add optional null cipher support for RSA

This commit is contained in:
John Safranek 2012-10-19 20:52:22 -07:00
parent a5d7a3ea8f
commit a92b639155
6 changed files with 139 additions and 2 deletions

View File

@ -160,8 +160,12 @@ void c32to24(word32 in, word24 out);
#endif #endif
#endif #endif
#if !defined(NO_TLS) && !defined(NO_PSK) && defined(HAVE_NULL_CIPHER) #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
#define BUILD_TLS_PSK_WITH_NULL_SHA #define BUILD_TLS_RSA_WITH_NULL_SHA
#define BUILD_TLS_RSA_WITH_NULL_SHA256
#if !defined(NO_PSK)
#define BUILD_TLS_PSK_WITH_NULL_SHA
#endif
#endif #endif
#if !defined(NO_HC128) && !defined(NO_TLS) #if !defined(NO_HC128) && !defined(NO_TLS)
@ -269,6 +273,7 @@ enum {
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
TLS_RSA_WITH_NULL_SHA = 0x02,
TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
TLS_PSK_WITH_NULL_SHA = 0x2c, TLS_PSK_WITH_NULL_SHA = 0x2c,
@ -312,6 +317,7 @@ enum {
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c, TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
TLS_RSA_WITH_NULL_SHA256 = 0x3b,
/* AES-GCM */ /* AES-GCM */
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c, TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,

View File

@ -828,6 +828,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
} }
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
if (tls && haveRSA) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
if (tls && haveRSA) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
if (tls && havePSK) { if (tls && havePSK) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
@ -4428,6 +4442,14 @@ const char* const cipher_names[] =
"AES256-SHA", "AES256-SHA",
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
"NULL-SHA",
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
"NULL-SHA256",
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
"DHE-RSA-AES128-SHA", "DHE-RSA-AES128-SHA",
#endif #endif
@ -4632,6 +4654,14 @@ int cipher_name_idx[] =
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_SHA,
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_NULL_SHA256,
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
#endif #endif
@ -6701,6 +6731,12 @@ int SetCipherList(Suites* s, const char* list)
return 1; return 1;
break; break;
case TLS_RSA_WITH_NULL_SHA :
case TLS_RSA_WITH_NULL_SHA256 :
if (requirement == REQUIRES_RSA)
return 1;
break;
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
if (requirement == REQUIRES_NTRU) if (requirement == REQUIRES_NTRU)
return 1; return 1;

View File

@ -568,6 +568,38 @@ int SetCipherSpecs(CYASSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
case TLS_RSA_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.hash_size = SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
case TLS_RSA_WITH_NULL_SHA256 :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
break;
#endif
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes; ssl->specs.bulk_cipher_algorithm = aes;

View File

@ -5289,6 +5289,10 @@ int CyaSSL_set_compression(CYASSL* ssl)
return "TLS_RSA_WITH_AES_128_CBC_SHA256"; return "TLS_RSA_WITH_AES_128_CBC_SHA256";
case TLS_RSA_WITH_AES_256_CBC_SHA256 : case TLS_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_RSA_WITH_AES_256_CBC_SHA256"; return "TLS_RSA_WITH_AES_256_CBC_SHA256";
case TLS_RSA_WITH_NULL_SHA :
return "TLS_RSA_WITH_NULL_SHA";
case TLS_RSA_WITH_NULL_SHA256 :
return "TLS_RSA_WITH_NULL_SHA256";
case TLS_PSK_WITH_AES_128_CBC_SHA : case TLS_PSK_WITH_AES_128_CBC_SHA :
return "TLS_PSK_WITH_AES_128_CBC_SHA"; return "TLS_PSK_WITH_AES_128_CBC_SHA";
case TLS_PSK_WITH_AES_256_CBC_SHA : case TLS_PSK_WITH_AES_256_CBC_SHA :

View File

@ -250,6 +250,17 @@ int SuiteTest(void)
} }
#endif #endif
#ifdef HAVE_NULL_CIPHER
/* add rsa null cipher suites */
strcpy(argv0[1], "tests/test-null.conf");
printf("starting null cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_HC128 #ifdef HAVE_HC128
/* add hc128 extra suites */ /* add hc128 extra suites */
strcpy(argv0[1], "tests/test-hc128.conf"); strcpy(argv0[1], "tests/test-hc128.conf");

48
tests/test-null.conf Normal file
View File

@ -0,0 +1,48 @@
# server TLSv1.0 RSA-NULL-SHA
-v 1
-l NULL-SHA
# client TLSv1.0 RSA-NULL-SHA
-v 1
-l NULL-SHA
# server TLSv1.1 RSA-NULL-SHA
-v 2
-l NULL-SHA
# client TLSv1.1 RSA-NULL-SHA
-v 2
-l NULL-SHA
# server TLSv1.2 RSA-NULL-SHA
-v 3
-l NULL-SHA
# client TLSv1.2 RSA-NULL-SHA
-v 3
-l NULL-SHA
# server TLSv1.0 RSA-NULL-SHA256
-v 1
-l NULL-SHA256
# client TLSv1.0 RSA-NULL-SHA256
-v 1
-l NULL-SHA256
# server TLSv1.1 RSA-NULL-SHA256
-v 2
-l NULL-SHA256
# client TLSv1.1 RSA-NULL-SHA256
-v 2
-l NULL-SHA256
# server TLSv1.2 RSA-NULL-SHA256
-v 3
-l NULL-SHA256
# client TLSv1.2 RSA-NULL-SHA256
-v 3
-l NULL-SHA256