From b5ef0bada4cc24a580c9f1f2e391edd64b4f5f23 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Sun, 11 Jan 2009 20:25:36 +0000 Subject: [PATCH] - Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL --- include/polarssl/ssl.h | 4 ++ library/camellia.c | 6 +-- library/ssl_cli.c | 6 ++- library/ssl_srv.c | 6 ++- library/ssl_tls.c | 97 +++++++++++++++++++++++++++++++++++---- programs/ssl/ssl_server.c | 3 ++ programs/test/ssl_test.c | 12 ++++- 7 files changed, 117 insertions(+), 17 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index dee88304f..36c23c0d9 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -94,6 +94,10 @@ #define SSL_RSA_AES_256_SHA 53 #define SSL_EDH_RSA_AES_256_SHA 57 +#define SSL_RSA_CAMELLIA_128_SHA 0x41 +#define SSL_RSA_CAMELLIA_256_SHA 0x84 +#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88 + /* * Message, alert and handshake types */ diff --git a/library/camellia.c b/library/camellia.c index e50414627..69a9840b7 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -18,10 +18,10 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ /* - * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. + * The Camellia block cipher was designed by NTT and Mitsubishi Electric + * Corporation. * - * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf - * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf + * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf */ #include "polarssl/config.h" diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9492ce525..df21ecb20 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -319,7 +319,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA && - ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA ) + ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA && + ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA) { SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); ssl->state++; @@ -509,7 +510,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA || - ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ) + ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA || + ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA) { #if !defined(POLARSSL_DHM_C) SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 036344b4e..cb8d14002 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -521,7 +521,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA && - ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA ) + ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA && + ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA) { SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) ); ssl->state++; @@ -658,7 +659,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl ) } if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA || - ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ) + ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA || + ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA) { #if !defined(POLARSSL_DHM_C) SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3e70ccfa3..29fcffd02 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -34,6 +34,7 @@ #include "polarssl/aes.h" #include "polarssl/arc4.h" +#include "polarssl/camellia.h" #include "polarssl/des.h" #include "polarssl/debug.h" #include "polarssl/ssl.h" @@ -255,6 +256,19 @@ int ssl_derive_keys( ssl_context *ssl ) break; #endif +#if defined(POLARSSL_CAMELLIA_C) + case SSL_RSA_CAMELLIA_128_SHA: + ssl->keylen = 16; ssl->minlen = 32; + ssl->ivlen = 16; ssl->maclen = 20; + break; + + case SSL_RSA_CAMELLIA_256_SHA: + case SSL_EDH_RSA_CAMELLIA_256_SHA: + ssl->keylen = 32; ssl->minlen = 32; + ssl->ivlen = 16; ssl->maclen = 20; + break; +#endif + default: SSL_DEBUG_MSG( 1, ( "cipher %s is not available", ssl_get_cipher( ssl ) ) ); @@ -323,6 +337,19 @@ int ssl_derive_keys( ssl_context *ssl ) break; #endif +#if defined(POLARSSL_CAMELLIA_C) + case SSL_RSA_CAMELLIA_128_SHA: + camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 128 ); + camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 128 ); + break; + + case SSL_RSA_CAMELLIA_256_SHA: + case SSL_EDH_RSA_CAMELLIA_256_SHA: + camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 256 ); + camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 256 ); + break; +#endif + default: return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); } @@ -538,10 +565,27 @@ static int ssl_encrypt_buf( ssl_context *ssl ) case 16: #if defined(POLARSSL_AES_C) - aes_crypt_cbc( (aes_context *) ssl->ctx_enc, - AES_ENCRYPT, ssl->out_msglen, - ssl->iv_enc, ssl->out_msg, ssl->out_msg ); - break; + if ( ssl->session->cipher == SSL_RSA_AES_128_SHA || + ssl->session->cipher == SSL_RSA_AES_256_SHA || + ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA) + { + aes_crypt_cbc( (aes_context *) ssl->ctx_enc, + AES_ENCRYPT, ssl->out_msglen, + ssl->iv_enc, ssl->out_msg, ssl->out_msg ); + break; + } +#endif + +#if defined(POLARSSL_CAMELLIA_C) + if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA || + ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA || + ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA) + { + camellia_crypt_cbc( (camellia_context *) ssl->ctx_enc, + CAMELLIA_ENCRYPT, ssl->out_msglen, + ssl->iv_enc, ssl->out_msg, ssl->out_msg ); + break; + } #endif default: @@ -600,12 +644,29 @@ static int ssl_decrypt_buf( ssl_context *ssl ) break; #endif -#if defined(POLARSSL_AES_C) case 16: - aes_crypt_cbc( (aes_context *) ssl->ctx_dec, - AES_DECRYPT, ssl->in_msglen, - ssl->iv_dec, ssl->in_msg, ssl->in_msg ); - break; +#if defined(POLARSSL_AES_C) + if ( ssl->session->cipher == SSL_RSA_AES_128_SHA || + ssl->session->cipher == SSL_RSA_AES_256_SHA || + ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA) + { + aes_crypt_cbc( (aes_context *) ssl->ctx_dec, + AES_DECRYPT, ssl->in_msglen, + ssl->iv_dec, ssl->in_msg, ssl->in_msg ); + break; + } +#endif + +#if defined(POLARSSL_CAMELLIA_C) + if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA || + ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA || + ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA) + { + camellia_crypt_cbc( (camellia_context *) ssl->ctx_dec, + CAMELLIA_DECRYPT, ssl->in_msglen, + ssl->iv_dec, ssl->in_msg, ssl->in_msg ); + break; + } #endif default: @@ -1731,6 +1792,17 @@ char *ssl_get_cipher( ssl_context *ssl ) return( "SSL_EDH_RSA_AES_256_SHA" ); #endif +#if defined(POLARSSL_CAMELLIA_C) + case SSL_RSA_CAMELLIA_128_SHA: + return( "SSL_RSA_CAMELLIA_128_SHA" ); + + case SSL_RSA_CAMELLIA_256_SHA: + return( "SSL_RSA_CAMELLIA_256_SHA" ); + + case SSL_EDH_RSA_CAMELLIA_256_SHA: + return( "SSL_EDH_RSA_CAMELLIA_256_SHA" ); +#endif + default: break; } @@ -1744,6 +1816,9 @@ int ssl_default_ciphers[] = #if defined(POLARSSL_AES_C) SSL_EDH_RSA_AES_256_SHA, #endif +#if defined(POLARSSL_CAMELLIA_C) + SSL_EDH_RSA_CAMELLIA_256_SHA, +#endif #if defined(POLARSSL_DES_C) SSL_EDH_RSA_DES_168_SHA, #endif @@ -1753,6 +1828,10 @@ int ssl_default_ciphers[] = SSL_RSA_AES_128_SHA, SSL_RSA_AES_256_SHA, #endif +#if defined(POLARSSL_CAMELLIA_C) + SSL_RSA_CAMELLIA_128_SHA, + SSL_RSA_CAMELLIA_256_SHA, +#endif #if defined(POLARSSL_DES_C) SSL_RSA_DES_168_SHA, #endif diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 30d850262..27b0da613 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -65,9 +65,12 @@ char *my_dhm_G = "4"; int my_ciphers[] = { SSL_EDH_RSA_AES_256_SHA, + SSL_EDH_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_DES_168_SHA, SSL_RSA_AES_256_SHA, + SSL_RSA_CAMELLIA_256_SHA, SSL_RSA_AES_128_SHA, + SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_DES_168_SHA, SSL_RSA_RC4_128_SHA, SSL_RSA_RC4_128_MD5, diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index 5781ac356..d61628255 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -391,7 +391,8 @@ exit: " SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \ " SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \ " SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \ - " SSL_RSA_AES_256_SHA\n\n" + " SSL_RSA_AES_256_SHA SSL_EDH_RSA_CAMELLIA_256_SHA\n" \ + " SSL_RSA_CAMELLIA_128_SHA SSL_RSA_CAMELLIA_256_SHA\n\n" int main( int argc, char *argv[] ) { @@ -541,6 +542,15 @@ int main( int argc, char *argv[] ) if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 ) opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA; + if( strcmp( q, "ssl_rsa_camellia_128_sha" ) == 0 ) + opt.force_cipher[0] = SSL_RSA_CAMELLIA_128_SHA; + + if( strcmp( q, "ssl_rsa_camellia_256_sha" ) == 0 ) + opt.force_cipher[0] = SSL_RSA_CAMELLIA_256_SHA; + + if( strcmp( q, "ssl_edh_rsa_camellia_256_sha" ) == 0 ) + opt.force_cipher[0] = SSL_EDH_RSA_CAMELLIA_256_SHA; + if( opt.force_cipher[0] < 0 ) goto usage;