diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-02-15 22:02:53 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-02-15 22:02:53 +0100 |
| commit | 9e8dc86aa88a43094f528c289762cf269e873b04 (patch) | |
| tree | 3c1309a4f6fab65923634cc6b5585b0ed73376d5 | |
| parent | fbb37e58f72a6fea19801a0131c90bb3bc4a5f7d (diff) | |
| download | gnutls-9e8dc86aa88a43094f528c289762cf269e873b04.tar.gz | |
Added ciphersuites (from RFC5487):
TLS_PSK_WITH_AES_128_GCM_SHA256
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
TLS_PSK_WITH_AES_128_CBC_SHA256
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
TLS_PSK_WITH_NULL_SHA256
TLS_DHE_PSK_WITH_NULL_SHA256
| -rw-r--r-- | lib/gnutls_algorithms.c | 48 |
1 files changed, 42 insertions, 6 deletions
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index e388c1d5f0..23e9cdb9b0 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -504,9 +504,21 @@ typedef struct /* GCM: RFC5288 */ #define GNUTLS_RSA_AES_128_GCM_SHA256 { 0x00, 0x9C } -#define GNUTLS_DHE_RSA_WITH_AES_128_GCM_SHA256 {0x00,0x9E} -#define GNUTLS_DHE_DSS_WITH_AES_128_GCM_SHA256 {0x00,0xA2} -#define GNUTLS_DH_ANON_WITH_AES_128_GCM_SHA256 {0x00,0xA6} +#define GNUTLS_DHE_RSA_AES_128_GCM_SHA256 {0x00,0x9E} +#define GNUTLS_DHE_DSS_AES_128_GCM_SHA256 {0x00,0xA2} +#define GNUTLS_DH_ANON_AES_128_GCM_SHA256 {0x00,0xA6} + +/* RFC 5487 */ +/* GCM-PSK */ +#define GNUTLS_PSK_AES_128_GCM_SHA256 { 0x00, 0xA8 } +#define GNUTLS_DHE_PSK_AES_128_GCM_SHA256 { 0x00, 0xAA } + +/* PSK - SHA256 HMAC */ +#define GNUTLS_PSK_AES_128_CBC_SHA256 { 0x00, 0xAE } +#define GNUTLS_DHE_PSK_AES_128_CBC_SHA256 { 0x00, 0xB2 } + +#define GNUTLS_PSK_NULL_SHA256 { 0x00, 0xB0 } +#define GNUTLS_DHE_PSK_NULL_SHA256 { 0x00, 0xB4 } /* Safe renegotiation */ @@ -570,6 +582,18 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_NULL_SHA256, + GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), /* DHE-PSK */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1, @@ -588,6 +612,18 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_NULL_SHA256, + GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), /* SRP */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, @@ -767,15 +803,15 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_WITH_AES_128_GCM_SHA256, + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX), |