diff options
author | lloyd <[email protected]> | 2012-01-28 07:09:26 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-28 07:09:26 +0000 |
commit | ee7f6c030776c17a47e9d4f12e59aad86366e0da (patch) | |
tree | a1a613ca624268f709b4e10ce474b2b4fc7e604f | |
parent | ada0998533c7b6b8eb782c494f8efdf5b6f7f712 (diff) |
Add Camellia ciphersuites from RFC 4132.
Fix Ciphersuite_Preference_Ordering which treated two ciphersuites
with the same algos but different keylengths as equivalent, causing
them to be lost. Always prefer the longer key.
-rw-r--r-- | src/tls/tls_ciphersuite.cpp | 28 | ||||
-rw-r--r-- | src/tls/tls_magic.h | 6 | ||||
-rw-r--r-- | src/tls/tls_policy.cpp | 11 |
3 files changed, 40 insertions, 5 deletions
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index 26b52f749..01c35a55a 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -45,6 +45,12 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite) case TLS_RSA_WITH_RC4_128_MD5: return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16); + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: + return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 16); + + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: + return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 32); + case TLS_RSA_WITH_SEED_CBC_SHA: return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16); @@ -73,6 +79,12 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite) case TLS_DHE_DSS_WITH_RC4_128_SHA: return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16); + case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: + return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 16); + + case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: + return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 32); + case TLS_DHE_DSS_WITH_SEED_CBC_SHA: return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16); @@ -93,6 +105,12 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite) case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: return Ciphersuite("RSA", "DH", "SHA-1", "3DES", 24); + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: + return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 16); + + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: + return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 32); + case TLS_DHE_RSA_WITH_SEED_CBC_SHA: return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16); @@ -275,6 +293,8 @@ std::string Ciphersuite::to_string() const { if(cipher_algo() == "3DES") out << "3DES_EDE"; + if(cipher_algo() == "Camellia") + out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen()); else out << replace_char(cipher_algo(), '-', '_'); @@ -294,10 +314,10 @@ std::string Ciphersuite::to_string() const } Ciphersuite::Ciphersuite(const std::string& sig_algo, - const std::string& kex_algo, - const std::string& mac_algo, - const std::string& cipher_algo, - size_t cipher_algo_keylen) : + const std::string& kex_algo, + const std::string& mac_algo, + const std::string& cipher_algo, + size_t cipher_algo_keylen) : m_sig_algo(sig_algo), m_kex_algo(kex_algo), m_mac_algo(mac_algo), diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h index dced09964..72a430bf2 100644 --- a/src/tls/tls_magic.h +++ b/src/tls/tls_magic.h @@ -64,6 +64,8 @@ enum Ciphersuite_Code { TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084, TLS_RSA_WITH_SEED_CBC_SHA = 0x0096, TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007, @@ -72,6 +74,8 @@ enum Ciphersuite_Code { TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087, TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099, TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066, @@ -80,6 +84,8 @@ enum Ciphersuite_Code { TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088, TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007, diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index f0ad89a6a..805e0ca38 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -23,7 +23,8 @@ std::vector<std::string> Policy::allowed_ciphers() const allowed.push_back("AES-128"); allowed.push_back("3DES"); allowed.push_back("ARC4"); - // Note that SEED and IDEA are not included by default + + // Note that Camellia, SEED and IDEA are not included by default return allowed; } @@ -121,6 +122,14 @@ class Ciphersuite_Preference_Ordering } } + if(a.cipher_keylen() != b.cipher_keylen()) + { + if(a.cipher_keylen() < b.cipher_keylen()) + return false; + if(a.cipher_keylen() > b.cipher_keylen()) + return true; + } + if(a.sig_algo() != b.sig_algo()) { for(size_t i = 0; i != m_sigs.size(); ++i) |