Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2026-04-19 17:33:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add support for RFC 8998 and draft-yang-tls-hybrid-sm2-mlkem

Browse Source 
The commit adds support for RFC 8998 and draft-yang-tls-hybrid-sm2-mlkem. This includes support for the TLS_SM4_GCM_SM3 and TLS_SM4_CCM_SM3 cipher suites, the key exchange groups curveSM2 and curveSM2MLKEM768, and SM2 public keys and signatures.

While this commit adds support to tls_sockets() to decrypt server responses encrypted under SM4 GCM or CCM, OpenSSL does not support performing key derivation using curveSM2. So, tls_sockets() can not decrypt server responses if the key exchange was performed using curveSM2 or curveSM2MLKEM768.
This commit is contained in:
David Cooper
2024-11-22 14:05:33 -08:00
committed by David
parent 3f9eb84778
commit 3be7a854cb
6 changed files with 240 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
etc/cipher-mapping.txt
View File

@@ -139,6 +139,8 @@
0x13,0x01 - TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
0x13,0x04 - TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD
0x13,0x05 - TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM8(128) Mac=AEAD
0x00,0xC6 - TLS_SM4_GCM_SM3 TLS_SM4_GCM_SM3 TLSv1.3 Kx=any Au=any Enc=SM4GCM(128) Mac=AEAD
0x00,0xC7 - TLS_SM4_CCM_SM3 TLS_SM4_CCM_SM3 TLSv1.3 Kx=any Au=any Enc=SM4CCM(128) Mac=AEAD
0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256

1
etc/curves-mapping.txt
View File

@@ -51,4 +51,5 @@
0x11,0xeb - SecP256r1MLKEM768 SecP256r1MLKEM768
0x11,0xec - X25519MLKEM768 X25519MLKEM768
0x11,0xed - SecP384r1MLKEM1024 SecP384r1MLKEM1024
0x11,0xee - curveSM2MLKEM768 curveSM2MLKEM768
0x63,0x99 - X25519Kyber768Draft00 X25519Kyber768Draft00

3
etc/curves.txt
View File

@@ -31,4 +31,5 @@
30, curve448,
31, brainpoolP256r1tls13,
32, brainpoolP384r1tls13,
33, brainpoolP512r1tls13
33, brainpoolP512r1tls13,
41, curveSM2

86
etc/tls_data.txt
View File

File diff suppressed because one or more lines are too long