* Initial crack at TLS 1.2 client side only (server side is seriously broken).

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@263 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

Author: cameronrich

crypto/crypto.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2015, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -200,6 +200,8 @@ void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
         int key_len, uint8_t *digest);
 void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
         int key_len, uint8_t *digest);
+void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
 
 /**************************************************************************
  * RSA declarations 

crypto/hmac.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -103,3 +103,37 @@ void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
     SHA1_Update(&context, digest, SHA1_SIZE);
     SHA1_Final(digest, &context);
 }
+
+/**
+ * Perform HMAC-SHA256
+ * NOTE: does not handle keys larger than the block size.
+ */
+void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    SHA256_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    SHA256_Init(&context);
+    SHA256_Update(&context, k_ipad, 64);
+    SHA256_Update(&context, msg, length);
+    SHA256_Final(digest, &context);
+    SHA256_Init(&context);
+    SHA256_Update(&context, k_opad, 64);
+    SHA256_Update(&context, digest, SHA256_SIZE);
+    SHA256_Final(digest, &context);
+}
+

ssl/ssl.h

@@ -97,6 +97,7 @@ extern "C" {
 #define SSL_ERROR_INVALID_PROT_MSG              -261
 #define SSL_ERROR_INVALID_HMAC                  -262
 #define SSL_ERROR_INVALID_VERSION               -263
+#define SSL_ERROR_UNSUPPORTED_EXTENSION         -264
 #define SSL_ERROR_INVALID_SESSION               -265
 #define SSL_ERROR_NO_CIPHER                     -266
 #define SSL_ERROR_BAD_CERTIFICATE               -268
@@ -128,12 +129,13 @@ extern "C" {
 #define SSL_ALERT_DECRYPT_ERROR                 51
 #define SSL_ALERT_INVALID_VERSION               70
 #define SSL_ALERT_NO_RENEGOTIATION              100
+#define SSL_ALERT_UNSUPPORTED_EXTENSION         110
 
 /* The ciphers that are supported */
 #define SSL_AES128_SHA                          0x2f
 #define SSL_AES256_SHA                          0x35
-#define SSL_RC4_128_SHA                         0x05
-#define SSL_RC4_128_MD5                         0x04
+#define SSL_AES128_SHA256                       0x3c
+#define SSL_AES256_SHA256                       0x3d
 
 /* build mode ids' */
 #define SSL_BUILD_SKELETON_MODE                 0x01