Hello,
I'm really happy to announce that I managed to implement TLS(1.2, 1.1, 1.0) with tomcrypt, with no extra dependencies. AES (CBC + GCM), RSA, ECC work just fine. I even managed to define a custom curve (secp256r1). The only two problems I've had:
- DH, but I've modified the tomcrypt code accept custom prime and generator.
- RSA signature verification using md5+sha1 (TLS 1.1 and older). Tomcrypt supports md5, sha1, but not both at the same time. Same as with DH, modified the function.
The library is implemented into a single C-file, public domain, and can be downloaded from here:
https://github.com/eduardsui/tlslayer.
It scores A on the
ssllabs.com ssl test page, thanks to libtomcrypt :).
It also supports certificate chain validation.
Tomcrypt rules! :)
Implemented ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384