Overview
Comment: | Added command to list available Message Authentication Codes (MAC) |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | crypto |
Files: | files | file ages | folders |
SHA3-256: |
4bc6ba68a7a33c5abdcfed6d6cd106ae |
User & Date: | bohagan on 2023-11-03 22:25:50 |
Other Links: | branch diff | manifest | tags |
Context
2023-11-04
| ||
02:08 | Added key support to digest channel check-in: b536b956a8 user: bohagan tags: crypto | |
2023-11-03
| ||
22:25 | Added command to list available Message Authentication Codes (MAC) check-in: 4bc6ba68a7 user: bohagan tags: crypto | |
22:03 | Moved info commands to tlsInfo.c file. Moved REASON macro definition to tlsInt.h file so all files can use. check-in: 61a7c2c15a user: bohagan tags: crypto | |
Changes
Modified doc/tls.html
from [4680aa13cf]
to [8b6783e55c].
︙ | ︙ | |||
28 29 30 31 32 33 34 35 36 37 38 | <dd><b>tls::handshake</b> <em> channel</em></dd> <dd><b>tls::status </b> <em>?-local? channel</em></dd> <dd><b>tls::connection </b> <em>channel</em></dd> <dd><b>tls::import</b> <em>channel ?options?</em></dd> <dd><b>tls::unimport</b> <em>channel</em></dd> <dt> </dt> <dd><b>tls::ciphers</b> <em>?protocol? ?verbose? ?supported?</em></dd> <dd><b>tls::protocols</b></dd> <dd><b>tls::version</b></dd> <dt> </dt> <dd><b>tls::digest</b> <em>type ?-bin|-hex? ?-key hmac_key? [-file filename | -chan channel | ?-data? data]</em></dd> | > > < | 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | <dd><b>tls::handshake</b> <em> channel</em></dd> <dd><b>tls::status </b> <em>?-local? channel</em></dd> <dd><b>tls::connection </b> <em>channel</em></dd> <dd><b>tls::import</b> <em>channel ?options?</em></dd> <dd><b>tls::unimport</b> <em>channel</em></dd> <dt> </dt> <dd><b>tls::ciphers</b> <em>?protocol? ?verbose? ?supported?</em></dd> <dd><b>tls::digests</b></dd> <dd><b>tls::macs</b></dd> <dd><b>tls::protocols</b></dd> <dd><b>tls::version</b></dd> <dt> </dt> <dd><b>tls::digest</b> <em>type ?-bin|-hex? ?-key hmac_key? [-file filename | -chan channel | ?-data? data]</em></dd> <dd><b>tls::md4</b> <em>data</em></dd> <dd><b>tls::md5</b> <em>data</em></dd> <dd><b>tls::sha1</b> <em>data</em></dd> <dd><b>tls::sha256</b> <em>data</em></dd> </dl> </dd> <dd><a href="#COMMANDS">COMMANDS</a></dd> |
︙ | ︙ | |||
68 69 70 71 72 73 74 75 76 77 78 | <a href="#tls::status"><b>tls::status</b> <i>?-local? channel</i></a><br> <a href="#tls::connection"><b>tls::connection</b> <i>channel</i></a><br> <a href="#tls::handshake"><b>tls::handshake</b> <i>channel</i></a><br> <a href="#tls::import"><b>tls::import</b> <i>channel ?options?</i></a><br> <a href="#tls::unimport"><b>tls::unimport</b> <i>channel</i></a><br> <br> <a href="#tls::ciphers"><b>tls::ciphers</b> <i>?protocol? ?verbose? ?supported?</i></a><br> <a href="#tls::protocols"><b>tls::protocols</b></a><br> <a href="#tls::version"><b>tls::version</b></a><br> <br> <a href="#tls::digest"><b>tls::digest</b> <i>type ?-bin|-hex? ?-key hmac_key? [-file filename | -chan channel | ?-data? data]</i></a><br> | > > < | 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 | <a href="#tls::status"><b>tls::status</b> <i>?-local? channel</i></a><br> <a href="#tls::connection"><b>tls::connection</b> <i>channel</i></a><br> <a href="#tls::handshake"><b>tls::handshake</b> <i>channel</i></a><br> <a href="#tls::import"><b>tls::import</b> <i>channel ?options?</i></a><br> <a href="#tls::unimport"><b>tls::unimport</b> <i>channel</i></a><br> <br> <a href="#tls::ciphers"><b>tls::ciphers</b> <i>?protocol? ?verbose? ?supported?</i></a><br> <a href="#tls::digests"><b>tls::digests</b></a><br> <a href="#tls::macs"><b>tls::macs</b></a><br> <a href="#tls::protocols"><b>tls::protocols</b></a><br> <a href="#tls::version"><b>tls::version</b></a><br> <br> <a href="#tls::digest"><b>tls::digest</b> <i>type ?-bin|-hex? ?-key hmac_key? [-file filename | -chan channel | ?-data? data]</i></a><br> <a href="#tls::md4"><b>tls::md4</b> <i>data</i></a><br> <a href="#tls::md5"><b>tls::md5</b> <i>data</i></a><br> <a href="#tls::sha1"><b>tls::sha1</b> <i>data</i></a><br> <a href="#tls::sha256"><b>tls::sha256</b> <i>data</i></a><br> </p> <h3><a name="DESCRIPTION">DESCRIPTION</a></h3> |
︙ | ︙ | |||
434 435 436 437 438 439 440 441 442 443 444 445 446 447 | <em>protocol</em>, only the ciphers supported for that protocol are returned where <em>protocol</em> must be one of <b>ssl2, ssl3, tls1, tls1.1, tls1.2,</b> or <b>tls1.3</b>. If <em>verbose</em> is specified as true then a verbose, human readable list is returned with additional information on the cipher. If <em>supported</em> is specified as true, then only the ciphers supported for protocol will be listed.</dd> <dt><a name="tls::protocols"><strong>tls::protocols</strong></a></dt> <dd>Returns a list of supported protocols. Valid values are: <b>ssl2</b>, <b>ssl3</b>, <b>tls1</b>, <b>tls1.1</b>, <b>tls1.2</b>, and <b>tls1.3</b>. Exact list depends on OpenSSL version and compile time flags.</dd> | > > > > > > > | 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 | <em>protocol</em>, only the ciphers supported for that protocol are returned where <em>protocol</em> must be one of <b>ssl2, ssl3, tls1, tls1.1, tls1.2,</b> or <b>tls1.3</b>. If <em>verbose</em> is specified as true then a verbose, human readable list is returned with additional information on the cipher. If <em>supported</em> is specified as true, then only the ciphers supported for protocol will be listed.</dd> <dt><a name="tls::digests"><strong>tls::digests</strong></a></dt> <dd>Returns a list of the hash algorithms for <b>tls::digest</b> command.</dd> <dt><a name="tls::macs"><strong>tls::macs</strong></a></dt> <dd>Returns a list of the available Message Authentication Codes (MAC) for the <b>tls::digest</b> command.</dd> <dt><a name="tls::protocols"><strong>tls::protocols</strong></a></dt> <dd>Returns a list of supported protocols. Valid values are: <b>ssl2</b>, <b>ssl3</b>, <b>tls1</b>, <b>tls1.1</b>, <b>tls1.2</b>, and <b>tls1.3</b>. Exact list depends on OpenSSL version and compile time flags.</dd> |
︙ | ︙ | |||
459 460 461 462 463 464 465 | returned with the last read operation before EOF. Use <em>-key</em> to specify the key and return a Hashed Message Authentication Code (HMAC). To salt a password, append or prepend the salt text to the password. Type can be any OpenSSL supported hash algorithm including: <b>md4</b>, <b>md5</b>, <b>sha1</b>, <b>sha256</b>, <b>sha512</b>, <b>sha3-256</b>, etc. See <b>tls::digests</b> command for a full list.</dd> | < < < | 468 469 470 471 472 473 474 475 476 477 478 479 480 481 | returned with the last read operation before EOF. Use <em>-key</em> to specify the key and return a Hashed Message Authentication Code (HMAC). To salt a password, append or prepend the salt text to the password. Type can be any OpenSSL supported hash algorithm including: <b>md4</b>, <b>md5</b>, <b>sha1</b>, <b>sha256</b>, <b>sha512</b>, <b>sha3-256</b>, etc. See <b>tls::digests</b> command for a full list.</dd> <dt><a name="tls::md4"><strong>tls::md4</strong> <em>data</em></a></dt> <dd>Returns the MD4 message-digest for <em>data</em> as a hex string.</dd> <dt><a name="tls::md5"><strong>tls::md5</strong> <em>data</em></a></dt> <dd>Returns the MD5 message-digest for <em>data</em> as a hex string.</dd> <dt><a name="tls::sha1"><strong>tls::sha1</strong> <em>data</em></a></dt> |
︙ | ︙ |
Modified generic/tlsInfo.c
from [94ef9bd55e]
to [9b024f9b80].
︙ | ︙ | |||
255 256 257 258 259 260 261 262 263 264 265 266 267 268 | objc = objc; objv = objv; } /* *------------------------------------------------------------------- * * ProtocolsObjCmd -- * * Return a list of the available or supported SSL/TLS protocols. * * Results: * A standard Tcl list. * | > > > > > > > > > > > > > > > > > > > > > > > > > > | 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 | objc = objc; objv = objv; } /* *------------------------------------------------------------------- * * MacsObjCmd -- * * Return a list of all valid message authentication codes (MAC). * * Results: * A standard Tcl list. * * Side effects: * None. * *------------------------------------------------------------------- */ int MacsObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { Tcl_Obj *objPtr = Tcl_NewListObj(0, NULL); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("cmac", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("hmac", -1)); Tcl_SetObjResult(interp, objPtr); return TCL_OK; clientData = clientData; objc = objc; objv = objv; } /* *------------------------------------------------------------------- * * ProtocolsObjCmd -- * * Return a list of the available or supported SSL/TLS protocols. * * Results: * A standard Tcl list. * |
︙ | ︙ | |||
354 355 356 357 358 359 360 361 362 363 | * *------------------------------------------------------------------- */ int Tls_InfoCommands(Tcl_Interp *interp) { Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::digests", DigestsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::protocols", ProtocolsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); return TCL_OK; } | > | 380 381 382 383 384 385 386 387 388 389 390 | * *------------------------------------------------------------------- */ int Tls_InfoCommands(Tcl_Interp *interp) { Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::digests", DigestsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::protocols", ProtocolsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::macs", MacsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); return TCL_OK; } |
Modified tests/ciphers.csv
from [a97bae4d32]
to [cc62fb24e1].
︙ | ︙ | |||
11 12 13 14 15 16 17 18 19 20 21 22 23 24 | command,"::tcltest::testConstraint OpenSSL [string match ""OpenSSL*"" [::tls::version]]",,,,,,,,, ,,,,,,,,,, command,# Helper functions,,,,,,,,, command,"proc lcompare {list1 list2} {set m """";set u """";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list ""missing"" $m ""unexpected"" $u]}",,,,,,,,, command,proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]},,,,,,,,, command,"proc exec_get_ciphers {} {set list [list];set data [exec openssl list -cipher-algorithms];foreach line [split $data ""\n""] {foreach {cipher null alias} [split [string trim $line]] {lappend list [string tolower $cipher]}};return [lsort -unique $list]}",,,,,,,,, command,"proc exec_get_digests {} {set list [list];set data [exec openssl dgst -list];foreach line [split $data ""\n""] {foreach digest $line {if {[string match ""-*"" $digest]} {lappend list [string trimleft $digest ""-""]}}};return [lsort $list]}",,,,,,,,, command,proc list_tolower {list} {set result [list];foreach element $list {lappend result [string tolower $element]};return $result},,,,,,,,, command,proc read_chan {md filename args} {set ch [open $filename rb];fconfigure $ch -translation binary;set new [tls::digest $md {*}$args -chan $ch];while {![eof $new]} {set result [read $new]};close $new;return $result},,,,,,,,, ,,,,,,,,,, command,# Test list ciphers,,,,,,,,, Ciphers List,All,,,lcompare [lsort [exec_get_ciphers]] [list_tolower [lsort [::tls::ciphers]]],,,missing {rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb} unexpected {aes-128-ccm aes-128-gcm aes-192-ccm aes-192-gcm aes-256-ccm aes-256-gcm},,, ,,,,,,,,,, command,# Test list ciphers for protocols,,,,,,,,, | > | 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | command,"::tcltest::testConstraint OpenSSL [string match ""OpenSSL*"" [::tls::version]]",,,,,,,,, ,,,,,,,,,, command,# Helper functions,,,,,,,,, command,"proc lcompare {list1 list2} {set m """";set u """";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list ""missing"" $m ""unexpected"" $u]}",,,,,,,,, command,proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]},,,,,,,,, command,"proc exec_get_ciphers {} {set list [list];set data [exec openssl list -cipher-algorithms];foreach line [split $data ""\n""] {foreach {cipher null alias} [split [string trim $line]] {lappend list [string tolower $cipher]}};return [lsort -unique $list]}",,,,,,,,, command,"proc exec_get_digests {} {set list [list];set data [exec openssl dgst -list];foreach line [split $data ""\n""] {foreach digest $line {if {[string match ""-*"" $digest]} {lappend list [string trimleft $digest ""-""]}}};return [lsort $list]}",,,,,,,,, command,proc exec_get_macs {} {return [list cmac hmac]},,,,,,,,, command,proc list_tolower {list} {set result [list];foreach element $list {lappend result [string tolower $element]};return $result},,,,,,,,, command,proc read_chan {md filename args} {set ch [open $filename rb];fconfigure $ch -translation binary;set new [tls::digest $md {*}$args -chan $ch];while {![eof $new]} {set result [read $new]};close $new;return $result},,,,,,,,, ,,,,,,,,,, command,# Test list ciphers,,,,,,,,, Ciphers List,All,,,lcompare [lsort [exec_get_ciphers]] [list_tolower [lsort [::tls::ciphers]]],,,missing {rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb} unexpected {aes-128-ccm aes-128-gcm aes-192-ccm aes-192-gcm aes-256-ccm aes-256-gcm},,, ,,,,,,,,,, command,# Test list ciphers for protocols,,,,,,,,, |
︙ | ︙ | |||
81 82 83 84 85 86 87 88 89 90 91 92 93 | ,,,,,,,,,, command,# Test HMAC,,,,,,,,, Digest HMAC,data,,,"tls::digest md5 -key ""Example key"" -data ""Example string for message digest tests.""",,,901DA6E6976A71650C77443C37FF9C7F,,, Digest HMAC,file,,,"tls::digest md5 -key ""Example key"" -file md_data.dat",,,901DA6E6976A71650C77443C37FF9C7F,,, Digest HMAC,channel,knownBug,,"read_chan md5 md_data.dat -key ""Example key""",,,901DA6E6976A71650C77443C37FF9C7F,,, Digest HMAC,data bin,,,"string toupper [binary encode hex [tls::digest md5 -bin -key ""Example key"" -data ""Example string for message digest tests.""]]",,,901DA6E6976A71650C77443C37FF9C7F,,, ,,,,,,,,,, command,# Test list protocols,,,,,,,,, Protocols,All,,,lcompare $protocols [::tls::protocols],,,missing {ssl2 ssl3} unexpected {},,, ,,,,,,,,,, command,# Test show version,,,,,,,,, Version,All,,,::tls::version,,glob,*,,, Version,OpenSSL,OpenSSL,,::tls::version,,glob,OpenSSL*,,, | > > > | 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 | ,,,,,,,,,, command,# Test HMAC,,,,,,,,, Digest HMAC,data,,,"tls::digest md5 -key ""Example key"" -data ""Example string for message digest tests.""",,,901DA6E6976A71650C77443C37FF9C7F,,, Digest HMAC,file,,,"tls::digest md5 -key ""Example key"" -file md_data.dat",,,901DA6E6976A71650C77443C37FF9C7F,,, Digest HMAC,channel,knownBug,,"read_chan md5 md_data.dat -key ""Example key""",,,901DA6E6976A71650C77443C37FF9C7F,,, Digest HMAC,data bin,,,"string toupper [binary encode hex [tls::digest md5 -bin -key ""Example key"" -data ""Example string for message digest tests.""]]",,,901DA6E6976A71650C77443C37FF9C7F,,, ,,,,,,,,,, command,# Test list MACs,,,,,,,,, MAC List,All,,,lcompare [exec_get_macs] [tls::macs],,,missing {} unexpected {},,, ,,,,,,,,,, command,# Test list protocols,,,,,,,,, Protocols,All,,,lcompare $protocols [::tls::protocols],,,missing {ssl2 ssl3} unexpected {},,, ,,,,,,,,,, command,# Test show version,,,,,,,,, Version,All,,,::tls::version,,glob,*,,, Version,OpenSSL,OpenSSL,,::tls::version,,glob,OpenSSL*,,, |
Modified tests/ciphers.test
from [045846037b]
to [1a154d14c0].
︙ | ︙ | |||
19 20 21 22 23 24 25 | foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1} ::tcltest::testConstraint OpenSSL [string match "OpenSSL*" [::tls::version]] # Helper functions proc lcompare {list1 list2} {set m "";set u "";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list "missing" $m "unexpected" $u]} proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]} proc exec_get_ciphers {} {set list [list];set data [exec openssl list -cipher-algorithms];foreach line [split $data "\n"] {foreach {cipher null alias} [split [string trim $line]] {lappend list [string tolower $cipher]}};return [lsort -unique $list]} proc exec_get_digests {} {set list [list];set data [exec openssl dgst -list];foreach line [split $data "\n"] {foreach digest $line {if {[string match "-*" $digest]} {lappend list [string trimleft $digest "-"]}}};return [lsort $list]} | | | 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1} ::tcltest::testConstraint OpenSSL [string match "OpenSSL*" [::tls::version]] # Helper functions proc lcompare {list1 list2} {set m "";set u "";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list "missing" $m "unexpected" $u]} proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]} proc exec_get_ciphers {} {set list [list];set data [exec openssl list -cipher-algorithms];foreach line [split $data "\n"] {foreach {cipher null alias} [split [string trim $line]] {lappend list [string tolower $cipher]}};return [lsort -unique $list]} proc exec_get_digests {} {set list [list];set data [exec openssl dgst -list];foreach line [split $data "\n"] {foreach digest $line {if {[string match "-*" $digest]} {lappend list [string trimleft $digest "-"]}}};return [lsort $list]} command,proc exec_get_macs {} {return [list cmac hmac]},,,,,,,,, proc read_chan {md filename args} {set ch [open $filename rb];fconfigure $ch -translation binary;set new [tls::digest $md {*}$args -chan $ch];while {![eof $new]} {set result [read $new]};close $new;return $result} # Test list ciphers test Ciphers_List-1.1 {All} -body { lcompare [lsort [exec_get_ciphers]] [list_tolower [lsort [::tls::ciphers]]] } -result {missing {rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb} unexpected {aes-128-ccm aes-128-gcm aes-192-ccm aes-192-gcm aes-256-ccm aes-256-gcm}} |
︙ | ︙ | |||
229 230 231 232 233 234 235 236 237 238 | test Digest_HMAC-10.3 {channel} -constraints {knownBug} -body { read_chan md5 md_data.dat -key "Example key" } -result {901DA6E6976A71650C77443C37FF9C7F} test Digest_HMAC-10.4 {data bin} -body { string toupper [binary encode hex [tls::digest md5 -bin -key "Example key" -data "Example string for message digest tests."]] } -result {901DA6E6976A71650C77443C37FF9C7F} # Test list protocols | > > > > > > | | | | 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 | test Digest_HMAC-10.3 {channel} -constraints {knownBug} -body { read_chan md5 md_data.dat -key "Example key" } -result {901DA6E6976A71650C77443C37FF9C7F} test Digest_HMAC-10.4 {data bin} -body { string toupper [binary encode hex [tls::digest md5 -bin -key "Example key" -data "Example string for message digest tests."]] } -result {901DA6E6976A71650C77443C37FF9C7F} # Test list MACs test MAC_List-11.1 {All} -body { lcompare [exec_get_macs] [tls::macs] } -result {missing {} unexpected {}} # Test list protocols test Protocols-12.1 {All} -body { lcompare $protocols [::tls::protocols] } -result {missing {ssl2 ssl3} unexpected {}} # Test show version test Version-13.1 {All} -body { ::tls::version } -match {glob} -result {*} test Version-13.2 {OpenSSL} -constraints {OpenSSL} -body { ::tls::version } -match {glob} -result {OpenSSL*} # Cleanup ::tcltest::cleanupTests return |