Add support for SEED ciphersuites. Tested against OpenSSL 0.9.8n

author: lloyd <[email protected]> 2010-04-17 22:03:21 +0000
committer: lloyd <[email protected]> 2010-04-17 22:03:21 +0000
commit: 7e11baeb323cb0becfccd6f8b543a062c6d57b8e (patch)
tree: 0a80fc37344ad91c6401191c1a22eb13201131c5
parent: ee353b33dae5fd2a664ac56556e2037284735a47 (diff)
4 files changed, 25 insertions, 0 deletions
diff --git a/doc/log.txt b/doc/log.txt
index e22894645..f4abe32c7 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -1,6 +1,7 @@
 
 * 1.9.7-dev, ????-??-??
  - TLS: Support reading SSLv2 client hellos
+ - TLS: Add support for SEED ciphersuites (RFC 4162)
  - Add Comb4P hash combiner function
 
 * 1.9.6, 2010-04-09
diff --git a/src/ssl/tls_magic.h b/src/ssl/tls_magic.h
index 25cd0986a..c167cc689 100644
--- a/src/ssl/tls_magic.h
+++ b/src/ssl/tls_magic.h
@@ -106,18 +106,21 @@ enum Ciphersuite_Code {
    TLS_RSA_WITH_AES_256_CBC_SHA          = 0x0035,
    TLS_RSA_WITH_AES_128_CBC_SHA256       = 0x003C,
    TLS_RSA_WITH_AES_256_CBC_SHA256       = 0x003D,
+   TLS_RSA_WITH_SEED_CBC_SHA             = 0x0096,
 
    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA     = 0x0013,
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA      = 0x0032,
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA      = 0x0038,
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256   = 0x0040,
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256   = 0x006A,
+   TLS_DHE_DSS_WITH_SEED_CBC_SHA         = 0x0099,
 
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA     = 0x0016,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA      = 0x0033,
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA      = 0x0039,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256   = 0x0067,
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   = 0x006B,
+   TLS_DHE_RSA_WITH_SEED_CBC_SHA         = 0x009A,
 
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  = 0xC023,
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  = 0xC024,
diff --git a/src/ssl/tls_policy.cpp b/src/ssl/tls_policy.cpp
index 594f20ebb..57fcdb5cc 100644
--- a/src/ssl/tls_policy.cpp
+++ b/src/ssl/tls_policy.cpp
@@ -32,6 +32,7 @@ std::vector<u16bit> TLS_Policy::suite_list(bool use_rsa,
       suites.push_back(TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
       suites.push_back(TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
       suites.push_back(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+      suites.push_back(TLS_DHE_DSS_WITH_SEED_CBC_SHA);
       }
 
    if(use_edh_rsa)
@@ -39,6 +40,7 @@ std::vector<u16bit> TLS_Policy::suite_list(bool use_rsa,
       suites.push_back(TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
       suites.push_back(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
       suites.push_back(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+      suites.push_back(TLS_DHE_RSA_WITH_SEED_CBC_SHA);
       }
 
    if(use_rsa)
@@ -46,6 +48,7 @@ std::vector<u16bit> TLS_Policy::suite_list(bool use_rsa,
       suites.push_back(TLS_RSA_WITH_AES_256_CBC_SHA);
       suites.push_back(TLS_RSA_WITH_AES_128_CBC_SHA);
       suites.push_back(TLS_RSA_WITH_3DES_EDE_CBC_SHA);
+      suites.push_back(TLS_RSA_WITH_SEED_CBC_SHA);
       suites.push_back(TLS_RSA_WITH_RC4_128_SHA);
       suites.push_back(TLS_RSA_WITH_RC4_128_MD5);
       }
diff --git a/src/ssl/tls_suites.cpp b/src/ssl/tls_suites.cpp
index cf6bd45e5..3f0e76654 100644
--- a/src/ssl/tls_suites.cpp
+++ b/src/ssl/tls_suites.cpp
@@ -47,6 +47,12 @@ TLS_Ciphersuite_Algos lookup_ciphersuite(u16bit suite)
                                    TLS_ALGO_MAC_SHA1 |
                                    TLS_ALGO_CIPHER_AES256_CBC);
 
+   if(suite == TLS_RSA_WITH_SEED_CBC_SHA)
+      return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
+                                   TLS_ALGO_KEYEXCH_NOKEX |
+                                   TLS_ALGO_MAC_SHA1 |
+                                   TLS_ALGO_CIPHER_SEED_CBC);
+
    if(suite == TLS_RSA_WITH_AES_128_CBC_SHA256)
       return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
                                    TLS_ALGO_KEYEXCH_NOKEX |
@@ -71,6 +77,12 @@ TLS_Ciphersuite_Algos lookup_ciphersuite(u16bit suite)
                                    TLS_ALGO_MAC_SHA1 |
                                    TLS_ALGO_CIPHER_AES128_CBC);
 
+   if(suite == TLS_DHE_DSS_WITH_SEED_CBC_SHA)
+      return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
+                                   TLS_ALGO_KEYEXCH_DH |
+                                   TLS_ALGO_MAC_SHA1 |
+                                   TLS_ALGO_CIPHER_SEED_CBC);
+
    if(suite == TLS_DHE_DSS_WITH_AES_256_CBC_SHA)
       return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
                                    TLS_ALGO_KEYEXCH_DH |
@@ -101,6 +113,12 @@ TLS_Ciphersuite_Algos lookup_ciphersuite(u16bit suite)
                                    TLS_ALGO_MAC_SHA1 |
                                    TLS_ALGO_CIPHER_AES128_CBC);
 
+   if(suite == TLS_DHE_DSS_WITH_SEED_CBC_SHA)
+      return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
+                                   TLS_ALGO_KEYEXCH_DH |
+                                   TLS_ALGO_MAC_SHA1 |
+                                   TLS_ALGO_CIPHER_SEED_CBC);
+
    if(suite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
       return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
                                    TLS_ALGO_KEYEXCH_DH |
author	lloyd <[email protected]>	2010-04-17 22:03:21 +0000
committer	lloyd <[email protected]>	2010-04-17 22:03:21 +0000
commit	7e11baeb323cb0becfccd6f8b543a062c6d57b8e (patch)
tree	0a80fc37344ad91c6401191c1a22eb13201131c5
parent	ee353b33dae5fd2a664ac56556e2037284735a47 (diff)