aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-28 07:09:26 +0000
committerlloyd <[email protected]>2012-01-28 07:09:26 +0000
commitee7f6c030776c17a47e9d4f12e59aad86366e0da (patch)
treea1a613ca624268f709b4e10ce474b2b4fc7e604f
parentada0998533c7b6b8eb782c494f8efdf5b6f7f712 (diff)
Add Camellia ciphersuites from RFC 4132.
Fix Ciphersuite_Preference_Ordering which treated two ciphersuites with the same algos but different keylengths as equivalent, causing them to be lost. Always prefer the longer key.
-rw-r--r--src/tls/tls_ciphersuite.cpp28
-rw-r--r--src/tls/tls_magic.h6
-rw-r--r--src/tls/tls_policy.cpp11
3 files changed, 40 insertions, 5 deletions
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp
index 26b52f749..01c35a55a 100644
--- a/src/tls/tls_ciphersuite.cpp
+++ b/src/tls/tls_ciphersuite.cpp
@@ -45,6 +45,12 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
case TLS_RSA_WITH_RC4_128_MD5:
return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16);
+ case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
+ return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 16);
+
+ case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
+ return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 32);
+
case TLS_RSA_WITH_SEED_CBC_SHA:
return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16);
@@ -73,6 +79,12 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
case TLS_DHE_DSS_WITH_RC4_128_SHA:
return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16);
+ case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
+ return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 16);
+
+ case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
+ return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 32);
+
case TLS_DHE_DSS_WITH_SEED_CBC_SHA:
return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16);
@@ -93,6 +105,12 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
return Ciphersuite("RSA", "DH", "SHA-1", "3DES", 24);
+ case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
+ return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 16);
+
+ case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
+ return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 32);
+
case TLS_DHE_RSA_WITH_SEED_CBC_SHA:
return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16);
@@ -275,6 +293,8 @@ std::string Ciphersuite::to_string() const
{
if(cipher_algo() == "3DES")
out << "3DES_EDE";
+ if(cipher_algo() == "Camellia")
+ out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen());
else
out << replace_char(cipher_algo(), '-', '_');
@@ -294,10 +314,10 @@ std::string Ciphersuite::to_string() const
}
Ciphersuite::Ciphersuite(const std::string& sig_algo,
- const std::string& kex_algo,
- const std::string& mac_algo,
- const std::string& cipher_algo,
- size_t cipher_algo_keylen) :
+ const std::string& kex_algo,
+ const std::string& mac_algo,
+ const std::string& cipher_algo,
+ size_t cipher_algo_keylen) :
m_sig_algo(sig_algo),
m_kex_algo(kex_algo),
m_mac_algo(mac_algo),
diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h
index dced09964..72a430bf2 100644
--- a/src/tls/tls_magic.h
+++ b/src/tls/tls_magic.h
@@ -64,6 +64,8 @@ enum Ciphersuite_Code {
TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041,
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084,
TLS_RSA_WITH_SEED_CBC_SHA = 0x0096,
TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007,
@@ -72,6 +74,8 @@ enum Ciphersuite_Code {
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044,
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087,
TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099,
TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066,
@@ -80,6 +84,8 @@ enum Ciphersuite_Code {
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045,
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088,
TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index f0ad89a6a..805e0ca38 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -23,7 +23,8 @@ std::vector<std::string> Policy::allowed_ciphers() const
allowed.push_back("AES-128");
allowed.push_back("3DES");
allowed.push_back("ARC4");
- // Note that SEED and IDEA are not included by default
+
+ // Note that Camellia, SEED and IDEA are not included by default
return allowed;
}
@@ -121,6 +122,14 @@ class Ciphersuite_Preference_Ordering
}
}
+ if(a.cipher_keylen() != b.cipher_keylen())
+ {
+ if(a.cipher_keylen() < b.cipher_keylen())
+ return false;
+ if(a.cipher_keylen() > b.cipher_keylen())
+ return true;
+ }
+
if(a.sig_algo() != b.sig_algo())
{
for(size_t i = 0; i != m_sigs.size(); ++i)