From 77a43580da3e370285fc380afb8e8584a203549a Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Tue, 15 Jun 2010 21:32:46 +0000 Subject: [PATCH] - Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites --- ChangeLog | 5 +++++ include/polarssl/ssl.h | 2 ++ library/ssl_cli.c | 8 ++++++-- library/ssl_srv.c | 8 ++++++-- library/ssl_tls.c | 16 ++++++++++++++++ programs/ssl/ssl_server.c | 2 ++ 6 files changed, 37 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2f42c076b..85cd38998 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ PolarSSL ChangeLog += Version 0.14.0 released on 2010-XXXXX +Features + * Added support for SSL_EDH_RSA_AES_128_SHA and + SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites + = Version 0.13.1 released on 2010-03-24 Bug fixes * Fixed Makefile in library that was mistakenly merged diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 1e758b28c..9bcc0737a 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -93,10 +93,12 @@ #define SSL_RSA_DES_168_SHA 10 #define SSL_EDH_RSA_DES_168_SHA 22 #define SSL_RSA_AES_128_SHA 47 +#define SSL_EDH_RSA_AES_128_SHA 51 #define SSL_RSA_AES_256_SHA 53 #define SSL_EDH_RSA_AES_256_SHA 57 #define SSL_RSA_CAMELLIA_128_SHA 0x41 +#define SSL_EDH_RSA_CAMELLIA_128_SHA 0x45 #define SSL_RSA_CAMELLIA_256_SHA 0x84 #define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88 diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 31c41df31..1b23d6bc3 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -323,8 +323,10 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA && + ssl->session->cipher != SSL_EDH_RSA_AES_128_SHA && ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA && - ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA) + ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_128_SHA && + ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA) { SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); ssl->state++; @@ -514,8 +516,10 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA || + ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA || ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA || - ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA) + ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA || + ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA) { #if !defined(POLARSSL_DHM_C) SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 614d32c60..81f2be286 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -525,8 +525,10 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA && + ssl->session->cipher != SSL_EDH_RSA_AES_128_SHA && ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA && - ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA) + ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_128_SHA && + ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA) { SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) ); ssl->state++; @@ -663,8 +665,10 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl ) } if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA || + ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA || ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA || - ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA) + ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA || + ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA) { #if !defined(POLARSSL_DHM_C) SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bb68f2e0f..3414c78ac 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -244,6 +244,7 @@ int ssl_derive_keys( ssl_context *ssl ) #if defined(POLARSSL_AES_C) case SSL_RSA_AES_128_SHA: + case SSL_EDH_RSA_AES_128_SHA: ssl->keylen = 16; ssl->minlen = 32; ssl->ivlen = 16; ssl->maclen = 20; break; @@ -257,6 +258,7 @@ int ssl_derive_keys( ssl_context *ssl ) #if defined(POLARSSL_CAMELLIA_C) case SSL_RSA_CAMELLIA_128_SHA: + case SSL_EDH_RSA_CAMELLIA_128_SHA: ssl->keylen = 16; ssl->minlen = 32; ssl->ivlen = 16; ssl->maclen = 20; break; @@ -325,6 +327,7 @@ int ssl_derive_keys( ssl_context *ssl ) #if defined(POLARSSL_AES_C) case SSL_RSA_AES_128_SHA: + case SSL_EDH_RSA_AES_128_SHA: aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 128 ); aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 128 ); break; @@ -338,6 +341,7 @@ int ssl_derive_keys( ssl_context *ssl ) #if defined(POLARSSL_CAMELLIA_C) case SSL_RSA_CAMELLIA_128_SHA: + case SSL_EDH_RSA_CAMELLIA_128_SHA: camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 128 ); camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 128 ); break; @@ -566,6 +570,7 @@ static int ssl_encrypt_buf( ssl_context *ssl ) case 16: #if defined(POLARSSL_AES_C) if ( ssl->session->cipher == SSL_RSA_AES_128_SHA || + ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA || ssl->session->cipher == SSL_RSA_AES_256_SHA || ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA) { @@ -578,6 +583,7 @@ static int ssl_encrypt_buf( ssl_context *ssl ) #if defined(POLARSSL_CAMELLIA_C) if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA || + ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA || ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA || ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA) { @@ -648,6 +654,7 @@ static int ssl_decrypt_buf( ssl_context *ssl ) case 16: #if defined(POLARSSL_AES_C) if ( ssl->session->cipher == SSL_RSA_AES_128_SHA || + ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA || ssl->session->cipher == SSL_RSA_AES_256_SHA || ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA) { @@ -660,6 +667,7 @@ static int ssl_decrypt_buf( ssl_context *ssl ) #if defined(POLARSSL_CAMELLIA_C) if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA || + ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA || ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA || ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA) { @@ -1789,6 +1797,9 @@ const char *ssl_get_cipher( const ssl_context *ssl ) case SSL_RSA_AES_128_SHA: return( "SSL_RSA_AES_128_SHA" ); + case SSL_EDH_RSA_AES_128_SHA: + return( "SSL_EDH_RSA_AES_128_SHA" ); + case SSL_RSA_AES_256_SHA: return( "SSL_RSA_AES_256_SHA" ); @@ -1800,6 +1811,9 @@ const char *ssl_get_cipher( const ssl_context *ssl ) case SSL_RSA_CAMELLIA_128_SHA: return( "SSL_RSA_CAMELLIA_128_SHA" ); + case SSL_EDH_RSA_CAMELLIA_128_SHA: + return( "SSL_EDH_RSA_CAMELLIA_128_SHA" ); + case SSL_RSA_CAMELLIA_256_SHA: return( "SSL_RSA_CAMELLIA_256_SHA" ); @@ -1818,9 +1832,11 @@ int ssl_default_ciphers[] = { #if defined(POLARSSL_DHM_C) #if defined(POLARSSL_AES_C) + SSL_EDH_RSA_AES_128_SHA, SSL_EDH_RSA_AES_256_SHA, #endif #if defined(POLARSSL_CAMELLIA_C) + SSL_EDH_RSA_CAMELLIA_128_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA, #endif #if defined(POLARSSL_DES_C) diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index bc72459a8..7813ac606 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -65,6 +65,8 @@ int my_ciphers[] = { SSL_EDH_RSA_AES_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA, + SSL_EDH_RSA_AES_128_SHA, + SSL_EDH_RSA_CAMELLIA_128_SHA, SSL_EDH_RSA_DES_168_SHA, SSL_RSA_AES_256_SHA, SSL_RSA_CAMELLIA_256_SHA,