From a1bf92ddb45d89f85b0e01b0159dd16c2bdf5169 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 19 Apr 2013 19:48:45 +0200 Subject: [PATCH] Added PSK NULL ciphers from RFC4785 --- include/polarssl/ssl_ciphersuites.h | 4 ++++ library/ssl_ciphersuites.c | 31 +++++++++++++++++++++++++++-- tests/compat.sh | 2 ++ 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h index 665c2195f..67b38e318 100644 --- a/include/polarssl/ssl_ciphersuites.h +++ b/include/polarssl/ssl_ciphersuites.h @@ -49,6 +49,10 @@ extern "C" { #define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16 +#define TLS_PSK_WITH_NULL_SHA 0x2C +#define TLS_DHE_PSK_WITH_NULL_SHA 0x2D +#define TLS_RSA_PSK_WITH_NULL_SHA 0x2E + #define TLS_RSA_WITH_AES_128_CBC_SHA 0x2F #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x35 diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index d4d96bfcf..6f5bfff0b 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -118,6 +118,9 @@ static const int ciphersuite_preference[] = TLS_RSA_WITH_NULL_SHA256, TLS_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_MD5, + TLS_PSK_WITH_NULL_SHA, + TLS_DHE_PSK_WITH_NULL_SHA, + TLS_RSA_PSK_WITH_NULL_SHA, 0 }; @@ -487,8 +490,8 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) -#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) #if defined(POLARSSL_CIPHER_NULL_CIPHER) +#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, @@ -506,9 +509,33 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_WEAK }, -#endif /* POLARSSL_CIPHER_NULL_CIPHER */ #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */ +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) + { TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", + POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ + +#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) + { TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", + POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, +#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */ + +#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) + { TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", + POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, +#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */ +#endif /* POLARSSL_CIPHER_NULL_CIPHER */ + #if defined(POLARSSL_DES_C) #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA", diff --git a/tests/compat.sh b/tests/compat.sh index 7213599f6..f805b9fcc 100644 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -205,6 +205,8 @@ P_CIPHERS="$P_CIPHERS \ TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ + TLS-PSK-WITH-NULL-SHA \ + TLS-DHE-PSK-WITH-NULL-SHA \ " for i in $P_CIPHERS;