diff options
author | lloyd <[email protected]> | 2013-12-04 23:39:17 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2013-12-04 23:39:17 +0000 |
commit | 7de7b04b3c9684dae02d069f04e33ad59129da1e (patch) | |
tree | f70c035f345c0ce32f6132b287cb0bc3b161a35f | |
parent | 0cfa7beb27a7f2247b7626810c077a1204c69dbf (diff) |
Support the normal names for CCM in TLS policy config
-rw-r--r-- | doc/tls.rst | 6 | ||||
-rwxr-xr-x | src/build-data/scripts/tls_suite_info.py | 6 | ||||
-rw-r--r-- | src/modes/aead/aead.cpp | 9 | ||||
-rw-r--r-- | src/tls/tls_ciphersuite.cpp | 12 | ||||
-rw-r--r-- | src/tls/tls_suite_info.cpp | 34 |
5 files changed, 33 insertions, 34 deletions
diff --git a/doc/tls.rst b/doc/tls.rst index 29d49166d..c31a27ca0 100644 --- a/doc/tls.rst +++ b/doc/tls.rst @@ -486,9 +486,9 @@ be negotiated during a handshake. Returns the list of ciphers we are willing to negotiate, in order of preference. - Default: "AES-256/GCM", "AES-128/GCM", "AES-256/CCM(16,3)", - "AES-128/CCM(16,3)", "AES-256/CCM(8,3)", "AES-128/CCM(8,3)", - "AES-256", "AES-128" + Default: "AES-256/GCM", "AES-128/GCM", + "AES-256/CCM", "AES-128/CCM", "AES-256/CCM-8", "AES-128/CCM-8", + "AES-256", "AES-128" Also allowed: "Camellia-256/GCM", "Camellia-128/GCM", "Camellia-256", "Camellia-128", "SEED", "3DES", "RC4" diff --git a/src/build-data/scripts/tls_suite_info.py b/src/build-data/scripts/tls_suite_info.py index 8943f15fe..67df1460a 100755 --- a/src/build-data/scripts/tls_suite_info.py +++ b/src/build-data/scripts/tls_suite_info.py @@ -46,10 +46,10 @@ def to_ciphersuite_info(code, name): mac_algo = 'CCM_8' if mac_algo == 'CCM': - cipher += ['CCM(16,3)'] + cipher += ['CCM'] mac_algo = 'SHA256' elif mac_algo == 'CCM_8': - cipher += ['CCM(8,3)'] + cipher += ['CCM-8'] mac_algo = 'SHA256' cipher_info = { @@ -114,7 +114,7 @@ def to_ciphersuite_info(code, name): ivlen = 0 if cipher_algo != 'RC4': mode = cipher[-1] - if mode not in ['CBC', 'GCM', 'CCM(8,3)', 'CCM(16,3)', 'OCB']: + if mode not in ['CBC', 'GCM', 'CCM-8', 'CCM', 'OCB']: print "#warning Unknown mode %s" % (' '.join(cipher)) ivlen = 8 if cipher_algo == '3DES' else 16 diff --git a/src/modes/aead/aead.cpp b/src/modes/aead/aead.cpp index 980a212d4..d913c7c3a 100644 --- a/src/modes/aead/aead.cpp +++ b/src/modes/aead/aead.cpp @@ -51,9 +51,18 @@ AEAD_Mode* get_aead(const std::string& algo_spec, Cipher_Dir direction) return nullptr; #if defined(BOTAN_HAS_AEAD_CCM) + if(mode_name == "CCM-8") + { + if(direction == ENCRYPTION) + return new CCM_Encryption(cipher->clone(), 8, 3); + else + return new CCM_Decryption(cipher->clone(), 8, 3); + } + if(mode_name == "CCM") { const size_t L = (mode_info.size() > 2) ? to_u32bit(mode_info[2]) : 3; + if(direction == ENCRYPTION) return new CCM_Encryption(cipher->clone(), tag_size, L); else diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index b662512fd..e8c551b01 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -108,7 +108,7 @@ bool Ciphersuite::valid() const const auto mode = cipher_and_mode[1]; #if !defined(BOTAN_HAS_AEAD_CCM) - if(mode == "CCM(16,3)" || mode == "CCM(8,3)") + if(mode == "CCM" || mode == "CCM-8") return false; #endif @@ -211,16 +211,6 @@ std::string Ciphersuite::to_string() const out << "3DES_EDE"; else if(cipher_algo().find("Camellia") == 0) out << "CAMELLIA_" << std::to_string(8*cipher_keylen()); - else if(cipher_algo().find("/CCM(") != std::string::npos) - { - const std::string base_algo = cipher_algo().substr(0, cipher_algo().find("/CCM(")); - out << replace_chars(base_algo, {'-', '/'}, '_'); - - if(cipher_algo().find("/CCM(8,3)") != std::string::npos) - out << "_CCM_8"; - else - out << "_CCM"; - } else out << replace_chars(cipher_algo(), {'-', '/'}, '_'); diff --git a/src/tls/tls_suite_info.cpp b/src/tls/tls_suite_info.cpp index 73413d9e9..2984fd535 100644 --- a/src/tls/tls_suite_info.cpp +++ b/src/tls/tls_suite_info.cpp @@ -3,7 +3,7 @@ * * This file was automatically generated from the IANA assignments * (tls-parameters.txt hash a794db70c6546a47e3bc3181dc0fd908a322e50c) -* by ./src/build-data/scripts/tls_suite_info.py on 2013-11-28 +* by ./src/build-data/scripts/tls_suite_info.py on 2013-12-04 * * Released under the terms of the Botan license */ @@ -73,7 +73,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) return Ciphersuite(0x00B2, "", "DHE_PSK", "AES-128", 16, 16, "SHA-256", 32); case 0xC0A6: // DHE_PSK_WITH_AES_128_CCM - return Ciphersuite(0xC0A6, "", "DHE_PSK", "AES-128/CCM(16,3)", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A6, "", "DHE_PSK", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256"); case 0x00AA: // DHE_PSK_WITH_AES_128_GCM_SHA256 return Ciphersuite(0x00AA, "", "DHE_PSK", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); @@ -85,7 +85,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) return Ciphersuite(0x00B3, "", "DHE_PSK", "AES-256", 32, 16, "SHA-384", 48); case 0xC0A7: // DHE_PSK_WITH_AES_256_CCM - return Ciphersuite(0xC0A7, "", "DHE_PSK", "AES-256/CCM(16,3)", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A7, "", "DHE_PSK", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256"); case 0x00AB: // DHE_PSK_WITH_AES_256_GCM_SHA384 return Ciphersuite(0x00AB, "", "DHE_PSK", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); @@ -115,10 +115,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) return Ciphersuite(0x0067, "RSA", "DH", "AES-128", 16, 16, "SHA-256", 32); case 0xC09E: // DHE_RSA_WITH_AES_128_CCM - return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM(16,3)", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256"); case 0xC0A2: // DHE_RSA_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM(8,3)", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256"); case 0x009E: // DHE_RSA_WITH_AES_128_GCM_SHA256 return Ciphersuite(0x009E, "RSA", "DH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); @@ -130,10 +130,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) return Ciphersuite(0x006B, "RSA", "DH", "AES-256", 32, 16, "SHA-256", 32); case 0xC09F: // DHE_RSA_WITH_AES_256_CCM - return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM(16,3)", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256"); case 0xC0A3: // DHE_RSA_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM(8,3)", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256"); case 0x009F: // DHE_RSA_WITH_AES_256_GCM_SHA384 return Ciphersuite(0x009F, "RSA", "DH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); @@ -313,10 +313,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) return Ciphersuite(0xC016, "", "ECDH", "RC4", 16, 0, "SHA-1", 20); case 0xC0AA: // PSK_DHE_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM(8,3)", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256"); case 0xC0AB: // PSK_DHE_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM(8,3)", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256"); case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, "SHA-1", 20); @@ -328,10 +328,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) return Ciphersuite(0x00AE, "", "PSK", "AES-128", 16, 16, "SHA-256", 32); case 0xC0A4: // PSK_WITH_AES_128_CCM - return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM(16,3)", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256"); case 0xC0A8: // PSK_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM(8,3)", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256"); case 0x00A8: // PSK_WITH_AES_128_GCM_SHA256 return Ciphersuite(0x00A8, "", "PSK", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); @@ -343,10 +343,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) return Ciphersuite(0x00AF, "", "PSK", "AES-256", 32, 16, "SHA-384", 48); case 0xC0A5: // PSK_WITH_AES_256_CCM - return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM(16,3)", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256"); case 0xC0A9: // PSK_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM(8,3)", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256"); case 0x00A9: // PSK_WITH_AES_256_GCM_SHA384 return Ciphersuite(0x00A9, "", "PSK", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); @@ -376,10 +376,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) return Ciphersuite(0x003C, "RSA", "RSA", "AES-128", 16, 16, "SHA-256", 32); case 0xC09C: // RSA_WITH_AES_128_CCM - return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM(16,3)", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256"); case 0xC0A0: // RSA_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM(8,3)", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256"); case 0x009C: // RSA_WITH_AES_128_GCM_SHA256 return Ciphersuite(0x009C, "RSA", "RSA", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); @@ -391,10 +391,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) return Ciphersuite(0x003D, "RSA", "RSA", "AES-256", 32, 16, "SHA-256", 32); case 0xC09D: // RSA_WITH_AES_256_CCM - return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM(16,3)", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256"); case 0xC0A1: // RSA_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM(8,3)", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256"); case 0x009D: // RSA_WITH_AES_256_GCM_SHA384 return Ciphersuite(0x009D, "RSA", "RSA", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); |