Added Camellia ECDHE-based CBC ciphersuites

Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
2024-11-22 13:25:41 +01:00 · 2013-04-07 23:07:12 +02:00 · 2013-04-07 23:07:12 +02:00 · 27714b1aa1
commit 27714b1aa1
parent bfe671f2d5
3 changed files with 53 additions and 3 deletions
--- a/include/polarssl/ssl_ciphersuites.h
+++ b/include/polarssl/ssl_ciphersuites.h
@ -83,6 +83,9 @@ extern "C" {
 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    0xC02F
 #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    0xC030

+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256  0xC076
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384  0xC077
+
 typedef enum {
    POLARSSL_KEY_EXCHANGE_NONE = 0,
    POLARSSL_KEY_EXCHANGE_RSA,
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@ -39,44 +39,68 @@
 */
 static const int ciphersuite_preference[] =
 {
+    /* All AES-256 ephemeral suites */
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+
+    /* All CAMELLIA-256 ephemeral suites */
+    TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+
+    /* All AES-128 ephemeral suites */
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+
+    /* All CAMELLIA-128 ephemeral suites */
+    TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+
+    /* All remaining > 128-bit ephemeral suites */
    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+
+    /* All AES-256 suites */
    TLS_RSA_WITH_AES_256_CBC_SHA256,
    TLS_RSA_WITH_AES_256_GCM_SHA384,
    TLS_RSA_WITH_AES_256_CBC_SHA,
+
+    /* All CAMELLIA-256 suites */
    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
+
+    /* All AES-128 suites */
    TLS_RSA_WITH_AES_128_CBC_SHA256,
    TLS_RSA_WITH_AES_128_GCM_SHA256,
    TLS_RSA_WITH_AES_128_CBC_SHA,
+
+    /* All CAMELLIA-128 suites */
    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
+
+    /* All remaining > 128-bit suites */
    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
    TLS_RSA_WITH_RC4_128_SHA,
    TLS_RSA_WITH_RC4_128_MD5,
+
+    /* Weak or NULL suites */
    TLS_DHE_RSA_WITH_DES_CBC_SHA,
    TLS_RSA_WITH_DES_CBC_SHA,
    TLS_ECDHE_RSA_WITH_NULL_SHA,
    TLS_RSA_WITH_NULL_SHA256,
    TLS_RSA_WITH_NULL_SHA,
    TLS_RSA_WITH_NULL_MD5,
+
    0
 };

@ -127,6 +151,24 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
 #endif /* POLARSSL_GCM_C */
 #endif /* POLARSSL_SHA4_C */
 #endif /* POLARSSL_AES_C */
+
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_SHA2_C)
+    { TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+      POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+      POLARSSL_CIPHERSUITE_EC },
+#endif /* POLARSSL_SHA2_C */
+#if defined(POLARSSL_SHA4_C)
+    { TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+      POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+      POLARSSL_CIPHERSUITE_EC },
+#endif /* POLARSSL_SHA4_C */
+#endif /* POLARSSL_CAMELLIA_C */
+
 #if defined(POLARSSL_DES_C)
    { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
      POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
@ -134,6 +176,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
      POLARSSL_CIPHERSUITE_EC },
 #endif /* POLARSSL_DES_C */
+
 #if defined(POLARSSL_ARC4_C)
    { TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
      POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
@ -141,6 +184,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
      POLARSSL_CIPHERSUITE_EC },
 #endif
+
 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
    { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
      POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
--- a/tests/compat.sh
+++ b/tests/compat.sh
@ -78,8 +78,8 @@ then
        TLS-DHE-RSA-WITH-AES-128-CBC-SHA256     \
        TLS-RSA-WITH-AES-256-CBC-SHA256         \
        TLS-DHE-RSA-WITH-AES-256-CBC-SHA256     \
-        TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
-        TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
+        TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256   \
+        TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384   \
        "

    O_CIPHERS="$O_CIPHERS           \
@ -169,7 +169,8 @@ PROCESS_ID=$!

 sleep 1

-# OpenSSL does not support RFC5246 Camellia ciphers with SHA256
+# OpenSSL does not support RFC5246 and RFC6367 Camellia ciphers with SHA256
+# or SHA384
 # Add for PolarSSL only test, which does support them.
 #
 if [ "$MODE" = "tls1_2" ];
@ -179,6 +180,8 @@ then
        TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
        TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256     \
        TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
+        TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
+        TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
        "
 fi