mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-05-10 17:01:41 +08:00
Merge pull request #10015 from gabor-mezei-arm/9682_remove_RSA_key_exchange
Remove the RSA-decryption key exchange
This commit is contained in:
Ronald Cron
GitHub
commit
0a69f14abc
2
ChangeLog.d/remove_RSA_key_exchange.txt
Normal file
2
ChangeLog.d/remove_RSA_key_exchange.txt
Normal file
@ -0,0 +1,2 @@
|
||||
Removals
|
||||
* Remove support for the RSA key exchange in TLS 1.2.
|
||||
@ -116,7 +116,6 @@ Support description
|
||||
| | |
|
||||
| MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) |
|
||||
| MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a |
|
||||
| MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a |
|
||||
|
||||
@ -1 +1 @@
|
||||
Subproject commit cab0c5fe19d5747cb9603552b80ebe64b9c67fdd
|
||||
Subproject commit 72b5acd590097ee9d108b024bf727d752d18f97d
|
||||
@ -87,12 +87,6 @@
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
|
||||
!defined(MBEDTLS_PKCS1_V15) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(PSA_WANT_ALG_JPAKE) || \
|
||||
!defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
|
||||
@ -155,8 +149,7 @@
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
!(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
|
||||
|
||||
@ -61,7 +61,6 @@
|
||||
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
||||
#undef MBEDTLS_SSL_RENEGOTIATION
|
||||
#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
|
||||
@ -360,31 +360,6 @@
|
||||
*/
|
||||
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
*
|
||||
* Enable the RSA-only based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
|
||||
* MBEDTLS_X509_CRT_PARSE_C
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
* MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||
* MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
|
||||
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
|
||||
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
|
||||
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||
* MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
|
||||
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
||||
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
*/
|
||||
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
|
||||
*
|
||||
|
||||
@ -650,9 +650,6 @@
|
||||
/* Dummy type used only for its size */
|
||||
union mbedtls_ssl_premaster_secret {
|
||||
unsigned char dummy; /* Make the union non-empty even with SSL disabled */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
@ -1002,71 +999,6 @@ typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash,
|
||||
size_t hash_len);
|
||||
|
||||
/**
|
||||
* \brief Callback type: start external decryption operation.
|
||||
*
|
||||
* This callback is called during an SSL handshake to start
|
||||
* an RSA decryption operation using an
|
||||
* external processor. The parameter \p cert contains
|
||||
* the public key; it is up to the callback function to
|
||||
* determine how to access the associated private key.
|
||||
*
|
||||
* This function typically sends or enqueues a request, and
|
||||
* does not wait for the operation to complete. This allows
|
||||
* the handshake step to be non-blocking.
|
||||
*
|
||||
* The parameters \p ssl and \p cert are guaranteed to remain
|
||||
* valid throughout the handshake. On the other hand, this
|
||||
* function must save the contents of \p input if the value
|
||||
* is needed for later processing, because the \p input buffer
|
||||
* is no longer valid after this function returns.
|
||||
*
|
||||
* This function may call mbedtls_ssl_set_async_operation_data()
|
||||
* to store an operation context for later retrieval
|
||||
* by the resume or cancel callback.
|
||||
*
|
||||
* \warning RSA decryption as used in TLS is subject to a potential
|
||||
* timing side channel attack first discovered by Bleichenbacher
|
||||
* in 1998. This attack can be remotely exploitable
|
||||
* in practice. To avoid this attack, you must ensure that
|
||||
* if the callback performs an RSA decryption, the time it
|
||||
* takes to execute and return the result does not depend
|
||||
* on whether the RSA decryption succeeded or reported
|
||||
* invalid padding.
|
||||
*
|
||||
* \param ssl The SSL connection instance. It should not be
|
||||
* modified other than via
|
||||
* mbedtls_ssl_set_async_operation_data().
|
||||
* \param cert Certificate containing the public key.
|
||||
* In simple cases, this is one of the pointers passed to
|
||||
* mbedtls_ssl_conf_own_cert() when configuring the SSL
|
||||
* connection. However, if other callbacks are used, this
|
||||
* property may not hold. For example, if an SNI callback
|
||||
* is registered with mbedtls_ssl_conf_sni(), then
|
||||
* this callback determines what certificate is used.
|
||||
* \param input Buffer containing the input ciphertext. This buffer
|
||||
* is no longer valid when the function returns.
|
||||
* \param input_len Size of the \p input buffer in bytes.
|
||||
*
|
||||
* \return 0 if the operation was started successfully and the SSL
|
||||
* stack should call the resume callback immediately.
|
||||
* \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation
|
||||
* was started successfully and the SSL stack should return
|
||||
* immediately without calling the resume callback yet.
|
||||
* \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external
|
||||
* processor does not support this key. The SSL stack will
|
||||
* use the private key object instead.
|
||||
* \return Any other error indicates a fatal failure and is
|
||||
* propagated up the call chain. The callback should
|
||||
* use \c MBEDTLS_ERR_PK_xxx error codes, and <b>must not</b>
|
||||
* use \c MBEDTLS_ERR_SSL_xxx error codes except as
|
||||
* directed in the documentation of this callback.
|
||||
*/
|
||||
typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl,
|
||||
mbedtls_x509_crt *cert,
|
||||
const unsigned char *input,
|
||||
size_t input_len);
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
/**
|
||||
@ -1074,8 +1006,7 @@ typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl,
|
||||
*
|
||||
* This callback is called during an SSL handshake to resume
|
||||
* an external operation started by the
|
||||
* ::mbedtls_ssl_async_sign_t or
|
||||
* ::mbedtls_ssl_async_decrypt_t callback.
|
||||
* ::mbedtls_ssl_async_sign_t callback.
|
||||
*
|
||||
* This function typically checks the status of a pending
|
||||
* request or causes the request queue to make progress, and
|
||||
@ -1541,7 +1472,6 @@ struct mbedtls_ssl_config {
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
|
||||
mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
|
||||
mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
|
||||
@ -2857,17 +2787,10 @@ static inline uintptr_t mbedtls_ssl_get_user_data_n(
|
||||
* external processor does not support any signature
|
||||
* operation; in this case the private key object
|
||||
* associated with the certificate will be used.
|
||||
* \param f_async_decrypt Callback to start a decryption operation. See
|
||||
* the description of ::mbedtls_ssl_async_decrypt_t
|
||||
* for more information. This may be \c NULL if the
|
||||
* external processor does not support any decryption
|
||||
* operation; in this case the private key object
|
||||
* associated with the certificate will be used.
|
||||
* \param f_async_resume Callback to resume an asynchronous operation. See
|
||||
* the description of ::mbedtls_ssl_async_resume_t
|
||||
* for more information. This may not be \c NULL unless
|
||||
* \p f_async_sign and \p f_async_decrypt are both
|
||||
* \c NULL.
|
||||
* \p f_async_sign is \c NULL.
|
||||
* \param f_async_cancel Callback to cancel an asynchronous operation. See
|
||||
* the description of ::mbedtls_ssl_async_cancel_t
|
||||
* for more information. This may be \c NULL if
|
||||
@ -2879,7 +2802,6 @@ static inline uintptr_t mbedtls_ssl_get_user_data_n(
|
||||
*/
|
||||
void mbedtls_ssl_conf_async_private_cb(mbedtls_ssl_config *conf,
|
||||
mbedtls_ssl_async_sign_t *f_async_sign,
|
||||
mbedtls_ssl_async_decrypt_t *f_async_decrypt,
|
||||
mbedtls_ssl_async_resume_t *f_async_resume,
|
||||
mbedtls_ssl_async_cancel_t *f_async_cancel,
|
||||
void *config_data);
|
||||
|
||||
@ -24,28 +24,11 @@ extern "C" {
|
||||
/*
|
||||
* Supported ciphersuites (Official IANA names)
|
||||
*/
|
||||
#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
|
||||
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */
|
||||
|
||||
@ -54,10 +37,6 @@ extern "C" {
|
||||
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */
|
||||
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
|
||||
@ -100,8 +79,6 @@ extern "C" {
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */
|
||||
@ -110,8 +87,6 @@ extern "C" {
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */
|
||||
@ -136,8 +111,6 @@ extern "C" {
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
|
||||
#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */
|
||||
@ -155,10 +128,6 @@ extern "C" {
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */
|
||||
@ -190,7 +159,6 @@ extern "C" {
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_KEY_EXCHANGE_NONE = 0,
|
||||
MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
@ -201,8 +169,7 @@ typedef enum {
|
||||
} mbedtls_key_exchange_type_t;
|
||||
|
||||
/* Key exchanges using a certificate */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
@ -260,8 +227,7 @@ typedef enum {
|
||||
#endif
|
||||
|
||||
/* Key exchanges that don't involve ephemeral keys */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
|
||||
#endif
|
||||
|
||||
@ -110,22 +110,14 @@ static const int ciphersuite_preference[] =
|
||||
MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
|
||||
|
||||
/* All AES-256 suites */
|
||||
MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
|
||||
|
||||
/* All CAMELLIA-256 suites */
|
||||
MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
@ -134,28 +126,18 @@ static const int ciphersuite_preference[] =
|
||||
/* All ARIA-256 suites */
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
|
||||
|
||||
/* All AES-128 suites */
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
|
||||
|
||||
/* All CAMELLIA-128 suites */
|
||||
MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
@ -164,10 +146,8 @@ static const int ciphersuite_preference[] =
|
||||
/* All ARIA-128 suites */
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
|
||||
|
||||
/* The PSK suites */
|
||||
MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
@ -198,9 +178,6 @@ static const int ciphersuite_preference[] =
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
|
||||
|
||||
MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_NULL_SHA,
|
||||
MBEDTLS_TLS_RSA_WITH_NULL_MD5,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
|
||||
@ -490,116 +467,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
#if defined(PSA_WANT_KEY_TYPE_AES)
|
||||
#if defined(PSA_WANT_ALG_SHA_384) && \
|
||||
defined(PSA_WANT_ALG_GCM)
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
#if defined(PSA_WANT_ALG_GCM)
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_GCM */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
|
||||
#endif /* PSA_WANT_ALG_SHA_256 */
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
|
||||
#endif /* PSA_WANT_ALG_SHA_1 */
|
||||
#if defined(PSA_WANT_ALG_CCM)
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
|
||||
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
|
||||
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
|
||||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
|
||||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_CCM */
|
||||
#endif /* PSA_WANT_KEY_TYPE_AES */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
|
||||
#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
|
||||
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_256 */
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
|
||||
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_1 */
|
||||
#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
|
||||
|
||||
#if defined(PSA_WANT_ALG_GCM)
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_256 */
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_384)
|
||||
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_384 */
|
||||
#endif /* PSA_WANT_ALG_GCM */
|
||||
#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
|
||||
#if defined(PSA_WANT_KEY_TYPE_AES)
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
@ -947,29 +814,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
#if defined(PSA_WANT_ALG_MD5)
|
||||
{ MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_CIPHERSUITE_WEAK,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
{ MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_CIPHERSUITE_WEAK,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
{ MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_CIPHERSUITE_WEAK,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
|
||||
@ -1019,41 +863,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ARIA)
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
|
||||
#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
|
||||
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
|
||||
"TLS-RSA-WITH-ARIA-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
|
||||
defined(PSA_WANT_ALG_SHA_384))
|
||||
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
|
||||
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
|
||||
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
|
||||
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
|
||||
"TLS-RSA-WITH-ARIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
|
||||
defined(PSA_WANT_ALG_SHA_256))
|
||||
{ MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
|
||||
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
|
||||
MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
|
||||
#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
|
||||
@ -1388,7 +1197,6 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui
|
||||
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
|
||||
{
|
||||
switch (info->key_exchange) {
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||
return MBEDTLS_PK_RSA;
|
||||
|
||||
@ -1407,8 +1215,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe
|
||||
psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
|
||||
{
|
||||
switch (info->key_exchange) {
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA:
|
||||
return PSA_ALG_RSA_PKCS1V15_CRYPT;
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||
return PSA_ALG_RSA_PKCS1V15_SIGN(
|
||||
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
|
||||
@ -1428,8 +1234,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip
|
||||
psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info)
|
||||
{
|
||||
switch (info->key_exchange) {
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA:
|
||||
return PSA_KEY_USAGE_DECRYPT;
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||
return PSA_KEY_USAGE_SIGN_HASH;
|
||||
|
||||
@ -44,7 +44,6 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t
|
||||
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_PSK:
|
||||
return 1;
|
||||
|
||||
@ -71,7 +70,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuit
|
||||
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
|
||||
{
|
||||
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
|
||||
@ -86,7 +84,6 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_cip
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
|
||||
{
|
||||
switch (info->MBEDTLS_PRIVATE(key_exchange)) {
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
|
||||
|
||||
@ -985,7 +985,6 @@ struct mbedtls_ssl_handshake_params {
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
/** Asynchronous operation context. This field is meant for use by the
|
||||
* asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start,
|
||||
* mbedtls_ssl_config::f_async_decrypt_start,
|
||||
* mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel).
|
||||
* The library does not use it internally. */
|
||||
void *user_async_ctx;
|
||||
|
||||
@ -2737,13 +2737,11 @@ void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_conf_async_private_cb(
|
||||
mbedtls_ssl_config *conf,
|
||||
mbedtls_ssl_async_sign_t *f_async_sign,
|
||||
mbedtls_ssl_async_decrypt_t *f_async_decrypt,
|
||||
mbedtls_ssl_async_resume_t *f_async_resume,
|
||||
mbedtls_ssl_async_cancel_t *f_async_cancel,
|
||||
void *async_config_data)
|
||||
{
|
||||
conf->f_async_sign_start = f_async_sign;
|
||||
conf->f_async_decrypt_start = f_async_decrypt;
|
||||
conf->f_async_resume = f_async_resume;
|
||||
conf->f_async_cancel = f_async_cancel;
|
||||
conf->p_async_config_data = async_config_data;
|
||||
@ -8708,10 +8706,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
|
||||
recv_endpoint == MBEDTLS_SSL_IS_CLIENT) {
|
||||
/* TLS 1.2 server part of the key exchange */
|
||||
switch (ciphersuite->key_exchange) {
|
||||
case MBEDTLS_KEY_EXCHANGE_RSA:
|
||||
usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
|
||||
break;
|
||||
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||
usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
|
||||
|
||||
@ -1732,83 +1732,6 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
/*
|
||||
* Generate a pre-master secret and encrypt it with the server's RSA key
|
||||
*/
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl,
|
||||
size_t offset, size_t *olen,
|
||||
size_t pms_offset)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t len_bytes = 2;
|
||||
unsigned char *p = ssl->handshake->premaster + pms_offset;
|
||||
mbedtls_pk_context *peer_pk;
|
||||
|
||||
if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms"));
|
||||
return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate (part of) the pre-master as
|
||||
* struct {
|
||||
* ProtocolVersion client_version;
|
||||
* opaque random[46];
|
||||
* } PreMasterSecret;
|
||||
*/
|
||||
mbedtls_ssl_write_version(p, ssl->conf->transport,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2);
|
||||
|
||||
if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ssl->handshake->pmslen = 48;
|
||||
|
||||
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
peer_pk = &ssl->handshake->peer_pubkey;
|
||||
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
if (ssl->session_negotiate->peer_cert == NULL) {
|
||||
/* Should never happen */
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
|
||||
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
}
|
||||
peer_pk = &ssl->session_negotiate->peer_cert->pk;
|
||||
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
|
||||
/*
|
||||
* Now write it out, encrypted
|
||||
*/
|
||||
if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch"));
|
||||
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_pk_encrypt(peer_pk,
|
||||
p, ssl->handshake->pmslen,
|
||||
ssl->out_msg + offset + len_bytes, olen,
|
||||
MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (len_bytes == 2) {
|
||||
MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset);
|
||||
*olen += 2;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
/* We don't need the peer's public key anymore. Free it. */
|
||||
mbedtls_pk_free(peer_pk);
|
||||
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
@ -1902,16 +1825,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange"));
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
|
||||
ssl->state++;
|
||||
return 0;
|
||||
}
|
||||
((void) p);
|
||||
((void) end);
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
|
||||
@ -2742,15 +2655,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
|
||||
} else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
|
||||
header_len = 4;
|
||||
if ((ret = ssl_write_encrypted_pms(ssl, header_len,
|
||||
&content_len, 0)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
|
||||
header_len = 4;
|
||||
@ -2768,7 +2672,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
return ret;
|
||||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
{
|
||||
((void) ciphersuite_info);
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
|
||||
|
||||
@ -654,6 +654,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk,
|
||||
* Try picking a certificate for this ciphersuite,
|
||||
* return 0 on success and -1 on failure.
|
||||
*/
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_pick_cert(mbedtls_ssl_context *ssl,
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
|
||||
@ -693,7 +694,6 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl,
|
||||
int key_type_matches = 0;
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
key_type_matches = ((ssl->conf->f_async_sign_start != NULL ||
|
||||
ssl->conf->f_async_decrypt_start != NULL ||
|
||||
mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) &&
|
||||
mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage));
|
||||
#else
|
||||
@ -745,6 +745,8 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl,
|
||||
|
||||
return -1;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
/*
|
||||
@ -807,6 +809,8 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/*
|
||||
* Final check: if ciphersuite requires us to have a
|
||||
@ -822,7 +826,6 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/* If the ciphersuite requires signing, check whether
|
||||
* a suitable hash algorithm is present. */
|
||||
sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info);
|
||||
@ -3181,194 +3184,6 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl,
|
||||
unsigned char *peer_pms,
|
||||
size_t *peer_pmslen,
|
||||
size_t peer_pmssize)
|
||||
{
|
||||
int ret = ssl->conf->f_async_resume(ssl,
|
||||
peer_pms, peer_pmslen, peer_pmssize);
|
||||
if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
|
||||
ssl->handshake->async_in_progress = 0;
|
||||
mbedtls_ssl_set_async_operation_data(ssl, NULL);
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret);
|
||||
return ret;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl,
|
||||
const unsigned char *p,
|
||||
const unsigned char *end,
|
||||
unsigned char *peer_pms,
|
||||
size_t *peer_pmslen,
|
||||
size_t peer_pmssize)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl);
|
||||
if (own_cert == NULL) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("got no local certificate"));
|
||||
return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
|
||||
}
|
||||
mbedtls_pk_context *public_key = &own_cert->pk;
|
||||
mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl);
|
||||
size_t len = mbedtls_pk_get_len(public_key);
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
/* If we have already started decoding the message and there is an ongoing
|
||||
* decryption operation, resume signing. */
|
||||
if (ssl->handshake->async_in_progress != 0) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation"));
|
||||
return ssl_resume_decrypt_pms(ssl,
|
||||
peer_pms, peer_pmslen, peer_pmssize);
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
/*
|
||||
* Prepare to decrypt the premaster using own private RSA key
|
||||
*/
|
||||
if (p + 2 > end) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
if (*p++ != MBEDTLS_BYTE_1(len) ||
|
||||
*p++ != MBEDTLS_BYTE_0(len)) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
if (p + len != end) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
|
||||
return MBEDTLS_ERR_SSL_DECODE_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
* Decrypt the premaster secret
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
if (ssl->conf->f_async_decrypt_start != NULL) {
|
||||
ret = ssl->conf->f_async_decrypt_start(ssl,
|
||||
mbedtls_ssl_own_cert(ssl),
|
||||
p, len);
|
||||
switch (ret) {
|
||||
case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH:
|
||||
/* act as if f_async_decrypt_start was null */
|
||||
break;
|
||||
case 0:
|
||||
ssl->handshake->async_in_progress = 1;
|
||||
return ssl_resume_decrypt_pms(ssl,
|
||||
peer_pms,
|
||||
peer_pmslen,
|
||||
peer_pmssize);
|
||||
case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
|
||||
ssl->handshake->async_in_progress = 1;
|
||||
return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret);
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key"));
|
||||
return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED;
|
||||
}
|
||||
|
||||
ret = mbedtls_pk_decrypt(private_key, p, len,
|
||||
peer_pms, peer_pmslen, peer_pmssize,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng);
|
||||
return ret;
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl,
|
||||
const unsigned char *p,
|
||||
const unsigned char *end,
|
||||
size_t pms_offset)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char *pms = ssl->handshake->premaster + pms_offset;
|
||||
unsigned char ver[2];
|
||||
unsigned char fake_pms[48], peer_pms[48];
|
||||
size_t peer_pmslen;
|
||||
mbedtls_ct_condition_t diff;
|
||||
|
||||
/* In case of a failure in decryption, the decryption may write less than
|
||||
* 2 bytes of output, but we always read the first two bytes. It doesn't
|
||||
* matter in the end because diff will be nonzero in that case due to
|
||||
* ret being nonzero, and we only care whether diff is 0.
|
||||
* But do initialize peer_pms and peer_pmslen for robustness anyway. This
|
||||
* also makes memory analyzers happy (don't access uninitialized memory,
|
||||
* even if it's an unsigned char). */
|
||||
peer_pms[0] = peer_pms[1] = ~0;
|
||||
peer_pmslen = 0;
|
||||
|
||||
ret = ssl_decrypt_encrypted_pms(ssl, p, end,
|
||||
peer_pms,
|
||||
&peer_pmslen,
|
||||
sizeof(peer_pms));
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) {
|
||||
return ret;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
mbedtls_ssl_write_version(ver, ssl->conf->transport,
|
||||
ssl->session_negotiate->tls_version);
|
||||
|
||||
/* Avoid data-dependent branches while checking for invalid
|
||||
* padding, to protect against timing-based Bleichenbacher-type
|
||||
* attacks. */
|
||||
diff = mbedtls_ct_bool(ret);
|
||||
diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48));
|
||||
diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0]));
|
||||
diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1]));
|
||||
|
||||
/*
|
||||
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
|
||||
* must not cause the connection to end immediately; instead, send a
|
||||
* bad_record_mac later in the handshake.
|
||||
* To protect against timing-based variants of the attack, we must
|
||||
* not have any branch that depends on whether the decryption was
|
||||
* successful. In particular, always generate the fake premaster secret,
|
||||
* regardless of whether it will ultimately influence the output or not.
|
||||
*/
|
||||
ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms));
|
||||
if (ret != 0) {
|
||||
/* It's ok to abort on an RNG failure, since this does not reveal
|
||||
* anything about the RSA decryption. */
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||
if (diff != MBEDTLS_CT_FALSE) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message"));
|
||||
}
|
||||
#endif
|
||||
|
||||
if (sizeof(ssl->handshake->premaster) < pms_offset ||
|
||||
sizeof(ssl->handshake->premaster) - pms_offset < 48) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
|
||||
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
}
|
||||
ssl->handshake->pmslen = 48;
|
||||
|
||||
/* Set pms to either the true or the fake PMS, without
|
||||
* data-dependent branches. */
|
||||
mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen);
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p,
|
||||
@ -3435,16 +3250,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange"));
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA &&
|
||||
(ssl->handshake->async_in_progress != 0)) {
|
||||
/* We've already read a record and there is an asynchronous
|
||||
* operation in progress to decrypt it. So skip reading the
|
||||
* record. */
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record"));
|
||||
} else
|
||||
#endif
|
||||
if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
|
||||
return ret;
|
||||
@ -3635,14 +3440,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||
|
||||
} else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) {
|
||||
if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret);
|
||||
return ret;
|
||||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) {
|
||||
if ((ret = mbedtls_psa_ecjpake_read_round(
|
||||
|
||||
@ -351,7 +351,7 @@ int main(void)
|
||||
" key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
|
||||
" comma-separated pair of values among the following:\n" \
|
||||
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \
|
||||
" ecdsa-sign, ecdh, none (only acceptable for\n" \
|
||||
" the second value).\n" \
|
||||
|
||||
|
||||
@ -210,7 +210,7 @@ int main(void)
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
#define USAGE_SSL_ASYNC \
|
||||
" async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \
|
||||
" async_operations=%%c... s=sign (default: -=off)\n" \
|
||||
" async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \
|
||||
" async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \
|
||||
" default: -1 (not asynchronous)\n" \
|
||||
@ -478,13 +478,13 @@ int main(void)
|
||||
" key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \
|
||||
" comma-separated pair of values among the following:\n" \
|
||||
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \
|
||||
" ecdsa-sign, ecdh, none (only acceptable for\n" \
|
||||
" the second value).\n" \
|
||||
" key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \
|
||||
" comma-separated pair of values among the following:\n" \
|
||||
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \
|
||||
" ecdsa-sign, ecdh, none (only acceptable for\n" \
|
||||
" the second value).\n"
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
@ -1227,16 +1227,6 @@ static int ssl_async_sign(mbedtls_ssl_context *ssl,
|
||||
hash, hash_len);
|
||||
}
|
||||
|
||||
static int ssl_async_decrypt(mbedtls_ssl_context *ssl,
|
||||
mbedtls_x509_crt *cert,
|
||||
const unsigned char *input,
|
||||
size_t input_len)
|
||||
{
|
||||
return ssl_async_start(ssl, cert,
|
||||
ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE,
|
||||
input, input_len);
|
||||
}
|
||||
|
||||
static int ssl_async_resume(mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
size_t *output_len,
|
||||
@ -1257,12 +1247,6 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl,
|
||||
}
|
||||
|
||||
switch (ctx->operation_type) {
|
||||
case ASYNC_OP_DECRYPT:
|
||||
ret = mbedtls_pk_decrypt(key_slot->pk,
|
||||
ctx->input, ctx->input_len,
|
||||
output, output_len, output_size,
|
||||
config_data->f_rng, config_data->p_rng);
|
||||
break;
|
||||
case ASYNC_OP_SIGN:
|
||||
ret = mbedtls_pk_sign(key_slot->pk,
|
||||
ctx->md_alg,
|
||||
@ -3118,13 +3102,9 @@ usage:
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
if (opt.async_operations[0] != '-') {
|
||||
mbedtls_ssl_async_sign_t *sign = NULL;
|
||||
mbedtls_ssl_async_decrypt_t *decrypt = NULL;
|
||||
const char *r;
|
||||
for (r = opt.async_operations; *r; r++) {
|
||||
switch (*r) {
|
||||
case 'd':
|
||||
decrypt = ssl_async_decrypt;
|
||||
break;
|
||||
case 's':
|
||||
sign = ssl_async_sign;
|
||||
break;
|
||||
@ -3137,7 +3117,6 @@ usage:
|
||||
ssl_async_keys.p_rng = &rng;
|
||||
mbedtls_ssl_conf_async_private_cb(&conf,
|
||||
sign,
|
||||
decrypt,
|
||||
ssl_async_resume,
|
||||
ssl_async_cancel,
|
||||
&ssl_async_keys);
|
||||
|
||||
@ -315,6 +315,7 @@ uint16_t ssl_sig_algs_for_test[] = {
|
||||
};
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function
|
||||
* for more info.
|
||||
@ -352,7 +353,6 @@ static int x509_crt_verify_info(char *buf, size_t size, const char *prefix,
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
static void mbedtls_print_supported_sig_algs(void)
|
||||
{
|
||||
mbedtls_printf("supported signature algorithms:\n");
|
||||
|
||||
@ -197,7 +197,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)
|
||||
strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
|
||||
strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
|
||||
strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
|
||||
strcmp(*alg1, "rsa-decrypt") != 0 &&
|
||||
strcmp(*alg1, "ecdsa-sign") != 0 &&
|
||||
strcmp(*alg1, "ecdh") != 0) {
|
||||
return 1;
|
||||
@ -208,7 +207,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)
|
||||
strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
|
||||
strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
|
||||
strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
|
||||
strcmp(*alg2, "rsa-decrypt") != 0 &&
|
||||
strcmp(*alg2, "ecdsa-sign") != 0 &&
|
||||
strcmp(*alg2, "ecdh") != 0 &&
|
||||
strcmp(*alg2, "none") != 0) {
|
||||
@ -245,9 +243,6 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
|
||||
} else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) {
|
||||
*psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512);
|
||||
*usage |= PSA_KEY_USAGE_SIGN_HASH;
|
||||
} else if (strcmp(algs[i], "rsa-decrypt") == 0) {
|
||||
*psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
|
||||
*usage |= PSA_KEY_USAGE_DECRYPT;
|
||||
} else if (strcmp(algs[i], "ecdsa-sign") == 0) {
|
||||
*psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
|
||||
*usage |= PSA_KEY_USAGE_SIGN_HASH;
|
||||
|
||||
@ -202,7 +202,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len);
|
||||
* Coma-separated pair of values among the following:
|
||||
* - "rsa-sign-pkcs1"
|
||||
* - "rsa-sign-pss"
|
||||
* - "rsa-decrypt"
|
||||
* - "ecdsa-sign"
|
||||
* - "ecdh"
|
||||
* - "none" (only acceptable for the second value).
|
||||
|
||||
@ -327,17 +327,6 @@ add_common_ciphersuites()
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \
|
||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \
|
||||
TLS_ECDHE_RSA_WITH_NULL_SHA \
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA \
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256 \
|
||||
TLS_RSA_WITH_AES_128_GCM_SHA256 \
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA \
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA256 \
|
||||
TLS_RSA_WITH_AES_256_GCM_SHA384 \
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA \
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA \
|
||||
TLS_RSA_WITH_NULL_MD5 \
|
||||
TLS_RSA_WITH_NULL_SHA \
|
||||
TLS_RSA_WITH_NULL_SHA256 \
|
||||
"
|
||||
;;
|
||||
|
||||
@ -388,8 +377,6 @@ add_openssl_ciphersuites()
|
||||
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \
|
||||
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \
|
||||
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
|
||||
TLS_RSA_WITH_ARIA_128_GCM_SHA256 \
|
||||
TLS_RSA_WITH_ARIA_256_GCM_SHA384 \
|
||||
"
|
||||
;;
|
||||
|
||||
@ -437,14 +424,6 @@ add_gnutls_ciphersuites()
|
||||
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
|
||||
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \
|
||||
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
|
||||
TLS_RSA_WITH_AES_128_CCM \
|
||||
TLS_RSA_WITH_AES_128_CCM_8 \
|
||||
TLS_RSA_WITH_AES_256_CCM \
|
||||
TLS_RSA_WITH_AES_256_CCM_8 \
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
|
||||
TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 \
|
||||
TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
|
||||
"
|
||||
;;
|
||||
|
||||
@ -506,8 +485,6 @@ add_mbedtls_ciphersuites()
|
||||
M_CIPHERS="$M_CIPHERS \
|
||||
TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \
|
||||
TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \
|
||||
TLS_RSA_WITH_ARIA_128_CBC_SHA256 \
|
||||
TLS_RSA_WITH_ARIA_256_CBC_SHA384 \
|
||||
"
|
||||
;;
|
||||
|
||||
|
||||
@ -241,16 +241,6 @@ run_test "Default configuration, client" \
|
||||
-u "basic constraints.* CA=false$" \
|
||||
-n "bytes left to analyze from context"
|
||||
|
||||
run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \
|
||||
"srv_ciphersuite.txt" \
|
||||
-n "ERROR" \
|
||||
-u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
|
||||
|
||||
run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \
|
||||
"cli_ciphersuite.txt" \
|
||||
-n "ERROR" \
|
||||
-u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
|
||||
|
||||
run_test "No packing, server" \
|
||||
"srv_no_packing.txt" \
|
||||
-n "ERROR" \
|
||||
|
||||
@ -66,8 +66,7 @@
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
|
||||
#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
#endif
|
||||
|
||||
|
||||
@ -1165,7 +1165,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
|
||||
scripts/config.py unset MBEDTLS_PKCS1_V21
|
||||
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
# Also disable key exchanges that depend on RSA
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
|
||||
@ -1525,7 +1524,6 @@ component_test_new_psa_want_key_pair_symbol () {
|
||||
scripts/config.py unset MBEDTLS_PKCS1_V21
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_RSA_C
|
||||
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
|
||||
|
||||
@ -315,7 +315,6 @@ REVERSE_DEPENDENCIES = {
|
||||
'PSA_WANT_ALG_RSA_OAEP',
|
||||
'PSA_WANT_ALG_RSA_PSS'],
|
||||
'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
|
||||
'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
|
||||
'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT',
|
||||
'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'],
|
||||
'MBEDTLS_RSA_C': ['MBEDTLS_PKCS1_V15',
|
||||
|
||||
@ -311,8 +311,7 @@ requires_any_configs_disabled() {
|
||||
SKIP_NEXT="YES"
|
||||
}
|
||||
|
||||
TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
|
||||
TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
|
||||
@ -320,8 +319,7 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
|
||||
TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
|
||||
|
||||
TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
|
||||
TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
|
||||
|
||||
requires_certificate_authentication () {
|
||||
@ -2307,20 +2305,6 @@ run_test "Opaque key for server authentication: ECDH-" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \
|
||||
"$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
|
||||
key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \
|
||||
debug_level=1" \
|
||||
"$P_CLI force_version=tls12" \
|
||||
1 \
|
||||
-s "key types: Opaque, none" \
|
||||
-s "error" \
|
||||
-c "error" \
|
||||
-c "Public key type mismatch"
|
||||
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
@ -2337,20 +2321,6 @@ run_test "Opaque key for server authentication: invalid key: ecdh with RSA ke
|
||||
-c "error" \
|
||||
-c "Public key type mismatch"
|
||||
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \
|
||||
"$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
|
||||
key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \
|
||||
debug_level=1" \
|
||||
"$P_CLI force_version=tls12" \
|
||||
1 \
|
||||
-s "key types: Opaque, none" \
|
||||
-s "got ciphersuites in common, but none of them usable" \
|
||||
-s "error" \
|
||||
-c "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
@ -2439,8 +2409,8 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
run_test "TLS 1.3 opaque key: no suitable algorithm found" \
|
||||
"$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \
|
||||
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
||||
"$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,none" \
|
||||
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
|
||||
1 \
|
||||
-c "key type: Opaque" \
|
||||
-s "key types: Opaque, Opaque" \
|
||||
@ -2452,8 +2422,8 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
run_test "TLS 1.3 opaque key: suitable algorithm found" \
|
||||
"$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
||||
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
||||
"$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
|
||||
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
|
||||
0 \
|
||||
-c "key type: Opaque" \
|
||||
-s "key types: Opaque, Opaque" \
|
||||
@ -2479,8 +2449,8 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||
run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \
|
||||
"$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
||||
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
|
||||
"$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
|
||||
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
|
||||
0 \
|
||||
-c "key type: Opaque" \
|
||||
-s "key types: Opaque, Opaque" \
|
||||
@ -7725,12 +7695,12 @@ run_test "keyUsage srv 1.2: RSA, digitalSignature -> ECDHE-RSA" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-ECDHE-RSA-WITH-"
|
||||
|
||||
run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \
|
||||
run_test "keyUsage srv 1.2: RSA, keyEncipherment -> fail" \
|
||||
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
|
||||
crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \
|
||||
"$P_CLI" \
|
||||
0 \
|
||||
-c "Ciphersuite is TLS-RSA-WITH-"
|
||||
1 \
|
||||
-C "Ciphersuite is "
|
||||
|
||||
run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \
|
||||
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
|
||||
@ -8862,17 +8832,6 @@ run_test "ECJPAKE: working, DTLS, nolog" \
|
||||
|
||||
# Test for ClientHello without extensions
|
||||
|
||||
# Without extensions, ECC is impossible (no curve negotiation).
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_gnutls
|
||||
run_test "ClientHello without extensions: RSA" \
|
||||
"$P_SRV force_version=tls12 debug_level=3" \
|
||||
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||
0 \
|
||||
-s "Ciphersuite is .*-RSA-WITH-.*" \
|
||||
-S "Ciphersuite is .*-EC.*" \
|
||||
-s "dumping 'client hello extensions' (0 bytes)"
|
||||
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||
requires_gnutls
|
||||
run_test "ClientHello without extensions: PSK" \
|
||||
|
||||
@ -63,6 +63,45 @@ exit:
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
|
||||
defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(PSA_WANT_ECC_SECP_R1_384) && \
|
||||
defined(PSA_WANT_ALG_SHA_256)
|
||||
/*
|
||||
* Test function to perform a handshake using the mfl extension and with
|
||||
* setting the resize buffer option.
|
||||
*/
|
||||
static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
|
||||
int serialize, int dtls, char *cipher)
|
||||
{
|
||||
mbedtls_test_handshake_test_options options;
|
||||
mbedtls_test_init_handshake_options(&options);
|
||||
|
||||
options.mfl = mfl;
|
||||
options.cipher = cipher;
|
||||
options.renegotiate = renegotiation;
|
||||
options.legacy_renegotiation = legacy_renegotiation;
|
||||
options.serialize = serialize;
|
||||
options.dtls = dtls;
|
||||
if (dtls) {
|
||||
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
}
|
||||
options.resize_buffers = 1;
|
||||
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite =
|
||||
mbedtls_ssl_ciphersuite_from_string(cipher);
|
||||
if (ciphersuite != NULL) {
|
||||
options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite);
|
||||
}
|
||||
|
||||
mbedtls_test_ssl_perform_handshake(&options);
|
||||
|
||||
mbedtls_test_free_handshake_options(&options);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_GCM) || defined(PSA_WANT_ALG_CHACHA20_POLY1305)
|
||||
#define TEST_GCM_OR_CHACHAPOLY_ENABLED
|
||||
#endif
|
||||
@ -2825,40 +2864,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */
|
||||
void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
|
||||
int serialize, int dtls, char *cipher)
|
||||
{
|
||||
mbedtls_test_handshake_test_options options;
|
||||
mbedtls_test_init_handshake_options(&options);
|
||||
|
||||
options.mfl = mfl;
|
||||
options.cipher = cipher;
|
||||
options.renegotiate = renegotiation;
|
||||
options.legacy_renegotiation = legacy_renegotiation;
|
||||
options.serialize = serialize;
|
||||
options.dtls = dtls;
|
||||
if (dtls) {
|
||||
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
}
|
||||
options.resize_buffers = 1;
|
||||
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite =
|
||||
mbedtls_ssl_ciphersuite_from_string(cipher);
|
||||
if (ciphersuite != NULL) {
|
||||
options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite);
|
||||
}
|
||||
|
||||
mbedtls_test_ssl_perform_handshake(&options);
|
||||
|
||||
/* The goto below is used to avoid an "unused label" warning.*/
|
||||
goto exit;
|
||||
exit:
|
||||
mbedtls_test_free_handshake_options(&options);
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */
|
||||
void resize_buffers_serialize_mfl(int mfl)
|
||||
{
|
||||
/* Choose an AEAD ciphersuite */
|
||||
@ -2885,16 +2891,16 @@ void resize_buffers_serialize_mfl(int mfl)
|
||||
|
||||
TEST_ASSERT(ciphersuite != NULL);
|
||||
|
||||
test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
|
||||
resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
|
||||
(char *) ciphersuite->name);
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */
|
||||
void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation,
|
||||
char *cipher)
|
||||
{
|
||||
test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher);
|
||||
resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher);
|
||||
/* The goto below is used to avoid an "unused label" warning.*/
|
||||
goto exit;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user