diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-09-14 09:27:06 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-09-14 09:27:06 +0200 |
| commit | 9733434e6eecca748a15a46e8a52635c5183a8dc (patch) | |
| tree | eb4a9d9b0597a64f859a234a254bad7fe60fcc03 /sys/src/libsec | |
| parent | be3ba38c452084cf6644d4ae6fb35ccf6abbb1cb (diff) | |
libsec: add TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher suits
Diffstat (limited to 'sys/src/libsec')
| -rw-r--r-- | sys/src/libsec/port/tlshand.c | 82 |
1 files changed, 42 insertions, 40 deletions
diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c index 3a190c96a..32d5e0f5b 100644 --- a/sys/src/libsec/port/tlshand.c +++ b/sys/src/libsec/port/tlshand.c @@ -253,8 +253,7 @@ enum { TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0X0019, TLS_DH_anon_WITH_DES_CBC_SHA = 0X001A, TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0X001B, - - TLS_RSA_WITH_AES_128_CBC_SHA = 0X002f, // aes, aka rijndael with 128 bit blocks + TLS_RSA_WITH_AES_128_CBC_SHA = 0X002F, // aes, aka rijndael with 128 bit blocks TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0X0030, TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0X0031, TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0X0032, @@ -266,15 +265,14 @@ enum { TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0X0038, TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0X0039, TLS_DH_anon_WITH_AES_256_CBC_SHA = 0X003A, - TLS_RSA_WITH_AES_128_CBC_SHA256 = 0X003C, TLS_RSA_WITH_AES_256_CBC_SHA256 = 0X003D, - - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A, - CipherMax + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0XC009, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0XC00A, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0XC013, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0XC014, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0XC023, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, }; // compression methods @@ -284,8 +282,10 @@ enum { }; static Algs cipherAlgs[] = { + {"aes_128_cbc", "sha256", 2*(16+16+SHA2_256dlen), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}, {"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}, {"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}, + {"aes_128_cbc", "sha256", 2*(16+16+SHA2_256dlen), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256}, {"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, {"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, {"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_DHE_RSA_WITH_AES_128_CBC_SHA}, @@ -802,8 +802,10 @@ static int isECDHE(int tlsid) { switch(tlsid){ + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: return 1; @@ -2026,36 +2028,36 @@ tlsConnectionFree(TlsConnection *c) //================= cipher choices ======================== -static int weakCipher[CipherMax] = -{ - 1, /* TLS_NULL_WITH_NULL_NULL */ - 1, /* TLS_RSA_WITH_NULL_MD5 */ - 1, /* TLS_RSA_WITH_NULL_SHA */ - 1, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */ - 0, /* TLS_RSA_WITH_RC4_128_MD5 */ - 0, /* TLS_RSA_WITH_RC4_128_SHA */ - 1, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */ - 0, /* TLS_RSA_WITH_IDEA_CBC_SHA */ - 1, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */ - 0, /* TLS_RSA_WITH_DES_CBC_SHA */ - 0, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */ - 1, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */ - 0, /* TLS_DH_DSS_WITH_DES_CBC_SHA */ - 0, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */ - 1, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */ - 0, /* TLS_DH_RSA_WITH_DES_CBC_SHA */ - 0, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */ - 1, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */ - 0, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */ - 0, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */ - 1, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */ - 0, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */ - 0, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ - 1, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */ - 1, /* TLS_DH_anon_WITH_RC4_128_MD5 */ - 1, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */ - 1, /* TLS_DH_anon_WITH_DES_CBC_SHA */ - 1, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */ +static int weakCipher[] = +{ +[TLS_NULL_WITH_NULL_NULL] 1, +[TLS_RSA_WITH_NULL_MD5] 1, +[TLS_RSA_WITH_NULL_SHA] 1, +[TLS_RSA_EXPORT_WITH_RC4_40_MD5] 1, +[TLS_RSA_WITH_RC4_128_MD5] 0, +[TLS_RSA_WITH_RC4_128_SHA] 0, +[TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5] 1, +[TLS_RSA_WITH_IDEA_CBC_SHA] 0, +[TLS_RSA_EXPORT_WITH_DES40_CBC_SHA] 1, +[TLS_RSA_WITH_DES_CBC_SHA] 0, +[TLS_RSA_WITH_3DES_EDE_CBC_SHA] 0, +[TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA] 1, +[TLS_DH_DSS_WITH_DES_CBC_SHA] 0, +[TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA] 0, +[TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA] 1, +[TLS_DH_RSA_WITH_DES_CBC_SHA] 0, +[TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA] 0, +[TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] 1, +[TLS_DHE_DSS_WITH_DES_CBC_SHA] 0, +[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA] 0, +[TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA] 1, +[TLS_DHE_RSA_WITH_DES_CBC_SHA] 0, +[TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA] 0, +[TLS_DH_anon_EXPORT_WITH_RC4_40_MD5] 1, +[TLS_DH_anon_WITH_RC4_128_MD5] 1, +[TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA] 1, +[TLS_DH_anon_WITH_DES_CBC_SHA] 1, +[TLS_DH_anon_WITH_3DES_EDE_CBC_SHA] 1, }; static int @@ -2085,7 +2087,7 @@ okCipher(Ints *cv) weak = 1; for(i = 0; i < cv->len; i++) { c = cv->data[i]; - if(c >= CipherMax) + if(c >= nelem(weakCipher)) weak = 0; else weak &= weakCipher[c]; |