aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-08-22 16:05:45 -0400
committerJack Lloyd <[email protected]>2017-08-22 16:05:45 -0400
commit11561110dee4d09fd65119592c8ed44a2f1dd983 (patch)
tree24d5d4ab59cc08f155513682a0d9e7296799ab33
parent4b648818ef75b565ef55611cf9207d9d9cec70b0 (diff)
Add support for ECDHE_PSK AEAD ciphersuites
From draft-ietf-tls-ecdhe-psk-aead-05, now with official codepoints.
-rw-r--r--news.rst3
-rw-r--r--src/lib/tls/tls_suite_info.cpp8
-rwxr-xr-xsrc/scripts/tls_suite_info.py7
3 files changed, 14 insertions, 4 deletions
diff --git a/news.rst b/news.rst
index 2522ec7bd..9101278e9 100644
--- a/news.rst
+++ b/news.rst
@@ -10,6 +10,9 @@ Version 2.3.0, Not Yet Released
* Optimized the CMAC polynomial doubling operation, and removed a small timing
channel due to a conditional operation.
+* Added support for the ECDHE_PSK AEAD TLS ciphersuites from
+ draft-ietf-tls-ecdhe-psk-aead-05.
+
* Extend "Raw" signature padding (which allows signing a hash computed
externally) to optionally take a hash function name. In this case, it will be
verified that the input matches the expected hash size. This also will
diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp
index b62a19b97..e32f11918 100644
--- a/src/lib/tls/tls_suite_info.cpp
+++ b/src/lib/tls/tls_suite_info.cpp
@@ -2,8 +2,8 @@
* TLS cipher suite information
*
* This file was automatically generated from the IANA assignments
-* (tls-parameters.txt hash 67a567fcf1ac67cb8cfc4af96c20c3efb05c1fc1)
-* by ./src/scripts/tls_suite_info.py on 2016-12-30
+* (tls-parameters.txt hash ac96406c0080f669ca9442b0f5efcb31549ecb2e)
+* by ./src/scripts/tls_suite_info.py on 2017-08-22
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -171,6 +171,10 @@ const std::vector<Ciphersuite>& Ciphersuite::all_known_ciphersuites()
Ciphersuite(0xCCAB, "PSK_WITH_CHACHA20_POLY1305_SHA256", "", "PSK", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"),
Ciphersuite(0xCCAC, "ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "", "ECDHE_PSK", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"),
Ciphersuite(0xCCAD, "DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", "", "DHE_PSK", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"),
+ Ciphersuite(0xD001, "ECDHE_PSK_WITH_AES_128_GCM_SHA256", "", "ECDHE_PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"),
+ Ciphersuite(0xD002, "ECDHE_PSK_WITH_AES_256_GCM_SHA384", "", "ECDHE_PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"),
+ Ciphersuite(0xD003, "ECDHE_PSK_WITH_AES_128_CCM_8_SHA256", "", "ECDHE_PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"),
+ Ciphersuite(0xD005, "ECDHE_PSK_WITH_AES_128_CCM_SHA256", "", "ECDHE_PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"),
Ciphersuite(0xFFC0, "DHE_RSA_WITH_AES_128_OCB_SHA256", "RSA", "DH", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"),
Ciphersuite(0xFFC1, "DHE_RSA_WITH_AES_256_OCB_SHA256", "RSA", "DH", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"),
Ciphersuite(0xFFC2, "ECDHE_RSA_WITH_AES_128_OCB_SHA256", "RSA", "ECDH", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"),
diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py
index 6dd623331..ce069e250 100755
--- a/src/scripts/tls_suite_info.py
+++ b/src/scripts/tls_suite_info.py
@@ -3,7 +3,7 @@
"""
Used to generate lib/tls/tls_suite_info.cpp from IANA params
-(C) 2011, 2012, 2013, 2014, 2015, 2016 Jack Lloyd
+(C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Jack Lloyd
Botan is released under the Simplified BSD License (see license.txt)
"""
@@ -44,6 +44,9 @@ def to_ciphersuite_info(code, name):
if mac_algo == '8' and cipher[-1] == 'CCM':
cipher = cipher[:-1]
mac_algo = 'CCM_8'
+ elif cipher[-2] == 'CCM' and cipher[-1] == '8':
+ cipher = cipher[:-1]
+ mac_algo = 'CCM_8'
if mac_algo == 'CCM':
cipher += ['CCM']
@@ -125,7 +128,7 @@ def to_ciphersuite_info(code, name):
mode = cipher[-1]
if mode not in ['CBC', 'GCM', 'CCM(8)', 'CCM', 'OCB']:
- print "#warning Unknown mode %s" % (' '.join(cipher))
+ print "#warning Unknown mode '%s' for ciphersuite %s (0x%d)" % (' '.join(cipher), name, code)
ivlen = 8 if cipher_algo == '3DES' else 16