diff options
author | Jack Lloyd <[email protected]> | 2017-08-22 16:05:45 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-08-22 16:05:45 -0400 |
commit | 11561110dee4d09fd65119592c8ed44a2f1dd983 (patch) | |
tree | 24d5d4ab59cc08f155513682a0d9e7296799ab33 | |
parent | 4b648818ef75b565ef55611cf9207d9d9cec70b0 (diff) |
Add support for ECDHE_PSK AEAD ciphersuites
From draft-ietf-tls-ecdhe-psk-aead-05, now with official codepoints.
-rw-r--r-- | news.rst | 3 | ||||
-rw-r--r-- | src/lib/tls/tls_suite_info.cpp | 8 | ||||
-rwxr-xr-x | src/scripts/tls_suite_info.py | 7 |
3 files changed, 14 insertions, 4 deletions
@@ -10,6 +10,9 @@ Version 2.3.0, Not Yet Released * Optimized the CMAC polynomial doubling operation, and removed a small timing channel due to a conditional operation. +* Added support for the ECDHE_PSK AEAD TLS ciphersuites from + draft-ietf-tls-ecdhe-psk-aead-05. + * Extend "Raw" signature padding (which allows signing a hash computed externally) to optionally take a hash function name. In this case, it will be verified that the input matches the expected hash size. This also will diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp index b62a19b97..e32f11918 100644 --- a/src/lib/tls/tls_suite_info.cpp +++ b/src/lib/tls/tls_suite_info.cpp @@ -2,8 +2,8 @@ * TLS cipher suite information * * This file was automatically generated from the IANA assignments -* (tls-parameters.txt hash 67a567fcf1ac67cb8cfc4af96c20c3efb05c1fc1) -* by ./src/scripts/tls_suite_info.py on 2016-12-30 +* (tls-parameters.txt hash ac96406c0080f669ca9442b0f5efcb31549ecb2e) +* by ./src/scripts/tls_suite_info.py on 2017-08-22 * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -171,6 +171,10 @@ const std::vector<Ciphersuite>& Ciphersuite::all_known_ciphersuites() Ciphersuite(0xCCAB, "PSK_WITH_CHACHA20_POLY1305_SHA256", "", "PSK", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"), Ciphersuite(0xCCAC, "ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "", "ECDHE_PSK", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"), Ciphersuite(0xCCAD, "DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "", "DHE_PSK", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"), + Ciphersuite(0xD001, "ECDHE_PSK_WITH_AES_128_GCM_SHA256", "", "ECDHE_PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"), + Ciphersuite(0xD002, "ECDHE_PSK_WITH_AES_256_GCM_SHA384", "", "ECDHE_PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"), + Ciphersuite(0xD003, "ECDHE_PSK_WITH_AES_128_CCM_8_SHA256", "", "ECDHE_PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"), + Ciphersuite(0xD005, "ECDHE_PSK_WITH_AES_128_CCM_SHA256", "", "ECDHE_PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"), Ciphersuite(0xFFC0, "DHE_RSA_WITH_AES_128_OCB_SHA256", "RSA", "DH", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"), Ciphersuite(0xFFC1, "DHE_RSA_WITH_AES_256_OCB_SHA256", "RSA", "DH", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), Ciphersuite(0xFFC2, "ECDHE_RSA_WITH_AES_128_OCB_SHA256", "RSA", "ECDH", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"), diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py index 6dd623331..ce069e250 100755 --- a/src/scripts/tls_suite_info.py +++ b/src/scripts/tls_suite_info.py @@ -3,7 +3,7 @@ """ Used to generate lib/tls/tls_suite_info.cpp from IANA params -(C) 2011, 2012, 2013, 2014, 2015, 2016 Jack Lloyd +(C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Jack Lloyd Botan is released under the Simplified BSD License (see license.txt) """ @@ -44,6 +44,9 @@ def to_ciphersuite_info(code, name): if mac_algo == '8' and cipher[-1] == 'CCM': cipher = cipher[:-1] mac_algo = 'CCM_8' + elif cipher[-2] == 'CCM' and cipher[-1] == '8': + cipher = cipher[:-1] + mac_algo = 'CCM_8' if mac_algo == 'CCM': cipher += ['CCM'] @@ -125,7 +128,7 @@ def to_ciphersuite_info(code, name): mode = cipher[-1] if mode not in ['CBC', 'GCM', 'CCM(8)', 'CCM', 'OCB']: - print "#warning Unknown mode %s" % (' '.join(cipher)) + print "#warning Unknown mode '%s' for ciphersuite %s (0x%d)" % (' '.join(cipher), name, code) ivlen = 8 if cipher_algo == '3DES' else 16 |