Maintenance BLAKE2

1. Remove the BLAKE2 HMAC from wolfSSL and its testing.
2019-11-18 13:31:15 -08:00
parent 14c986360d
commit 8347d00bf2
6 changed files with 1 additions and 270 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -3131,27 +3131,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
    }
 #endif

-#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
-    if (!dtls && tls && haveRSA) {
-        suites->suites[idx++] = CIPHER_BYTE;
-        suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256;
-    }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
-    if (tls && haveRSA) {
-        suites->suites[idx++] = CIPHER_BYTE;
-        suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256;
-    }
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
-    if (tls && haveRSA) {
-        suites->suites[idx++] = CIPHER_BYTE;
-        suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256;
-    }
-#endif
-
 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
    if (!dtls && tls && haveRSA) {
        suites->suites[idx++] = CIPHER_BYTE;
@ -8658,21 +8637,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
            if (requirement == REQUIRES_RSA)
                return 1;
            break;
-
-        case TLS_RSA_WITH_HC_128_B2B256:
-            if (requirement == REQUIRES_RSA)
-                return 1;
-            break;
 #endif /* NO_HC128 */

-#ifdef HAVE_BLAKE2
-        case TLS_RSA_WITH_AES_128_CBC_B2B256:
-        case TLS_RSA_WITH_AES_256_CBC_B2B256:
-            if (requirement == REQUIRES_RSA)
-                return 1;
-            break;
-#endif /* HAVE_BLAKE2 */
-
 #ifndef NO_RABBIT
        case TLS_RSA_WITH_RABBIT_SHA :
            if (requirement == REQUIRES_RSA)
@ -17439,18 +17405,6 @@ static const CipherSuiteInfo cipher_names[] =
    SUITE_INFO("HC128-SHA","TLS_RSA_WITH_HC_128_SHA",CIPHER_BYTE,TLS_RSA_WITH_HC_128_SHA),
 #endif

-#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
-    SUITE_INFO("HC128-B2B256","TLS_RSA_WITH_HC_128_B2B256",CIPHER_BYTE,TLS_RSA_WITH_HC_128_B2B256),
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
-    SUITE_INFO("AES128-B2B256","TLS_RSA_WITH_AES_128_CBC_B2B256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_B2B256),
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
-    SUITE_INFO("AES256-B2B256","TLS_RSA_WITH_AES_256_CBC_B2B256",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_B2B256),
-#endif
-
 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
    SUITE_INFO("RABBIT-SHA","TLS_RSA_WITH_RABBIT_SHA",CIPHER_BYTE,TLS_RSA_WITH_RABBIT_SHA),
 #endif
--- a/src/keys.c
+++ b/src/keys.c
@ -1866,57 +1866,6 @@ int SetCipherSpecs(WOLFSSL* ssl)
            break;
 #endif

-#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
-        case TLS_RSA_WITH_HC_128_B2B256:
-            ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
-            ssl->specs.cipher_type           = stream;
-            ssl->specs.mac_algorithm         = blake2b_mac;
-            ssl->specs.kea                   = rsa_kea;
-            ssl->specs.sig_algo              = rsa_sa_algo;
-            ssl->specs.hash_size             = BLAKE2B_256;
-            ssl->specs.pad_size              = PAD_SHA;
-            ssl->specs.static_ecdh           = 0;
-            ssl->specs.key_size              = HC_128_KEY_SIZE;
-            ssl->specs.block_size            = 0;
-            ssl->specs.iv_size               = HC_128_IV_SIZE;
-
-            break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
-        case TLS_RSA_WITH_AES_128_CBC_B2B256:
-            ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
-            ssl->specs.cipher_type           = block;
-            ssl->specs.mac_algorithm         = blake2b_mac;
-            ssl->specs.kea                   = rsa_kea;
-            ssl->specs.sig_algo              = rsa_sa_algo;
-            ssl->specs.hash_size             = BLAKE2B_256;
-            ssl->specs.pad_size              = PAD_SHA;
-            ssl->specs.static_ecdh           = 0;
-            ssl->specs.key_size              = AES_128_KEY_SIZE;
-            ssl->specs.iv_size               = AES_IV_SIZE;
-            ssl->specs.block_size            = AES_BLOCK_SIZE;
-
-            break;
-#endif
-
-#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
-        case TLS_RSA_WITH_AES_256_CBC_B2B256:
-            ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
-            ssl->specs.cipher_type           = block;
-            ssl->specs.mac_algorithm         = blake2b_mac;
-            ssl->specs.kea                   = rsa_kea;
-            ssl->specs.sig_algo              = rsa_sa_algo;
-            ssl->specs.hash_size             = BLAKE2B_256;
-            ssl->specs.pad_size              = PAD_SHA;
-            ssl->specs.static_ecdh           = 0;
-            ssl->specs.key_size              = AES_256_KEY_SIZE;
-            ssl->specs.iv_size               = AES_IV_SIZE;
-            ssl->specs.block_size            = AES_BLOCK_SIZE;
-
-            break;
-#endif
-
 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
    case TLS_RSA_WITH_RABBIT_SHA :
        ssl->specs.bulk_cipher_algorithm = wolfssl_rabbit;
--- a/src/ssl.c
+++ b/src/ssl.c
@ -21440,11 +21440,6 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
        case sha512_mac:
            macStr = "SHA512";
            break;
-#endif
-#ifdef HAVE_BLAKE2
-        case blake2b_mac:
-            macStr = "BLAKE2b";
-            break;
 #endif
        default:
            macStr = "unknown";
@ -29344,12 +29339,6 @@ static int _HMAC_Init(Hmac* hmac, int type, void* heap)
            break;
    #endif /* WOLFSSL_SHA512 */

-    #ifdef HAVE_BLAKE2
-        case BLAKE2B_ID:
-            ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
-            break;
-    #endif /* HAVE_BLAKE2 */
-
    #ifdef WOLFSSL_SHA3
        case WC_SHA3_224:
            ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID);
--- a/tests/test-qsh.conf
+++ b/tests/test-qsh.conf
@ -875,30 +875,6 @@
 -v 1
 -l QSH:HC128-MD5

-# server TLSv1 HC128-B2B256
-v 1
-l QSH:HC128-B2B256
-
-# client TLSv1 HC128-B2B256
-v 1
-l QSH:HC128-B2B256
-
-# server TLSv1 AES128-B2B256
-v 1
-l QSH:AES128-B2B256
-
-# client TLSv1 AES128-B2B256
-v 1
-l QSH:AES128-B2B256
-
-# server TLSv1 AES256-B2B256
-v 1
-l QSH:AES256-B2B256
-
-# client TLSv1 AES256-B2B256
-v 1
-l QSH:AES256-B2B256
-
 # server TLSv1.1 HC128-SHA
 -v 2
 -l QSH:HC128-SHA
@ -915,30 +891,6 @@
 -v 2
 -l QSH:HC128-MD5

-# server TLSv1.1 HC128-B2B256
-v 2
-l QSH:HC128-B2B256
-
-# client TLSv1.1 HC128-B2B256
-v 2
-l QSH:HC128-B2B256
-
-# server TLSv1.1 AES128-B2B256
-v 2
-l QSH:AES128-B2B256
-
-# client TLSv1.1 AES128-B2B256
-v 2
-l QSH:AES128-B2B256
-
-# server TLSv1.1 AES256-B2B256
-v 2
-l QSH:AES256-B2B256
-
-# client TLSv1.1 AES256-B2B256
-v 2
-l QSH:AES256-B2B256
-
 # server TLSv1.2 HC128-SHA
 -v 3
 -l QSH:HC128-SHA
@ -955,30 +907,6 @@
 -v 3
 -l QSH:HC128-MD5

-# server TLSv1.2 HC128-B2B256
-v 3
-l QSH:HC128-B2B256
-
-# client TLSv1.2 HC128-B2B256
-v 3
-l QSH:HC128-B2B256
-
-# server TLSv1.2 AES128-B2B256
-v 3
-l QSH:AES128-B2B256
-
-# client TLSv1.2 AES128-B2B256
-v 3
-l QSH:AES128-B2B256
-
-# server TLSv1.2 AES256-B2B256
-v 3
-l QSH:AES256-B2B256
-
-# client TLSv1.2 AES256-B2B256
-v 3
-l QSH:AES256-B2B256
-
 # server TLSv1 RABBIT-SHA
 -v 1
 -l QSH:RABBIT-SHA
--- a/tests/test.conf
+++ b/tests/test.conf
@ -875,30 +875,6 @@
 -v 1
 -l HC128-MD5

-# server TLSv1 HC128-B2B256
-v 1
-l HC128-B2B256
-
-# client TLSv1 HC128-B2B256
-v 1
-l HC128-B2B256
-
-# server TLSv1 AES128-B2B256
-v 1
-l AES128-B2B256
-
-# client TLSv1 AES128-B2B256
-v 1
-l AES128-B2B256
-
-# server TLSv1 AES256-B2B256
-v 1
-l AES256-B2B256
-
-# client TLSv1 AES256-B2B256
-v 1
-l AES256-B2B256
-
 # server TLSv1.1 HC128-SHA
 -v 2
 -l HC128-SHA
@ -915,30 +891,6 @@
 -v 2
 -l HC128-MD5

-# server TLSv1.1 HC128-B2B256
-v 2
-l HC128-B2B256
-
-# client TLSv1.1 HC128-B2B256
-v 2
-l HC128-B2B256
-
-# server TLSv1.1 AES128-B2B256
-v 2
-l AES128-B2B256
-
-# client TLSv1.1 AES128-B2B256
-v 2
-l AES128-B2B256
-
-# server TLSv1.1 AES256-B2B256
-v 2
-l AES256-B2B256
-
-# client TLSv1.1 AES256-B2B256
-v 2
-l AES256-B2B256
-
 # server TLSv1.2 HC128-SHA
 -v 3
 -l HC128-SHA
@ -955,30 +907,6 @@
 -v 3
 -l HC128-MD5

-# server TLSv1.2 HC128-B2B256
-v 3
-l HC128-B2B256
-
-# client TLSv1.2 HC128-B2B256
-v 3
-l HC128-B2B256
-
-# server TLSv1.2 AES128-B2B256
-v 3
-l AES128-B2B256
-
-# client TLSv1.2 AES128-B2B256
-v 3
-l AES128-B2B256
-
-# server TLSv1.2 AES256-B2B256
-v 3
-l AES256-B2B256
-
-# client TLSv1.2 AES256-B2B256
-v 3
-l AES256-B2B256
-
 # server TLSv1 RABBIT-SHA
 -v 1
 -l RABBIT-SHA
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -344,14 +344,6 @@
                    #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
                #endif
            #endif
-            #if defined(HAVE_BLAKE2) && defined(HAVE_AES_CBC)
-                #ifdef WOLFSSL_AES_128
-                    #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
-                #endif
-                #ifdef WOLFSSL_AES_256
-                    #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
-                #endif
-            #endif
        #endif
    #endif

@ -456,9 +448,6 @@
        #if !defined(NO_SHA)
            #define BUILD_TLS_RSA_WITH_HC_128_SHA
        #endif
-        #if defined(HAVE_BLAKE2)
-            #define BUILD_TLS_RSA_WITH_HC_128_B2B256
-        #endif
    #endif

    #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
@ -879,8 +868,7 @@
 #endif

 #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
-    defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \
-    defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
+    defined(BUILD_TLS_RSA_WITH_HC_128_MD5)
    #define BUILD_HC128
 #endif

@ -991,11 +979,6 @@ enum {
    TLS_RSA_WITH_RABBIT_SHA       = 0xFD,
    WDM_WITH_NULL_SHA256          = 0xFE, /* wolfSSL DTLS Multicast */

-    /* wolfSSL extension - Blake2b 256 */
-    TLS_RSA_WITH_AES_128_CBC_B2B256   = 0xF8,
-    TLS_RSA_WITH_AES_256_CBC_B2B256   = 0xF9,
-    TLS_RSA_WITH_HC_128_B2B256        = 0xFA,   /* eSTREAM too */
-
    /* wolfSSL extension - NTRU */
    TLS_NTRU_RSA_WITH_RC4_128_SHA      = 0xe5,
    TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,