diff options
-rw-r--r-- | src/lib/tls/tls_suite_info.cpp | 4 | ||||
-rwxr-xr-x | src/scripts/tls_suite_info.py | 56 | ||||
-rw-r--r-- | src/tests/unit_tls.cpp | 7 |
3 files changed, 42 insertions, 25 deletions
diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp index cc89934e0..b62a19b97 100644 --- a/src/lib/tls/tls_suite_info.cpp +++ b/src/lib/tls/tls_suite_info.cpp @@ -3,7 +3,7 @@ * * This file was automatically generated from the IANA assignments * (tls-parameters.txt hash 67a567fcf1ac67cb8cfc4af96c20c3efb05c1fc1) -* by ./src/scripts/tls_suite_info.py on 2016-11-16 +* by ./src/scripts/tls_suite_info.py on 2016-12-30 * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -183,6 +183,8 @@ const std::vector<Ciphersuite>& Ciphersuite::all_known_ciphersuites() Ciphersuite(0xFFC9, "DHE_PSK_WITH_AES_256_OCB_SHA256", "", "DHE_PSK", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), Ciphersuite(0xFFCA, "ECDHE_PSK_WITH_AES_128_OCB_SHA256", "", "ECDHE_PSK", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"), Ciphersuite(0xFFCB, "ECDHE_PSK_WITH_AES_256_OCB_SHA256", "", "ECDHE_PSK", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), + Ciphersuite(0xFFCC, "CECPQ1_RSA_WITH_AES_256_OCB_SHA256", "RSA", "CECPQ1", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), + Ciphersuite(0xFFCD, "CECPQ1_ECDSA_WITH_AES_256_OCB_SHA256", "ECDSA", "CECPQ1", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"), }; return g_ciphersuite_list; diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py index 955859d9f..6dd623331 100755 --- a/src/scripts/tls_suite_info.py +++ b/src/scripts/tls_suite_info.py @@ -3,7 +3,7 @@ """ Used to generate lib/tls/tls_suite_info.cpp from IANA params -(C) 2011, 2012, 2013, 2014, 2015 Jack Lloyd +(C) 2011, 2012, 2013, 2014, 2015, 2016 Jack Lloyd Botan is released under the Simplified BSD License (see license.txt) """ @@ -88,6 +88,7 @@ def to_ciphersuite_info(code, name): 'PSK_DHE': 'DHE_PSK', 'ECDHE_PSK': 'ECDHE_PSK', 'CECPQ1': 'CECPQ1', + 'CECPQ1_PSK': 'CECPQ1_PSK', } mac_keylen = { @@ -168,17 +169,22 @@ def process_command_line(args): parser = optparse.OptionParser() parser.add_option('--with-ocb', action='store_true', default=True, - help='enable experimental OCB AEAD suites') + help='enable OCB AEAD suites') parser.add_option('--without-ocb', action='store_false', dest='with_ocb', - help='disable experimental OCB AEAD suites') + help='disable OCB AEAD suites') + + parser.add_option('--with-cecpq1', action='store_true', default=True, + help='enable CECPQ1 suites') + parser.add_option('--without-cecpq1', action='store_false', dest='with_cecpq1', + help='disable CECPQ1 suites') parser.add_option('--with-srp-aead', action='store_true', default=False, - help='add experimental SRP AEAD suites') - parser.add_option('--with-eax', action='store_true', default=False, - help='add experimental EAX AEAD suites') + help='add SRP AEAD suites') + parser.add_option('--without-srp-aead', action='store_false', dest='with_srp_aead', + help='disable SRP AEAD suites') - parser.add_option('--save-download', action='store_true', default=True, - help='save downloaded tls-parameters.txt') + parser.add_option('--save-download', action='store_true', default=False, + help='save downloaded tls-parameters.txt to cwd') parser.add_option('--output', '-o', help='file to write output to (default %default)', @@ -237,14 +243,15 @@ def main(args = None): define_custom_ciphersuite('ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', 'CC14') define_custom_ciphersuite('DHE_RSA_WITH_CHACHA20_POLY1305_SHA256', 'CC15') - # CECPQ1 - define_custom_ciphersuite('CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256', '16B7') - define_custom_ciphersuite('CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256', '16B8') - define_custom_ciphersuite('CECPQ1_RSA_WITH_AES_256_GCM_SHA384', '16B9') - define_custom_ciphersuite('CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384', '16BA') + if options.with_cecpq1: + # CECPQ1 key exchange + define_custom_ciphersuite('CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256', '16B7') + define_custom_ciphersuite('CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256', '16B8') + define_custom_ciphersuite('CECPQ1_RSA_WITH_AES_256_GCM_SHA384', '16B9') + define_custom_ciphersuite('CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384', '16BA') - # Expermental things if options.with_ocb: + # OCB ciphersuites draft-zauner-tls-aes-ocb-04 define_custom_ciphersuite('DHE_RSA_WITH_AES_128_OCB_SHA256', 'FFC0') define_custom_ciphersuite('DHE_RSA_WITH_AES_256_OCB_SHA256', 'FFC1') define_custom_ciphersuite('ECDHE_RSA_WITH_AES_128_OCB_SHA256', 'FFC2') @@ -259,23 +266,24 @@ def main(args = None): define_custom_ciphersuite('ECDHE_PSK_WITH_AES_128_OCB_SHA256', 'FFCA') define_custom_ciphersuite('ECDHE_PSK_WITH_AES_256_OCB_SHA256', 'FFCB') - if options.with_eax: - define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_128_EAX_SHA256', 'FF90') - define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_256_EAX_SHA384', 'FF91') - define_custom_ciphersuite('ECDHE_RSA_WITH_AES_128_EAX_SHA256', 'FF92') - define_custom_ciphersuite('ECDHE_RSA_WITH_AES_256_EAX_SHA384', 'FF93') + if options.with_cecpq1 and options.with_ocb: + # CECPQ1 OCB ciphersuites - Botan extension + define_custom_ciphersuite('CECPQ1_RSA_WITH_AES_256_OCB_SHA256', 'FFCC') + define_custom_ciphersuite('CECPQ1_ECDSA_WITH_AES_256_OCB_SHA256', 'FFCD') + #define_custom_ciphersuite('CECPQ1_PSK_WITH_AES_256_OCB_SHA256', 'FFCE') if options.with_srp_aead: + # SRP using GCM or OCB - Botan extension define_custom_ciphersuite('SRP_SHA_WITH_AES_256_GCM_SHA384', 'FFA0') define_custom_ciphersuite('SRP_SHA_RSA_WITH_AES_256_GCM_SHA384', 'FFA1') define_custom_ciphersuite('SRP_SHA_DSS_WITH_AES_256_GCM_SHA384', 'FFA2') define_custom_ciphersuite('SRP_SHA_ECDSA_WITH_AES_256_GCM_SHA384', 'FFA3') - if options.with_eax: - define_custom_ciphersuite('SRP_SHA_WITH_AES_256_EAX_SHA384', 'FFA8') - define_custom_ciphersuite('SRP_SHA_RSA_WITH_AES_256_EAX_SHA384', 'FFA9') - define_custom_ciphersuite('SRP_SHA_DSS_WITH_AES_256_EAX_SHA384', 'FFAA') - define_custom_ciphersuite('SRP_SHA_ECDSA_WITH_AES_256_EAX_SHA384', 'FFAB') + if options.with_ocb: + define_custom_ciphersuite('SRP_SHA_WITH_AES_256_OCB_SHA256', 'FFA4') + define_custom_ciphersuite('SRP_SHA_RSA_WITH_AES_256_OCB_SHA256', 'FFA5') + define_custom_ciphersuite('SRP_SHA_DSS_WITH_AES_256_OCB_SHA256', 'FFA6') + define_custom_ciphersuite('SRP_SHA_ECDSA_WITH_AES_256_OCB_SHA256', 'FFA7') suite_info = '' diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 928b31aac..764388159 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -1132,6 +1132,13 @@ class TLS_Unit_Tests : public Test test_modern_versions(results, *client_ses, *server_ses, *creds, "CECPQ1", "AES-256/GCM", "AEAD"); #endif +#if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_OCB) + test_modern_versions(results, *client_ses, *server_ses, *creds, "CECPQ1", "AES-256/OCB(12)", "AEAD"); + test_modern_versions(results, *client_ses, *server_ses, *creds, "CECPQ1", "AES-256/OCB(12)", "AEAD", + {{ "signature_methods", "RSA" }}); + test_modern_versions(results, *client_ses, *server_ses, *creds, "CECPQ1_PSK", "AES-256/OCB(12)", "AEAD"); +#endif + #if defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305) test_modern_versions(results, *client_ses, *server_ses, *creds, "CECPQ1", "ChaCha20Poly1305", "AEAD", { { "signature_methods", "RSA" }}); |