Preparation for EtM

library/ssl_tls.c

@@ -1060,6 +1060,41 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret,
 }
 #endif /* POLARSSL_SSL_PROTO_SSL3 */
 
+#define MAC_NONE        0
+#define MAC_PLAINTEXT   1
+#define MAC_CIPHERTEXT  2
+
+/*
+ * Is MAC applied on ciphertext, cleartext or not at all?
+ */
+static char ssl_get_mac_order( ssl_context *ssl,
+                               const ssl_session *session,
+                               cipher_mode_t mode )
+{
+#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
+    if( mode == POLARSSL_MODE_STREAM )
+        return( MAC_PLAINTEXT );
+#endif
+
+#if defined(POLARSSL_CIPHER_MODE_CBC) && \
+  ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
+    if( mode == POLARSSL_MODE_CBC )
+    {
+#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+        if( session != NULL && session->encrypt_then_mac == SSL_ETM_ENABLED )
+        {
+            SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
+            return( MAC_CIPHERTEXT );
+        }
+#endif
+
+        return( MAC_PLAINTEXT );
+    }
+#endif
+
+    return( MAC_NONE );
+}
+
 /*
  * Encryption/decryption functions
  */
@@ -1068,26 +1103,20 @@ static int ssl_encrypt_buf( ssl_context *ssl )
     size_t i;
     const cipher_mode_t mode = cipher_get_cipher_mode(
                                         &ssl->transform_out->cipher_ctx_enc );
+    char mac_order;
 
     SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
 
-#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
+    mac_order = ssl_get_mac_order( ssl, ssl->session_out, mode );
-    if( ssl->session_out != NULL &&
-        ssl->session_out->encrypt_then_mac == SSL_ETM_ENABLED )
-    {
-        // WIP
-        SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
-    }
-#endif
 
     /*
-     * Add MAC before encrypt, except for AEAD modes
+     * Add MAC before if needed
      */
 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) ||     \
     ( defined(POLARSSL_CIPHER_MODE_CBC) &&                                  \
       ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
-    if( mode != POLARSSL_MODE_GCM &&
+    if( mac_order == MAC_PLAINTEXT
-        mode != POLARSSL_MODE_CCM )
+            || mac_order == MAC_CIPHERTEXT ) // WIP!
     {
 #if defined(POLARSSL_SSL_PROTO_SSL3)
         if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
@@ -1358,6 +1387,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
       ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
     size_t padlen = 0, correct = 1;
 #endif
+    char mac_order;
 
     SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
 
@@ -1368,6 +1398,9 @@ static int ssl_decrypt_buf( ssl_context *ssl )
         return( POLARSSL_ERR_SSL_INVALID_MAC );
     }
 
+    mac_order = ssl_get_mac_order( ssl, ssl->session_in, mode );
+    (void) mac_order; // WIP
+
 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
     if( mode == POLARSSL_MODE_STREAM )
     {
@@ -1763,6 +1796,10 @@ static int ssl_decrypt_buf( ssl_context *ssl )
     return( 0 );
 }
 
+#undef MAC_NONE
+#undef MAC_PLAINTEXT
+#undef MAC_CIPHERTEXT
+
 #if defined(POLARSSL_ZLIB_SUPPORT)
 /*
  * Compression/decompression functions

tests/ssl-opt.sh

@@ -443,7 +443,8 @@ run_test    "Truncated HMAC: actual test" \
 # Tests for Encrypt-then-MAC extension
 
 run_test    "Encrypt then MAC: default" \
-            "$P_SRV debug_level=3" \
+            "$P_SRV debug_level=3 \
+             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
             "$P_CLI debug_level=3" \
             0 \
             -c "client hello, adding encrypt_then_mac extension" \
@@ -454,7 +455,8 @@ run_test    "Encrypt then MAC: default" \
             -s "using encrypt then mac"
 
 run_test    "Encrypt then MAC: client enabled, server disabled" \
-            "$P_SRV debug_level=3 etm=0" \
+            "$P_SRV debug_level=3 etm=0 \
+             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
             "$P_CLI debug_level=3 etm=1" \
             0 \
             -c "client hello, adding encrypt_then_mac extension" \
@@ -465,7 +467,8 @@ run_test    "Encrypt then MAC: client enabled, server disabled" \
             -S "using encrypt then mac"
 
 run_test    "Encrypt then MAC: client disabled, server enabled" \
-            "$P_SRV debug_level=3 etm=1" \
+            "$P_SRV debug_level=3 etm=1 \
+             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
             "$P_CLI debug_level=3 etm=0" \
             0 \
             -C "client hello, adding encrypt_then_mac extension" \
@@ -476,7 +479,8 @@ run_test    "Encrypt then MAC: client disabled, server enabled" \
             -S "using encrypt then mac"
 
 run_test    "Encrypt then MAC: client SSLv3, server enabled" \
-            "$P_SRV debug_level=3" \
+            "$P_SRV debug_level=3 \
+             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
             "$P_CLI debug_level=3 force_version=ssl3" \
             0 \
             -C "client hello, adding encrypt_then_mac extension" \
@@ -487,7 +491,8 @@ run_test    "Encrypt then MAC: client SSLv3, server enabled" \
             -S "using encrypt then mac"
 
 run_test    "Encrypt then MAC: client enabled, server SSLv3" \
-            "$P_SRV debug_level=3 force_version=ssl3" \
+            "$P_SRV debug_level=3 force_version=ssl3 \
+             force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
             "$P_CLI debug_level=3" \
             0 \
             -c "client hello, adding encrypt_then_mac extension" \