diff options
| author | Jack Lloyd <[email protected]> | 2016-03-23 17:02:55 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-03-23 17:02:55 -0400 |
| commit | 858cf5c82260e45e5bf51ff17b63f493d8295356 (patch) | |
| tree | 3186029f089ffdb3e1c9e0ac004018d0953ff5e8 /src/scripts/tls_suite_info.py | |
| parent | 646ddaef38845a7ce33e4dcc7a02500a674c7033 (diff) | |
Add IETF standard ChaCha20Poly1305 ciphersuites to TLS
Diffstat (limited to 'src/scripts/tls_suite_info.py')
| -rwxr-xr-x | src/scripts/tls_suite_info.py | 49 |
1 files changed, 14 insertions, 35 deletions
diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py index 6ba807d68..2bff5ad34 100755 --- a/src/scripts/tls_suite_info.py +++ b/src/scripts/tls_suite_info.py @@ -114,9 +114,9 @@ def to_ciphersuite_info(code, name): ivlen = 0 if cipher[0] == 'CHACHA20' and cipher[1] == 'POLY1305': - iv_len = 4 - if (code[0:2] == 'CC'): - iv_len = 0 + iv_len = 12 + if code in ['CC13', 'CC14', 'CC15']: + iv_len = 0 # Google variant return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, %d, "AEAD", %d, "%s")' % ( code, sig_algo, kex_algo, "ChaCha20Poly1305", cipher_keylen, iv_len, 0, 0, mac_algo) @@ -168,11 +168,6 @@ def process_command_line(args): parser = optparse.OptionParser() - parser.add_option('--with-chacha', action='store_true', default=True, - help='enable experimental ChaCha suites') - parser.add_option('--without-chacha', action='store_false', dest='with_chacha', - help='disable experimental ChaCha suites') - parser.add_option('--with-ocb', action='store_true', default=True, help='enable experimental OCB AEAD suites') parser.add_option('--without-ocb', action='store_false', dest='with_ocb', @@ -224,7 +219,7 @@ def main(args = None): should_use = False if should_use: - suites[name] = (code, to_ciphersuite_info(code, name)) + suites[code] = (name, to_ciphersuite_info(code, name)) sha1 = hashlib.sha1() sha1.update(contents) @@ -236,23 +231,12 @@ def main(args = None): out.close() def define_custom_ciphersuite(name, code): - suites[name] = (code, to_ciphersuite_info(code, name)) - - if options.with_chacha: - # Google servers - draft-agl-tls-chacha20poly1305-04 - define_custom_ciphersuite('ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC13') - define_custom_ciphersuite('ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'CC14') - define_custom_ciphersuite('DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC15') - - if options.with_chacha and False: - # Provisional IETF ChaCha suites - define_custom_ciphersuite('RSA_WITH_CHACHA20_POLY1305_SHA256', 'CD30') - define_custom_ciphersuite('ECDSA_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CD31') - define_custom_ciphersuite('ECDSA_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'CD32') - define_custom_ciphersuite('DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CD33') - define_custom_ciphersuite('DHE_PSK_WITH_CHACHA20_POLY1305_SHA256', 'CD34') - define_custom_ciphersuite('PSK_WITH_CHACHA20_POLY1305_SHA256', 'CD35') - define_custom_ciphersuite('ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256', 'CD36') + suites[code] = (name, to_ciphersuite_info(code, name)) + + # Google servers - draft-agl-tls-chacha20poly1305-04 + define_custom_ciphersuite('ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC13') + define_custom_ciphersuite('ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'CC14') + define_custom_ciphersuite('DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC15') # Expermental things if options.with_ocb: @@ -316,12 +300,7 @@ std::vector<u16bit> Ciphersuite::all_known_ciphersuite_ids() return std::vector<u16bit>{ """ - csuite_ids = {} - - for (k,v) in suites.items(): - csuite_ids[v[0]] = (k, v[1]) - - for i in sorted(csuite_ids.keys()): + for i in sorted(suites.keys()): suite_info += " 0x%s,\n" % (i) suite_info += """ }; @@ -333,9 +312,9 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) { """ - for i in sorted(csuite_ids.keys()): - suite_name = csuite_ids[i][0] - suite_expr = csuite_ids[i][1] + for i in sorted(suites.keys()): + suite_name = suites[i][0] + suite_expr = suites[i][1] suite_info += " case 0x%s: // %s\n" % (i, suite_name) suite_info += " return %s;\n\n" % (suite_expr) |