add optional null cipher support for PSK
This commit is contained in:
parent
32dd1ab006
commit
346a52a58c
@ -160,6 +160,10 @@ void c32to24(word32 in, word24 out);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(NO_TLS) && !defined(NO_PSK) && defined(HAVE_NULL_CIPHER)
|
||||
#define BUILD_TLS_PSK_WITH_NULL_SHA
|
||||
#endif
|
||||
|
||||
#if !defined(NO_HC128) && !defined(NO_TLS)
|
||||
#define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
|
||||
#define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
|
||||
@ -267,6 +271,7 @@ enum {
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
|
||||
TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
|
||||
TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
|
||||
TLS_PSK_WITH_NULL_SHA = 0x2c,
|
||||
SSL_RSA_WITH_RC4_128_SHA = 0x05,
|
||||
SSL_RSA_WITH_RC4_128_MD5 = 0x04,
|
||||
SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
|
||||
|
@ -842,6 +842,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
|
||||
if (tls & havePSK) {
|
||||
suites->suites[idx++] = 0;
|
||||
suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
|
||||
if (haveRSA ) {
|
||||
suites->suites[idx++] = 0;
|
||||
@ -2784,6 +2791,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NULL_CIPHER
|
||||
case cipher_null:
|
||||
break;
|
||||
#endif
|
||||
|
||||
default:
|
||||
CYASSL_MSG("CyaSSL Encrypt programming error");
|
||||
return ENCRYPT_ERROR;
|
||||
@ -2862,6 +2874,11 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NULL_CIPHER
|
||||
case cipher_null:
|
||||
break;
|
||||
#endif
|
||||
|
||||
default:
|
||||
CYASSL_MSG("CyaSSL Decrypt programming error");
|
||||
return DECRYPT_ERROR;
|
||||
@ -4427,6 +4444,10 @@ const char* const cipher_names[] =
|
||||
"PSK-AES256-CBC-SHA",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
|
||||
"PSK-NULL-SHA",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
|
||||
"HC128-MD5",
|
||||
#endif
|
||||
@ -4627,6 +4648,10 @@ int cipher_name_idx[] =
|
||||
TLS_PSK_WITH_AES_256_CBC_SHA,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
|
||||
TLS_PSK_WITH_NULL_SHA,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
|
||||
TLS_RSA_WITH_HC_128_CBC_MD5,
|
||||
#endif
|
||||
@ -6691,6 +6716,11 @@ int SetCipherList(Suites* s, const char* list)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_PSK_WITH_NULL_SHA :
|
||||
if (requirement == REQUIRES_PSK)
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
if (requirement == REQUIRES_RSA)
|
||||
return 1;
|
||||
|
24
src/keys.c
24
src/keys.c
@ -666,6 +666,23 @@ int SetCipherSpecs(CYASSL* ssl)
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
|
||||
case TLS_PSK_WITH_NULL_SHA :
|
||||
ssl->specs.bulk_cipher_algorithm = cipher_null;
|
||||
ssl->specs.cipher_type = stream;
|
||||
ssl->specs.mac_algorithm = sha_mac;
|
||||
ssl->specs.kea = psk_kea;
|
||||
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = 0;
|
||||
ssl->specs.block_size = 0;
|
||||
ssl->specs.iv_size = 0;
|
||||
|
||||
ssl->options.usingPSK_cipher = 1;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
|
||||
ssl->specs.bulk_cipher_algorithm = aes;
|
||||
@ -1077,6 +1094,13 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NULL_CIPHER
|
||||
if (specs->bulk_cipher_algorithm == cipher_null) {
|
||||
enc->setup = 1;
|
||||
dec->setup = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
keys->sequence_number = 0;
|
||||
keys->peer_sequence_number = 0;
|
||||
keys->encryptionOn = 0;
|
||||
|
@ -270,6 +270,15 @@ int SuiteTest(void)
|
||||
printf("error from script %d\n", args.return_code);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#ifdef HAVE_NULL_CIPHER
|
||||
strcpy(argv0[1], "tests/test-psk-null.conf");
|
||||
printf("starting psk extra null cipher suite tests\n");
|
||||
test_harness(&args);
|
||||
if (args.return_code != 0) {
|
||||
printf("error from script %d\n", args.return_code);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NTRU
|
||||
|
30
tests/test-psk-null.conf
Normal file
30
tests/test-psk-null.conf
Normal file
@ -0,0 +1,30 @@
|
||||
# server TLSv1.0 PSK-NULL
|
||||
-s
|
||||
-v 1
|
||||
-l PSK-NULL-SHA
|
||||
|
||||
# client TLSv1.0 PSK-NULL
|
||||
-s
|
||||
-v 1
|
||||
-l PSK-NULL-SHA
|
||||
|
||||
# server TLSv1.1 PSK-NULL
|
||||
-s
|
||||
-v 2
|
||||
-l PSK-NULL-SHA
|
||||
|
||||
# client TLSv1.1 PSK-NULL
|
||||
-s
|
||||
-v 2
|
||||
-l PSK-NULL-SHA
|
||||
|
||||
# server TLSv1.2 PSK-NULL
|
||||
-s
|
||||
-v 3
|
||||
-l PSK-NULL-SHA
|
||||
|
||||
# client TLSv1.2 PSK-NULL
|
||||
-s
|
||||
-v 3
|
||||
-l PSK-NULL-SHA
|
||||
|
Loading…
Reference in New Issue
Block a user