diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-06-05 10:37:58 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-06-12 09:32:27 +0200 |
| commit | ce671a6db9e47006cff152d485091141b1569f39 (patch) | |
| tree | 487cec32f4fa5c1eb4a954f46a32625fe76fcd47 /lib/algorithms | |
| parent | 62248b6adf0c11d469b04b4bf58aa97deff5a813 (diff) | |
| download | gnutls-ce671a6db9e47006cff152d485091141b1569f39.tar.gz | |
priorities: introduced %FORCE_ETMtmp-measure-record
This introduces a priority string option to force encrypt-then-mac
during negotiation, to prevent negotiating the legacy CBC ciphersuites.
Resolves #472
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/algorithms')
| -rw-r--r-- | lib/algorithms/ciphersuites.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 02023ce2a9..ac1fdf9f41 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1405,6 +1405,14 @@ const char *gnutls_cipher_suite_info(size_t idx, continue; \ } +#define CIPHER_CHECK(algo) \ + if (session->internals.priorities->force_etm && !have_etm) { \ + const cipher_entry_st *_cipher; \ + _cipher = cipher_to_entry(algo); \ + if (_cipher == NULL || _gnutls_cipher_type(_cipher) == CIPHER_BLOCK) \ + continue; \ + } + #define KX_SRP_CHECKS(kx, action) \ if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) { \ if (!_gnutls_get_cred(session, GNUTLS_CRD_SRP)) { \ @@ -1450,11 +1458,20 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, gnutls_credentials_type_t cred_type = GNUTLS_CRD_CERTIFICATE; /* default for TLS1.3 */ unsigned int no_cert_found = 0; const gnutls_group_entry_st *sgroup = NULL; + gnutls_ext_priv_data_t epriv; + unsigned have_etm = 0; if (version == NULL) { return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES); } + /* we figure whether etm is negotiated by checking the raw extension data + * because we only set (security_params) EtM to true only after the ciphersuite is + * negotiated. */ + ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ETM, &epriv); + if (ret >= 0 && ((intptr_t)epriv) != 0) + have_etm = 1; + /* If we didn't receive the supported_groups extension, then * we should assume that SECP256R1 is supported; that is required * by RFC4492, probably to allow SSLv2 hellos negotiate elliptic curve @@ -1474,6 +1491,8 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, kx = peer_clist->entry[i]->kx_algorithm; + CIPHER_CHECK(peer_clist->entry[i]->block_algorithm); + if (!version->tls13_sem) cred_type = _gnutls_map_kx_get_cred(kx, 1); @@ -1510,6 +1529,8 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, for (j = 0; j < session->internals.priorities->cs.size; j++) { VERSION_CHECK(session->internals.priorities->cs.entry[j]); + CIPHER_CHECK(session->internals.priorities->cs.entry[j]->block_algorithm); + for (i = 0; i < peer_clist->size; i++) { _gnutls_debug_log("checking %.2x.%.2x (%s) for compatibility\n", (unsigned)peer_clist->entry[i]->id[0], |