Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 923089, Support TLS 1.2 PRF with SHA-384 as the hash function. Pa…
…tch by Elio. Some improvements by Martin that have r=kaie. Some fixes and changes requested by reviewer by Kai. Overall r=martin.thomson
  • Loading branch information
Elio Maldonado committed May 20, 2016
1 parent 8facf93 commit 44083c9
Show file tree
Hide file tree
Showing 13 changed files with 377 additions and 215 deletions.
9 changes: 8 additions & 1 deletion external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
Expand Up @@ -105,11 +105,18 @@ INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12,
INSTANTIATE_CIPHER_TEST_P(AEAD12, All, V12,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
INSTANTIATE_CIPHER_TEST_P(AEAD, All, V12Plus,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
INSTANTIATE_CIPHER_TEST_P(CBC12, All, V12,
Expand Down
2 changes: 1 addition & 1 deletion lib/softoken/pkcs11c.c
Expand Up @@ -6084,7 +6084,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession,
int i;
unsigned int outLen;
unsigned char sha_out[SHA1_LENGTH];
unsigned char key_block[NUM_MIXERS * MD5_LENGTH];
unsigned char key_block[NUM_MIXERS * SFTK_MAX_MAC_LENGTH];
unsigned char key_block2[MD5_LENGTH];
PRBool isFIPS;
HASH_HashType hashType;
Expand Down
431 changes: 249 additions & 182 deletions lib/ssl/ssl3con.c

Large diffs are not rendered by default.

8 changes: 8 additions & 0 deletions lib/ssl/ssl3ecc.c
Expand Up @@ -1049,7 +1049,9 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
Expand All @@ -1061,7 +1063,9 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
Expand All @@ -1078,11 +1082,15 @@ static const ssl3CipherSuite ecSuites[] = {
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
Expand Down
16 changes: 15 additions & 1 deletion lib/ssl/sslenum.c
Expand Up @@ -22,14 +22,21 @@
* * No-encryption cipher suites last
* * Export/weak/obsolete cipher suites before no-encryption cipher suites
* * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA.
* * Within key agreement sections, order by symmetric encryption algorithm:
* * Within key agreement sections, prefer AEAD over non-AEAD cipher suites.
* * Within AEAD sections, order by symmetric encryption algorithm which
* integrates message authentication algorithm: AES-128-GCM, then
* ChaCha20-Poly1305, then AES-256-GCM,
* * Within non-AEAD sections, order by symmetric encryption algorithm:
* AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED,
* then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a
* strong cipher internationally, and is often hardware-accelerated.
* Camellia also has wide international support across standards
* organizations. SEED is only recommended by the Korean government. 3DES
* only provides 112 bits of security. RC4 is now deprecated or forbidden
* by many standards organizations.
* * Within non-AEAD symmetric algorithm sections, order by message
* authentication algorithm: HMAC-SHA256, then HMAC-SHA384, then HMAC-SHA1,
* then HMAC-MD5.
* * Within symmetric algorithm sections, order by message authentication
* algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5.
* * Within message authentication algorithm sections, order by asymmetric
Expand Down Expand Up @@ -57,6 +64,8 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
*/
Expand All @@ -66,6 +75,8 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
Expand All @@ -75,6 +86,8 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
Expand Down Expand Up @@ -103,6 +116,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
#endif /* NSS_DISABLE_ECC */

TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
Expand Down
7 changes: 5 additions & 2 deletions lib/ssl/sslimpl.h
Expand Up @@ -57,6 +57,7 @@ typedef SSLMACAlgorithm SSL3MACAlgorithm;
#define hmac_md5 ssl_hmac_md5
#define hmac_sha ssl_hmac_sha
#define hmac_sha256 ssl_hmac_sha256
#define hmac_sha384 ssl_hmac_sha384
#define mac_aead ssl_mac_aead

#define SET_ERROR_CODE /* reminder */
Expand Down Expand Up @@ -314,9 +315,9 @@ typedef struct {
} ssl3CipherSuiteCfg;

#ifndef NSS_DISABLE_ECC
#define ssl_V3_SUITES_IMPLEMENTED 68
#define ssl_V3_SUITES_IMPLEMENTED 75
#else
#define ssl_V3_SUITES_IMPLEMENTED 39
#define ssl_V3_SUITES_IMPLEMENTED 42
#endif /* NSS_DISABLE_ECC */

#define MAX_DTLS_SRTP_CIPHER_SUITES 4
Expand Down Expand Up @@ -468,6 +469,7 @@ typedef enum {
cipher_camellia_256,
cipher_seed,
cipher_aes_128_gcm,
cipher_aes_256_gcm,
cipher_chacha20,
cipher_missing /* reserved for no such supported cipher */
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
Expand Down Expand Up @@ -718,6 +720,7 @@ typedef struct ssl3CipherSuiteDefStr {
SSL3BulkCipher bulk_cipher_alg;
SSL3MACAlgorithm mac_alg;
SSL3KeyExchangeAlgorithm key_exchange_alg;
SSLHashType prf_hash;
} ssl3CipherSuiteDef;

/*
Expand Down
9 changes: 9 additions & 0 deletions lib/ssl/sslinfo.c
Expand Up @@ -189,6 +189,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,

/* "mac algorithm" and size */
#define M_AEAD_128 "AEAD", ssl_mac_aead, 128
#define M_SHA384 "SHA384", ssl_hmac_sha384, 384
#define M_SHA256 "SHA256", ssl_hmac_sha256, 256
#define M_SHA "SHA1", ssl_mac_sha, 160
#define M_MD5 "MD5", ssl_mac_md5, 128
Expand Down Expand Up @@ -283,7 +284,15 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{ 0, CS(ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, F_FIPS_STD, A_RSAS },
{ 0, CS(ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, F_FIPS_STD, A_RSAS },
{ 0, CS(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_ECDHE, C_CHACHA20, B_256, M_AEAD_128, F_NFIPS_STD, A_RSAS },
{ 0, CS(ECDHE_RSA_WITH_AES_256_CBC_SHA384), S_RSA, K_ECDHE, C_AES, B_256, M_SHA384, F_FIPS_STD, A_RSAS },
{ 0, CS(ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA384, F_FIPS_STD, A_ECDSA },
{ 0, CS(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), S_ECDSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_ECDSA },
{ 0, CS(ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAS },
#endif /* NSS_DISABLE_ECC */

{ 0, CS(DHE_DSS_WITH_AES_256_GCM_SHA384), S_DSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_DSA },
{ 0, CS(DHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAS },
{ 0, CS(RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_RSA, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAD }
};

#define NUM_SUITEINFOS ((sizeof suiteInfo) / (sizeof suiteInfo[0]))
Expand Down
7 changes: 7 additions & 0 deletions lib/ssl/sslproto.h
Expand Up @@ -164,8 +164,11 @@
#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096

#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F
#define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2
#define TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 0x00A3

/* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
* Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending
Expand Down Expand Up @@ -212,11 +215,15 @@
#define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019

#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028

#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031

#define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
Expand Down
3 changes: 2 additions & 1 deletion lib/ssl/sslt.h
Expand Up @@ -130,7 +130,8 @@ typedef enum {
ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
ssl_hmac_sha256 = 5,
ssl_mac_aead = 6
ssl_mac_aead = 6,
ssl_hmac_sha384 = 7
} SSLMACAlgorithm;

typedef enum {
Expand Down
77 changes: 53 additions & 24 deletions lib/ssl/tls13con.c
Expand Up @@ -237,21 +237,52 @@ tls13_CheckHsState(sslSocket *ss, int err, const char *error_name,
SSLHashType
tls13_GetHash(sslSocket *ss)
{
/* TODO(ekr@rtfm.com): This needs to actually be looked up. */
/* All TLS 1.3 cipher suites must have an explict PRF hash. */
PORT_Assert(ss->ssl3.hs.suite_def->prf_hash != ssl_hash_none);
return ss->ssl3.hs.suite_def->prf_hash;
}

unsigned int
tls13_GetHashSize(sslSocket *ss)
{
switch (tls13_GetHash(ss)) {
case ssl_hash_sha256:
return 32;
case ssl_hash_sha384:
return 48;
default:
PORT_Assert(0);
return ssl_hash_sha256;
}
return ssl_hash_sha256;
}

CK_MECHANISM_TYPE
tls13_GetHkdfMechanism(sslSocket *ss)
{
/* TODO(ekr@rtfm.com): This needs to actually be looked up. */
switch (tls13_GetHash(ss)) {
case ssl_hash_sha256:
return CKM_NSS_HKDF_SHA256;
case ssl_hash_sha384:
return CKM_NSS_HKDF_SHA384;
default:
/*PORT_Assert(0);*/
return CKM_NSS_HKDF_SHA256;
}
return CKM_NSS_HKDF_SHA256;
}

static CK_MECHANISM_TYPE
tls13_GetHmacMechanism(sslSocket *ss)
{
/* TODO(ekr@rtfm.com): This needs to actually be looked up. */
switch (tls13_GetHash(ss)) {
case ssl_hash_sha256:
return CKM_SHA256_HMAC;
case ssl_hash_sha384:
return CKM_SHA384_HMAC;
default:
PORT_Assert(0);
}
return CKM_SHA256_HMAC;
}

Expand Down Expand Up @@ -350,7 +381,9 @@ tls13_RecoverWrappedSharedSecret(sslSocket *ss, sslSessionID *sid)
PK11SymKey *wrapKey; /* wrapping key */
PK11SymKey *SS = NULL;
SECItem wrappedMS = { siBuffer, NULL, 0 };
SSLHashType hashType;
SECStatus rv;

SSL_TRC(3, ("%d: TLS13[%d]: recovering static secret (%s)",
SSL_GETPID(), ss->fd,
ss->sec.isServer ? "server" : "client"));
Expand Down Expand Up @@ -390,11 +423,12 @@ tls13_RecoverWrappedSharedSecret(sslSocket *ss, sslSessionID *sid)
wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;

/* unwrap the "master secret" which becomes SS. */
PORT_Assert(tls13_GetHash(ss) == ssl_hash_sha256);
hashType = tls13_GetHash(ss);
PORT_Assert(hashType == ssl_hash_sha256 || hashType == ssl_hash_sha384);
SS = PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
NULL, &wrappedMS,
CKM_SSL3_MASTER_KEY_DERIVE,
CKA_DERIVE, 32,
CKA_DERIVE, hashType,
CKF_SIGN | CKF_VERIFY);
PK11_FreeSymKey(wrapKey);
if (!SS) {
Expand Down Expand Up @@ -451,9 +485,12 @@ tls13_AllowPskCipher(const sslSocket *ss, const ssl3CipherSuiteDef *cipher_def)
if (cached_cipher_def->bulk_cipher_alg !=
cipher_def->bulk_cipher_alg)
return PR_FALSE;

/* PSK cipher must have the same PSK hash as was negotiated before. */
if (cipher_def->prf_hash != cached_cipher_def->prf_hash) {
return PR_FALSE;
}
}
/* TODO(ekr@rtfm.com): Check the KDF code whenever we have
* adjustable KDFs. */
SSL_TRC(3, ("%d: TLS 1.3[%d]: Enabling cipher suite suite 0x%04x",
SSL_GETPID(), ss->fd,
cipher_def->cipher_suite));
Expand Down Expand Up @@ -1336,13 +1373,8 @@ tls13_AddContextToHashes(sslSocket *ss, SSL3Hashes *hashes /* IN/OUT */,
: server_cert_verify_string;
unsigned int hashlength;

/* Double check that we are doing SHA-256 for the handshake hash.*/
PORT_Assert(hashes->hashAlg == ssl_hash_sha256);
if (hashes->hashAlg != ssl_hash_sha256) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
goto loser;
}
PORT_Assert(hashes->len == 32);
/* Double check that we are doing the same hash.*/
PORT_Assert(hashes->len == tls13_GetHashSize(ss));

ctx = PK11_CreateDigestContext(ssl3_TLSHashAlgorithmToOID(algorithm));
if (!ctx) {
Expand Down Expand Up @@ -1595,14 +1627,11 @@ tls13_ComputeHandshakeHashes(sslSocket *ss,
PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
/* TODO(ekr@rtfm.com): This first clause is futureproofing for
* 0-RTT. */
if (ss->ssl3.hs.hashType == handshake_hash_unknown) {
PORT_Assert(0);
} else {
ctx = PK11_CloneContext(ss->ssl3.hs.sha);
if (!ctx) {
ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
return SECFailure;
}
PORT_Assert(ss->ssl3.hs.hashType != handshake_hash_unknown);
ctx = PK11_CloneContext(ss->ssl3.hs.sha);
if (!ctx) {
ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
return SECFailure;
}

rv = PK11_DigestFinal(ctx, hashes->u.raw, &hashes->len,
Expand All @@ -1617,8 +1646,8 @@ tls13_ComputeHandshakeHashes(sslSocket *ss,

/* If we ever support ciphersuites where the PRF hash isn't SHA-256
* then this will need to be updated. */
PORT_Assert(hashes->len == 32);
hashes->hashAlg = ssl_hash_sha256;
PORT_Assert(hashes->len == tls13_GetHashSize(ss));
hashes->hashAlg = tls13_GetHash(ss);

PK11_DestroyContext(ctx, PR_TRUE);
return SECSuccess;
Expand Down
5 changes: 4 additions & 1 deletion lib/ssl/tls13hkdf.c
Expand Up @@ -97,7 +97,10 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
{
CK_NSS_HKDFParams params;
SECItem paramsi = { siBuffer, NULL, 0 };
PRUint8 info[100];
/* Size of info array needs to be big enough to hold the maximum Prefix,
* Label, plus HandshakeHash. If it's ever to small, the code will abort.
*/
PRUint8 info[110];
PRUint8 *ptr = info;
unsigned int infoLen;
PK11SymKey *derived;
Expand Down
11 changes: 9 additions & 2 deletions tests/ssl/ssl.sh
Expand Up @@ -83,14 +83,21 @@ ssl_init()
USER_NICKNAME=TestUser
NORM_EXT=""

EC_SUITES=":C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D"
EC_SUITES="${EC_SUITES}:C00E:C00F:C010:C011:C012:C013:C014:C023:C024:C027"
EC_SUITES="${EC_SUITES}:C028:C02B:C02C:C02F:C030:CCA8:CCA9:CCAA"

NON_EC_SUITES=":0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B"
NON_EC_SUITES="${NON_EC_SUITES}:0084:009C:009D:009E:009F:00A2:00A3:CCAAcdefgijklmnvyz"

if [ -z "$NSS_DISABLE_ECC" ] ; then
ECC_STRING=" - with ECC"
# List of cipher suites to test, including ECC cipher suites.
CIPHER_SUITES="-c :C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:CCA8:CCA9:CCAA:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz"
CIPHER_SUITES="-c ${EC_SUITES}${NON_EC_SUITES}"
else
ECC_STRING=""
# List of cipher suites to test, excluding ECC cipher suites.
CIPHER_SUITES="-c :0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2:CCAAcdefgijklmnvyz"
CIPHER_SUITES="-c ${NON_EC_SUITES}"
fi

if [ "${OS_ARCH}" != "WINNT" ]; then
Expand Down

0 comments on commit 44083c9

Please sign in to comment.