[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] add SHA-2 ciphersuites
From: |
Daiki Ueno |
Subject: |
[PATCH] add SHA-2 ciphersuites |
Date: |
Tue, 01 Sep 2009 08:23:19 +0900 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) |
>>>>> In <address@hidden>
>>>>> Simon Josefsson <address@hidden> wrote:
> Confirmed, also working against
Thanks for testing (and the #include fix).
> Before we enable TLS 1.2 by default, I think what is missing are:
> * Add SHA-2 ciphersuites
Here it is:
>From b5e12a20a6894ed920fe79a3a336217f868769d1 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <address@hidden>
Date: Tue, 1 Sep 2009 08:02:05 +0900
Subject: [PATCH 1/2] Add SHA-2 cipher suites.
---
lib/gnutls_algorithms.c | 36 ++++++++++++++++++++++++++++++++++++
1 files changed, 36 insertions(+), 0 deletions(-)
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index abf05a3..bfd8545 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -373,6 +373,9 @@ typedef struct
#define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
#endif
+#define GNUTLS_ANON_DH_AES_128_CBC_SHA256 { 0x00, 0x6C }
+#define GNUTLS_ANON_DH_AES_256_CBC_SHA256 { 0x00, 0x6D }
+
/* PSK (not in TLS 1.0)
* draft-ietf-tls-psk:
*/
@@ -420,6 +423,9 @@ typedef struct
#define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
#endif
+#define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C }
+#define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D }
+
/* DHE DSS
*/
@@ -442,6 +448,9 @@ typedef struct
#define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
#endif
+#define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 }
+#define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A }
+
/* DHE RSA
*/
#define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
@@ -457,6 +466,9 @@ typedef struct
#define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
#endif
+#define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 }
+#define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B }
+
#define CIPHER_SUITES_COUNT
sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
static const gnutls_cipher_suite_entry cs_algorithms[] = {
@@ -484,6 +496,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_KX_ANON_DH,
GNUTLS_MAC_SHA1, GNUTLS_TLS1),
#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
/* PSK */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
@@ -571,6 +589,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_KX_DHE_DSS,
GNUTLS_MAC_SHA1, GNUTLS_TLS1),
#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
/* DHE_RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
@@ -591,6 +615,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_KX_DHE_RSA,
GNUTLS_MAC_SHA1, GNUTLS_TLS1),
#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
/* RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
GNUTLS_CIPHER_NULL,
@@ -624,6 +654,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
GNUTLS_MAC_SHA1, GNUTLS_TLS1),
#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
{0, {{0, 0}}, 0, 0, 0, 0}
};
--
1.6.3.3
As a next step, I will look into the server-side TLS 1.2 support.
Regards,
--
Daiki Ueno
- [PATCH] client-side TLS 1.2 support, (continued)
- [PATCH] client-side TLS 1.2 support, Daiki Ueno, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Simon Josefsson, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Daiki Ueno, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Simon Josefsson, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Daiki Ueno, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Daiki Ueno, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Simon Josefsson, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Simon Josefsson, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Simon Josefsson, 2009/08/31
- Re: [PATCH] client-side TLS 1.2 support, Simon Josefsson, 2009/08/31
- [PATCH] add SHA-2 ciphersuites,
Daiki Ueno <=