add optional null cipher support for PSK

This commit is contained in:
John Safranek 2012-10-19 10:37:21 -07:00
parent 32dd1ab006
commit 346a52a58c
5 changed files with 98 additions and 0 deletions

View File

@ -160,6 +160,10 @@ void c32to24(word32 in, word24 out);
#endif
#endif
#if !defined(NO_TLS) && !defined(NO_PSK) && defined(HAVE_NULL_CIPHER)
#define BUILD_TLS_PSK_WITH_NULL_SHA
#endif
#if !defined(NO_HC128) && !defined(NO_TLS)
#define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
#define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
@ -267,6 +271,7 @@ enum {
TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
TLS_PSK_WITH_NULL_SHA = 0x2c,
SSL_RSA_WITH_RC4_128_SHA = 0x05,
SSL_RSA_WITH_RC4_128_MD5 = 0x04,
SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,

View File

@ -842,6 +842,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
}
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
if (tls & havePSK) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA;
}
#endif
#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
if (haveRSA ) {
suites->suites[idx++] = 0;
@ -2784,6 +2791,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
break;
#endif
#ifdef HAVE_NULL_CIPHER
case cipher_null:
break;
#endif
default:
CYASSL_MSG("CyaSSL Encrypt programming error");
return ENCRYPT_ERROR;
@ -2862,6 +2874,11 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
break;
#endif
#ifdef HAVE_NULL_CIPHER
case cipher_null:
break;
#endif
default:
CYASSL_MSG("CyaSSL Decrypt programming error");
return DECRYPT_ERROR;
@ -4427,6 +4444,10 @@ const char* const cipher_names[] =
"PSK-AES256-CBC-SHA",
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
"PSK-NULL-SHA",
#endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
"HC128-MD5",
#endif
@ -4627,6 +4648,10 @@ int cipher_name_idx[] =
TLS_PSK_WITH_AES_256_CBC_SHA,
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
TLS_PSK_WITH_NULL_SHA,
#endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
TLS_RSA_WITH_HC_128_CBC_MD5,
#endif
@ -6691,6 +6716,11 @@ int SetCipherList(Suites* s, const char* list)
return 1;
break;
case TLS_PSK_WITH_NULL_SHA :
if (requirement == REQUIRES_PSK)
return 1;
break;
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
if (requirement == REQUIRES_RSA)
return 1;

View File

@ -666,6 +666,23 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
case TLS_PSK_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = psk_kea;
ssl->specs.hash_size = SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = aes;
@ -1077,6 +1094,13 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
#endif
#ifdef HAVE_NULL_CIPHER
if (specs->bulk_cipher_algorithm == cipher_null) {
enc->setup = 1;
dec->setup = 1;
}
#endif
keys->sequence_number = 0;
keys->peer_sequence_number = 0;
keys->encryptionOn = 0;

View File

@ -270,6 +270,15 @@ int SuiteTest(void)
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#ifdef HAVE_NULL_CIPHER
strcpy(argv0[1], "tests/test-psk-null.conf");
printf("starting psk extra null cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#endif
#ifdef HAVE_NTRU

30
tests/test-psk-null.conf Normal file
View File

@ -0,0 +1,30 @@
# server TLSv1.0 PSK-NULL
-s
-v 1
-l PSK-NULL-SHA
# client TLSv1.0 PSK-NULL
-s
-v 1
-l PSK-NULL-SHA
# server TLSv1.1 PSK-NULL
-s
-v 2
-l PSK-NULL-SHA
# client TLSv1.1 PSK-NULL
-s
-v 2
-l PSK-NULL-SHA
# server TLSv1.2 PSK-NULL
-s
-v 3
-l PSK-NULL-SHA
# client TLSv1.2 PSK-NULL
-s
-v 3
-l PSK-NULL-SHA