Skip to content

Commit

Permalink
Support RFC 8998
Browse files Browse the repository at this point in the history
  • Loading branch information
dcooper16 committed Nov 27, 2024
1 parent 701c606 commit 64bc35c
Show file tree
Hide file tree
Showing 5 changed files with 133 additions and 80 deletions.
2 changes: 2 additions & 0 deletions etc/cipher-mapping.txt
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,8 @@
0x13,0x01 - TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
0x13,0x04 - TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD
0x13,0x05 - TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM8(128) Mac=AEAD
0x00,0xC6 - - TLS_SM4_GCM_SM3 TLSv1.3 Kx=any Au=any Enc=SM4GCM(128) Mac=AEAD
0x00,0xC7 - - TLS_SM4_CCM_SM3 TLSv1.3 Kx=any Au=any Enc=SM4CCM(128) Mac=AEAD
0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
Expand Down
3 changes: 2 additions & 1 deletion etc/curves.txt
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,5 @@
30, curve448,
31, brainpoolP256r1tls13,
32, brainpoolP384r1tls13,
33, brainpoolP512r1tls13
33, brainpoolP512r1tls13,
41, curveSM2
17 changes: 13 additions & 4 deletions etc/tls_data.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
# see #807 and #806 (especially
# https://github.com/drwetter/testssl.sh/issues/806#issuecomment-318686374)

# 7 ciphers defined for TLS 1.3 in RFCs 8446 and 9150
# 9 ciphers defined for TLS 1.3 in RFCs 8446, 8998, and 9150
readonly TLS13_CIPHER="
13,01, 13,02, 13,03, 13,04, 13,05, c0,b4, c0,b5"
13,01, 13,02, 13,03, 13,04, 13,05, 00,c6, 00,c7, c0,b4, c0,b5"

# 123 standard cipher + 4x GOST for TLS 1.2 and SPDY/NPN HTTP2/ALPN
declare TLS12_CIPHER="
Expand Down Expand Up @@ -146,7 +146,14 @@ xS6XqyNhhqGBhQOBggAEDjRvgELV732xXBsz5NJuirkmran6haJy2Phqqc4qPROm
79ZjkNvTbrsL9GVNvOmyUJv+PyxG1Zn6OsIxck747cJ/IGeOv7hcA+/J728TfWk=
-----END PRIVATE KEY-----
"
"22" "23" "24" "25" "26" "27" "28" "29" "2a" "2b" "2c" "2d" "2e" "2f"
"22" "23" "24" "25" "26" "27" "28"
"-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgEbF8017wu8z9hM6R
yyzdXvRLH72yLFwKtuvuMh2gf8KhRANCAAR2NofXnIdTmLZF93KUGLek9CimS+Ft
NjHGzG7f+5hic6kauGfQ1+IIetrqZn9zUirs/PO99zmLDUYHo2krOLT0
-----END PRIVATE KEY-----
"
"2a" "2b" "2c" "2d" "2e" "2f"
"30" "31" "32" "33" "34" "35" "36" "37" "38" "39" "3a" "3b" "3c" "3d" "3e" "3f"
"40" "41" "42" "43" "44" "45" "46" "47" "48" "49" "4a" "4b" "4c" "4d" "4e" "4f"
"50" "51" "52" "53" "54" "55" "56" "57" "58" "59" "5a" "5b" "5c" "5d" "5e" "5f"
Expand Down Expand Up @@ -320,7 +327,9 @@ readonly -a TLS13_PUBLIC_KEY_SHARES=(
"00,1f,00,41,04,76,4e,e2,fd,65,8d,47,ce,f7,99,59,5f,7d,42,ff,5d,83,d6,d3,87,dd,79,57,f6,2a,57,d1,52,2f,1a,a0,83,5f,93,1b,30,ff,25,55,3a,e5,5f,4f,c1,a2,be,b1,2c,d6,44,f6,8a,2c,b4,67,e8,32,5c,3a,d8,89,2a,8f,d7"
"00,20,00,61,04,03,f3,4d,78,58,a7,ba,43,90,a5,7f,80,96,97,1c,77,43,67,44,be,7d,61,d6,26,84,8e,55,49,d4,04,08,3c,94,ca,6e,21,1f,62,fb,b8,75,dd,39,96,82,fe,ac,6f,3d,0c,73,40,36,37,9e,a7,ab,0e,4c,08,07,ea,c5,8f,5a,96,38,ac,ea,c9,9b,76,2a,55,64,da,31,37,3a,6b,2b,86,ea,3d,d8,08,bd,e1,7d,0b,c9,6d,92,31,1c,a1"
"00,21,00,81,04,0e,34,6f,80,42,d5,ef,7d,b1,5c,1b,33,e4,d2,6e,8a,b9,26,ad,a9,fa,85,a2,72,d8,f8,6a,a9,ce,2a,3d,13,a6,d2,25,23,a5,23,ab,ab,40,d5,e4,c5,04,ff,41,e1,bf,3b,ce,4a,a9,12,5a,be,e7,01,e7,ce,d5,ba,2f,9a,5f,85,a3,96,13,f8,a5,2c,64,93,18,2b,b0,e5,0e,d0,9b,ef,d6,63,90,db,d3,6e,bb,0b,f4,65,4d,bc,e9,b2,50,9b,fe,3f,2c,46,d5,99,fa,3a,c2,31,72,4e,f8,ed,c2,7f,20,67,8e,bf,b8,5c,03,ef,c9,ef,6f,13,7d,69"
"22" "23" "24" "25" "26" "27" "28" "29" "2a" "2b" "2c" "2d" "2e" "2f"
"22" "23" "24" "25" "26" "27" "28"
"00,29,00,41,04,76,36,87,d7,9c,87,53,98,b6,45,f7,72,94,18,b7,a4,f4,28,a6,4b,e1,6d,36,31,c6,cc,6e,df,fb,98,62,73,a9,1a,b8,67,d0,d7,e2,08,7a,da,ea,66,7f,73,52,2a,ec,fc,f3,bd,f7,39,8b,0d,46,07,a3,69,2b,38,b4,f4"
"2a" "2b" "2c" "2d" "2e" "2f"
"30" "31" "32" "33" "34" "35" "36" "37" "38" "39" "3a" "3b" "3c" "3d" "3e" "3f"
"40" "41" "42" "43" "44" "45" "46" "47" "48" "49" "4a" "4b" "4c" "4d" "4e" "4f"
"50" "51" "52" "53" "54" "55" "56" "57" "58" "59" "5a" "5b" "5c" "5d" "5e" "5f"
Expand Down
4 changes: 4 additions & 0 deletions openssl-iana.mapping.html
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,10 @@
<tr><td> [0xbe]</td><td> DHE-RSA-CAMELLIA128-SHA256</td><td> DH </td><td> Camellia </td><td> 128 </td><td> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 </td></tr>
<tr><td> [0xbf]</td><td> ADH-CAMELLIA128-SHA256 </td><td> DH </td><td> Camellia </td><td> 128 </td><td> TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 </td></tr>

<!-- RFC 8998 -->
<tr><td> [0xc6]</td><td> </td><td> ECDH </td><td> SM4GCM </td><td> 128 </td><td> TLS_SM4_GCM_SM3 </td></tr>
<tr><td> [0xc7]</td><td> </td><td> ECDH </td><td> SM4CCM </td><td> 128 </td><td> TLS_SM4_CCM_SM3 </td></tr>

<!-- https://tools.ietf.org/html/rfc5746 -->
<tr><td> [0x5600]</td><td> TLS_FALLBACK_SCSV </td><td> </td><td> </td><td> </td><td> TLS_EMPTY_RENEGOTIATION_INFO_SCSV </td></tr>

Expand Down
Loading

0 comments on commit 64bc35c

Please sign in to comment.