mirror of https://github.com/wolfSSL/wolfssl
Added support for an anonymous cipher suite (#1267)
* Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 * Added test cases for verification of anonymous cipher suite
This commit is contained in:
parent
853756a73c
commit
7d425a5ce6
|
@ -1605,8 +1605,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||
if (useAnon) {
|
||||
#ifdef HAVE_ANON
|
||||
if (cipherList == NULL || (cipherList && useDefCipherList)) {
|
||||
const char* defaultCipherList;
|
||||
wolfSSL_CTX_allow_anon_cipher(ctx);
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA")
|
||||
defaultCipherList = "ADH-AES256-GCM-SHA384:"
|
||||
"ADH-AES128-SHA";
|
||||
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
|
||||
!= WOLFSSL_SUCCESS) {
|
||||
wolfSSL_CTX_free(ctx);
|
||||
err_sys("client can't set cipher list 4");
|
||||
|
|
|
@ -1149,7 +1149,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||
#ifdef HAVE_ANON
|
||||
CyaSSL_CTX_allow_anon_cipher(ctx);
|
||||
if (cipherList == NULL || (cipherList && useDefCipherList)) {
|
||||
if (SSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA") != WOLFSSL_SUCCESS)
|
||||
const char* defaultCipherList;
|
||||
defaultCipherList = "ADH-AES256-GCM-SHA384:"
|
||||
"ADH-AES128-SHA";
|
||||
if (SSL_CTX_set_cipher_list(ctx, defaultCipherList)
|
||||
!= WOLFSSL_SUCCESS)
|
||||
err_sys_ex(runWithErrors, "server can't set cipher list 4");
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -2022,6 +2022,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
||||
if (tls1_2 && haveDH) {
|
||||
suites->suites[idx++] = 0;
|
||||
suites->suites[idx++] = TLS_DH_anon_WITH_AES_256_GCM_SHA384;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
|
||||
if (tls1_2 && haveDH && havePSK) {
|
||||
suites->suites[idx++] = 0;
|
||||
|
@ -7451,6 +7458,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
|
|||
if (requirement == REQUIRES_DHE)
|
||||
return 1;
|
||||
break;
|
||||
case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
|
||||
if (requirement == REQUIRES_DHE)
|
||||
return 1;
|
||||
break;
|
||||
#endif
|
||||
#ifdef WOLFSSL_MULTICAST
|
||||
case WDM_WITH_NULL_SHA256 :
|
||||
|
@ -15613,6 +15624,10 @@ static const char* const cipher_names[] =
|
|||
"ADH-AES128-SHA",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
||||
"ADH-AES256-GCM-SHA384",
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_QSH
|
||||
"QSH",
|
||||
#endif
|
||||
|
@ -16082,6 +16097,10 @@ static const int cipher_name_idx[] =
|
|||
TLS_DH_anon_WITH_AES_128_CBC_SHA,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
||||
TLS_DH_anon_WITH_AES_256_GCM_SHA384,
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_QSH
|
||||
TLS_QSH,
|
||||
#endif
|
||||
|
@ -16644,6 +16663,12 @@ const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite,
|
|||
case TLS_DH_anon_WITH_AES_128_CBC_SHA :
|
||||
return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
||||
case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
|
||||
return "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_WDM_WITH_NULL_SHA256
|
||||
case WDM_WITH_NULL_SHA256 :
|
||||
return "WDM_WITH_NULL_SHA256";
|
||||
|
|
19
src/keys.c
19
src/keys.c
|
@ -1416,6 +1416,25 @@ int SetCipherSpecs(WOLFSSL* ssl)
|
|||
ssl->options.usingPSK_cipher = 1;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
||||
case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
|
||||
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
|
||||
ssl->specs.cipher_type = aead;
|
||||
ssl->specs.mac_algorithm = sha384_mac;
|
||||
ssl->specs.kea = diffie_hellman_kea;
|
||||
ssl->specs.sig_algo = anonymous_sa_algo;
|
||||
ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
|
||||
ssl->specs.pad_size = PAD_SHA;
|
||||
ssl->specs.static_ecdh = 0;
|
||||
ssl->specs.key_size = AES_256_KEY_SIZE;
|
||||
ssl->specs.block_size = AES_BLOCK_SIZE;
|
||||
ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
|
||||
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
|
||||
|
||||
ssl->options.usingAnon_cipher = 1;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
|
||||
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
|
||||
|
|
|
@ -2048,6 +2048,36 @@
|
|||
-v 1
|
||||
-l ADH-AES128-SHA
|
||||
|
||||
# server TLSv1.2 ADH-AES256-GCM-SHA384
|
||||
-a
|
||||
-v 3
|
||||
-l ADH-AES256-GCM-SHA384
|
||||
|
||||
# client TLSv1.2 ADH-AES256-GCM-SHA384
|
||||
-a
|
||||
-v 3
|
||||
-l ADH-AES256-GCM-SHA384
|
||||
|
||||
# server TLSv1.1 ADH-AES256-GCM-SHA384
|
||||
-a
|
||||
-v 2
|
||||
-l ADH-AES256-GCM-SHA384
|
||||
|
||||
# client TLSv1.1 ADH-AES256-GCM-SHA384
|
||||
-a
|
||||
-v 2
|
||||
-l ADH-AES256-GCM-SHA384
|
||||
|
||||
# server TLSv1.0 ADH-AES256-GCM-SHA384
|
||||
-a
|
||||
-v 1
|
||||
-l ADH-AES256-GCM-SHA384
|
||||
|
||||
# client TLSv1.0 ADH-AES256-GCM-SHA384
|
||||
-a
|
||||
-v 1
|
||||
-l ADH-AES256-GCM-SHA384
|
||||
|
||||
# server TLSv1 NTRU_RC4
|
||||
-v 1
|
||||
-l NTRU-RC4-SHA
|
||||
|
|
|
@ -463,6 +463,10 @@
|
|||
#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
|
||||
!defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
|
||||
#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
|
||||
|
||||
#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
|
||||
#define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
|
||||
|
@ -913,6 +917,7 @@ enum {
|
|||
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
|
||||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
|
||||
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
|
||||
TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7,
|
||||
TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
|
||||
TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
|
||||
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
|
||||
|
|
Loading…
Reference in New Issue