
- break;
+ return SSL_RSA_WITH_AES_128_GCM_SHA256;
}
-#ifdef MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256
- case MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256:
+ case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
{
-#ifdef __WITH_TLS__
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
- tlsCipher[ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
- tlsCipher[ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256]);
-#endif
-#ifdef __WITH_DTLS__
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientDtlsConf,
- tlsCipher[ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverDtlsConf,
- tlsCipher[ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256]);
-#endif
- g_caSslContext->cipher = ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256;
- break;
+ return SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
}
-#endif
- case MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
+ case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
{
-#if 0 // PIN OTM
- if (false == g_caSslContext->cipherFlag[0])
- {
- OIC_LOG(ERROR, NET_SSL_TAG, "No Credential for PSK");
- return CA_STATUS_FAILED;
- }
-#endif
-#ifdef __WITH_TLS__
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256]);
-#endif
-#ifdef __WITH_DTLS__
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientDtlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverDtlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256]);
-#endif
- g_caSslContext->cipher = ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
- break;
+ return SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8;
}
case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
{
- if (false == g_caSslContext->cipherFlag[1])
- {
- OIC_LOG(ERROR, NET_SSL_TAG, "No Credential for ECC");
- return CA_STATUS_FAILED;
- }
-#ifdef __WITH_TLS__
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
-#endif
-#ifdef __WITH_DTLS__
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientDtlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverDtlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
-#endif
- g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
- break;
+ return SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
}
case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
{
- if (false == g_caSslContext->cipherFlag[1])
- {
- OIC_LOG(ERROR, NET_SSL_TAG, "No Credential for ECC");
- return CA_STATUS_FAILED;
- }
-#ifdef __WITH_TLS__
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]);
-#endif
-#ifdef __WITH_DTLS__
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientDtlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]);
- mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverDtlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]);
-#endif
- g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
- break;
+ return SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
+ }
+ case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
+ {
+ return SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
+ }
+ case MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+ {
+ return SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
+ }
+ case MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
+ {
+ return SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
+ }
+ case MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
+ {
+ return SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
+ }
+ case MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256:
+ {
+ return SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256;
}
default:
{
- OIC_LOG(ERROR, NET_SSL_TAG, "Unknown cipher");
- return CA_STATUS_FAILED;
+ return SSL_CIPHER_MAX;
}
}
- OIC_LOG_V(DEBUG, NET_SSL_TAG, "Selected cipher: 0x%x", cipher);
+}
+
+CAResult_t CAsetTlsCipherSuite(const uint32_t cipher)
+{
+ OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__);
+ CAResult_t res = CA_STATUS_FAILED;
+ SslCipher_t index = GetCipherIndex(cipher);
+ if (SSL_CIPHER_MAX == index)
+ {
+ OIC_LOG(WARNING, NET_SSL_TAG, "Unknown cipher");
+ }
+ else
+ {
+#ifdef __WITH_TLS__
+ CONF_SSL(&g_caSslContext->clientTlsConf, &g_caSslContext->serverTlsConf,
+ mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
+#endif
+#ifdef __WITH_DTLS__
+ CONF_SSL(&g_caSslContext->clientDtlsConf, &g_caSslContext->serverDtlsConf,
+ mbedtls_ssl_conf_ciphersuites, tlsCipher[index]);
+#endif
+ OIC_LOG_V(DEBUG, NET_SSL_TAG, "Selected cipher: 0x%x", cipher);
+ }
+ g_caSslContext->cipher = index;
+
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
return CA_STATUS_OK;
}
return CA_STATUS_FAILED;
}
- uint8_t keyblock[KEY_BLOCK_LEN] = {0};
+ // keyBlockLen set up according to OIC 1.1 Security Specification Section 7.3.2
+ int macKeyLen;
+ int ivSize;
+ int keySize;
+ int keyBlockLen = 0;
+ if (MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
+ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
+ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher ||
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 == g_caSslContext->selectedCipher)
+ {
+ // 2 * ( 32 + 0 + 16 ) = 96
+ macKeyLen = SHA256_MAC_KEY_LENGTH;
+ ivSize = CBC_IV_LENGTH;
+ keySize = AES128_KEY_LENGTH;
+ }
+ else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM == g_caSslContext->selectedCipher ||
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 == g_caSslContext->selectedCipher)
+ {
+ // 2 * ( 0 + 4 + 16 ) = 40
+ macKeyLen = CCM_MAC_KEY_LENGTH;
+ ivSize = CCM_IV_LENGTH;
+ keySize = AES128_KEY_LENGTH;
+ }
+ else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
+ {
+ // 2 * ( 32 + 12 + 16 ) = 120
+ macKeyLen = SHA256_MAC_KEY_LENGTH;
+ ivSize = GCM_IV_LENGTH;
+ keySize = AES128_KEY_LENGTH;
+ }
+ else if (MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 == g_caSslContext->selectedCipher)
+ {
+ // 2 * ( 32 + 0 + 32 ) = 128
+ macKeyLen = SHA256_MAC_KEY_LENGTH;
+ ivSize = CBC_IV_LENGTH;
+ keySize = AES256_KEY_LENGTH;
+ }
+ else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 == g_caSslContext->selectedCipher)
+ {
+ // 2 * ( 48 + 0 + 32 ) = 160
+ macKeyLen = SHA384_MAC_KEY_LENGTH;
+ ivSize = CBC_IV_LENGTH;
+ keySize = AES256_KEY_LENGTH;
+ }
+ else if (MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 == g_caSslContext->selectedCipher)
+ {
+ // 2 * ( 48 + 12 + 32 ) = 184
+ macKeyLen = SHA384_MAC_KEY_LENGTH;
+ ivSize = GCM_IV_LENGTH;
+ keySize = AES256_KEY_LENGTH;
+ }
+ else if (MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 == g_caSslContext->selectedCipher)
+ {
+ // 2 * ( 48 + 12 + 32 ) = 184
+ macKeyLen = SHA256_MAC_KEY_LENGTH;
+ ivSize = GCM_IV_LENGTH;
+ keySize = AES128_KEY_LENGTH;
+ }
+ keyBlockLen = 2 * (macKeyLen + keySize + ivSize);
+
+ uint8_t * keyblock = (uint8_t *)OICMalloc(keyBlockLen);
+ if (NULL == keyblock)
+ {
+ OIC_LOG(ERROR, NET_SSL_TAG, "Failed to OICMalloc for keyblock");
+ oc_mutex_unlock(g_sslContextMutex);
+ return CA_STATUS_FAILED;
+ }
+
// "key expansion"
uint8_t lab[] = {0x6b, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6e, 0x73, 0x69, 0x6f, 0x6e};
int ret = pHash(tep->master, sizeof(tep->master), lab, sizeof(lab),
(tep->random) + RANDOM_LEN, RANDOM_LEN, tep->random, RANDOM_LEN,
- keyblock, KEY_BLOCK_LEN);
+ keyblock, keyBlockLen);
if (-1 == ret)
{
OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
+ OICFree(keyblock);
oc_mutex_unlock(g_sslContextMutex);
return CA_STATUS_FAILED;
}
- ret = pHash(keyblock, sizeof(keyblock), label, labelLen,
+
+ ret = pHash(keyblock, keyBlockLen, label, labelLen,
rsrcServerDeviceId, rsrcServerDeviceIdLen,
provServerDeviceId, provServerDeviceIdLen,
ownerPsk, ownerPskSize);
if (-1 == ret)
{
OIC_LOG(ERROR, NET_SSL_TAG, "PSK not generated");
+ OICFree(keyblock);
oc_mutex_unlock(g_sslContextMutex);
return CA_STATUS_FAILED;
}
+ OICFree(keyblock);
oc_mutex_unlock(g_sslContextMutex);
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
};
int caCertLen = sizeof(caCert);
-unsigned char control_server_message_ccm[] = {
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM[] = {
0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x43, 0x4d, 0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
};
-int control_server_message_ccm_len = sizeof(control_server_message_ccm);
+int control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM);
-unsigned char control_server_message_ccm8[] = {
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8[] = {
0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x43, 0x4d, 0x2d, 0x38, 0x3c, 0x2f, 0x70, 0x3e, 0x0d,
0x0a
};
-int control_server_message_ccm8_len = sizeof(control_server_message_ccm8);
+int control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8);
-unsigned char control_server_message_cbc[] = {
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256[] = {
0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x42, 0x43, 0x2d, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
- 0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
+ 0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
};
-int control_server_message_cbc_len = sizeof(control_server_message_cbc);
+int control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
+
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256[] = {
+ 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
+ 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
+ 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
+ 0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
+ 0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
+ 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
+ 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+ 0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
+ 0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
+ 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x47, 0x43, 0x4D, 0x2d, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
+ 0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
+};
+int control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA[] = {
+ 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
+ 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
+ 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
+ 0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
+ 0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
+ 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
+ 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+ 0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
+ 0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
+ 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x42, 0x43, 0x2d, 0x53, 0x48, 0x41, 0x3c, 0x2f, 0x70,
+ 0x3e, 0x0d, 0x0a
+};
+int control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
unsigned char control_client_message[] = {
0x47, 0x45, 0x54, 0x20, 0x2f, 0x20, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x0d, 0x0a,
};
int control_client_message_len = sizeof(control_client_message);
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384[] = {
+ 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
+ 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
+ 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
+ 0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
+ 0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
+ 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
+ 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+ 0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
+ 0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
+ 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, 0x43, 0x42, 0x43, 0x2d, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34,
+ 0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
+};
+int control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+
+unsigned char control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384[] = {
+ 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d,
+ 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74,
+ 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e,
+ 0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65,
+ 0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20,
+ 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63,
+ 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f,
+ 0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44,
+ 0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45,
+ 0x53, 0x2d, 0x32, 0x35, 0x36, 0x2d, 0x47, 0x43, 0x4D, 0x2d, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34,
+ 0x3c, 0x2f, 0x70, 0x3e, 0x0d, 0x0a
+};
+int control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_len = sizeof(control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
+
static void error(const char *msg)
{
perror(msg);
// CAsetTlsCipherSuite
mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
+ tlsCipher[SSL_ECDHE_ECDSA_WITH_AES_128_CCM]);
mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
- g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
+ tlsCipher[SSL_ECDHE_ECDSA_WITH_AES_128_CCM]);
+ g_caSslContext->cipher = SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
CAsetPskCredentialsCallback(GetDtlsPskCredentials);
{
CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
}
- if (*((int*)arg) == 1)
+ else if (*((int*)arg) == 1)
{
CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
}
{
CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
}
+ else if (*((int*)arg) == 3)
+ {
+ CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+ }
+ else if (*((int*)arg) == 4)
+ {
+ CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+ }
+ else if (*((int*)arg) == 5)
+ {
+ CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
+ }
+
CAsetPskCredentialsCallback(GetDtlsPskCredentials);
socketConnect();
if (*((int*)arg) == 0)
{
- if (control_server_message_ccm_len == msglen && memcmp(msg, control_server_message_ccm, control_server_message_ccm_len) == 0)
+ if (control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_len == msglen &&
+ memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM,
+ control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_len) == 0)
{
ret = 0;
}
}
if (*((int*)arg) == 1)
{
- if (control_server_message_ccm8_len == msglen && memcmp(msg, control_server_message_ccm8, control_server_message_ccm8_len) == 0)
+ if (control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8_len == msglen &&
+ memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_8_len) == 0)
{
ret = 0;
}
}
else if (*((int*)arg) == 2)
{
- if (control_server_message_cbc_len == msglen && memcmp(msg, control_server_message_cbc, control_server_message_cbc_len) == 0)
+ if (control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_len == msglen &&
+ memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ control_server_message_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_len) == 0)
+ {
+ ret = 0;
+ }
+ else
+ {
+ ret = 1;
+ }
+ }
+ else if (*((int*)arg) == 3)
+ {
+ if (control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_len == msglen &&
+ memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ control_server_message_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_len) == 0)
+ {
+ ret = 0;
+ }
+ else
+ {
+ ret = 1;
+ }
+ }
+ else if (*((int*)arg) == 4)
+ {
+ if (control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_len == msglen &&
+ memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ control_server_message_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_len) == 0)
+ {
+ ret = 0;
+ }
+ else
+ {
+ ret = 1;
+ }
+ }
+ else if (*((int*)arg) == 5)
+ {
+ if (control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_len == msglen &&
+ memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ control_server_message_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_len) == 0)
{
ret = 0;
}
EXPECT_EQ(0, arg);
}
+// CAencryptSsl()
+TEST(TLSAdaper, Test_4_3)
+{
+ pthread_t thread1, thread2;
+ int ret = 0;
+ int arg = 3;
+
+ ret = pthread_create( &thread1, NULL, server, (void*) NULL);
+ if(ret)
+ {
+ fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+ exit(EXIT_FAILURE);
+ }
+
+ sleep(5);
+
+ ret = pthread_create( &thread2, NULL, testCAencryptSsl, &arg);
+ if(ret)
+ {
+ fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+ exit(EXIT_FAILURE);
+ }
+
+ sleep(5);
+
+ EXPECT_EQ(0, arg);
+}
+
+// CAencryptSsl()
+TEST(TLSAdaper, Test_4_4)
+{
+ pthread_t thread1, thread2;
+ int ret = 0;
+ int arg = 4;
+
+ ret = pthread_create( &thread1, NULL, server, (void*) NULL);
+ if(ret)
+ {
+ fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+ exit(EXIT_FAILURE);
+ }
+
+ sleep(5);
+
+ ret = pthread_create( &thread2, NULL, testCAencryptSsl, &arg);
+ if(ret)
+ {
+ fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+ exit(EXIT_FAILURE);
+ }
+
+ sleep(5);
+
+ EXPECT_EQ(0, arg);
+}
+
+TEST(TLSAdaper, Test_4_5)
+{
+ pthread_t thread1, thread2;
+ int ret = 0;
+ int arg = 5;
+
+ ret = pthread_create( &thread1, NULL, server, (void*) NULL);
+ if(ret)
+ {
+ fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+ exit(EXIT_FAILURE);
+ }
+
+ sleep(5);
+
+ ret = pthread_create( &thread2, NULL, testCAencryptSsl, &arg);
+ if(ret)
+ {
+ fprintf(stderr,"Error - pthread_create() return code: %d\n", ret);
+ exit(EXIT_FAILURE);
+ }
+
+ sleep(5);
+
+ EXPECT_EQ(0, arg);
+}
+
/* **************************
*
*
socketClose();
- if (control_server_message_ccm_len == msglen && memcmp(msg, control_server_message_ccm,
- control_server_message_ccm_len) == 0)
+ if (control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_len == msglen &&
+ memcmp(msg, control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM,
+ control_server_message_ECDHE_ECDSA_WITH_AES_128_CCM_len) == 0)
{
*((int*)arg) = 0;
return NULL;
// CAsetTlsCipherSuite
mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
+ tlsCipher[SSL_ECDHE_ECDSA_WITH_AES_128_CCM]);
mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf,
- tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM]);
- g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
+ tlsCipher[SSL_ECDHE_ECDSA_WITH_AES_128_CCM]);
+ g_caSslContext->cipher = SSL_ECDHE_ECDSA_WITH_AES_128_CCM;
CAdeinitSslAdapter();
// CAsetCredentialTypesCallback
g_getCredentialTypesCallback = clutch;
- status = CAsetTlsCipherSuite(MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA);
- if (ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA != g_caSslContext->cipher || status != CA_STATUS_OK)
+ status = CAsetTlsCipherSuite(MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256);
+ if (SSL_RSA_WITH_AES_256_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+ {
+ ret += 1;
+ }
+
+ status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+ if (SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+ {
+ ret += 1;
+ }
+ status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
+ if (SSL_ECDHE_ECDSA_WITH_AES_128_CCM_8 != g_caSslContext->cipher || status != CA_STATUS_OK)
{
ret += 1;
}
status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
- if (ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM != g_caSslContext->cipher || status != CA_STATUS_OK)
+ if (SSL_ECDHE_ECDSA_WITH_AES_128_CCM != g_caSslContext->cipher || status != CA_STATUS_OK)
{
ret += 1;
}
status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
- if (ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+ if (SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
{
ret += 1;
}
- status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256);
- if (ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+ status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
+ if (SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 != g_caSslContext->cipher || status != CA_STATUS_OK)
+ {
+ ret += 1;
+ }
+
+ status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
+ if (SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 != g_caSslContext->cipher || status != CA_STATUS_OK)
{
ret += 1;
}
status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
- if (ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+ if (SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
+ {
+ ret += 1;
+ }
+
+ status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256);
+ if (SSL_ECDH_ANON_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK)
{
ret += 1;
}
// CAsetCredentialTypesCallback
g_getCredentialTypesCallback = clutch;
- CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
+ CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
CAsetPskCredentialsCallback(GetDtlsPskCredentials);