priorities: introduced %FORCE_ETMtmp-measure-record

This introduces a priority string option to force encrypt-then-mac
during negotiation, to prevent negotiating the legacy CBC ciphersuites.

Resolves #472

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

1 files changed, 8 insertions, 1 deletions

diff --git a/lib/handshake.c b/lib/handshake.c
index 30e229f3d0..278769e2f8 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -1825,7 +1825,6 @@ read_server_hello(gnutls_session_t session,
 	 */
 	if (!vers->tls13_sem &&
 	    client_check_if_resuming(session, session_id, session_id_len) == 0) {
-
 		ret =
 		    _gnutls_parse_hello_extensions(session, GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
 						   GNUTLS_EXT_MANDATORY,
@@ -1878,6 +1877,14 @@ read_server_hello(gnutls_session_t session,
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
+	/* check if EtM is required */
+	if (!vers->tls13_sem && session->internals.priorities->force_etm && !session->security_parameters.etm) {
+		const cipher_entry_st *cipher = cipher_to_entry(session->security_parameters.cs->block_algorithm);
+		if (_gnutls_cipher_type(cipher) == CIPHER_BLOCK)
+			return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
+	}
+
+
 	ret =
 	    _gnutls_parse_hello_extensions(session,
 					   ext_parse_flag,