aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-16 12:05:34 -0500
committerJack Lloyd <[email protected]>2016-11-17 13:56:25 -0500
commit74cf1686b727d9b41781df66f3f74d63b9c5cfe2 (patch)
treec5127473f7676763202cf79837bd4328c903a21d /src
parent97df0c27b878d77799353ccc9eda9705b1ec1fa4 (diff)
Add CECPQ1 TLS ciphersuites
Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
Diffstat (limited to 'src')
-rw-r--r--src/cli/speed.cpp2
-rw-r--r--src/lib/pubkey/cecpq1/cecpq1.cpp50
-rw-r--r--src/lib/pubkey/cecpq1/cecpq1.h36
-rw-r--r--src/lib/pubkey/cecpq1/info.txt7
-rw-r--r--src/lib/pubkey/curve25519/curve25519.cpp25
-rw-r--r--src/lib/pubkey/curve25519/curve25519.h14
-rw-r--r--src/lib/pubkey/curve25519/donna.cpp3
-rw-r--r--src/lib/pubkey/newhope/newhope.cpp4
-rw-r--r--src/lib/pubkey/newhope/newhope.h31
-rw-r--r--src/lib/tls/msg_client_kex.cpp49
-rw-r--r--src/lib/tls/msg_server_kex.cpp22
-rw-r--r--src/lib/tls/tls_ciphersuite.cpp6
-rw-r--r--src/lib/tls/tls_messages.h18
-rw-r--r--src/lib/tls/tls_policy.cpp3
-rw-r--r--src/lib/tls/tls_suite_info.cpp8
-rwxr-xr-xsrc/scripts/tls_suite_info.py7
-rw-r--r--src/tests/test_newhope.cpp4
-rw-r--r--src/tests/unit_tls.cpp4
18 files changed, 249 insertions, 44 deletions
diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp
index 47cdc03c0..6fac9411c 100644
--- a/src/cli/speed.cpp
+++ b/src/cli/speed.cpp
@@ -1246,7 +1246,7 @@ class Speed final : public Command
while(sharedb_timer.under(msec))
{
- std::vector<uint8_t> send_a(NEWHOPE_SENDABYTES), send_b(NEWHOPE_SENDBBYTES);
+ std::vector<uint8_t> send_a(Botan::NEWHOPE_SENDABYTES), send_b(Botan::NEWHOPE_SENDBBYTES);
std::vector<uint8_t> shared_a(32), shared_b(32);
Botan::newhope_poly sk_a;
diff --git a/src/lib/pubkey/cecpq1/cecpq1.cpp b/src/lib/pubkey/cecpq1/cecpq1.cpp
new file mode 100644
index 000000000..d5b6ae702
--- /dev/null
+++ b/src/lib/pubkey/cecpq1/cecpq1.cpp
@@ -0,0 +1,50 @@
+/*
+* CECPQ1 (x25519 + NewHope)
+* (C) 2016 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/cecpq1.h>
+#include <botan/newhope.h>
+#include <botan/curve25519.h>
+
+namespace Botan {
+
+void CECPQ1_offer(uint8_t send[CECPQ1_OFFER_BYTES],
+ CECPQ1_key* offer_key_output,
+ RandomNumberGenerator& rng)
+ {
+ offer_key_output->m_x25519 = rng.random_vec(32);
+ curve25519_basepoint(send, offer_key_output->m_x25519.data());
+
+ newhope_keygen(send + 32, &offer_key_output->m_newhope,
+ rng, Newhope_Mode::BoringSSL);
+ }
+
+void CECPQ1_accept(uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES],
+ uint8_t send[CECPQ1_ACCEPT_BYTES],
+ const uint8_t received[CECPQ1_OFFER_BYTES],
+ RandomNumberGenerator& rng)
+ {
+ secure_vector<byte> x25519_key = rng.random_vec(32);
+
+ curve25519_basepoint(send, x25519_key.data());
+
+ curve25519_donna(shared_key, x25519_key.data(), received);
+
+ newhope_sharedb(shared_key + 32, send + 32, received + 32,
+ rng, Newhope_Mode::BoringSSL);
+ }
+
+void CECPQ1_finish(uint8_t shared_key[CECPQ1_SHARED_KEY_BYTES],
+ const CECPQ1_key& offer_key,
+ const uint8_t received[CECPQ1_ACCEPT_BYTES])
+ {
+ curve25519_donna(shared_key, offer_key.m_x25519.data(), received);
+
+ newhope_shareda(shared_key + 32, &offer_key.m_newhope, received + 32,
+ Newhope_Mode::BoringSSL);
+ }
+
+}
diff --git a/src/lib/pubkey/cecpq1/cecpq1.h b/src/lib/pubkey/cecpq1/cecpq1.h
new file mode 100644
index 000000000..0bda0dd02
--- /dev/null
+++ b/src/lib/pubkey/cecpq1/cecpq1.h
@@ -0,0 +1,36 @@
+/*
+* CECPQ1 (x25519 + NewHope)
+* (C) 2016 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_CECPQ1_H__
+#define BOTAN_CECPQ1_H__
+
+#include <botan/secmem.h>
+#include <botan/newhope.h>
+
+namespace Botan {
+
+struct CECPQ1_key {
+ secure_vector<uint8_t> m_x25519;
+ newhope_poly m_newhope;
+};
+
+void BOTAN_DLL CECPQ1_offer(uint8_t* offer_message,
+ CECPQ1_key* offer_key_output,
+ RandomNumberGenerator& rng);
+
+void BOTAN_DLL CECPQ1_accept(uint8_t* shared_key,
+ uint8_t* accept_message,
+ const uint8_t* offer_message,
+ RandomNumberGenerator& rng);
+
+void BOTAN_DLL CECPQ1_finish(uint8_t* shared_key,
+ const CECPQ1_key& offer_key,
+ const uint8_t* accept_message);
+
+}
+
+#endif
diff --git a/src/lib/pubkey/cecpq1/info.txt b/src/lib/pubkey/cecpq1/info.txt
new file mode 100644
index 000000000..614ba3962
--- /dev/null
+++ b/src/lib/pubkey/cecpq1/info.txt
@@ -0,0 +1,7 @@
+define CECPQ1 20161116
+
+<requires>
+newhope
+curve25519
+</requires>
+
diff --git a/src/lib/pubkey/curve25519/curve25519.cpp b/src/lib/pubkey/curve25519/curve25519.cpp
index 216d02600..dd97e1f1d 100644
--- a/src/lib/pubkey/curve25519/curve25519.cpp
+++ b/src/lib/pubkey/curve25519/curve25519.cpp
@@ -12,6 +12,12 @@
namespace Botan {
+void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])
+ {
+ const byte basepoint[32] = { 9 };
+ curve25519_donna(mypublic, secret, basepoint);
+ }
+
namespace {
void size_check(size_t size, const char* thing)
@@ -24,17 +30,7 @@ secure_vector<byte> curve25519(const secure_vector<byte>& secret,
const byte pubval[32])
{
secure_vector<byte> out(32);
- const int rc = curve25519_donna(out.data(), secret.data(), pubval);
- BOTAN_ASSERT_EQUAL(rc, 0, "Return value of curve25519_donna is ok");
- return out;
- }
-
-std::vector<byte> curve25519_basepoint(const secure_vector<byte>& secret)
- {
- const byte basepoint[32] = { 9 };
- std::vector<byte> out(32);
- const int rc = curve25519_donna(out.data(), secret.data(), basepoint);
- BOTAN_ASSERT_EQUAL(rc, 0, "Return value of curve25519_donna is ok");
+ curve25519_donna(out.data(), secret.data(), pubval);
return out;
}
@@ -74,7 +70,8 @@ std::vector<byte> Curve25519_PublicKey::x509_subject_public_key() const
Curve25519_PrivateKey::Curve25519_PrivateKey(RandomNumberGenerator& rng)
{
m_private = rng.random_vec(32);
- m_public = curve25519_basepoint(m_private);
+ m_public.resize(32);
+ curve25519_basepoint(m_public.data(), m_private.data());
}
Curve25519_PrivateKey::Curve25519_PrivateKey(const AlgorithmIdentifier&,
@@ -103,7 +100,9 @@ secure_vector<byte> Curve25519_PrivateKey::pkcs8_private_key() const
bool Curve25519_PrivateKey::check_key(RandomNumberGenerator&, bool) const
{
- return curve25519_basepoint(m_private) == m_public;
+ std::vector<uint8_t> public_point(32);
+ curve25519_basepoint(public_point.data(), m_private.data());
+ return public_point == m_public;
}
secure_vector<byte> Curve25519_PrivateKey::agree(const byte w[], size_t w_len) const
diff --git a/src/lib/pubkey/curve25519/curve25519.h b/src/lib/pubkey/curve25519/curve25519.h
index 938bc42d4..40d9d81da 100644
--- a/src/lib/pubkey/curve25519/curve25519.h
+++ b/src/lib/pubkey/curve25519/curve25519.h
@@ -103,9 +103,17 @@ class BOTAN_DLL Curve25519_PrivateKey : public Curve25519_PublicKey,
* The types above are just wrappers for curve25519_donna, plus defining
* encodings for public and private keys.
*/
-int BOTAN_DLL curve25519_donna(uint8_t mypublic[32],
- const uint8_t secret[32],
- const uint8_t basepoint[32]);
+void BOTAN_DLL curve25519_donna(uint8_t mypublic[32],
+ const uint8_t secret[32],
+ const uint8_t basepoint[32]);
+
+/**
+* Exponentiate by the x25519 base point
+* @param mypublic output value
+* @param secret random scalar
+*/
+void BOTAN_DLL curve25519_basepoint(uint8_t mypublic[32],
+ const uint8_t secret[32]);
}
diff --git a/src/lib/pubkey/curve25519/donna.cpp b/src/lib/pubkey/curve25519/donna.cpp
index 86b92b0bf..22400015f 100644
--- a/src/lib/pubkey/curve25519/donna.cpp
+++ b/src/lib/pubkey/curve25519/donna.cpp
@@ -433,7 +433,7 @@ crecip(felem out, const felem z) {
/* 2^255 - 21 */ fmul(out, t0, a);
}
-int
+void
curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) {
CT::poison(secret, 32);
@@ -457,7 +457,6 @@ curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) {
CT::unpoison(secret, 32);
CT::unpoison(basepoint, 32);
CT::unpoison(mypublic, 32);
- return 0;
}
}
diff --git a/src/lib/pubkey/newhope/newhope.cpp b/src/lib/pubkey/newhope/newhope.cpp
index 356fd416e..77194207e 100644
--- a/src/lib/pubkey/newhope/newhope.cpp
+++ b/src/lib/pubkey/newhope/newhope.cpp
@@ -666,13 +666,13 @@ void gen_a(poly *a, const uint8_t *seed, Newhope_Mode mode)
if(mode == Newhope_Mode::BoringSSL)
{
- xof = StreamCipher::create("CTR(AES-128)");
+ xof = StreamCipher::create_or_throw("CTR-BE(AES-128)");
xof->set_key(seed, 16);
xof->set_iv(seed + 16, 16);
}
else
{
- xof = StreamCipher::create("SHAKE-128");
+ xof = StreamCipher::create_or_throw("SHAKE-128");
xof->set_key(seed, NEWHOPE_SEED_BYTES);
}
diff --git a/src/lib/pubkey/newhope/newhope.h b/src/lib/pubkey/newhope/newhope.h
index 667f1c4cf..df18bc586 100644
--- a/src/lib/pubkey/newhope/newhope.h
+++ b/src/lib/pubkey/newhope/newhope.h
@@ -21,36 +21,53 @@ namespace Botan {
* Currently pubkey.h does not support a 2-phase KEM scheme of
* the sort NEWHOPE exports.
*/
-#define NEWHOPE_SENDABYTES 1824
-#define NEWHOPE_SENDBBYTES 2048
-typedef struct {
- uint16_t coeffs[1024];
-} newhope_poly;
+// TODO: change to just a secure_vector
+class newhope_poly
+ {
+ public:
+ uint16_t coeffs[1024];
+ ~newhope_poly() { secure_scrub_memory(coeffs, sizeof(coeffs)); }
+ };
+
+enum Newhope_Params {
+ NEWHOPE_SENDABYTES = 1824,
+ NEWHOPE_SENDBBYTES = 2048,
+
+ NEWHOPE_OFFER_BYTES = 1824,
+ NEWHOPE_ACCEPT_BYTES = 2048,
+ NEWHOPE_SHARED_KEY_BYTES = 32,
+
+ CECPQ1_OFFER_BYTES = NEWHOPE_OFFER_BYTES + 32,
+ CECPQ1_ACCEPT_BYTES = NEWHOPE_ACCEPT_BYTES + 32,
+ CECPQ1_SHARED_KEY_BYTES = NEWHOPE_SHARED_KEY_BYTES + 32
+};
/**
* This chooses the XOF + hash for NewHope
-
* The official NewHope specification and reference implementation use
* SHA-3 and SHAKE-128. BoringSSL instead uses SHA-256 and AES-128 in
-* CTR mode.
+* CTR mode. CECPQ1 (x25519+NewHope) always uses BoringSSL's mode
*/
enum class Newhope_Mode {
SHA3,
BoringSSL
};
+// offer
void BOTAN_DLL newhope_keygen(uint8_t *send,
newhope_poly *sk,
RandomNumberGenerator& rng,
Newhope_Mode = Newhope_Mode::SHA3);
+// accept
void BOTAN_DLL newhope_sharedb(uint8_t *sharedkey,
uint8_t *send,
const uint8_t *received,
RandomNumberGenerator& rng,
Newhope_Mode mode = Newhope_Mode::SHA3);
+// finish
void BOTAN_DLL newhope_shareda(uint8_t *sharedkey,
const newhope_poly *ska,
const uint8_t *received,
diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp
index 6dc8295a6..05926ac2d 100644
--- a/src/lib/tls/msg_client_kex.cpp
+++ b/src/lib/tls/msg_client_kex.cpp
@@ -1,6 +1,6 @@
/*
* Client Key Exchange Message
-* (C) 2004-2010 Jack Lloyd
+* (C) 2004-2010,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -24,6 +24,10 @@
#include <botan/curve25519.h>
#endif
+#if defined(BOTAN_HAS_CECPQ1)
+ #include <botan/cecpq1.h>
+#endif
+
#if defined(BOTAN_HAS_SRP6)
#include <botan/srp6.h>
#endif
@@ -55,9 +59,8 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
identity_hint = reader.get_string(2, 0, 65535);
}
- const std::string psk_identity = creds.psk_identity("tls-client",
- hostname,
- identity_hint);
+ const std::string psk_identity =
+ creds.psk_identity("tls-client", hostname, identity_hint);
append_tls_length_value(m_key_material, psk_identity, 2);
@@ -78,9 +81,8 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
{
std::string identity_hint = reader.get_string(2, 0, 65535);
- const std::string psk_identity = creds.psk_identity("tls-client",
- hostname,
- identity_hint);
+ const std::string psk_identity =
+ creds.psk_identity("tls-client", hostname, identity_hint);
append_tls_length_value(m_key_material, psk_identity, 2);
@@ -154,7 +156,6 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
}
const std::vector<byte> ecdh_key = reader.get_range<byte>(1, 1, 255);
-
std::vector<byte> our_ecdh_public;
secure_vector<byte> ecdh_secret;
@@ -229,10 +230,25 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
m_pre_master = srp_vals.second.bits_of();
}
#endif
+
+#if defined(BOTAN_HAS_CECPQ1)
+ else if(kex_algo == "CECPQ1")
+ {
+ const std::vector<byte> cecpq1_offer = reader.get_range<byte>(2, 1, 65535);
+
+ if(cecpq1_offer.size() != CECPQ1_OFFER_BYTES)
+ throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Invalid CECPQ1 key size");
+
+ std::vector<uint8_t> newhope_accept(CECPQ1_ACCEPT_BYTES);
+ secure_vector<uint8_t> shared_secret(CECPQ1_SHARED_KEY_BYTES);
+ CECPQ1_accept(shared_secret.data(), newhope_accept.data(), cecpq1_offer.data(), rng);
+ append_tls_length_value(m_key_material, newhope_accept, 2);
+ m_pre_master = shared_secret;
+ }
+#endif
else
{
- throw Internal_Error("Client_Key_Exchange: Unknown kex " +
- kex_algo);
+ throw Internal_Error("Client_Key_Exchange: Unknown kex " + kex_algo);
}
reader.assert_done();
@@ -359,6 +375,19 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents,
m_pre_master = srp.step2(BigInt::decode(reader.get_range<byte>(2, 0, 65535))).bits_of();
}
#endif
+#if defined(BOTAN_HAS_CECPQ1)
+ else if(kex_algo == "CECPQ1")
+ {
+ const CECPQ1_key& cecpq1_offer = state.server_kex()->cecpq1_key();
+
+ const std::vector<byte> cecpq1_accept = reader.get_range<byte>(2, 0, 65535);
+ if(cecpq1_accept.size() != CECPQ1_ACCEPT_BYTES)
+ throw Decoding_Error("Invalid size for CECPQ1 accept message");
+
+ m_pre_master.resize(CECPQ1_SHARED_KEY_BYTES);
+ CECPQ1_finish(m_pre_master.data(), cecpq1_offer, cecpq1_accept.data());
+ }
+#endif
else if(kex_algo == "DH" || kex_algo == "DHE_PSK" ||
kex_algo == "ECDH" || kex_algo == "ECDHE_PSK")
{
diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp
index 4515ea450..521ef4e20 100644
--- a/src/lib/tls/msg_server_kex.cpp
+++ b/src/lib/tls/msg_server_kex.cpp
@@ -1,6 +1,6 @@
/*
* Server Key Exchange Message
-* (C) 2004-2010,2012,2015 Jack Lloyd
+* (C) 2004-2010,2012,2015,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -21,6 +21,10 @@
#include <botan/curve25519.h>
#endif
+#if defined(BOTAN_HAS_CECPQ1)
+ #include <botan/cecpq1.h>
+#endif
+
#if defined(BOTAN_HAS_SRP6)
#include <botan/srp6.h>
#endif
@@ -139,8 +143,19 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io,
append_tls_length_value(m_params, BigInt::encode(B), 2);
}
#endif
+#if defined(BOTAN_HAS_CECPQ1)
+ else if(kex_algo == "CECPQ1")
+ {
+ std::vector<uint8_t> cecpq1_offer(CECPQ1_OFFER_BYTES);
+ m_cecpq1_key.reset(new CECPQ1_key);
+ CECPQ1_offer(cecpq1_offer.data(), m_cecpq1_key.get(), rng);
+ append_tls_length_value(m_params, cecpq1_offer, 2);
+ }
+#endif
else if(kex_algo != "PSK")
+ {
throw Internal_Error("Server_Key_Exchange: Unknown kex type " + kex_algo);
+ }
if(state.ciphersuite().sig_algo() != "")
{
@@ -205,6 +220,11 @@ Server_Key_Exchange::Server_Key_Exchange(const std::vector<byte>& buf,
reader.get_range<byte>(1, 1, 255);
reader.get_range<byte>(2, 1, 65535);
}
+ else if(kex_algo == "CECPQ1")
+ {
+ // u16 blob
+ reader.get_range<byte>(2, 1, 65535);
+ }
else if(kex_algo != "PSK")
throw Decoding_Error("Server_Key_Exchange: Unsupported kex type " + kex_algo);
diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp
index aa00334c5..3c29c3c2b 100644
--- a/src/lib/tls/tls_ciphersuite.cpp
+++ b/src/lib/tls/tls_ciphersuite.cpp
@@ -143,6 +143,12 @@ bool Ciphersuite::is_usable() const
return false;
#endif
}
+ else if(kex_algo() == "CECPQ1")
+ {
+#if !defined(BOTAN_HAS_CECPQ1)
+ return false;
+#endif
+ }
if(sig_algo() == "DSA")
{
diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h
index 1e012a899..5e6962329 100644
--- a/src/lib/tls/tls_messages.h
+++ b/src/lib/tls/tls_messages.h
@@ -29,6 +29,10 @@ class Credentials_Manager;
class SRP6_Server_Session;
#endif
+#if defined(BOTAN_HAS_CECPQ1)
+class CECPQ1_key;
+#endif
+
namespace TLS {
class Session;
@@ -566,6 +570,15 @@ class Server_Key_Exchange final : public Handshake_Message
}
#endif
+#if defined(BOTAN_HAS_CECPQ1)
+ // Only valid for CECPQ1 negotiation
+ const CECPQ1_key& cecpq1_key() const
+ {
+ BOTAN_ASSERT_NONNULL(m_cecpq1_key);
+ return *m_cecpq1_key;
+ }
+#endif
+
Server_Key_Exchange(Handshake_IO& io,
Handshake_State& state,
const Policy& policy,
@@ -585,6 +598,11 @@ class Server_Key_Exchange final : public Handshake_Message
#if defined(BOTAN_HAS_SRP6)
std::unique_ptr<SRP6_Server_Session> m_srp_params;
#endif
+
+#if defined(BOTAN_HAS_CECPQ1)
+ std::unique_ptr<CECPQ1_key> m_cecpq1_key;
+#endif
+
std::unique_ptr<Private_Key> m_kex_key;
std::vector<byte> m_params;
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index c7c285716..1bb0951bb 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -21,9 +21,9 @@ std::vector<std::string> Policy::allowed_ciphers() const
return {
//"AES-256/OCB(12)",
//"AES-128/OCB(12)",
+ "ChaCha20Poly1305",
"AES-256/GCM",
"AES-128/GCM",
- "ChaCha20Poly1305",
"AES-256/CCM",
"AES-128/CCM",
//"AES-256/CCM(8)",
@@ -71,6 +71,7 @@ std::vector<std::string> Policy::allowed_key_exchange_methods() const
//"ECDHE_PSK",
//"DHE_PSK",
//"PSK",
+ "CECPQ1",
"ECDH",
"DH",
//"RSA",
diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp
index 7a2c62d56..cc89934e0 100644
--- a/src/lib/tls/tls_suite_info.cpp
+++ b/src/lib/tls/tls_suite_info.cpp
@@ -2,8 +2,8 @@
* TLS cipher suite information
*
* This file was automatically generated from the IANA assignments
-* (tls-parameters.txt hash 9546b3c8be1a1202e1d4a07c2a9d7d6394ae4a21)
-* by ./src/scripts/tls_suite_info.py on 2016-08-16
+* (tls-parameters.txt hash 67a567fcf1ac67cb8cfc4af96c20c3efb05c1fc1)
+* by ./src/scripts/tls_suite_info.py on 2016-11-16
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -81,6 +81,10 @@ const std::vector<Ciphersuite>& Ciphersuite::all_known_ciphersuites()
Ciphersuite(0x00C3, "DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32, ""),
Ciphersuite(0x00C4, "DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32, ""),
Ciphersuite(0x00C5, "DH_anon_WITH_CAMELLIA_256_CBC_SHA256", "", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32, ""),
+ Ciphersuite(0x16B7, "CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256", "RSA", "CECPQ1", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"),
+ Ciphersuite(0x16B8, "CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "ECDSA", "CECPQ1", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"),
+ Ciphersuite(0x16B9, "CECPQ1_RSA_WITH_AES_256_GCM_SHA384", "RSA", "CECPQ1", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"),
+ Ciphersuite(0x16BA, "CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384", "ECDSA", "CECPQ1", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"),
Ciphersuite(0xC008, "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "ECDSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20, ""),
Ciphersuite(0xC009, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20, ""),
Ciphersuite(0xC00A, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20, ""),
diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py
index 1d059b3f9..955859d9f 100755
--- a/src/scripts/tls_suite_info.py
+++ b/src/scripts/tls_suite_info.py
@@ -87,6 +87,7 @@ def to_ciphersuite_info(code, name):
'DHE_PSK': 'DHE_PSK',
'PSK_DHE': 'DHE_PSK',
'ECDHE_PSK': 'ECDHE_PSK',
+ 'CECPQ1': 'CECPQ1',
}
mac_keylen = {
@@ -236,6 +237,12 @@ def main(args = None):
define_custom_ciphersuite('ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'CC14')
define_custom_ciphersuite('DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC15')
+ # CECPQ1
+ define_custom_ciphersuite('CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256', '16B7')
+ define_custom_ciphersuite('CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256', '16B8')
+ define_custom_ciphersuite('CECPQ1_RSA_WITH_AES_256_GCM_SHA384', '16B9')
+ define_custom_ciphersuite('CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384', '16BA')
+
# Expermental things
if options.with_ocb:
define_custom_ciphersuite('DHE_RSA_WITH_AES_128_OCB_SHA256', 'FFC0')
diff --git a/src/tests/test_newhope.cpp b/src/tests/test_newhope.cpp
index 894896777..95641bcaa 100644
--- a/src/tests/test_newhope.cpp
+++ b/src/tests/test_newhope.cpp
@@ -104,7 +104,7 @@ class NEWHOPE_Tests : public Text_Based_Test
Botan::SHA_3_256 sha3;
- std::vector<uint8_t> send_a(NEWHOPE_SENDABYTES);
+ std::vector<uint8_t> send_a(Botan::NEWHOPE_SENDABYTES);
Botan::newhope_poly a_sk;
Botan::newhope_keygen(send_a.data(), &a_sk, drbg_a);
@@ -114,7 +114,7 @@ class NEWHOPE_Tests : public Text_Based_Test
result.test_eq("Hash Output A", h_send_a, h_output_a);
std::vector<uint8_t> sharedkey_b(32);
- std::vector<uint8_t> send_b(NEWHOPE_SENDBBYTES);
+ std::vector<uint8_t> send_b(Botan::NEWHOPE_SENDBBYTES);
Botan::newhope_sharedb(sharedkey_b.data(), send_b.data(), send_a.data(), drbg_b);
result.test_eq("Key B", sharedkey_b, shared_key);
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index 4ebc54252..e80fe5c63 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -978,6 +978,10 @@ class TLS_Unit_Tests : public Test
test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD",
{ { "signature_methods", "RSA" } });
+#if defined(BOTAN_HAS_CECPQ1)
+ test_modern_versions(results, *client_ses, *server_ses, *creds, "CECPQ1", "AES-256/GCM", "AEAD");
+#endif
+
test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD",
{ { "use_ecc_point_compression", "true" } });
test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD",