From 0098e7dc70f9009570b3318209caef94ff31bff9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Oct 2014 13:08:59 +0100 Subject: [PATCH] Preparation for EtM --- library/ssl_tls.c | 59 ++++++++++++++++++++++++++++++++++++++--------- tests/ssl-opt.sh | 15 ++++++++---- 2 files changed, 58 insertions(+), 16 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e8f2b7fd4..5ffb35ef7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1060,6 +1060,41 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret, } #endif /* POLARSSL_SSL_PROTO_SSL3 */ +#define MAC_NONE 0 +#define MAC_PLAINTEXT 1 +#define MAC_CIPHERTEXT 2 + +/* + * Is MAC applied on ciphertext, cleartext or not at all? + */ +static char ssl_get_mac_order( ssl_context *ssl, + const ssl_session *session, + cipher_mode_t mode ) +{ +#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) + if( mode == POLARSSL_MODE_STREAM ) + return( MAC_PLAINTEXT ); +#endif + +#if defined(POLARSSL_CIPHER_MODE_CBC) && \ + ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) + if( mode == POLARSSL_MODE_CBC ) + { +#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC) + if( session != NULL && session->encrypt_then_mac == SSL_ETM_ENABLED ) + { + SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); + return( MAC_CIPHERTEXT ); + } +#endif + + return( MAC_PLAINTEXT ); + } +#endif + + return( MAC_NONE ); +} + /* * Encryption/decryption functions */ @@ -1068,26 +1103,20 @@ static int ssl_encrypt_buf( ssl_context *ssl ) size_t i; const cipher_mode_t mode = cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ); + char mac_order; SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); -#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC) - if( ssl->session_out != NULL && - ssl->session_out->encrypt_then_mac == SSL_ETM_ENABLED ) - { - // WIP - SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); - } -#endif + mac_order = ssl_get_mac_order( ssl, ssl->session_out, mode ); /* - * Add MAC before encrypt, except for AEAD modes + * Add MAC before if needed */ #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \ ( defined(POLARSSL_CIPHER_MODE_CBC) && \ ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) ) - if( mode != POLARSSL_MODE_GCM && - mode != POLARSSL_MODE_CCM ) + if( mac_order == MAC_PLAINTEXT + || mac_order == MAC_CIPHERTEXT ) // WIP! { #if defined(POLARSSL_SSL_PROTO_SSL3) if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) @@ -1358,6 +1387,7 @@ static int ssl_decrypt_buf( ssl_context *ssl ) ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) ) size_t padlen = 0, correct = 1; #endif + char mac_order; SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); @@ -1368,6 +1398,9 @@ static int ssl_decrypt_buf( ssl_context *ssl ) return( POLARSSL_ERR_SSL_INVALID_MAC ); } + mac_order = ssl_get_mac_order( ssl, ssl->session_in, mode ); + (void) mac_order; // WIP + #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) if( mode == POLARSSL_MODE_STREAM ) { @@ -1763,6 +1796,10 @@ static int ssl_decrypt_buf( ssl_context *ssl ) return( 0 ); } +#undef MAC_NONE +#undef MAC_PLAINTEXT +#undef MAC_CIPHERTEXT + #if defined(POLARSSL_ZLIB_SUPPORT) /* * Compression/decompression functions diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6db8571ff..100c24459 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -443,7 +443,8 @@ run_test "Truncated HMAC: actual test" \ # Tests for Encrypt-then-MAC extension run_test "Encrypt then MAC: default" \ - "$P_SRV debug_level=3" \ + "$P_SRV debug_level=3 \ + force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \ @@ -454,7 +455,8 @@ run_test "Encrypt then MAC: default" \ -s "using encrypt then mac" run_test "Encrypt then MAC: client enabled, server disabled" \ - "$P_SRV debug_level=3 etm=0" \ + "$P_SRV debug_level=3 etm=0 \ + force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3 etm=1" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \ @@ -465,7 +467,8 @@ run_test "Encrypt then MAC: client enabled, server disabled" \ -S "using encrypt then mac" run_test "Encrypt then MAC: client disabled, server enabled" \ - "$P_SRV debug_level=3 etm=1" \ + "$P_SRV debug_level=3 etm=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3 etm=0" \ 0 \ -C "client hello, adding encrypt_then_mac extension" \ @@ -476,7 +479,8 @@ run_test "Encrypt then MAC: client disabled, server enabled" \ -S "using encrypt then mac" run_test "Encrypt then MAC: client SSLv3, server enabled" \ - "$P_SRV debug_level=3" \ + "$P_SRV debug_level=3 \ + force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3 force_version=ssl3" \ 0 \ -C "client hello, adding encrypt_then_mac extension" \ @@ -487,7 +491,8 @@ run_test "Encrypt then MAC: client SSLv3, server enabled" \ -S "using encrypt then mac" run_test "Encrypt then MAC: client enabled, server SSLv3" \ - "$P_SRV debug_level=3 force_version=ssl3" \ + "$P_SRV debug_level=3 force_version=ssl3 \ + force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \