gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] add SHA-2 ciphersuites


From: Daiki Ueno
Subject: [PATCH] add SHA-2 ciphersuites
Date: Tue, 01 Sep 2009 08:23:19 +0900
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux)

>>>>> In <address@hidden> 
>>>>>   Simon Josefsson <address@hidden> wrote:
> Confirmed, also working against

Thanks for testing (and the #include fix).

> Before we enable TLS 1.2 by default, I think what is missing are:

> * Add SHA-2 ciphersuites

Here it is:

>From b5e12a20a6894ed920fe79a3a336217f868769d1 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <address@hidden>
Date: Tue, 1 Sep 2009 08:02:05 +0900
Subject: [PATCH 1/2] Add SHA-2 cipher suites.

---
 lib/gnutls_algorithms.c |   36 ++++++++++++++++++++++++++++++++++++
 1 files changed, 36 insertions(+), 0 deletions(-)

diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index abf05a3..bfd8545 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -373,6 +373,9 @@ typedef struct
 #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
 #endif
 
+#define GNUTLS_ANON_DH_AES_128_CBC_SHA256 { 0x00, 0x6C }
+#define GNUTLS_ANON_DH_AES_256_CBC_SHA256 { 0x00, 0x6D }
+
 /* PSK (not in TLS 1.0)
  * draft-ietf-tls-psk:
  */
@@ -420,6 +423,9 @@ typedef struct
 #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
 #endif
 
+#define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C }
+#define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D }
+
 /* DHE DSS
  */
 
@@ -442,6 +448,9 @@ typedef struct
 #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
 #endif
 
+#define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 }
+#define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A }
+
 /* DHE RSA
  */
 #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
@@ -457,6 +466,9 @@ typedef struct
 #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
 #endif
 
+#define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 }
+#define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B }
+
 #define CIPHER_SUITES_COUNT 
sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
 
 static const gnutls_cipher_suite_entry cs_algorithms[] = {
@@ -484,6 +496,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                             GNUTLS_KX_ANON_DH,
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
 #endif
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
 
   /* PSK */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
@@ -571,6 +589,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                             GNUTLS_KX_DHE_DSS,
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
 #endif
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
   /* DHE_RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
@@ -591,6 +615,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                             GNUTLS_KX_DHE_RSA,
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
 #endif
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
   /* RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
                             GNUTLS_CIPHER_NULL,
@@ -624,6 +654,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                             GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
 #endif
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
+                            GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+                            GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
   {0, {{0, 0}}, 0, 0, 0, 0}
 };
 
-- 
1.6.3.3

As a next step, I will look into the server-side TLS 1.2 support.

Regards,
-- 
Daiki Ueno

reply via email to

[Prev in Thread] Current Thread [Next in Thread]