Implement initial negotiation of EtM

Not implemented yet: - actually using EtM - conditions on renegotiation
2014-10-27 13:57:03 +01:00 · 2014-10-27 13:57:03 +01:00 · 699cafaea2
commit 699cafaea2
parent b3c6a97b31
9 changed files with 308 additions and 2 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -97,6 +97,7 @@ int main( int argc, char *argv[] )
 #define DFL_ALPN_STRING         NULL
 #define DFL_FALLBACK            -1
 #define DFL_EXTENDED_MS         -1
+#define DFL_ETM                 -1

 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
 #define GET_REQUEST_END "\r\n\r\n"
@ -136,6 +137,7 @@ struct options
    const char *alpn_string;    /* ALPN supported protocols                 */
    int fallback;               /* is this a fallback connection?           */
    char extended_ms;           /* negotiate extended master secret?        */
+    char etm;       ;           /* negotiate encrypt then mac?     ?        */
 } opt;

 static void my_debug( void *ctx, int level, const char *str )
@ -302,6 +304,13 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
 #define USAGE_EMS ""
 #endif

+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+#define USAGE_ETM \
+    "    etm=0/1             default: (library default: on)\n"
+#else
+#define USAGE_ETM ""
+#endif
+
 #define USAGE \
    "\n usage: ssl_client2 param=<>...\n"                   \
    "\n acceptable parameters:\n"                           \
@ -333,6 +342,7 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
    USAGE_ALPN                                              \
    USAGE_FALLBACK                                          \
    USAGE_EMS                                               \
+    USAGE_ETM                                               \
    "\n"                                                    \
    "    min_version=%%s      default: \"\" (ssl3)\n"       \
    "    max_version=%%s      default: \"\" (tls1_2)\n"     \
@ -435,6 +445,7 @@ int main( int argc, char *argv[] )
    opt.alpn_string         = DFL_ALPN_STRING;
    opt.fallback            = DFL_FALLBACK;
    opt.extended_ms         = DFL_EXTENDED_MS;
+    opt.etm                 = DFL_ETM;

    for( i = 1; i < argc; i++ )
    {
@ -559,6 +570,15 @@ int main( int argc, char *argv[] )
                default: goto usage;
            }
        }
+        else if( strcmp( p, "etm" ) == 0 )
+        {
+            switch( atoi( q ) )
+            {
+                case 0: opt.etm = SSL_ETM_DISABLED; break;
+                case 1: opt.etm = SSL_ETM_ENABLED; break;
+                default: goto usage;
+            }
+        }
        else if( strcmp( p, "min_version" ) == 0 )
        {
            if( strcmp( q, "ssl3" ) == 0 )
@ -927,6 +947,11 @@ int main( int argc, char *argv[] )
        ssl_set_extended_master_secret( &ssl, opt.extended_ms );
 #endif

+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+    if( opt.etm != DFL_ETM )
+        ssl_set_encrypt_then_mac( &ssl, opt.etm );
+#endif
+
 #if defined(POLARSSL_SSL_ALPN)
    if( opt.alpn_string != NULL )
        if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )