wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add REQUIRES_AEAD and move functionallity for checking AEAD ciphers to CipherRequires()

Browse Source
This commit is contained in:
Carie Pointer
2019-10-09 14:37:39 -07:00
parent 5adcee9f2c
commit af8968ee5e
1 changed files with 62 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
src/internal.c
View File

@@ -8061,7 +8061,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
REQUIRES_ECC_STATIC, REQUIRES_ECC_STATIC,
REQUIRES_PSK, REQUIRES_PSK,
REQUIRES_NTRU, REQUIRES_NTRU,
REQUIRES_RSA_SIG REQUIRES_RSA_SIG,
REQUIRES_AEAD
}; };
@@ -8132,6 +8133,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
break; break;
} }
if (requirement == REQUIRES_AEAD)
return 1;
} }
#endif /* HAVE_CHACHA */ #endif /* HAVE_CHACHA */
@@ -8241,21 +8246,29 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
if (requirement == REQUIRES_ECC) if (requirement == REQUIRES_ECC)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_ECC) if (requirement == REQUIRES_ECC)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
if (requirement == REQUIRES_ECC_STATIC) if (requirement == REQUIRES_ECC_STATIC)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_ECC_STATIC) if (requirement == REQUIRES_ECC_STATIC)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
@@ -8264,11 +8277,15 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
@@ -8276,6 +8293,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
if (requirement == REQUIRES_RSA_SIG) if (requirement == REQUIRES_RSA_SIG)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
@@ -8283,6 +8302,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
if (requirement == REQUIRES_RSA_SIG) if (requirement == REQUIRES_RSA_SIG)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifdef HAVE_AESCCM #ifdef HAVE_AESCCM
@@ -8292,6 +8313,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
if (requirement == REQUIRES_RSA_SIG) if (requirement == REQUIRES_RSA_SIG)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#endif /* HAVE_AESCCM */ #endif /* HAVE_AESCCM */
#ifdef HAVE_ECC #ifdef HAVE_ECC
@@ -8318,6 +8341,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
if (requirement == REQUIRES_ECC) if (requirement == REQUIRES_ECC)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
@@ -8342,6 +8367,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_PSK_WITH_AES_256_CCM_8: case TLS_PSK_WITH_AES_256_CCM_8:
if (requirement == REQUIRES_PSK) if (requirement == REQUIRES_PSK)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_DHE_PSK_WITH_AES_128_CCM: case TLS_DHE_PSK_WITH_AES_128_CCM:
@@ -8350,6 +8377,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
if (requirement == REQUIRES_DHE) if (requirement == REQUIRES_DHE)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#endif /* !NO_PSK */ #endif /* !NO_PSK */
#ifdef HAVE_ECC #ifdef HAVE_ECC
@@ -8493,7 +8522,19 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
#ifndef NO_PSK #ifndef NO_PSK
case TLS_PSK_WITH_AES_128_GCM_SHA256 : case TLS_PSK_WITH_AES_128_GCM_SHA256 :
if (requirement == REQUIRES_PSK)
return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break;
case TLS_PSK_WITH_AES_256_GCM_SHA384 : case TLS_PSK_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_PSK)
return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break;
case TLS_PSK_WITH_AES_128_CBC_SHA256 : case TLS_PSK_WITH_AES_128_CBC_SHA256 :
case TLS_PSK_WITH_AES_256_CBC_SHA384 : case TLS_PSK_WITH_AES_256_CBC_SHA384 :
case TLS_PSK_WITH_AES_128_CBC_SHA : case TLS_PSK_WITH_AES_128_CBC_SHA :
@@ -8507,6 +8548,14 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_DHE)
return 1;
if (requirement == REQUIRES_PSK)
return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break;
case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
case TLS_DHE_PSK_WITH_NULL_SHA384 : case TLS_DHE_PSK_WITH_NULL_SHA384 :
@@ -8583,6 +8632,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_RSA_WITH_AES_256_GCM_SHA384 : case TLS_RSA_WITH_AES_256_GCM_SHA384 :
if (requirement == REQUIRES_RSA) if (requirement == REQUIRES_RSA)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
@@ -8591,6 +8642,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return 1; return 1;
if (requirement == REQUIRES_DHE) if (requirement == REQUIRES_DHE)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#ifdef HAVE_CAMELLIA #ifdef HAVE_CAMELLIA
@@ -8632,6 +8685,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
case TLS_DH_anon_WITH_AES_256_GCM_SHA384: case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
if (requirement == REQUIRES_DHE) if (requirement == REQUIRES_DHE)
return 1; return 1;
if (requirement == REQUIRES_AEAD)
return 1;
break; break;
#endif #endif
#ifdef WOLFSSL_MULTICAST #ifdef WOLFSSL_MULTICAST
@@ -24466,25 +24521,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
} }
if (first == CIPHER_BYTE && ssl->version.major == SSLv3_MAJOR && if (CipherRequires(first, second, REQUIRES_AEAD)) {
WOLFSSL_MSG("Requires AEAD");
if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor < TLSv1_2_MINOR) { ssl->version.minor < TLSv1_2_MINOR) {
switch(second) { WOLFSSL_MSG("Version of SSL does not support AEAD ciphers");
case TLS_RSA_WITH_AES_128_GCM_SHA256: return 0;
case TLS_RSA_WITH_AES_256_GCM_SHA384:
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
case TLS_PSK_WITH_AES_128_GCM_SHA256:
case TLS_PSK_WITH_AES_256_GCM_SHA384:
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
WOLFSSL_MSG("Version of SSL does not support AES-GCM");
return WOLFSSL_FAILURE;
default:
break;
} }
}
}
#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \
defined(HAVE_SUPPORTED_CURVES) defined(HAVE_SUPPORTED_CURVES)