Merged ECDHE-PSK ciphersuites

2025-10-31 21:50:31 +03:00 · 2013-10-15 12:44:23 +02:00
parent bbc1007c50 057e0cf263
commit 376e8153a0
11 changed files with 598 additions and 229 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -195,15 +195,18 @@
 *      TLS_RSA_WITH_NULL_SHA
 *      TLS_RSA_WITH_NULL_SHA256
 *      TLS_ECDHE_RSA_WITH_NULL_SHA
- *      TLS_PSK_WITH_NULL
- *      TLS_PSK_WITH_NULL256
- *      TLS_PSK_WITH_NULL384
- *      TLS_DHE_PSK_WITH_NULL
- *      TLS_DHE_PSK_WITH_NULL256
- *      TLS_DHE_PSK_WITH_NULL384
- *      TLS_RSA_PSK_WITH_NULL
- *      TLS_RSA_PSK_WITH_NULL256
- *      TLS_RSA_PSK_WITH_NULL384
+ *      TLS_PSK_WITH_NULL_SHA
+ *      TLS_PSK_WITH_NULL_SHA256
+ *      TLS_PSK_WITH_NULL_SHA384
+ *      TLS_DHE_PSK_WITH_NULL_SHA
+ *      TLS_DHE_PSK_WITH_NULL_SHA256
+ *      TLS_DHE_PSK_WITH_NULL_SHA384
+ *      TLS_RSA_PSK_WITH_NULL_SHA
+ *      TLS_RSA_PSK_WITH_NULL_SHA256
+ *      TLS_RSA_PSK_WITH_NULL_SHA384
+ *      TLS_ECDHE_PSK_WITH_NULL_SHA
+ *      TLS_ECDHE_PSK_WITH_NULL_SHA256
+ *      TLS_ECDHE_PSK_WITH_NULL_SHA384
 *
 * Uncomment this macro to enable the NULL cipher and ciphersuites
 */
@@ -294,6 +297,26 @@
 */
 #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED

+/**
+ * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: POLARSSL_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ *      TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ */
+#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
 /**
 * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
 *
@@ -1754,6 +1777,11 @@
 #error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
 #endif

+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
+    !defined(POLARSSL_ECDH_C)
+#error "POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
    ( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) ||           \
      !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )