File 2931-ssl-OTP-16391.patch of Package erlang
From 5140749c1a9f830e8942829aafa8a876fe721be1 Mon Sep 17 00:00:00 2001
From: Ao Song <andy@erlang.org>
Date: Mon, 9 Mar 2020 17:02:58 +0100
Subject: [PATCH] ssl: OTP-16391
Add support of cipher suite TLS_AES_128_CCM_8_SHA256.
---
lib/ssl/doc/src/standards_compliance.xml | 13 ++++++-------
lib/ssl/src/ssl_cipher_format.erl | 22 +++++++++++-----------
lib/ssl/src/tls_handshake_1_3.erl | 10 ++++++++--
lib/ssl/src/tls_sender.erl | 2 ++
lib/ssl/src/tls_v1.erl | 10 ++++------
lib/ssl/test/openssl_cipher_suite_SUITE.erl | 18 +++++++++++++++++-
lib/ssl/test/ssl_cipher_suite_SUITE.erl | 20 ++++++++++++++++++--
7 files changed, 66 insertions(+), 29 deletions(-)
diff --git a/lib/ssl/doc/src/standards_compliance.xml b/lib/ssl/doc/src/standards_compliance.xml
index 05c571a632..a36647a1e0 100644
--- a/lib/ssl/doc/src/standards_compliance.xml
+++ b/lib/ssl/doc/src/standards_compliance.xml
@@ -132,8 +132,7 @@
<list type="bulleted">
<item>Key Exchange: ECDHE</item>
<item>Groups: all standard groups supported for the Diffie-Hellman key exchange</item>
- <item>Ciphers: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
- TLS_CHACHA20_POLY1305_SHA256 and TLS_AES_128_CCM_SHA256</item>
+ <item>Ciphers: all cipher suites are supported</item>
<item>Signature Algorithms: rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512,
ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha1 and ecdsa_sha1</item>
@@ -144,7 +143,7 @@
<item>PSK and session resumption is supported (stateful and stateless tickets)</item>
<item>Anti-replay protection using Bloom-filters with stateless tickets</item>
<item>Early data and 0-RTT not supported</item>
- <item>Key and Initialization Vector Update not supported</item>
+ <item>Key and Initialization Vector Update is supported</item>
</list>
<p>For more detailed information see the
<seealso marker="#soc_table">Standards Compliance</seealso> below.</p>
@@ -2208,8 +2207,8 @@
</url>
</cell>
<cell align="left" valign="middle"><em></em></cell>
- <cell align="left" valign="middle"><em>PC</em></cell>
- <cell align="left" valign="middle"><em>22</em></cell>
+ <cell align="left" valign="middle"><em>C</em></cell>
+ <cell align="left" valign="middle"><em>23</em></cell>
</row>
<row>
<cell align="left" valign="middle"></cell>
@@ -2238,8 +2237,8 @@
<row>
<cell align="left" valign="middle"></cell>
<cell align="left" valign="middle">TLS_AES_128_CCM_8_SHA256</cell>
- <cell align="left" valign="middle"><em>NC</em></cell>
- <cell align="left" valign="middle"></cell>
+ <cell align="left" valign="middle"><em>C</em></cell>
+ <cell align="left" valign="middle"><em>23</em></cell>
</row>
<row>
diff --git a/lib/ssl/src/ssl_cipher_format.erl b/lib/ssl/src/ssl_cipher_format.erl
index bca1022b5f..9435105b3d 100644
--- a/lib/ssl/src/ssl_cipher_format.erl
+++ b/lib/ssl/src/ssl_cipher_format.erl
@@ -980,12 +980,12 @@ suite_bin_to_map(?TLS_AES_128_CCM_SHA256) ->
#{key_exchange => any,
cipher => aes_128_ccm,
mac => aead,
+ prf => sha256};
+suite_bin_to_map(?TLS_AES_128_CCM_8_SHA256) ->
+ #{key_exchange => any,
+ cipher => aes_128_ccm_8,
+ mac => aead,
prf => sha256}.
-%% suite_bin_to_map(?TLS_AES_128_CCM_8_SHA256) ->
-%% #{key_exchange => any,
-%% cipher => aes_128_ccm_8,
-%% mac => aead,
-%% prf => sha256}.
%%--------------------------------------------------------------------
-spec suite_legacy(cipher_suite() | internal_erl_cipher_suite()) -> old_erl_cipher_suite().
@@ -1715,12 +1715,12 @@ suite_map_to_bin(#{key_exchange := any,
cipher := aes_128_ccm,
mac := aead,
prf := sha256}) ->
- ?TLS_AES_128_CCM_SHA256.
-%% suite_map_to_bin(#{key_exchange := any,
-%% cipher := aes_128_ccm_8,
-%% mac := aead,
-%% prf := sha256}) ->
-%% ?TLS_AES_128_CCM_8_SHA256.
+ ?TLS_AES_128_CCM_SHA256;
+suite_map_to_bin(#{key_exchange := any,
+ cipher := aes_128_ccm_8,
+ mac := aead,
+ prf := sha256}) ->
+ ?TLS_AES_128_CCM_8_SHA256.
tls_1_3_suite_str_to_map(CipherStr) ->
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index e1244aa5b7..cbfc574547 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -1582,8 +1582,9 @@ update_connection_state(ConnectionState = #{security_parameters := SecurityParam
master_secret = HandshakeSecret,
resumption_master_secret = ResumptionMasterSecret,
application_traffic_secret = ApplicationTrafficSecret},
+ BulkCipherAlgo = SecurityParameters#security_parameters.bulk_cipher_algorithm,
ConnectionState#{security_parameters => SecurityParameters,
- cipher_state => cipher_init(Key, IV, FinishedKey)}.
+ cipher_state => cipher_init(BulkCipherAlgo, Key, IV, FinishedKey)}.
update_start_state(State, Map) ->
@@ -1639,7 +1640,12 @@ update_resumption_master_secret(#state{connection_states = ConnectionStates0} =
State#state{connection_states = ConnectionStates}.
-cipher_init(Key, IV, FinishedKey) ->
+cipher_init(?AES_CCM_8, Key, IV, FinishedKey) ->
+ #cipher_state{key = Key,
+ iv = IV,
+ finished_key = FinishedKey,
+ tag_len = 8};
+cipher_init(_BulkCipherAlgo, Key, IV, FinishedKey) ->
#cipher_state{key = Key,
iv = IV,
finished_key = FinishedKey,
diff --git a/lib/ssl/src/tls_sender.erl b/lib/ssl/src/tls_sender.erl
index 8d3f3abd7e..3b24c6692c 100644
--- a/lib/ssl/src/tls_sender.erl
+++ b/lib/ssl/src/tls_sender.erl
@@ -543,6 +543,8 @@ key_update_at(Version, #{security_parameters :=
?CHACHA20_POLY1305 ->
seq_num_wrap;
?AES_CCM ->
+ KeyUpdateAt;
+ ?AES_CCM_8 ->
KeyUpdateAt
end;
key_update_at(_, _, KeyUpdateAt) ->
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 0cf086442f..ece06c655d 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -511,18 +511,16 @@ suites(4) ->
[?TLS_AES_256_GCM_SHA384,
?TLS_AES_128_GCM_SHA256,
?TLS_CHACHA20_POLY1305_SHA256,
- ?TLS_AES_128_CCM_SHA256
- %% Not supported
- %% ?TLS_AES_128_CCM_8_SHA256
+ ?TLS_AES_128_CCM_SHA256,
+ ?TLS_AES_128_CCM_8_SHA256
] ++ suites(3);
suites('TLS_v1.3') ->
[?TLS_AES_256_GCM_SHA384,
?TLS_AES_128_GCM_SHA256,
?TLS_CHACHA20_POLY1305_SHA256,
- ?TLS_AES_128_CCM_SHA256
- %% Not supported
- %% ?TLS_AES_128_CCM_8_SHA256
+ ?TLS_AES_128_CCM_SHA256,
+ ?TLS_AES_128_CCM_8_SHA256
].
diff --git a/lib/ssl/test/openssl_cipher_suite_SUITE.erl b/lib/ssl/test/openssl_cipher_suite_SUITE.erl
index fa250da377..88ac205b4c 100644
--- a/lib/ssl/test/openssl_cipher_suite_SUITE.erl
+++ b/lib/ssl/test/openssl_cipher_suite_SUITE.erl
@@ -146,7 +146,8 @@ tls_1_3_cipher_suites() ->
[aes_256_gcm_sha384,
aes_128_gcm_sha256,
chacha20_poly1305_sha256,
- aes_128_ccm_sha256
+ aes_128_ccm_sha256,
+ aes_128_ccm_8_sha256
].
kex() ->
@@ -418,6 +419,18 @@ init_per_testcase(aes_128_ccm_sha256, Config) ->
{skip, "Missing AES_128_CCM crypto support"}
end;
+init_per_testcase(aes_128_ccm_8_sha256, Config) ->
+ SupCiphers = proplists:get_value(ciphers, crypto:supports()),
+ SupHashs = proplists:get_value(hashs, crypto:supports()),
+ case (lists:member(aes_128_ccm, SupCiphers)) andalso
+ (lists:member(sha256, SupHashs)) of
+ true ->
+ ct:timetrap(?DEFAULT_TIMEOUT),
+ Config;
+ _ ->
+ {skip, "Missing AES_128_CCM_8 crypto support"}
+ end;
+
init_per_testcase(TestCase, Config) ->
Cipher = ssl_test_lib:test_cipher(TestCase, Config),
SupCiphers = proplists:get_value(ciphers, crypto:supports()),
@@ -539,6 +552,9 @@ chacha20_poly1305_sha256(Config) when is_list(Config) ->
aes_128_ccm_sha256(Config) when is_list(Config) ->
run_ciphers_test(ecdhe_rsa, 'aes_128_ccm', Config).
+aes_128_ccm_8_sha256(Config) when is_list(Config) ->
+ run_ciphers_test(ecdhe_rsa, 'aes_128_ccm_8', Config).
+
%%--------------------------------------------------------------------
%% SRP --------------------------------------------------------
%%--------------------------------------------------------------------
diff --git a/lib/ssl/test/ssl_cipher_suite_SUITE.erl b/lib/ssl/test/ssl_cipher_suite_SUITE.erl
index 168d469c24..90cebf157e 100644
--- a/lib/ssl/test/ssl_cipher_suite_SUITE.erl
+++ b/lib/ssl/test/ssl_cipher_suite_SUITE.erl
@@ -136,7 +136,8 @@ tls_1_3_cipher_suites() ->
[aes_256_gcm_sha384,
aes_128_gcm_sha256,
chacha20_poly1305_sha256,
- aes_128_ccm_sha256
+ aes_128_ccm_sha256,
+ aes_128_ccm_8_sha256
].
kex() ->
@@ -365,6 +366,17 @@ init_per_testcase(aes_128_ccm_sha256, Config) ->
_ ->
{skip, "Missing AES_128_CCM_SHA256 crypto support"}
end;
+init_per_testcase(aes_128_ccm_8_sha256, Config) ->
+ SupCiphers = proplists:get_value(ciphers, crypto:supports()),
+ SupHashs = proplists:get_value(hashs, crypto:supports()),
+ case (lists:member(aes_128_ccm, SupCiphers)) andalso
+ (lists:member(sha256, SupHashs)) of
+ true ->
+ ct:timetrap({seconds, 5}),
+ Config;
+ _ ->
+ {skip, "Missing AES_128_CCM_8_SHA256 crypto support"}
+ end;
init_per_testcase(TestCase, Config) ->
Cipher = ssl_test_lib:test_cipher(TestCase, Config),
SupCiphers = proplists:get_value(ciphers, crypto:supports()),
@@ -495,7 +507,11 @@ chacha20_poly1305_sha256(Config) when is_list(Config) ->
aes_128_ccm_sha256(Config) when is_list(Config) ->
Version = ssl_test_lib:protocol_version(Config),
- cipher_suite_test(ssl:str_to_suite("TLS_AES_128_CCM_SHA256"), Version, Config).
+ cipher_suite_test(ssl:str_to_suite("TLS_AES_128_CCM_SHA256"), Version, Config).
+
+aes_128_ccm_8_sha256(Config) when is_list(Config) ->
+ Version = ssl_test_lib:protocol_version(Config),
+ cipher_suite_test(ssl:str_to_suite("TLS_AES_128_CCM_8_SHA256"), Version, Config).
%%--------------------------------------------------------------------
%% SRP --------------------------------------------------------
--
2.16.4
