- Added support for the SHA256 ciphersuites of AES and Camellia

commit: 10cd2259625f0be85a3d7bb9fd60cbc270c04245 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Thu Apr 12 21:26:34 2012 +0000
committer: Paul Bakker <p.j.bakker@polarssl.org> Thu Apr 12 21:26:34 2012 +0000
tree: 4a1a04e6927943337816a1ac8e624166bbceec07
parent: bf63b36127e910c01af65ffe9cba9dfae4ebc07e [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b5c89a9..e697f4e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -323,6 +323,20 @@
             ssl->keylen = 32; ssl->minlen = 32;
             ssl->ivlen  = 16; ssl->maclen = 20;
             break;
+
+#if defined(POLARSSL_SHA2_C)
+        case SSL_RSA_AES_128_SHA256:
+        case SSL_EDH_RSA_AES_128_SHA256:
+            ssl->keylen = 16; ssl->minlen = 32;
+            ssl->ivlen  = 16; ssl->maclen = 32;
+            break;
+
+        case SSL_RSA_AES_256_SHA256:
+        case SSL_EDH_RSA_AES_256_SHA256:
+            ssl->keylen = 32; ssl->minlen = 32;
+            ssl->ivlen  = 16; ssl->maclen = 32;
+            break;
+#endif
 #endif
 
 #if defined(POLARSSL_CAMELLIA_C)
@@ -337,6 +351,20 @@
             ssl->keylen = 32; ssl->minlen = 32;
             ssl->ivlen  = 16; ssl->maclen = 20;
             break;
+
+#if defined(POLARSSL_SHA2_C)
+        case SSL_RSA_CAMELLIA_128_SHA256:
+        case SSL_EDH_RSA_CAMELLIA_128_SHA256:
+            ssl->keylen = 16; ssl->minlen = 32;
+            ssl->ivlen  = 16; ssl->maclen = 32;
+            break;
+
+        case SSL_RSA_CAMELLIA_256_SHA256:
+        case SSL_EDH_RSA_CAMELLIA_256_SHA256:
+            ssl->keylen = 32; ssl->minlen = 32;
+            ssl->ivlen  = 16; ssl->maclen = 32;
+            break;
+#endif
 #endif
 
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
@@ -430,12 +458,20 @@
 #if defined(POLARSSL_AES_C)
         case SSL_RSA_AES_128_SHA:
         case SSL_EDH_RSA_AES_128_SHA:
+#if defined(POLARSSL_SHA2_C)
+        case SSL_RSA_AES_128_SHA256:
+        case SSL_EDH_RSA_AES_128_SHA256:
+#endif
             aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 128 );
             aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 128 );
             break;
 
         case SSL_RSA_AES_256_SHA:
         case SSL_EDH_RSA_AES_256_SHA:
+#if defined(POLARSSL_SHA2_C)
+        case SSL_RSA_AES_256_SHA256:
+        case SSL_EDH_RSA_AES_256_SHA256:
+#endif
             aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 256 );
             aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 256 );
             break;
@@ -444,12 +480,20 @@
 #if defined(POLARSSL_CAMELLIA_C)
         case SSL_RSA_CAMELLIA_128_SHA:
         case SSL_EDH_RSA_CAMELLIA_128_SHA:
+#if defined(POLARSSL_SHA2_C)
+        case SSL_RSA_CAMELLIA_128_SHA256:
+        case SSL_EDH_RSA_CAMELLIA_128_SHA256:
+#endif
             camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 128 );
             camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 128 );
             break;
 
         case SSL_RSA_CAMELLIA_256_SHA:
         case SSL_EDH_RSA_CAMELLIA_256_SHA:
+#if defined(POLARSSL_SHA2_C)
+        case SSL_RSA_CAMELLIA_256_SHA256:
+        case SSL_EDH_RSA_CAMELLIA_256_SHA256:
+#endif
             camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 256 );
             camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 256 );
             break;
@@ -755,7 +799,11 @@
         if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
              ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
              ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
-             ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
+             ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
+             ssl->session->ciphersuite == SSL_RSA_AES_128_SHA256 ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
+             ssl->session->ciphersuite == SSL_RSA_AES_256_SHA256 ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 )
         {
                     aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
                         AES_ENCRYPT, enc_msglen,
@@ -768,7 +816,11 @@
         if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
              ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
              ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
-             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
+             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
+             ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
+             ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 )
         {
                     camellia_crypt_cbc( (camellia_context *) ssl->ctx_enc,
                         CAMELLIA_ENCRYPT, enc_msglen,
@@ -885,7 +937,11 @@
         if ( ssl->session->ciphersuite == SSL_RSA_AES_128_SHA ||
              ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA ||
              ssl->session->ciphersuite == SSL_RSA_AES_256_SHA ||
-             ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA)
+             ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA ||
+             ssl->session->ciphersuite == SSL_RSA_AES_128_SHA256 ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_SHA256 ||
+             ssl->session->ciphersuite == SSL_RSA_AES_256_SHA256 ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_SHA256 )
         {
                     aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
                        AES_DECRYPT, dec_msglen,
@@ -898,7 +954,11 @@
         if ( ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA ||
              ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
              ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA ||
-             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA)
+             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
+             ssl->session->ciphersuite == SSL_RSA_CAMELLIA_128_SHA256 ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
+             ssl->session->ciphersuite == SSL_RSA_CAMELLIA_256_SHA256 ||
+             ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 )
         {
                     camellia_crypt_cbc( (camellia_context *) ssl->ctx_dec,
                        CAMELLIA_DECRYPT, dec_msglen,
@@ -2212,6 +2272,20 @@
 
         case SSL_EDH_RSA_AES_256_SHA:
             return( "SSL-EDH-RSA-AES-256-SHA" );
+
+#if defined(POLARSSL_SHA2_C)
+        case SSL_RSA_AES_128_SHA256:
+            return( "SSL-RSA-AES-128-SHA256" );
+
+        case SSL_EDH_RSA_AES_128_SHA256:
+            return( "SSL-EDH-RSA-AES-128-SHA256" );
+
+        case SSL_RSA_AES_256_SHA256:
+            return( "SSL-RSA-AES-256-SHA256" );
+
+        case SSL_EDH_RSA_AES_256_SHA256:
+            return( "SSL-EDH-RSA-AES-256-SHA256" );
+#endif
 #endif
 
 #if defined(POLARSSL_CAMELLIA_C)
@@ -2226,6 +2300,20 @@
 
         case SSL_EDH_RSA_CAMELLIA_256_SHA:
             return( "SSL-EDH-RSA-CAMELLIA-256-SHA" );
+
+#if defined(POLARSSL_SHA2_C)
+        case SSL_RSA_CAMELLIA_128_SHA256:
+            return( "SSL-RSA-CAMELLIA-128-SHA256" );
+
+        case SSL_EDH_RSA_CAMELLIA_128_SHA256:
+            return( "SSL-EDH-RSA-CAMELLIA-128-SHA256" );
+
+        case SSL_RSA_CAMELLIA_256_SHA256:
+            return( "SSL-RSA-CAMELLIA-256-SHA256" );
+
+        case SSL_EDH_RSA_CAMELLIA_256_SHA256:
+            return( "SSL-EDH-RSA-CAMELLIA-256-SHA256" );
+#endif
 #endif
 
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
@@ -2278,6 +2366,17 @@
         return( SSL_RSA_AES_256_SHA );
     if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA"))
         return( SSL_EDH_RSA_AES_256_SHA );
+
+#if defined(POLARSSL_SHA2_C)
+    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-128-SHA256"))
+        return( SSL_RSA_AES_128_SHA256 );
+    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-128-SHA256"))
+        return( SSL_EDH_RSA_AES_128_SHA256 );
+    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-AES-256-SHA256"))
+        return( SSL_RSA_AES_256_SHA256 );
+    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-AES-256-SHA256"))
+        return( SSL_EDH_RSA_AES_256_SHA256 );
+#endif
 #endif
 
 #if defined(POLARSSL_CAMELLIA_C)
@@ -2289,6 +2388,17 @@
         return( SSL_RSA_CAMELLIA_256_SHA );
     if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
         return( SSL_EDH_RSA_CAMELLIA_256_SHA );
+
+#if defined(POLARSSL_SHA2_C)
+    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-128-SHA256"))
+        return( SSL_RSA_CAMELLIA_128_SHA256 );
+    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-128-SHA256"))
+        return( SSL_EDH_RSA_CAMELLIA_128_SHA256 );
+    if (0 == strcasecmp(ciphersuite_name, "SSL-RSA-CAMELLIA-256-SHA256"))
+        return( SSL_RSA_CAMELLIA_256_SHA256 );
+    if (0 == strcasecmp(ciphersuite_name, "SSL-EDH-RSA-CAMELLIA-256-SHA256"))
+        return( SSL_EDH_RSA_CAMELLIA_256_SHA256 );
+#endif
 #endif
 
 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
@@ -2343,12 +2453,20 @@
 {
 #if defined(POLARSSL_DHM_C)
 #if defined(POLARSSL_AES_C)
-    SSL_EDH_RSA_AES_128_SHA,
+#if defined(POLARSSL_SHA2_C)
+    SSL_EDH_RSA_AES_256_SHA256,
+    SSL_EDH_RSA_AES_128_SHA256,
+#endif /* POLARSSL_SHA2_C */
     SSL_EDH_RSA_AES_256_SHA,
+    SSL_EDH_RSA_AES_128_SHA,
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
-    SSL_EDH_RSA_CAMELLIA_128_SHA,
+#if defined(POLARSSL_SHA2_C)
+    SSL_EDH_RSA_CAMELLIA_256_SHA256,
+    SSL_EDH_RSA_CAMELLIA_128_SHA256,
+#endif /* POLARSSL_SHA2_C */
     SSL_EDH_RSA_CAMELLIA_256_SHA,
+    SSL_EDH_RSA_CAMELLIA_128_SHA,
 #endif
 #if defined(POLARSSL_DES_C)
     SSL_EDH_RSA_DES_168_SHA,
@@ -2356,15 +2474,27 @@
 #endif
 
 #if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA2_C)
+    SSL_RSA_AES_256_SHA256,
+#endif /* POLARSSL_SHA2_C */
     SSL_RSA_AES_256_SHA,
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_SHA2_C)
+    SSL_RSA_CAMELLIA_256_SHA256,
+#endif /* POLARSSL_SHA2_C */
     SSL_RSA_CAMELLIA_256_SHA,
 #endif
 #if defined(POLARSSL_AES_C)
+#if defined(POLARSSL_SHA2_C)
+    SSL_RSA_AES_128_SHA256,
+#endif /* POLARSSL_SHA2_C */
     SSL_RSA_AES_128_SHA,
 #endif
 #if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_SHA2_C)
+    SSL_RSA_CAMELLIA_128_SHA256,
+#endif /* POLARSSL_SHA2_C */
     SSL_RSA_CAMELLIA_128_SHA,
 #endif
 #if defined(POLARSSL_DES_C)
commit	10cd2259625f0be85a3d7bb9fd60cbc270c04245	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Thu Apr 12 21:26:34 2012 +0000
committer	Paul Bakker <p.j.bakker@polarssl.org>	Thu Apr 12 21:26:34 2012 +0000
tree	4a1a04e6927943337816a1ac8e624166bbceec07
parent	bf63b36127e910c01af65ffe9cba9dfae4ebc07e [diff] [blame]