Declare ChaCha-Poly ciphersuites
Prefer them over AES-GCM as they have better performance and fewer side channel considerations in software implementations.
This commit is contained in:
parent
f57bf8b467
commit
ce66d5e8e1
@ -271,6 +271,15 @@ extern "C" {
|
||||
|
||||
#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */
|
||||
|
||||
/* RFC 7905 */
|
||||
#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */
|
||||
#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE /**< TLS 1.2 */
|
||||
|
||||
/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
|
||||
* Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
|
||||
*/
|
||||
|
@ -47,7 +47,7 @@
|
||||
* 1. By key exchange:
|
||||
* Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
|
||||
* 2. By key length and cipher:
|
||||
* AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES
|
||||
* ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES
|
||||
* 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
|
||||
* 4. By hash function used when relevant
|
||||
* 5. By key exchange/auth again: EC > non-EC
|
||||
@ -57,6 +57,11 @@ static const int ciphersuite_preference[] =
|
||||
#if defined(MBEDTLS_SSL_CIPHERSUITES)
|
||||
MBEDTLS_SSL_CIPHERSUITES,
|
||||
#else
|
||||
/* Chacha-Poly ephemeral suites */
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
|
||||
/* All AES-256 ephemeral suites */
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
@ -127,6 +132,8 @@ static const int ciphersuite_preference[] =
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* The PSK ephemeral suites */
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||
@ -227,6 +234,7 @@ static const int ciphersuite_preference[] =
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* The RSA PSK suites */
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
|
||||
@ -246,6 +254,7 @@ static const int ciphersuite_preference[] =
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* The PSK suites */
|
||||
MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
|
||||
@ -312,6 +321,75 @@ static const int ciphersuite_preference[] =
|
||||
|
||||
static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
{
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C) && \
|
||||
defined(MBEDTLS_SHA256_C) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
|
||||
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
|
||||
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
|
||||
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
{ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
"TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
|
||||
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
{ MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
"TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
|
||||
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
"TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
|
||||
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
"TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
|
||||
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
#endif
|
||||
#endif /* MBEDTLS_CHACHAPOLY_C &&
|
||||
MBEDTLS_SHA256_C &&
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
|
@ -723,7 +723,7 @@ run_test "Default" \
|
||||
"$P_CLI" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.2" \
|
||||
-s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
|
||||
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
|
||||
-s "client hello v3, signature_algorithm ext: 6" \
|
||||
-s "ECDHE curve: secp521r1" \
|
||||
-S "error" \
|
||||
@ -734,20 +734,14 @@ run_test "Default, DTLS" \
|
||||
"$P_CLI dtls=1" \
|
||||
0 \
|
||||
-s "Protocol is DTLSv1.2" \
|
||||
-s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"
|
||||
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
|
||||
|
||||
# Test current time in ServerHello
|
||||
requires_config_enabled MBEDTLS_HAVE_TIME
|
||||
run_test "Default, ServerHello contains gmt_unix_time" \
|
||||
run_test "ServerHello contains gmt_unix_time" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-s "Protocol is TLSv1.2" \
|
||||
-s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
|
||||
-s "client hello v3, signature_algorithm ext: 6" \
|
||||
-s "ECDHE curve: secp521r1" \
|
||||
-S "error" \
|
||||
-C "error" \
|
||||
-f "check_server_hello_time" \
|
||||
-F "check_server_hello_time"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user