diff options
| -rw-r--r-- | doc/news.rst | 5 | ||||
| -rw-r--r-- | src/lib/tls/tls_suite_info.cpp | 74 | ||||
| -rwxr-xr-x | src/scripts/tls_suite_info.py | 28 |
3 files changed, 56 insertions, 51 deletions
diff --git a/doc/news.rst b/doc/news.rst index 80b0dfe5a..7a5b3b115 100644 --- a/doc/news.rst +++ b/doc/news.rst @@ -9,6 +9,11 @@ Version 1.11.30, Not Yet Released (non-standard) ChaCha20Poly1305 ciphersuites from draft-agl-tls-chacha20poly1305 remain but are deprecated. +* The OCB TLS ciphersuites have been updated to use the new nonce + scheme from draft-zauner-tls-aes-ocb-04. This is incompatible with + previous versions of the draft, and the ciphersuite numbers used for + the (still experimental) OCB ciphersuites have changed. + * A bug in the IETF version of ChaCha20Poly1305 (with 96 bit nonces) caused incorrect computation when the plaintext or AAD was exactly a multiple of 16 bytes. diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp index 84e2a30a8..0d08710e8 100644 --- a/src/lib/tls/tls_suite_info.cpp +++ b/src/lib/tls/tls_suite_info.cpp @@ -3,7 +3,7 @@ * * This file was automatically generated from the IANA assignments * (tls-parameters.txt hash fe280cb8b13bfdd306a975ab39fda238f77ae3bc) -* by ./src/scripts/tls_suite_info.py on 2016-03-23 +* by ./src/scripts/tls_suite_info.py on 2016-04-04 * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -165,18 +165,18 @@ std::vector<u16bit> Ciphersuite::all_known_ciphersuite_ids() 0xCCAB, 0xCCAC, 0xCCAD, - 0xFFF0, - 0xFFF1, - 0xFFF2, - 0xFFF3, - 0xFFF4, - 0xFFF5, - 0xFFF6, - 0xFFF7, - 0xFFF8, - 0xFFF9, - 0xFFFA, - 0xFFFB, + 0xFFC0, + 0xFFC1, + 0xFFC2, + 0xFFC3, + 0xFFC4, + 0xFFC5, + 0xFFC6, + 0xFFC7, + 0xFFC8, + 0xFFC9, + 0xFFCA, + 0xFFCB, }; } @@ -628,41 +628,41 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) case 0xCCAD: // DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 return Ciphersuite(0xCCAD, "", "DHE_PSK", "ChaCha20Poly1305", 32, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFF0: // ECDHE_RSA_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFF0, "RSA", "ECDH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFC0: // DHE_RSA_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFC0, "RSA", "DH", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFF1: // ECDHE_RSA_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFF1, "RSA", "ECDH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFC1: // DHE_RSA_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFC1, "RSA", "DH", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFF2: // ECDHE_ECDSA_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFF2, "ECDSA", "ECDH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFC2: // ECDHE_RSA_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFC2, "RSA", "ECDH", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFF3: // ECDHE_ECDSA_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFF3, "ECDSA", "ECDH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFC3: // ECDHE_RSA_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFC3, "RSA", "ECDH", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFF4: // DHE_RSA_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFF4, "RSA", "DH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFC4: // ECDHE_ECDSA_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFC4, "ECDSA", "ECDH", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFF5: // DHE_RSA_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFF5, "RSA", "DH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFC5: // ECDHE_ECDSA_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFC5, "ECDSA", "ECDH", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFF6: // PSK_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFF6, "", "PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFC6: // PSK_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFC6, "", "PSK", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFF7: // PSK_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFF7, "", "PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFC7: // PSK_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFC7, "", "PSK", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFF8: // ECDHE_PSK_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFF8, "", "ECDHE_PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFC8: // DHE_PSK_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFC8, "", "DHE_PSK", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFF9: // ECDHE_PSK_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFF9, "", "ECDHE_PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFC9: // DHE_PSK_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFC9, "", "DHE_PSK", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFFA: // DHE_PSK_WITH_AES_128_OCB_SHA256 - return Ciphersuite(0xFFFA, "", "DHE_PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFCA: // ECDHE_PSK_WITH_AES_128_OCB_SHA256 + return Ciphersuite(0xFFCA, "", "ECDHE_PSK", "AES-128/OCB(12)", 16, 12, 0, "AEAD", 0, "SHA-256"); - case 0xFFFB: // DHE_PSK_WITH_AES_256_OCB_SHA256 - return Ciphersuite(0xFFFB, "", "DHE_PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); + case 0xFFCB: // ECDHE_PSK_WITH_AES_256_OCB_SHA256 + return Ciphersuite(0xFFCB, "", "ECDHE_PSK", "AES-256/OCB(12)", 32, 12, 0, "AEAD", 0, "SHA-256"); } diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py index 2bff5ad34..6424341d2 100755 --- a/src/scripts/tls_suite_info.py +++ b/src/scripts/tls_suite_info.py @@ -138,7 +138,7 @@ def to_ciphersuite_info(code, name): elif mode == 'OCB': return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, %d, "AEAD", %d, "%s")' % ( - code, sig_algo, kex_algo, cipher_algo, cipher_keylen, 4, 0, 0, mac_algo) + code, sig_algo, kex_algo, cipher_algo, cipher_keylen, 12, 0, 0, mac_algo) else: iv_bytes_from_hs = 4 @@ -240,19 +240,19 @@ def main(args = None): # Expermental things if options.with_ocb: - define_custom_ciphersuite('ECDHE_RSA_WITH_AES_128_OCB_SHA256', 'FFF0') - define_custom_ciphersuite('ECDHE_RSA_WITH_AES_256_OCB_SHA256', 'FFF1') - define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_128_OCB_SHA256', 'FFF2') - define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_256_OCB_SHA256', 'FFF3') - define_custom_ciphersuite('DHE_RSA_WITH_AES_128_OCB_SHA256', 'FFF4') - define_custom_ciphersuite('DHE_RSA_WITH_AES_256_OCB_SHA256', 'FFF5') - - define_custom_ciphersuite('PSK_WITH_AES_128_OCB_SHA256', 'FFF6') - define_custom_ciphersuite('PSK_WITH_AES_256_OCB_SHA256', 'FFF7') - define_custom_ciphersuite('ECDHE_PSK_WITH_AES_128_OCB_SHA256', 'FFF8') - define_custom_ciphersuite('ECDHE_PSK_WITH_AES_256_OCB_SHA256', 'FFF9') - define_custom_ciphersuite('DHE_PSK_WITH_AES_128_OCB_SHA256', 'FFFA') - define_custom_ciphersuite('DHE_PSK_WITH_AES_256_OCB_SHA256', 'FFFB') + define_custom_ciphersuite('DHE_RSA_WITH_AES_128_OCB_SHA256', 'FFC0') + define_custom_ciphersuite('DHE_RSA_WITH_AES_256_OCB_SHA256', 'FFC1') + define_custom_ciphersuite('ECDHE_RSA_WITH_AES_128_OCB_SHA256', 'FFC2') + define_custom_ciphersuite('ECDHE_RSA_WITH_AES_256_OCB_SHA256', 'FFC3') + define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_128_OCB_SHA256', 'FFC4') + define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_256_OCB_SHA256', 'FFC5') + + define_custom_ciphersuite('PSK_WITH_AES_128_OCB_SHA256', 'FFC6') + define_custom_ciphersuite('PSK_WITH_AES_256_OCB_SHA256', 'FFC7') + define_custom_ciphersuite('DHE_PSK_WITH_AES_128_OCB_SHA256', 'FFC8') + define_custom_ciphersuite('DHE_PSK_WITH_AES_256_OCB_SHA256', 'FFC9') + define_custom_ciphersuite('ECDHE_PSK_WITH_AES_128_OCB_SHA256', 'FFCA') + define_custom_ciphersuite('ECDHE_PSK_WITH_AES_256_OCB_SHA256', 'FFCB') if options.with_eax: define_custom_ciphersuite('ECDHE_ECDSA_WITH_AES_128_EAX_SHA256', 'FF90') |