add optional null cipher support for RSA
This commit is contained in:
parent
a5d7a3ea8f
commit
a92b639155
@ -160,8 +160,12 @@ void c32to24(word32 in, word24 out);
|
|||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(NO_TLS) && !defined(NO_PSK) && defined(HAVE_NULL_CIPHER)
|
#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
|
||||||
|
#define BUILD_TLS_RSA_WITH_NULL_SHA
|
||||||
|
#define BUILD_TLS_RSA_WITH_NULL_SHA256
|
||||||
|
#if !defined(NO_PSK)
|
||||||
#define BUILD_TLS_PSK_WITH_NULL_SHA
|
#define BUILD_TLS_PSK_WITH_NULL_SHA
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(NO_HC128) && !defined(NO_TLS)
|
#if !defined(NO_HC128) && !defined(NO_TLS)
|
||||||
@ -269,6 +273,7 @@ enum {
|
|||||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
|
||||||
TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
|
TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
|
||||||
TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
|
TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
|
||||||
|
TLS_RSA_WITH_NULL_SHA = 0x02,
|
||||||
TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
|
TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
|
||||||
TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
|
TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
|
||||||
TLS_PSK_WITH_NULL_SHA = 0x2c,
|
TLS_PSK_WITH_NULL_SHA = 0x2c,
|
||||||
@ -312,6 +317,7 @@ enum {
|
|||||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
|
||||||
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
|
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
|
||||||
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
|
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
|
||||||
|
TLS_RSA_WITH_NULL_SHA256 = 0x3b,
|
||||||
|
|
||||||
/* AES-GCM */
|
/* AES-GCM */
|
||||||
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
|
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
|
||||||
|
@ -828,6 +828,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
|
||||||
|
if (tls && haveRSA) {
|
||||||
|
suites->suites[idx++] = 0;
|
||||||
|
suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
|
||||||
|
if (tls && haveRSA) {
|
||||||
|
suites->suites[idx++] = 0;
|
||||||
|
suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
|
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
|
||||||
if (tls && havePSK) {
|
if (tls && havePSK) {
|
||||||
suites->suites[idx++] = 0;
|
suites->suites[idx++] = 0;
|
||||||
@ -4428,6 +4442,14 @@ const char* const cipher_names[] =
|
|||||||
"AES256-SHA",
|
"AES256-SHA",
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
|
||||||
|
"NULL-SHA",
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
|
||||||
|
"NULL-SHA256",
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
||||||
"DHE-RSA-AES128-SHA",
|
"DHE-RSA-AES128-SHA",
|
||||||
#endif
|
#endif
|
||||||
@ -4632,6 +4654,14 @@ int cipher_name_idx[] =
|
|||||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
|
||||||
|
TLS_RSA_WITH_NULL_SHA,
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
|
||||||
|
TLS_RSA_WITH_NULL_SHA256,
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
||||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||||
#endif
|
#endif
|
||||||
@ -6701,6 +6731,12 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
return 1;
|
return 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case TLS_RSA_WITH_NULL_SHA :
|
||||||
|
case TLS_RSA_WITH_NULL_SHA256 :
|
||||||
|
if (requirement == REQUIRES_RSA)
|
||||||
|
return 1;
|
||||||
|
break;
|
||||||
|
|
||||||
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
|
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
|
||||||
if (requirement == REQUIRES_NTRU)
|
if (requirement == REQUIRES_NTRU)
|
||||||
return 1;
|
return 1;
|
||||||
|
32
src/keys.c
32
src/keys.c
@ -568,6 +568,38 @@ int SetCipherSpecs(CYASSL* ssl)
|
|||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
|
||||||
|
case TLS_RSA_WITH_NULL_SHA :
|
||||||
|
ssl->specs.bulk_cipher_algorithm = cipher_null;
|
||||||
|
ssl->specs.cipher_type = stream;
|
||||||
|
ssl->specs.mac_algorithm = sha_mac;
|
||||||
|
ssl->specs.kea = rsa_kea;
|
||||||
|
ssl->specs.hash_size = SHA_DIGEST_SIZE;
|
||||||
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
|
ssl->specs.key_size = 0;
|
||||||
|
ssl->specs.block_size = 0;
|
||||||
|
ssl->specs.iv_size = 0;
|
||||||
|
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
|
||||||
|
case TLS_RSA_WITH_NULL_SHA256 :
|
||||||
|
ssl->specs.bulk_cipher_algorithm = cipher_null;
|
||||||
|
ssl->specs.cipher_type = stream;
|
||||||
|
ssl->specs.mac_algorithm = sha256_mac;
|
||||||
|
ssl->specs.kea = rsa_kea;
|
||||||
|
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
|
||||||
|
ssl->specs.pad_size = PAD_SHA;
|
||||||
|
ssl->specs.static_ecdh = 0;
|
||||||
|
ssl->specs.key_size = 0;
|
||||||
|
ssl->specs.block_size = 0;
|
||||||
|
ssl->specs.iv_size = 0;
|
||||||
|
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
|
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
|
||||||
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
|
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
|
||||||
ssl->specs.bulk_cipher_algorithm = aes;
|
ssl->specs.bulk_cipher_algorithm = aes;
|
||||||
|
@ -5289,6 +5289,10 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||||||
return "TLS_RSA_WITH_AES_128_CBC_SHA256";
|
return "TLS_RSA_WITH_AES_128_CBC_SHA256";
|
||||||
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
|
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
|
||||||
return "TLS_RSA_WITH_AES_256_CBC_SHA256";
|
return "TLS_RSA_WITH_AES_256_CBC_SHA256";
|
||||||
|
case TLS_RSA_WITH_NULL_SHA :
|
||||||
|
return "TLS_RSA_WITH_NULL_SHA";
|
||||||
|
case TLS_RSA_WITH_NULL_SHA256 :
|
||||||
|
return "TLS_RSA_WITH_NULL_SHA256";
|
||||||
case TLS_PSK_WITH_AES_128_CBC_SHA :
|
case TLS_PSK_WITH_AES_128_CBC_SHA :
|
||||||
return "TLS_PSK_WITH_AES_128_CBC_SHA";
|
return "TLS_PSK_WITH_AES_128_CBC_SHA";
|
||||||
case TLS_PSK_WITH_AES_256_CBC_SHA :
|
case TLS_PSK_WITH_AES_256_CBC_SHA :
|
||||||
|
@ -250,6 +250,17 @@ int SuiteTest(void)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_NULL_CIPHER
|
||||||
|
/* add rsa null cipher suites */
|
||||||
|
strcpy(argv0[1], "tests/test-null.conf");
|
||||||
|
printf("starting null cipher suite tests\n");
|
||||||
|
test_harness(&args);
|
||||||
|
if (args.return_code != 0) {
|
||||||
|
printf("error from script %d\n", args.return_code);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_HC128
|
#ifdef HAVE_HC128
|
||||||
/* add hc128 extra suites */
|
/* add hc128 extra suites */
|
||||||
strcpy(argv0[1], "tests/test-hc128.conf");
|
strcpy(argv0[1], "tests/test-hc128.conf");
|
||||||
|
48
tests/test-null.conf
Normal file
48
tests/test-null.conf
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
# server TLSv1.0 RSA-NULL-SHA
|
||||||
|
-v 1
|
||||||
|
-l NULL-SHA
|
||||||
|
|
||||||
|
# client TLSv1.0 RSA-NULL-SHA
|
||||||
|
-v 1
|
||||||
|
-l NULL-SHA
|
||||||
|
|
||||||
|
# server TLSv1.1 RSA-NULL-SHA
|
||||||
|
-v 2
|
||||||
|
-l NULL-SHA
|
||||||
|
|
||||||
|
# client TLSv1.1 RSA-NULL-SHA
|
||||||
|
-v 2
|
||||||
|
-l NULL-SHA
|
||||||
|
|
||||||
|
# server TLSv1.2 RSA-NULL-SHA
|
||||||
|
-v 3
|
||||||
|
-l NULL-SHA
|
||||||
|
|
||||||
|
# client TLSv1.2 RSA-NULL-SHA
|
||||||
|
-v 3
|
||||||
|
-l NULL-SHA
|
||||||
|
|
||||||
|
# server TLSv1.0 RSA-NULL-SHA256
|
||||||
|
-v 1
|
||||||
|
-l NULL-SHA256
|
||||||
|
|
||||||
|
# client TLSv1.0 RSA-NULL-SHA256
|
||||||
|
-v 1
|
||||||
|
-l NULL-SHA256
|
||||||
|
|
||||||
|
# server TLSv1.1 RSA-NULL-SHA256
|
||||||
|
-v 2
|
||||||
|
-l NULL-SHA256
|
||||||
|
|
||||||
|
# client TLSv1.1 RSA-NULL-SHA256
|
||||||
|
-v 2
|
||||||
|
-l NULL-SHA256
|
||||||
|
|
||||||
|
# server TLSv1.2 RSA-NULL-SHA256
|
||||||
|
-v 3
|
||||||
|
-l NULL-SHA256
|
||||||
|
|
||||||
|
# client TLSv1.2 RSA-NULL-SHA256
|
||||||
|
-v 3
|
||||||
|
-l NULL-SHA256
|
||||||
|
|
Loading…
Reference in New Issue
Block a user