mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added support for an anonymous cipher suite (#1267) 

* Added support for cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384
* Added test cases for verification of anonymous cipher suite
This commit is contained in:
thivyaashok 2018-04-20 10:35:37 -07:00 committed by David Garske
parent 853756a73c
commit 7d425a5ce6
6 changed files with 88 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
examples/client/client.c
View File

@ -1605,8 +1605,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (useAnon) {
#ifdef HAVE_ANON
if (cipherList == NULL || (cipherList && useDefCipherList)) {
const char* defaultCipherList;
wolfSSL_CTX_allow_anon_cipher(ctx);
if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA")
defaultCipherList = "ADH-AES256-GCM-SHA384:"
"ADH-AES128-SHA";
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx);
err_sys("client can't set cipher list 4");

6
examples/server/server.c
View File

@ -1149,7 +1149,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_ANON
CyaSSL_CTX_allow_anon_cipher(ctx);
if (cipherList == NULL || (cipherList && useDefCipherList)) {
if (SSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA") != WOLFSSL_SUCCESS)
const char* defaultCipherList;
defaultCipherList = "ADH-AES256-GCM-SHA384:"
"ADH-AES128-SHA";
if (SSL_CTX_set_cipher_list(ctx, defaultCipherList)
!= WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "server can't set cipher list 4");
}
#endif

25
src/internal.c
View File

@ -2022,6 +2022,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
}
#endif
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
if (tls1_2 && haveDH) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_DH_anon_WITH_AES_256_GCM_SHA384;
}
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
if (tls1_2 && haveDH && havePSK) {
suites->suites[idx++] = 0;
@ -7451,6 +7458,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
if (requirement == REQUIRES_DHE)
return 1;
break;
case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
if (requirement == REQUIRES_DHE)
return 1;
break;
#endif
#ifdef WOLFSSL_MULTICAST
case WDM_WITH_NULL_SHA256 :
@ -15613,6 +15624,10 @@ static const char* const cipher_names[] =
"ADH-AES128-SHA",
#endif
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
"ADH-AES256-GCM-SHA384",
#endif
#ifdef BUILD_TLS_QSH
"QSH",
#endif
@ -16082,6 +16097,10 @@ static const int cipher_name_idx[] =
TLS_DH_anon_WITH_AES_128_CBC_SHA,
#endif
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
TLS_DH_anon_WITH_AES_256_GCM_SHA384,
#endif
#ifdef BUILD_TLS_QSH
TLS_QSH,
#endif
@ -16644,6 +16663,12 @@ const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite,
case TLS_DH_anon_WITH_AES_128_CBC_SHA :
return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
#endif
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
return "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
#endif
#ifdef BUILD_WDM_WITH_NULL_SHA256
case WDM_WITH_NULL_SHA256 :
return "WDM_WITH_NULL_SHA256";

19
src/keys.c
View File

@ -1416,6 +1416,25 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = diffie_hellman_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = WC_SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AESGCM_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingAnon_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :

30
tests/test.conf
View File

@ -2048,6 +2048,36 @@
-v 1
-l ADH-AES128-SHA
# server TLSv1.2 ADH-AES256-GCM-SHA384
-a
-v 3
-l ADH-AES256-GCM-SHA384
# client TLSv1.2 ADH-AES256-GCM-SHA384
-a
-v 3
-l ADH-AES256-GCM-SHA384
# server TLSv1.1 ADH-AES256-GCM-SHA384
-a
-v 2
-l ADH-AES256-GCM-SHA384
# client TLSv1.1 ADH-AES256-GCM-SHA384
-a
-v 2
-l ADH-AES256-GCM-SHA384
# server TLSv1.0 ADH-AES256-GCM-SHA384
-a
-v 1
-l ADH-AES256-GCM-SHA384
# client TLSv1.0 ADH-AES256-GCM-SHA384
-a
-v 1
-l ADH-AES256-GCM-SHA384
# server TLSv1 NTRU_RC4
-v 1
-l NTRU-RC4-SHA

5
wolfssl/internal.h
View File

@ -463,6 +463,10 @@
#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
!defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
#define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
#endif
#endif
#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
@ -913,6 +917,7 @@ enum {
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7,
TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,