aboutsummaryrefslogtreecommitdiffstats
path: root/src/scripts/tls_suite_info.py
diff options
context:
space:
mode:
authorlloyd <[email protected]>2015-01-21 20:58:04 +0000
committerlloyd <[email protected]>2015-01-21 20:58:04 +0000
commit316a7b79146e8003d33f50b58e1c6c3ba9874a32 (patch)
treee9b049271ac1e4ff963e67caac30cb29f9e7b9a0 /src/scripts/tls_suite_info.py
parent1f59fa09984cb364c1dc560043ffa735e1f23494 (diff)
Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00
and enable them in the default build, though still not enabled in the runtime policy.
Diffstat (limited to 'src/scripts/tls_suite_info.py')
-rwxr-xr-xsrc/scripts/tls_suite_info.py41
1 files changed, 24 insertions, 17 deletions
diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py
index 4fb3c430a..d569352ef 100755
--- a/src/scripts/tls_suite_info.py
+++ b/src/scripts/tls_suite_info.py
@@ -129,17 +129,24 @@ def to_ciphersuite_info(code, name):
ivlen = 8 if cipher_algo == '3DES' else 16
if mode != 'CBC':
- cipher_algo += '/' + mode
+ if mode == 'OCB':
+ cipher_algo += '/OCB(12)'
+ else:
+ cipher_algo += '/' + mode
if cipher_algo in stream_ciphers or mode == 'CBC':
return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, 0, "%s", %d)' % (
code, sig_algo, kex_algo, cipher_algo, cipher_keylen, ivlen, mac_algo, mac_keylen[mac_algo])
+ elif mode == 'OCB':
+
+ return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, %d, "AEAD", %d, "%s")' % (
+ code, sig_algo, kex_algo, cipher_algo, cipher_keylen, 4, 0, 0, mac_algo)
else:
- imp_iv_len = 4
- exp_iv_len = 8
+ iv_bytes_from_hs = 4
+ iv_bytes_from_rec = 8
return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, %d, "AEAD", %d, "%s")' % (
- code, sig_algo, kex_algo, cipher_algo, cipher_keylen, imp_iv_len, exp_iv_len, 0, mac_algo)
+ code, sig_algo, kex_algo, cipher_algo, cipher_keylen, iv_bytes_from_hs, iv_bytes_from_rec, 0, mac_algo)
def open_input(args):
iana_url = 'https://www.iana.org/assignments/tls-parameters/tls-parameters.txt'
@@ -234,13 +241,19 @@ def main(args = None):
# Expermental things
if options.with_ocb:
- define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_128_OCB_SHA256', 'FF80')
- define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_256_OCB_SHA384', 'FF81')
- define_custom_ciphersuite('ECDHE_RSA_WITH_AES_128_OCB_SHA256', 'FF82')
- define_custom_ciphersuite('ECDHE_RSA_WITH_AES_256_OCB_SHA384', 'FF83')
-
- define_custom_ciphersuite('ECDHE_PSK_WITH_AES_128_OCB_SHA256', 'FF85')
- define_custom_ciphersuite('ECDHE_PSK_WITH_AES_256_OCB_SHA384', 'FF86')
+ define_custom_ciphersuite('ECDHE_RSA_WITH_AES_128_OCB_SHA256', 'FFF0')
+ define_custom_ciphersuite('ECDHE_RSA_WITH_AES_256_OCB_SHA256', 'FFF1')
+ define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_128_OCB_SHA256', 'FFF2')
+ define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_256_OCB_SHA256', 'FFF3')
+ define_custom_ciphersuite('DHE_RSA_WITH_AES_128_OCB_SHA256', 'FFF4')
+ define_custom_ciphersuite('DHE_RSA_WITH_AES_256_OCB_SHA256', 'FFF5')
+
+ define_custom_ciphersuite('PSK_WITH_AES_128_OCB_SHA256', 'FFF6')
+ define_custom_ciphersuite('PSK_WITH_AES_256_OCB_SHA256', 'FFF7')
+ define_custom_ciphersuite('ECDHE_PSK_WITH_AES_128_OCB_SHA256', 'FFF8')
+ define_custom_ciphersuite('ECDHE_PSK_WITH_AES_256_OCB_SHA256', 'FFF9')
+ define_custom_ciphersuite('DHE_PSK_WITH_AES_128_OCB_SHA256', 'FFFA')
+ define_custom_ciphersuite('DHE_PSK_WITH_AES_256_OCB_SHA256', 'FFFB')
if options.with_eax:
define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_128_EAX_SHA256', 'FF90')
@@ -254,12 +267,6 @@ def main(args = None):
define_custom_ciphersuite('SRP_SHA_DSS_WITH_AES_256_GCM_SHA384', 'FFA2')
define_custom_ciphersuite('SRP_SHA_ECDSA_WITH_AES_256_GCM_SHA384', 'FFA3')
- if options.with_ocb:
- define_custom_ciphersuite('SRP_SHA_WITH_AES_256_OCB_SHA384', 'FFA4')
- define_custom_ciphersuite('SRP_SHA_RSA_WITH_AES_256_OCB_SHA384', 'FFA5')
- define_custom_ciphersuite('SRP_SHA_DSS_WITH_AES_256_OCB_SHA384', 'FFA6')
- define_custom_ciphersuite('SRP_SHA_ECDSA_WITH_AES_256_OCB_SHA384', 'FFA7')
-
if options.with_eax:
define_custom_ciphersuite('SRP_SHA_WITH_AES_256_EAX_SHA384', 'FFA8')
define_custom_ciphersuite('SRP_SHA_RSA_WITH_AES_256_EAX_SHA384', 'FFA9')