- Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL

This commit is contained in:
Paul Bakker 2009-01-11 20:25:36 +00:00
parent 38119b18d6
commit b5ef0bada4
7 changed files with 117 additions and 17 deletions

View File

@ -94,6 +94,10 @@
#define SSL_RSA_AES_256_SHA 53 #define SSL_RSA_AES_256_SHA 53
#define SSL_EDH_RSA_AES_256_SHA 57 #define SSL_EDH_RSA_AES_256_SHA 57
#define SSL_RSA_CAMELLIA_128_SHA 0x41
#define SSL_RSA_CAMELLIA_256_SHA 0x84
#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
/* /*
* Message, alert and handshake types * Message, alert and handshake types
*/ */

View File

@ -18,10 +18,10 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
/* /*
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen. * The Camellia block cipher was designed by NTT and Mitsubishi Electric
* Corporation.
* *
* http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/ */
#include "polarssl/config.h" #include "polarssl/config.h"

View File

@ -319,7 +319,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA && if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA ) ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
{ {
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
ssl->state++; ssl->state++;
@ -509,7 +510,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA || if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ) ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
{ {
#if !defined(POLARSSL_DHM_C) #if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) ); SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );

View File

@ -521,7 +521,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA && if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA ) ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
{ {
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) ); SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
ssl->state++; ssl->state++;
@ -658,7 +659,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
} }
if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA || if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ) ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
{ {
#if !defined(POLARSSL_DHM_C) #if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) ); SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );

View File

@ -34,6 +34,7 @@
#include "polarssl/aes.h" #include "polarssl/aes.h"
#include "polarssl/arc4.h" #include "polarssl/arc4.h"
#include "polarssl/camellia.h"
#include "polarssl/des.h" #include "polarssl/des.h"
#include "polarssl/debug.h" #include "polarssl/debug.h"
#include "polarssl/ssl.h" #include "polarssl/ssl.h"
@ -255,6 +256,19 @@ int ssl_derive_keys( ssl_context *ssl )
break; break;
#endif #endif
#if defined(POLARSSL_CAMELLIA_C)
case SSL_RSA_CAMELLIA_128_SHA:
ssl->keylen = 16; ssl->minlen = 32;
ssl->ivlen = 16; ssl->maclen = 20;
break;
case SSL_RSA_CAMELLIA_256_SHA:
case SSL_EDH_RSA_CAMELLIA_256_SHA:
ssl->keylen = 32; ssl->minlen = 32;
ssl->ivlen = 16; ssl->maclen = 20;
break;
#endif
default: default:
SSL_DEBUG_MSG( 1, ( "cipher %s is not available", SSL_DEBUG_MSG( 1, ( "cipher %s is not available",
ssl_get_cipher( ssl ) ) ); ssl_get_cipher( ssl ) ) );
@ -323,6 +337,19 @@ int ssl_derive_keys( ssl_context *ssl )
break; break;
#endif #endif
#if defined(POLARSSL_CAMELLIA_C)
case SSL_RSA_CAMELLIA_128_SHA:
camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 128 );
camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 128 );
break;
case SSL_RSA_CAMELLIA_256_SHA:
case SSL_EDH_RSA_CAMELLIA_256_SHA:
camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 256 );
camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 256 );
break;
#endif
default: default:
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
} }
@ -538,10 +565,27 @@ static int ssl_encrypt_buf( ssl_context *ssl )
case 16: case 16:
#if defined(POLARSSL_AES_C) #if defined(POLARSSL_AES_C)
if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
ssl->session->cipher == SSL_RSA_AES_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
{
aes_crypt_cbc( (aes_context *) ssl->ctx_enc, aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
AES_ENCRYPT, ssl->out_msglen, AES_ENCRYPT, ssl->out_msglen,
ssl->iv_enc, ssl->out_msg, ssl->out_msg ); ssl->iv_enc, ssl->out_msg, ssl->out_msg );
break; break;
}
#endif
#if defined(POLARSSL_CAMELLIA_C)
if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
camellia_crypt_cbc( (camellia_context *) ssl->ctx_enc,
CAMELLIA_ENCRYPT, ssl->out_msglen,
ssl->iv_enc, ssl->out_msg, ssl->out_msg );
break;
}
#endif #endif
default: default:
@ -600,12 +644,29 @@ static int ssl_decrypt_buf( ssl_context *ssl )
break; break;
#endif #endif
#if defined(POLARSSL_AES_C)
case 16: case 16:
#if defined(POLARSSL_AES_C)
if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
ssl->session->cipher == SSL_RSA_AES_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
{
aes_crypt_cbc( (aes_context *) ssl->ctx_dec, aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
AES_DECRYPT, ssl->in_msglen, AES_DECRYPT, ssl->in_msglen,
ssl->iv_dec, ssl->in_msg, ssl->in_msg ); ssl->iv_dec, ssl->in_msg, ssl->in_msg );
break; break;
}
#endif
#if defined(POLARSSL_CAMELLIA_C)
if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
camellia_crypt_cbc( (camellia_context *) ssl->ctx_dec,
CAMELLIA_DECRYPT, ssl->in_msglen,
ssl->iv_dec, ssl->in_msg, ssl->in_msg );
break;
}
#endif #endif
default: default:
@ -1731,6 +1792,17 @@ char *ssl_get_cipher( ssl_context *ssl )
return( "SSL_EDH_RSA_AES_256_SHA" ); return( "SSL_EDH_RSA_AES_256_SHA" );
#endif #endif
#if defined(POLARSSL_CAMELLIA_C)
case SSL_RSA_CAMELLIA_128_SHA:
return( "SSL_RSA_CAMELLIA_128_SHA" );
case SSL_RSA_CAMELLIA_256_SHA:
return( "SSL_RSA_CAMELLIA_256_SHA" );
case SSL_EDH_RSA_CAMELLIA_256_SHA:
return( "SSL_EDH_RSA_CAMELLIA_256_SHA" );
#endif
default: default:
break; break;
} }
@ -1744,6 +1816,9 @@ int ssl_default_ciphers[] =
#if defined(POLARSSL_AES_C) #if defined(POLARSSL_AES_C)
SSL_EDH_RSA_AES_256_SHA, SSL_EDH_RSA_AES_256_SHA,
#endif #endif
#if defined(POLARSSL_CAMELLIA_C)
SSL_EDH_RSA_CAMELLIA_256_SHA,
#endif
#if defined(POLARSSL_DES_C) #if defined(POLARSSL_DES_C)
SSL_EDH_RSA_DES_168_SHA, SSL_EDH_RSA_DES_168_SHA,
#endif #endif
@ -1753,6 +1828,10 @@ int ssl_default_ciphers[] =
SSL_RSA_AES_128_SHA, SSL_RSA_AES_128_SHA,
SSL_RSA_AES_256_SHA, SSL_RSA_AES_256_SHA,
#endif #endif
#if defined(POLARSSL_CAMELLIA_C)
SSL_RSA_CAMELLIA_128_SHA,
SSL_RSA_CAMELLIA_256_SHA,
#endif
#if defined(POLARSSL_DES_C) #if defined(POLARSSL_DES_C)
SSL_RSA_DES_168_SHA, SSL_RSA_DES_168_SHA,
#endif #endif

View File

@ -65,9 +65,12 @@ char *my_dhm_G = "4";
int my_ciphers[] = int my_ciphers[] =
{ {
SSL_EDH_RSA_AES_256_SHA, SSL_EDH_RSA_AES_256_SHA,
SSL_EDH_RSA_CAMELLIA_256_SHA,
SSL_EDH_RSA_DES_168_SHA, SSL_EDH_RSA_DES_168_SHA,
SSL_RSA_AES_256_SHA, SSL_RSA_AES_256_SHA,
SSL_RSA_CAMELLIA_256_SHA,
SSL_RSA_AES_128_SHA, SSL_RSA_AES_128_SHA,
SSL_RSA_CAMELLIA_128_SHA,
SSL_RSA_DES_168_SHA, SSL_RSA_DES_168_SHA,
SSL_RSA_RC4_128_SHA, SSL_RSA_RC4_128_SHA,
SSL_RSA_RC4_128_MD5, SSL_RSA_RC4_128_MD5,

View File

@ -391,7 +391,8 @@ exit:
" SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \ " SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \
" SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \ " SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \
" SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \ " SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \
" SSL_RSA_AES_256_SHA\n\n" " SSL_RSA_AES_256_SHA SSL_EDH_RSA_CAMELLIA_256_SHA\n" \
" SSL_RSA_CAMELLIA_128_SHA SSL_RSA_CAMELLIA_256_SHA\n\n"
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
@ -541,6 +542,15 @@ int main( int argc, char *argv[] )
if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 ) if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 )
opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA; opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA;
if( strcmp( q, "ssl_rsa_camellia_128_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_CAMELLIA_128_SHA;
if( strcmp( q, "ssl_rsa_camellia_256_sha" ) == 0 )
opt.force_cipher[0] = SSL_RSA_CAMELLIA_256_SHA;
if( strcmp( q, "ssl_edh_rsa_camellia_256_sha" ) == 0 )
opt.force_cipher[0] = SSL_EDH_RSA_CAMELLIA_256_SHA;
if( opt.force_cipher[0] < 0 ) if( opt.force_cipher[0] < 0 )
goto usage; goto usage;