aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2013-12-04 23:39:17 +0000
committerlloyd <[email protected]>2013-12-04 23:39:17 +0000
commit7de7b04b3c9684dae02d069f04e33ad59129da1e (patch)
treef70c035f345c0ce32f6132b287cb0bc3b161a35f
parent0cfa7beb27a7f2247b7626810c077a1204c69dbf (diff)
Support the normal names for CCM in TLS policy config
-rw-r--r--doc/tls.rst6
-rwxr-xr-xsrc/build-data/scripts/tls_suite_info.py6
-rw-r--r--src/modes/aead/aead.cpp9
-rw-r--r--src/tls/tls_ciphersuite.cpp12
-rw-r--r--src/tls/tls_suite_info.cpp34
5 files changed, 33 insertions, 34 deletions
diff --git a/doc/tls.rst b/doc/tls.rst
index 29d49166d..c31a27ca0 100644
--- a/doc/tls.rst
+++ b/doc/tls.rst
@@ -486,9 +486,9 @@ be negotiated during a handshake.
Returns the list of ciphers we are willing to negotiate, in order
of preference.
- Default: "AES-256/GCM", "AES-128/GCM", "AES-256/CCM(16,3)",
- "AES-128/CCM(16,3)", "AES-256/CCM(8,3)", "AES-128/CCM(8,3)",
- "AES-256", "AES-128"
+ Default: "AES-256/GCM", "AES-128/GCM",
+ "AES-256/CCM", "AES-128/CCM", "AES-256/CCM-8", "AES-128/CCM-8",
+ "AES-256", "AES-128"
Also allowed: "Camellia-256/GCM", "Camellia-128/GCM",
"Camellia-256", "Camellia-128", "SEED", "3DES", "RC4"
diff --git a/src/build-data/scripts/tls_suite_info.py b/src/build-data/scripts/tls_suite_info.py
index 8943f15fe..67df1460a 100755
--- a/src/build-data/scripts/tls_suite_info.py
+++ b/src/build-data/scripts/tls_suite_info.py
@@ -46,10 +46,10 @@ def to_ciphersuite_info(code, name):
mac_algo = 'CCM_8'
if mac_algo == 'CCM':
- cipher += ['CCM(16,3)']
+ cipher += ['CCM']
mac_algo = 'SHA256'
elif mac_algo == 'CCM_8':
- cipher += ['CCM(8,3)']
+ cipher += ['CCM-8']
mac_algo = 'SHA256'
cipher_info = {
@@ -114,7 +114,7 @@ def to_ciphersuite_info(code, name):
ivlen = 0
if cipher_algo != 'RC4':
mode = cipher[-1]
- if mode not in ['CBC', 'GCM', 'CCM(8,3)', 'CCM(16,3)', 'OCB']:
+ if mode not in ['CBC', 'GCM', 'CCM-8', 'CCM', 'OCB']:
print "#warning Unknown mode %s" % (' '.join(cipher))
ivlen = 8 if cipher_algo == '3DES' else 16
diff --git a/src/modes/aead/aead.cpp b/src/modes/aead/aead.cpp
index 980a212d4..d913c7c3a 100644
--- a/src/modes/aead/aead.cpp
+++ b/src/modes/aead/aead.cpp
@@ -51,9 +51,18 @@ AEAD_Mode* get_aead(const std::string& algo_spec, Cipher_Dir direction)
return nullptr;
#if defined(BOTAN_HAS_AEAD_CCM)
+ if(mode_name == "CCM-8")
+ {
+ if(direction == ENCRYPTION)
+ return new CCM_Encryption(cipher->clone(), 8, 3);
+ else
+ return new CCM_Decryption(cipher->clone(), 8, 3);
+ }
+
if(mode_name == "CCM")
{
const size_t L = (mode_info.size() > 2) ? to_u32bit(mode_info[2]) : 3;
+
if(direction == ENCRYPTION)
return new CCM_Encryption(cipher->clone(), tag_size, L);
else
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp
index b662512fd..e8c551b01 100644
--- a/src/tls/tls_ciphersuite.cpp
+++ b/src/tls/tls_ciphersuite.cpp
@@ -108,7 +108,7 @@ bool Ciphersuite::valid() const
const auto mode = cipher_and_mode[1];
#if !defined(BOTAN_HAS_AEAD_CCM)
- if(mode == "CCM(16,3)" || mode == "CCM(8,3)")
+ if(mode == "CCM" || mode == "CCM-8")
return false;
#endif
@@ -211,16 +211,6 @@ std::string Ciphersuite::to_string() const
out << "3DES_EDE";
else if(cipher_algo().find("Camellia") == 0)
out << "CAMELLIA_" << std::to_string(8*cipher_keylen());
- else if(cipher_algo().find("/CCM(") != std::string::npos)
- {
- const std::string base_algo = cipher_algo().substr(0, cipher_algo().find("/CCM("));
- out << replace_chars(base_algo, {'-', '/'}, '_');
-
- if(cipher_algo().find("/CCM(8,3)") != std::string::npos)
- out << "_CCM_8";
- else
- out << "_CCM";
- }
else
out << replace_chars(cipher_algo(), {'-', '/'}, '_');
diff --git a/src/tls/tls_suite_info.cpp b/src/tls/tls_suite_info.cpp
index 73413d9e9..2984fd535 100644
--- a/src/tls/tls_suite_info.cpp
+++ b/src/tls/tls_suite_info.cpp
@@ -3,7 +3,7 @@
*
* This file was automatically generated from the IANA assignments
* (tls-parameters.txt hash a794db70c6546a47e3bc3181dc0fd908a322e50c)
-* by ./src/build-data/scripts/tls_suite_info.py on 2013-11-28
+* by ./src/build-data/scripts/tls_suite_info.py on 2013-12-04
*
* Released under the terms of the Botan license
*/
@@ -73,7 +73,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0x00B2, "", "DHE_PSK", "AES-128", 16, 16, "SHA-256", 32);
case 0xC0A6: // DHE_PSK_WITH_AES_128_CCM
- return Ciphersuite(0xC0A6, "", "DHE_PSK", "AES-128/CCM(16,3)", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A6, "", "DHE_PSK", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256");
case 0x00AA: // DHE_PSK_WITH_AES_128_GCM_SHA256
return Ciphersuite(0x00AA, "", "DHE_PSK", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
@@ -85,7 +85,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0x00B3, "", "DHE_PSK", "AES-256", 32, 16, "SHA-384", 48);
case 0xC0A7: // DHE_PSK_WITH_AES_256_CCM
- return Ciphersuite(0xC0A7, "", "DHE_PSK", "AES-256/CCM(16,3)", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A7, "", "DHE_PSK", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256");
case 0x00AB: // DHE_PSK_WITH_AES_256_GCM_SHA384
return Ciphersuite(0x00AB, "", "DHE_PSK", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
@@ -115,10 +115,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0x0067, "RSA", "DH", "AES-128", 16, 16, "SHA-256", 32);
case 0xC09E: // DHE_RSA_WITH_AES_128_CCM
- return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM(16,3)", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256");
case 0xC0A2: // DHE_RSA_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM(8,3)", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256");
case 0x009E: // DHE_RSA_WITH_AES_128_GCM_SHA256
return Ciphersuite(0x009E, "RSA", "DH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
@@ -130,10 +130,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0x006B, "RSA", "DH", "AES-256", 32, 16, "SHA-256", 32);
case 0xC09F: // DHE_RSA_WITH_AES_256_CCM
- return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM(16,3)", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256");
case 0xC0A3: // DHE_RSA_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM(8,3)", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256");
case 0x009F: // DHE_RSA_WITH_AES_256_GCM_SHA384
return Ciphersuite(0x009F, "RSA", "DH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
@@ -313,10 +313,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0xC016, "", "ECDH", "RC4", 16, 0, "SHA-1", 20);
case 0xC0AA: // PSK_DHE_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM(8,3)", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256");
case 0xC0AB: // PSK_DHE_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM(8,3)", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256");
case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA
return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, "SHA-1", 20);
@@ -328,10 +328,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0x00AE, "", "PSK", "AES-128", 16, 16, "SHA-256", 32);
case 0xC0A4: // PSK_WITH_AES_128_CCM
- return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM(16,3)", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256");
case 0xC0A8: // PSK_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM(8,3)", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256");
case 0x00A8: // PSK_WITH_AES_128_GCM_SHA256
return Ciphersuite(0x00A8, "", "PSK", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
@@ -343,10 +343,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0x00AF, "", "PSK", "AES-256", 32, 16, "SHA-384", 48);
case 0xC0A5: // PSK_WITH_AES_256_CCM
- return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM(16,3)", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256");
case 0xC0A9: // PSK_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM(8,3)", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256");
case 0x00A9: // PSK_WITH_AES_256_GCM_SHA384
return Ciphersuite(0x00A9, "", "PSK", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
@@ -376,10 +376,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0x003C, "RSA", "RSA", "AES-128", 16, 16, "SHA-256", 32);
case 0xC09C: // RSA_WITH_AES_128_CCM
- return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM(16,3)", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256");
case 0xC0A0: // RSA_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM(8,3)", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256");
case 0x009C: // RSA_WITH_AES_128_GCM_SHA256
return Ciphersuite(0x009C, "RSA", "RSA", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
@@ -391,10 +391,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0x003D, "RSA", "RSA", "AES-256", 32, 16, "SHA-256", 32);
case 0xC09D: // RSA_WITH_AES_256_CCM
- return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM(16,3)", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256");
case 0xC0A1: // RSA_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM(8,3)", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256");
case 0x009D: // RSA_WITH_AES_256_GCM_SHA384
return Ciphersuite(0x009D, "RSA", "RSA", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");