feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

cipher suite ECDHE-ECDSA-NULL-SHA

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-02-01 14:43:17 -07:00
parent b6017c59ba
commit 93c54c07ea
4 changed files with 76 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/internal.c
View File

@ -1285,6 +1285,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
} }
#endif #endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
if (tls && haveECDSAsig) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_NULL_SHA;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
if (tls && haveRSA) { if (tls && haveRSA) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
@ -3981,6 +3988,11 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
break; break;
case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
if (requirement == REQUIRES_ECC_DSA)
return 1;
break;
default: default:
WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC"); WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC");
return 0; return 0;
@ -9913,6 +9925,10 @@ static const char* const cipher_names[] =
#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
"IDEA-CBC-SHA", "IDEA-CBC-SHA",
#endif #endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
"ECDHE-ECDSA-NULL-SHA",
#endif
}; };
@ -10327,6 +10343,10 @@ static int cipher_name_idx[] =
#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
SSL_RSA_WITH_IDEA_CBC_SHA, SSL_RSA_WITH_IDEA_CBC_SHA,
#endif #endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
#endif
}; };

21
src/keys.c
View File

@ -58,7 +58,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
/* Chacha extensions, 0xcc */ /* Chacha extensions, 0xcc */
if (ssl->options.cipherSuite0 == CHACHA_BYTE) { if (ssl->options.cipherSuite0 == CHACHA_BYTE) {
switch (ssl->options.cipherSuite) { switch (ssl->options.cipherSuite) {
#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256: case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
@ -180,7 +180,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
/* ECC extensions, or AES-CCM */ /* ECC extensions, or AES-CCM */
if (ssl->options.cipherSuite0 == ECC_BYTE) { if (ssl->options.cipherSuite0 == ECC_BYTE) {
switch (ssl->options.cipherSuite) { switch (ssl->options.cipherSuite) {
#ifdef HAVE_ECC #ifdef HAVE_ECC
@ -764,6 +764,23 @@ int SetCipherSpecs(WOLFSSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = ecc_diffie_hellman_kea;
ssl->specs.sig_algo = ecc_dsa_sa_algo;
ssl->specs.hash_size = SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
break;
#endif
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8

33
tests/test.conf
View File

@ -399,6 +399,39 @@
-v 3 -v 3
-l ECDHE-RSA-AES256-SHA -l ECDHE-RSA-AES256-SHA
# server TLSv1 ECDHE-ECDSA-NULL-SHA
-v 1
-l ECDHE-ECDSA-NULL-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-NULL-SHA
-v 1
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
-v 2
-l ECDHE-ECDSA-NULL-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-NULL-SHA
-v 2
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
-v 3
-l ECDHE-ECDSA-NULL-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
-v 3
-l ECDHE-ECDSA-NULL-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDHE-ECDSA-RC4 # server TLSv1 ECDHE-ECDSA-RC4
-v 1 -v 1
-l ECDHE-ECDSA-RC4-SHA -l ECDHE-ECDSA-RC4-SHA

4
wolfssl/internal.h
View File

@ -520,6 +520,9 @@ typedef byte word24[3];
#endif #endif
#endif /* NO_SHA */ #endif /* NO_SHA */
#endif #endif
#if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA)
#define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
#endif
#endif #endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) \ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) \
&& !defined(NO_OLD_POLY1305) && !defined(NO_OLD_POLY1305)
@ -705,6 +708,7 @@ enum {
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
/* static ECDH, first byte is 0xC0 (ECC_BYTE) */ /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,