- Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites

2024-11-22 16:35:41 +01:00 · 2010-06-15 21:32:46 +00:00 · 2010-06-15 21:32:46 +00:00 · 77a43580da
commit 77a43580da
parent 699fbbcf29
6 changed files with 37 additions and 4 deletions
--- a/5
+++ b/5
@ -1,5 +1,10 @@
 PolarSSL ChangeLog

+= Version 0.14.0 released on 2010-XXXXX
+Features
+   * Added support for SSL_EDH_RSA_AES_128_SHA and
+     SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites
+
 = Version 0.13.1 released on 2010-03-24
 Bug fixes
   * Fixed Makefile in library that was mistakenly merged
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -93,10 +93,12 @@
 #define SSL_RSA_DES_168_SHA            10
 #define SSL_EDH_RSA_DES_168_SHA        22
 #define SSL_RSA_AES_128_SHA            47
+#define SSL_EDH_RSA_AES_128_SHA        51
 #define SSL_RSA_AES_256_SHA            53
 #define SSL_EDH_RSA_AES_256_SHA        57

 #define SSL_RSA_CAMELLIA_128_SHA     0x41
+#define SSL_EDH_RSA_CAMELLIA_128_SHA 0x45
 #define SSL_RSA_CAMELLIA_256_SHA     0x84
 #define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88

--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -323,7 +323,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
    SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );

    if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
+        ssl->session->cipher != SSL_EDH_RSA_AES_128_SHA &&
        ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
+        ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_128_SHA &&
 	    ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
    {
        SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
@ -514,7 +516,9 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
    SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );

    if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
+        ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
        ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
+        ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
 	    ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
    {
 #if !defined(POLARSSL_DHM_C)
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -525,7 +525,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
    SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );

    if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
+        ssl->session->cipher != SSL_EDH_RSA_AES_128_SHA &&
        ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
+        ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_128_SHA &&
 	    ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
    {
        SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
@ -663,7 +665,9 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
    }

    if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
+        ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
        ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
+        ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
 	    ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
    {
 #if !defined(POLARSSL_DHM_C)
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -244,6 +244,7 @@ int ssl_derive_keys( ssl_context *ssl )

 #if defined(POLARSSL_AES_C)
        case SSL_RSA_AES_128_SHA:
+        case SSL_EDH_RSA_AES_128_SHA:
            ssl->keylen = 16; ssl->minlen = 32;
            ssl->ivlen  = 16; ssl->maclen = 20;
            break;
@ -257,6 +258,7 @@ int ssl_derive_keys( ssl_context *ssl )

 #if defined(POLARSSL_CAMELLIA_C)
        case SSL_RSA_CAMELLIA_128_SHA:
+        case SSL_EDH_RSA_CAMELLIA_128_SHA:
            ssl->keylen = 16; ssl->minlen = 32;
            ssl->ivlen  = 16; ssl->maclen = 20;
            break;
@ -325,6 +327,7 @@ int ssl_derive_keys( ssl_context *ssl )

 #if defined(POLARSSL_AES_C)
        case SSL_RSA_AES_128_SHA:
+        case SSL_EDH_RSA_AES_128_SHA:
            aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 128 );
            aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 128 );
            break;
@ -338,6 +341,7 @@ int ssl_derive_keys( ssl_context *ssl )

 #if defined(POLARSSL_CAMELLIA_C)
        case SSL_RSA_CAMELLIA_128_SHA:
+        case SSL_EDH_RSA_CAMELLIA_128_SHA:
            camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 128 );
            camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 128 );
            break;
@ -566,6 +570,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
            case 16:
 #if defined(POLARSSL_AES_C)
 		if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
+		     ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
 		     ssl->session->cipher == SSL_RSA_AES_256_SHA ||
 		     ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
 		{
@ -578,6 +583,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )

 #if defined(POLARSSL_CAMELLIA_C)
 		if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
+		     ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
 		     ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
 		     ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
 		{
@ -648,6 +654,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
            case 16:
 #if defined(POLARSSL_AES_C)
 		if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
+		     ssl->session->cipher == SSL_EDH_RSA_AES_128_SHA ||
 		     ssl->session->cipher == SSL_RSA_AES_256_SHA ||
 		     ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
 		{
@ -660,6 +667,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )

 #if defined(POLARSSL_CAMELLIA_C)
 		if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
+		     ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_128_SHA ||
 		     ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
 		     ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
 		{
@ -1789,6 +1797,9 @@ const char *ssl_get_cipher( const ssl_context *ssl )
        case SSL_RSA_AES_128_SHA:
            return( "SSL_RSA_AES_128_SHA" );

+        case SSL_EDH_RSA_AES_128_SHA:
+            return( "SSL_EDH_RSA_AES_128_SHA" );
+
        case SSL_RSA_AES_256_SHA:
            return( "SSL_RSA_AES_256_SHA" );

@ -1800,6 +1811,9 @@ const char *ssl_get_cipher( const ssl_context *ssl )
        case SSL_RSA_CAMELLIA_128_SHA:
            return( "SSL_RSA_CAMELLIA_128_SHA" );

+        case SSL_EDH_RSA_CAMELLIA_128_SHA:
+            return( "SSL_EDH_RSA_CAMELLIA_128_SHA" );
+
        case SSL_RSA_CAMELLIA_256_SHA:
            return( "SSL_RSA_CAMELLIA_256_SHA" );

@ -1818,9 +1832,11 @@ int ssl_default_ciphers[] =
 {
 #if defined(POLARSSL_DHM_C)
 #if defined(POLARSSL_AES_C)
+    SSL_EDH_RSA_AES_128_SHA,
    SSL_EDH_RSA_AES_256_SHA,
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
+    SSL_EDH_RSA_CAMELLIA_128_SHA,
    SSL_EDH_RSA_CAMELLIA_256_SHA,
 #endif
 #if defined(POLARSSL_DES_C)
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@ -65,6 +65,8 @@ int my_ciphers[] =
 {
    SSL_EDH_RSA_AES_256_SHA,
    SSL_EDH_RSA_CAMELLIA_256_SHA,
+    SSL_EDH_RSA_AES_128_SHA,
+    SSL_EDH_RSA_CAMELLIA_128_SHA,
    SSL_EDH_RSA_DES_168_SHA,
    SSL_RSA_AES_256_SHA,
    SSL_RSA_CAMELLIA_256_SHA,