From 74712b4e71ce9aef6f5113cc5440e255e019a2cf Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 19 May 2014 21:44:04 -0700 Subject: [PATCH] 1. Added the following cipher suites: * TLS_PSK_WITH_AES_128_GCM_SHA256 * TLS_PSK_WITH_AES_256_GCM_SHA384 * TLS_PSK_WITH_AES_256_CBC_SHA384 * TLS_PSK_WITH_NULL_SHA384 2. Fixed CyaSSL_CIPHER_get_name() for AES-CCM cipher suites. --- cyassl/internal.h | 19 +++++++++++- src/internal.c | 64 +++++++++++++++++++++++++++++++++++++++ src/keys.c | 72 ++++++++++++++++++++++++++++++++++++++++++++ src/ssl.c | 39 ++++++++++++++++++------ tests/test-dtls.conf | 36 ++++++++++++++++++++++ tests/test.conf | 40 ++++++++++++++++++++++++ 6 files changed, 260 insertions(+), 10 deletions(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index f74c2d68e..70ea6eef3 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -234,11 +234,20 @@ void c32to24(word32 in, word24 out); #endif #ifndef NO_SHA256 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 + #ifdef HAVE_AESGCM + #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + #endif #ifdef HAVE_AESCCM #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 #endif #endif + #ifdef CYASSL_SHA384 + #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA384 + #ifdef HAVE_AESGCM + #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 + #endif + #endif #endif #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) @@ -257,6 +266,9 @@ void c32to24(word32 in, word24 out); #ifndef NO_SHA256 #define BUILD_TLS_PSK_WITH_NULL_SHA256 #endif + #ifdef CYASSL_SHA384 + #define BUILD_TLS_PSK_WITH_NULL_SHA384 + #endif #endif #endif @@ -440,8 +452,10 @@ enum { TLS_RSA_WITH_NULL_SHA = 0x02, TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, + TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf, TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, TLS_PSK_WITH_NULL_SHA256 = 0xb0, + TLS_PSK_WITH_NULL_SHA384 = 0xb1, TLS_PSK_WITH_NULL_SHA = 0x2c, SSL_RSA_WITH_RC4_128_SHA = 0x05, SSL_RSA_WITH_RC4_128_MD5 = 0x04, @@ -488,7 +502,7 @@ enum { /* CyaSSL extension - NTRU */ TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, - TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */ + TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */ TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, /* SHA256 */ @@ -503,6 +517,8 @@ enum { TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, + TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8, + TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9, /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, @@ -527,6 +543,7 @@ enum { TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, + /* Camellia */ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, diff --git a/src/internal.c b/src/internal.c index 3deec6712..5a0ce713f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1026,6 +1026,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 + if (tls1_2 && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1033,6 +1040,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + if (tls && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384; + } +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + if (tls1_2 && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -1061,6 +1082,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 + if (tls && havePSK) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384; + } +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 if (tls && havePSK) { suites->suites[idx++] = 0; @@ -6538,6 +6566,18 @@ static const char* const cipher_names[] = "DHE-RSA-AES256-SHA", #endif +#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 + "PSK-AES256-GCM-SHA384", +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + "PSK-AES128-GCM-SHA256", +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + "PSK-AES256-CBC-SHA384", +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256", #endif @@ -6558,6 +6598,10 @@ static const char* const cipher_names[] = "PSK-AES256-CCM-8", #endif +#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 + "PSK-NULL-SHA384", +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256", #endif @@ -6858,6 +6902,18 @@ static int cipher_name_idx[] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA, #endif +#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 + TLS_PSK_WITH_AES_256_GCM_SHA384, +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + TLS_PSK_WITH_AES_128_GCM_SHA256, +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + TLS_PSK_WITH_AES_256_CBC_SHA384, +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 TLS_PSK_WITH_AES_128_CBC_SHA256, #endif @@ -6878,6 +6934,10 @@ static int cipher_name_idx[] = TLS_PSK_WITH_AES_256_CCM_8, #endif +#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 + TLS_PSK_WITH_NULL_SHA384, +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 TLS_PSK_WITH_NULL_SHA256, #endif @@ -9926,9 +9986,13 @@ static void PickHashSigAlgo(CYASSL* ssl, break; #endif + case TLS_PSK_WITH_AES_128_GCM_SHA256 : + case TLS_PSK_WITH_AES_256_GCM_SHA384 : case TLS_PSK_WITH_AES_128_CBC_SHA256 : + case TLS_PSK_WITH_AES_256_CBC_SHA384 : case TLS_PSK_WITH_AES_128_CBC_SHA : case TLS_PSK_WITH_AES_256_CBC_SHA : + case TLS_PSK_WITH_NULL_SHA384 : case TLS_PSK_WITH_NULL_SHA256 : case TLS_PSK_WITH_NULL_SHA : if (requirement == REQUIRES_PSK) diff --git a/src/keys.c b/src/keys.c index 463ba9f4c..a5db5cd7e 100644 --- a/src/keys.c +++ b/src/keys.c @@ -937,6 +937,42 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 + case TLS_PSK_WITH_AES_128_GCM_SHA256 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 + case TLS_PSK_WITH_AES_256_GCM_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 case TLS_PSK_WITH_AES_128_CBC_SHA256 : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -955,6 +991,24 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 + case TLS_PSK_WITH_AES_256_CBC_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA case TLS_PSK_WITH_AES_128_CBC_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_aes; @@ -1009,6 +1063,24 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 + case TLS_PSK_WITH_NULL_SHA384 : + ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; + ssl->specs.cipher_type = stream; + ssl->specs.mac_algorithm = sha384_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA384_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = 0; + ssl->specs.block_size = 0; + ssl->specs.iv_size = 0; + + ssl->options.usingPSK_cipher = 1; + break; +#endif + #ifdef BUILD_TLS_PSK_WITH_NULL_SHA case TLS_PSK_WITH_NULL_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; diff --git a/src/ssl.c b/src/ssl.c index 72ab52364..7154f314f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8301,10 +8301,14 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) CYASSL_ENTER("SSL_CIPHER_get_name"); #ifndef NO_ERROR_STRINGS if (cipher) { -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || defined(HAVE_AESCCM) + /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected, + * but the AES-CCM cipher suites also use it, even the ones that + * aren't ECC. */ if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) { /* ECC suites */ switch (cipher->ssl->options.cipherSuite) { +#ifdef HAVE_ECC #ifndef NO_RSA case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; @@ -8407,6 +8411,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; #endif +#endif /* HAVE_ECC */ #ifdef HAVE_AESCCM #ifndef NO_RSA @@ -8415,10 +8420,18 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) case TLS_RSA_WITH_AES_256_CCM_8 : return "TLS_RSA_WITH_AES_256_CCM_8"; #endif + #ifndef NO_PSK + case TLS_PSK_WITH_AES_128_CCM_8 : + return "TLS_PSK_WITH_AES_128_CCM_8"; + case TLS_PSK_WITH_AES_256_CCM_8 : + return "TLS_PSK_WITH_AES_256_CCM_8"; + #endif + #ifdef HAVE_ECC case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"; case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"; + #endif #endif default: @@ -8468,8 +8481,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_RSA_WITH_NULL_SHA256"; #endif /* NO_RSA */ #ifndef NO_PSK - case TLS_PSK_WITH_AES_128_CBC_SHA256 : - return "TLS_PSK_WITH_AES_128_CBC_SHA256"; #ifndef NO_SHA case TLS_PSK_WITH_AES_128_CBC_SHA : return "TLS_PSK_WITH_AES_128_CBC_SHA"; @@ -8477,14 +8488,24 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_PSK_WITH_AES_256_CBC_SHA"; #endif #ifndef NO_SHA256 - #ifdef HAVE_AESCCM - case TLS_PSK_WITH_AES_128_CCM_8 : - return "TLS_PSK_WITH_AES_128_CCM_8"; - case TLS_PSK_WITH_AES_256_CCM_8 : - return "TLS_PSK_WITH_AES_256_CCM_8"; - #endif + case TLS_PSK_WITH_AES_128_CBC_SHA256 : + return "TLS_PSK_WITH_AES_128_CBC_SHA256"; case TLS_PSK_WITH_NULL_SHA256 : return "TLS_PSK_WITH_NULL_SHA256"; + #ifdef HAVE_AESGCM + case TLS_PSK_WITH_AES_128_GCM_SHA256 : + return "TLS_PSK_WITH_AES_128_GCM_SHA256"; + #endif + #endif + #ifdef CYASSL_SHA384 + case TLS_PSK_WITH_AES_256_CBC_SHA384 : + return "TLS_PSK_WITH_AES_256_CBC_SHA384"; + case TLS_PSK_WITH_NULL_SHA384 : + return "TLS_PSK_WITH_NULL_SHA384"; + #ifdef HAVE_AESGCM + case TLS_PSK_WITH_AES_256_GCM_SHA384 : + return "TLS_PSK_WITH_AES_256_GCM_SHA384"; + #endif #endif #ifndef NO_SHA case TLS_PSK_WITH_NULL_SHA : diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf index 59891690d..cc3a6aeb5 100644 --- a/tests/test-dtls.conf +++ b/tests/test-dtls.conf @@ -658,6 +658,18 @@ -v 3 -l PSK-AES128-CBC-SHA256 +# server DTLSv1.2 PSK-AES256-SHA384 +-s +-u +-v 3 +-l PSK-AES256-CBC-SHA384 + +# client DTLSv1.2 PSK-AES256-SHA384 +-s +-u +-v 3 +-l PSK-AES256-CBC-SHA384 + # server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -u -v 3 @@ -754,6 +766,30 @@ -v 3 -l ECDH-RSA-AES256-GCM-SHA384 +# server DTLSv1.2 PSK-AES128-GCM-SHA256 +-u +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# client DTLSv1.2 PSK-AES128-GCM-SHA256 +-u +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# server DTLSv1.2 PSK-AES256-GCM-SHA384 +-u +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + +# client DTLSv1.2 PSK-AES256-GCM-SHA384 +-u +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -u -v 3 diff --git a/tests/test.conf b/tests/test.conf index 6a646e554..c585930ad 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1192,6 +1192,16 @@ -v 3 -l PSK-AES128-CBC-SHA256 +# server TLSv1.2 PSK-AES256-SHA384 +-s +-v 3 +-l PSK-AES256-CBC-SHA384 + +# client TLSv1.2 PSK-AES256-SHA384 +-s +-v 3 +-l PSK-AES256-CBC-SHA384 + # server TLSv1.0 PSK-NULL -s -v 1 @@ -1232,6 +1242,16 @@ -v 3 -l PSK-NULL-SHA256 +# server TLSv1.2 PSK-NULL-SHA384 +-s +-v 3 +-l PSK-NULL-SHA384 + +# client TLSv1.2 PSK-NULL-SHA384 +-s +-v 3 +-l PSK-NULL-SHA384 + # server TLSv1.2 PSK-NULL -s -v 3 @@ -1604,6 +1624,26 @@ -v 3 -l DHE-RSA-AES256-GCM-SHA384 +# server TLSv1.2 PSK-AES128-GCM-SHA256 +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# client TLSv1.2 PSK-AES128-GCM-SHA256 +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# server TLSv1.2 PSK-AES256-GCM-SHA384 +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + +# client TLSv1.2 PSK-AES256-GCM-SHA384 +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + # server TLSv1.2 AES128-CCM-8 -v 3 -l AES128-CCM-8