Preparation for EtM

2025-11-04 04:32:24 -05:00 · 2014-10-28 13:08:59 +01:00 · 2014-10-28 13:08:59 +01:00 · 0098e7dc70
commit 0098e7dc70
parent 699cafaea2
2 changed files with 58 additions and 16 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1060,6 +1060,41 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret,
 }
 #endif /* POLARSSL_SSL_PROTO_SSL3 */

+#define MAC_NONE        0
+#define MAC_PLAINTEXT   1
+#define MAC_CIPHERTEXT  2
+
+/*
+ * Is MAC applied on ciphertext, cleartext or not at all?
+ */
+static char ssl_get_mac_order( ssl_context *ssl,
+                               const ssl_session *session,
+                               cipher_mode_t mode )
+{
+#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
+    if( mode == POLARSSL_MODE_STREAM )
+        return( MAC_PLAINTEXT );
+#endif
+
+#if defined(POLARSSL_CIPHER_MODE_CBC) && \
+  ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
+    if( mode == POLARSSL_MODE_CBC )
+    {
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+        if( session != NULL && session->encrypt_then_mac == SSL_ETM_ENABLED )
+        {
+            SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
+            return( MAC_CIPHERTEXT );
+        }
+#endif
+
+        return( MAC_PLAINTEXT );
+    }
+#endif
+
+    return( MAC_NONE );
+}
+
 /*
 * Encryption/decryption functions
 */
@ -1068,26 +1103,20 @@ static int ssl_encrypt_buf( ssl_context *ssl )
    size_t i;
    const cipher_mode_t mode = cipher_get_cipher_mode(
                                        &ssl->transform_out->cipher_ctx_enc );
+    char mac_order;

    SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );

-#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
-    if( ssl->session_out != NULL &&
-        ssl->session_out->encrypt_then_mac == SSL_ETM_ENABLED )
-    {
-        // WIP
-        SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
-    }
-#endif
+    mac_order = ssl_get_mac_order( ssl, ssl->session_out, mode );

    /*
-     * Add MAC before encrypt, except for AEAD modes
+     * Add MAC before if needed
     */
 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) ||     \
    ( defined(POLARSSL_CIPHER_MODE_CBC) &&                                  \
      ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
-    if( mode != POLARSSL_MODE_GCM &&
-        mode != POLARSSL_MODE_CCM )
+    if( mac_order == MAC_PLAINTEXT
+            || mac_order == MAC_CIPHERTEXT ) // WIP!
    {
 #if defined(POLARSSL_SSL_PROTO_SSL3)
        if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
@ -1358,6 +1387,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
      ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
    size_t padlen = 0, correct = 1;
 #endif
+    char mac_order;

    SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );

@ -1368,6 +1398,9 @@ static int ssl_decrypt_buf( ssl_context *ssl )
        return( POLARSSL_ERR_SSL_INVALID_MAC );
    }

+    mac_order = ssl_get_mac_order( ssl, ssl->session_in, mode );
+    (void) mac_order; // WIP
+
 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
    if( mode == POLARSSL_MODE_STREAM )
    {
@ -1763,6 +1796,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
    return( 0 );
 }

+#undef MAC_NONE
+#undef MAC_PLAINTEXT
+#undef MAC_CIPHERTEXT
+
 #if defined(POLARSSL_ZLIB_SUPPORT)
 /*
 * Compression/decompression functions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -443,7 +443,8 @@ run_test    "Truncated HMAC: actual test" \
 # Tests for Encrypt-then-MAC extension

 run_test    "Encrypt then MAC: default" \
-            "$P_SRV debug_level=3" \
+            "$P_SRV debug_level=3 \
+             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
            "$P_CLI debug_level=3" \
            0 \
            -c "client hello, adding encrypt_then_mac extension" \
@ -454,7 +455,8 @@ run_test    "Encrypt then MAC: default" \
            -s "using encrypt then mac"

 run_test    "Encrypt then MAC: client enabled, server disabled" \
-            "$P_SRV debug_level=3 etm=0" \
+            "$P_SRV debug_level=3 etm=0 \
+             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
            "$P_CLI debug_level=3 etm=1" \
            0 \
            -c "client hello, adding encrypt_then_mac extension" \
@ -465,7 +467,8 @@ run_test    "Encrypt then MAC: client enabled, server disabled" \
            -S "using encrypt then mac"

 run_test    "Encrypt then MAC: client disabled, server enabled" \
-            "$P_SRV debug_level=3 etm=1" \
+            "$P_SRV debug_level=3 etm=1 \
+             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
            "$P_CLI debug_level=3 etm=0" \
            0 \
            -C "client hello, adding encrypt_then_mac extension" \
@ -476,7 +479,8 @@ run_test    "Encrypt then MAC: client disabled, server enabled" \
            -S "using encrypt then mac"

 run_test    "Encrypt then MAC: client SSLv3, server enabled" \
-            "$P_SRV debug_level=3" \
+            "$P_SRV debug_level=3 \
+             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
            "$P_CLI debug_level=3 force_version=ssl3" \
            0 \
            -C "client hello, adding encrypt_then_mac extension" \
@ -487,7 +491,8 @@ run_test    "Encrypt then MAC: client SSLv3, server enabled" \
            -S "using encrypt then mac"

 run_test    "Encrypt then MAC: client enabled, server SSLv3" \
-            "$P_SRV debug_level=3 force_version=ssl3" \
+            "$P_SRV debug_level=3 force_version=ssl3 \
+             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
            "$P_CLI debug_level=3" \
            0 \
            -c "client hello, adding encrypt_then_mac extension" \