- Added SSL_RSA_CAMELLIA_128_SHA, SSL_RSA_CAMELLIA_256_SHA, SSL_EDH_RSA_CAMELLIA_256_SHA ciphersuites to SSL
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index dee8830..36c23c0 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -94,6 +94,10 @@
#define SSL_RSA_AES_256_SHA 53
#define SSL_EDH_RSA_AES_256_SHA 57
+#define SSL_RSA_CAMELLIA_128_SHA 0x41
+#define SSL_RSA_CAMELLIA_256_SHA 0x84
+#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
+
/*
* Message, alert and handshake types
*/
diff --git a/library/camellia.c b/library/camellia.c
index e504146..69a9840 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -18,10 +18,10 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/*
- * The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
+ * The Camellia block cipher was designed by NTT and Mitsubishi Electric
+ * Corporation.
*
- * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
- * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
+ * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
*/
#include "polarssl/config.h"
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9492ce5..df21ecb 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -319,7 +319,8 @@
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
- ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA )
+ ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
+ ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
{
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
ssl->state++;
@@ -509,7 +510,8 @@
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA )
+ ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
+ ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
#if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 036344b..cb8d140 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -521,7 +521,8 @@
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA &&
- ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA )
+ ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA &&
+ ssl->session->cipher != SSL_EDH_RSA_CAMELLIA_256_SHA)
{
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
ssl->state++;
@@ -658,7 +659,8 @@
}
if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA ||
- ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA )
+ ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ||
+ ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
{
#if !defined(POLARSSL_DHM_C)
SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3e70ccf..29fcffd 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -34,6 +34,7 @@
#include "polarssl/aes.h"
#include "polarssl/arc4.h"
+#include "polarssl/camellia.h"
#include "polarssl/des.h"
#include "polarssl/debug.h"
#include "polarssl/ssl.h"
@@ -255,6 +256,19 @@
break;
#endif
+#if defined(POLARSSL_CAMELLIA_C)
+ case SSL_RSA_CAMELLIA_128_SHA:
+ ssl->keylen = 16; ssl->minlen = 32;
+ ssl->ivlen = 16; ssl->maclen = 20;
+ break;
+
+ case SSL_RSA_CAMELLIA_256_SHA:
+ case SSL_EDH_RSA_CAMELLIA_256_SHA:
+ ssl->keylen = 32; ssl->minlen = 32;
+ ssl->ivlen = 16; ssl->maclen = 20;
+ break;
+#endif
+
default:
SSL_DEBUG_MSG( 1, ( "cipher %s is not available",
ssl_get_cipher( ssl ) ) );
@@ -323,6 +337,19 @@
break;
#endif
+#if defined(POLARSSL_CAMELLIA_C)
+ case SSL_RSA_CAMELLIA_128_SHA:
+ camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 128 );
+ camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 128 );
+ break;
+
+ case SSL_RSA_CAMELLIA_256_SHA:
+ case SSL_EDH_RSA_CAMELLIA_256_SHA:
+ camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 256 );
+ camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 256 );
+ break;
+#endif
+
default:
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
@@ -538,10 +565,27 @@
case 16:
#if defined(POLARSSL_AES_C)
- aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
- AES_ENCRYPT, ssl->out_msglen,
- ssl->iv_enc, ssl->out_msg, ssl->out_msg );
- break;
+ if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
+ ssl->session->cipher == SSL_RSA_AES_256_SHA ||
+ ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
+ {
+ aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
+ AES_ENCRYPT, ssl->out_msglen,
+ ssl->iv_enc, ssl->out_msg, ssl->out_msg );
+ break;
+ }
+#endif
+
+#if defined(POLARSSL_CAMELLIA_C)
+ if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
+ ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
+ ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
+ {
+ camellia_crypt_cbc( (camellia_context *) ssl->ctx_enc,
+ CAMELLIA_ENCRYPT, ssl->out_msglen,
+ ssl->iv_enc, ssl->out_msg, ssl->out_msg );
+ break;
+ }
#endif
default:
@@ -600,12 +644,29 @@
break;
#endif
-#if defined(POLARSSL_AES_C)
case 16:
- aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
- AES_DECRYPT, ssl->in_msglen,
- ssl->iv_dec, ssl->in_msg, ssl->in_msg );
- break;
+#if defined(POLARSSL_AES_C)
+ if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
+ ssl->session->cipher == SSL_RSA_AES_256_SHA ||
+ ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
+ {
+ aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
+ AES_DECRYPT, ssl->in_msglen,
+ ssl->iv_dec, ssl->in_msg, ssl->in_msg );
+ break;
+ }
+#endif
+
+#if defined(POLARSSL_CAMELLIA_C)
+ if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
+ ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
+ ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
+ {
+ camellia_crypt_cbc( (camellia_context *) ssl->ctx_dec,
+ CAMELLIA_DECRYPT, ssl->in_msglen,
+ ssl->iv_dec, ssl->in_msg, ssl->in_msg );
+ break;
+ }
#endif
default:
@@ -1731,6 +1792,17 @@
return( "SSL_EDH_RSA_AES_256_SHA" );
#endif
+#if defined(POLARSSL_CAMELLIA_C)
+ case SSL_RSA_CAMELLIA_128_SHA:
+ return( "SSL_RSA_CAMELLIA_128_SHA" );
+
+ case SSL_RSA_CAMELLIA_256_SHA:
+ return( "SSL_RSA_CAMELLIA_256_SHA" );
+
+ case SSL_EDH_RSA_CAMELLIA_256_SHA:
+ return( "SSL_EDH_RSA_CAMELLIA_256_SHA" );
+#endif
+
default:
break;
}
@@ -1744,6 +1816,9 @@
#if defined(POLARSSL_AES_C)
SSL_EDH_RSA_AES_256_SHA,
#endif
+#if defined(POLARSSL_CAMELLIA_C)
+ SSL_EDH_RSA_CAMELLIA_256_SHA,
+#endif
#if defined(POLARSSL_DES_C)
SSL_EDH_RSA_DES_168_SHA,
#endif
@@ -1753,6 +1828,10 @@
SSL_RSA_AES_128_SHA,
SSL_RSA_AES_256_SHA,
#endif
+#if defined(POLARSSL_CAMELLIA_C)
+ SSL_RSA_CAMELLIA_128_SHA,
+ SSL_RSA_CAMELLIA_256_SHA,
+#endif
#if defined(POLARSSL_DES_C)
SSL_RSA_DES_168_SHA,
#endif
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 30d8502..27b0da6 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -65,9 +65,12 @@
int my_ciphers[] =
{
SSL_EDH_RSA_AES_256_SHA,
+ SSL_EDH_RSA_CAMELLIA_256_SHA,
SSL_EDH_RSA_DES_168_SHA,
SSL_RSA_AES_256_SHA,
+ SSL_RSA_CAMELLIA_256_SHA,
SSL_RSA_AES_128_SHA,
+ SSL_RSA_CAMELLIA_128_SHA,
SSL_RSA_DES_168_SHA,
SSL_RSA_RC4_128_SHA,
SSL_RSA_RC4_128_MD5,
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index 5781ac3..d616282 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -391,7 +391,8 @@
" SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \
" SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \
" SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \
- " SSL_RSA_AES_256_SHA\n\n"
+ " SSL_RSA_AES_256_SHA SSL_EDH_RSA_CAMELLIA_256_SHA\n" \
+ " SSL_RSA_CAMELLIA_128_SHA SSL_RSA_CAMELLIA_256_SHA\n\n"
int main( int argc, char *argv[] )
{
@@ -541,6 +542,15 @@
if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 )
opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA;
+ if( strcmp( q, "ssl_rsa_camellia_128_sha" ) == 0 )
+ opt.force_cipher[0] = SSL_RSA_CAMELLIA_128_SHA;
+
+ if( strcmp( q, "ssl_rsa_camellia_256_sha" ) == 0 )
+ opt.force_cipher[0] = SSL_RSA_CAMELLIA_256_SHA;
+
+ if( strcmp( q, "ssl_edh_rsa_camellia_256_sha" ) == 0 )
+ opt.force_cipher[0] = SSL_EDH_RSA_CAMELLIA_256_SHA;
+
if( opt.force_cipher[0] < 0 )
goto usage;