commit ca4ab491585b432d7db0266aa6fbcbc6813eda00
author Paul Bakker <p.j.bakker@polarssl.org> Wed Apr 18 14:23:57 2012 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Wed Apr 18 14:23:57 2012 +0000
tree b367d8898baa8629a7d66938ee782b3161146b3c
parent 0b22e3e98934b1b36d249ffa675cb55f6ef4e20b

 - Added GCM ciphersuites to TLS implementation

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 6f9206f..df4dbb0 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -453,7 +453,9 @@
         ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA &&
         ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA &&
         ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_128_SHA256 &&
-        ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA256 )
+        ssl->session->ciphersuite != SSL_EDH_RSA_CAMELLIA_256_SHA256 &&
+        ssl->session->ciphersuite != SSL_EDH_RSA_AES_128_GCM_SHA256 &&
+        ssl->session->ciphersuite != SSL_EDH_RSA_AES_256_GCM_SHA384 )
     {
         SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
         ssl->state++;
@@ -786,7 +788,9 @@
         ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA ||
         ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA ||
         ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_128_SHA256 ||
-        ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 )
+        ssl->session->ciphersuite == SSL_EDH_RSA_CAMELLIA_256_SHA256 ||
+        ssl->session->ciphersuite == SSL_EDH_RSA_AES_128_GCM_SHA256 ||
+        ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
     {
 #if !defined(POLARSSL_DHM_C)
         SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) );
@@ -888,7 +892,7 @@
 {
     int ret = 0;
     size_t n = 0, offset = 0;
-    unsigned char hash[36];
+    unsigned char hash[48];
     int hash_id = SIG_RSA_RAW;
     unsigned int hashlen = 36;
 
@@ -903,8 +907,21 @@
 
     if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
     {
-        hash_id = SIG_RSA_SHA256;
-        hashlen = 32;
+        // TODO TLS1.2 Should be based on allowed signature algorithm received in
+        // Certificate Request according to RFC 5246. But OpenSSL only allows
+        // SHA256 and SHA384. Find out why OpenSSL does this.
+        //
+        if( ssl->session->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
+            ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+        {
+            hash_id = SIG_RSA_SHA384;
+            hashlen = 48;
+        }
+        else
+        {
+            hash_id = SIG_RSA_SHA256;
+            hashlen = 32;
+        }
     }
 
     if( ssl->rsa_key == NULL )
@@ -934,9 +951,21 @@
 
     if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
     {
-        // TODO TLS1.2 Base on signature algorithm received in Certificate Request
-        ssl->out_msg[4] = SSL_HASH_SHA256;
-        ssl->out_msg[5] = SSL_SIG_RSA;
+        // TODO TLS1.2 Should be based on allowed signature algorithm received in
+        // Certificate Request according to RFC 5246. But OpenSSL only allows
+        // SHA256 and SHA384. Find out why OpenSSL does this.
+        //
+        if( ssl->session->ciphersuite == SSL_RSA_AES_256_GCM_SHA384 ||
+            ssl->session->ciphersuite == SSL_EDH_RSA_AES_256_GCM_SHA384 )
+        {
+            ssl->out_msg[4] = SSL_HASH_SHA384;
+            ssl->out_msg[5] = SSL_SIG_RSA;
+        }
+        else
+        {
+            ssl->out_msg[4] = SSL_HASH_SHA256;
+            ssl->out_msg[5] = SSL_SIG_RSA;
+        }
 
         offset = 2;
     }