Add patch to support Camellia, contributed by Yoshisato YANAGISAWA. Fixes #1.

See http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2331

3 files changed, 81 insertions, 4 deletions

diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 7ec696e253..d1fdd577a9 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -163,6 +163,10 @@ static const gnutls_cipher_entry algorithms[] = {
   {"ARCFOUR 128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0},
   {"ARCFOUR 40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1},
   {"RC2 40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1},
+#ifdef	ENABLE_CAMELLIA
+  {"CAMELLIA 256 CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0},
+  {"CAMELLIA 128 CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0},
+#endif
   {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0},
   {0, 0, 0, 0, 0, 0, 0}
 };
@@ -176,6 +180,10 @@ static const gnutls_cipher_algorithm_t supported_ciphers[] = {
   GNUTLS_CIPHER_ARCFOUR_128,
   GNUTLS_CIPHER_ARCFOUR_40,
   GNUTLS_CIPHER_RC2_40_CBC,
+#ifdef	ENABLE_CAMELLIA
+  GNUTLS_CIPHER_CAMELLIA_256_CBC,
+  GNUTLS_CIPHER_CAMELLIA_128_CBC,
+#endif
   GNUTLS_CIPHER_NULL,
   0
 };
@@ -377,6 +385,10 @@ typedef struct
 #define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
 #define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
 
+/* rfc4132 */
+#define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
+#define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
+
 /* PSK (not in TLS 1.0)
  * draft-ietf-tls-psk:
  */
@@ -419,6 +431,10 @@ typedef struct
 #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
 #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
 
+/* rfc4132 */
+#define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
+#define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
+
 /* DHE DSS
  */
 
@@ -435,6 +451,10 @@ typedef struct
 #define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 }
 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
 
+/* rfc4132 */
+#define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
+#define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
+
 /* DHE RSA
  */
 #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
@@ -444,6 +464,10 @@ typedef struct
 #define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 }
 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
 
+/* rfc4132 */
+#define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
+#define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
+
 #define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
 
 static const gnutls_cipher_suite_entry cs_algorithms[] = {
@@ -461,6 +485,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
 			     GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
 			     GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+#ifdef	ENABLE_CAMELLIA
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
+			     GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH,
+			     GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
+			     GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ANON_DH,
+			     GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+#endif
 
   /* PSK */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
@@ -538,6 +570,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
 			     GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
 			     GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+#ifdef	ENABLE_CAMELLIA
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
+			     GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_DSS,
+			     GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
+			     GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_DSS,
+			     GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+#endif
   /* DHE_RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
 			     GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
@@ -548,6 +588,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
 			     GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
 			     GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+#ifdef	ENABLE_CAMELLIA
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
+			     GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA,
+			     GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
+			     GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_RSA,
+			     GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+#endif
   /* RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
 			     GNUTLS_CIPHER_NULL,
@@ -573,6 +621,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
 			     GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
 			     GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+#ifdef	ENABLE_CAMELLIA
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
+			     GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
+			     GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
+			     GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
+			     GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+#endif
   {0, {{0, 0}}, 0, 0, 0, 0}
 };
 
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 36b2e24754..148b297a3b 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -64,6 +64,16 @@ _gnutls_cipher_init (gnutls_cipher_algorithm_t cipher,
       err = gc_cipher_open (GC_ARCTWO40, GC_CBC, &ret);
       break;
 
+#ifdef	ENABLE_CAMELLIA
+    case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+      err = gc_cipher_open (GC_CAMELLIA128, GC_CBC, &ret);
+      break;
+
+    case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+      err = gc_cipher_open (GC_CAMELLIA256, GC_CBC, &ret);
+      break;
+#endif
+
     default:
       return NULL;
     }
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 8acb903826..0f5c016f62 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -263,7 +263,8 @@ gnutls_certificate_type_set_priority (gnutls_session_t session,
   * Protocols: TLS 1.2, TLS 1.1, TLS 1.0, and SSL3.
   * Key exchange algorithm: DHE-PSK, PSK, SRP-RSA, SRP-DSS, SRP,
   * DHE-RSA, DHE-DSS, RSA.
-  * Cipher: AES_256_CBC, AES_128_CBC, 3DES_CBC, and ARCFOUR_128.
+  * Cipher: AES_256_CBC, AES_128_CBC, 3DES_CBC, CAMELLIA_256_CBC, CAMELLIA_128_CBC, 
+  * and ARCFOUR_128.
   * MAC algorithm: SHA, and MD5.
   * Certificate types: X.509, OpenPGP
   * Compression: DEFLATE, NULL.
@@ -299,6 +300,10 @@ gnutls_set_default_priority (gnutls_session_t session)
     GNUTLS_CIPHER_AES_256_CBC,
     GNUTLS_CIPHER_AES_128_CBC,
     GNUTLS_CIPHER_3DES_CBC,
+#ifdef	ENABLE_CAMELLIA
+    GNUTLS_CIPHER_CAMELLIA_256_CBC,
+    GNUTLS_CIPHER_CAMELLIA_128_CBC,
+#endif
     GNUTLS_CIPHER_ARCFOUR_128,
     /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */
     0
@@ -340,8 +345,8 @@ gnutls_set_default_priority (gnutls_session_t session)
   * The order is TLS1, SSL3 for protocols,  RSA, DHE_DSS, 
   * DHE_RSA, RSA_EXPORT for key exchange algorithms.
   * SHA, MD5, RIPEMD160 for MAC algorithms,
-  * AES_256_CBC, AES_128_CBC, 
-  * and 3DES_CBC, ARCFOUR_128, ARCFOUR_40 for ciphers.
+  * AES_256_CBC, AES_128_CBC, 3DES_CBC, CAMELLIA_256_CBC, CAMELLIA_128_CBC, 
+  * ARCFOUR_128, ARCFOUR_40 for ciphers.
   *
   * Returns 0 on success.
   *
@@ -357,8 +362,14 @@ gnutls_set_default_export_priority (gnutls_session_t session)
     GNUTLS_KX_RSA_EXPORT, 0
   };
   static const int cipher_priority[] = {
+    GNUTLS_CIPHER_AES_256_CBC,
     GNUTLS_CIPHER_AES_128_CBC,
-    GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128,
+    GNUTLS_CIPHER_3DES_CBC,
+#ifdef	ENABLE_CAMELLIA
+    GNUTLS_CIPHER_CAMELLIA_256_CBC,
+    GNUTLS_CIPHER_CAMELLIA_128_CBC,
+#endif
+    GNUTLS_CIPHER_ARCFOUR_128,
     GNUTLS_CIPHER_ARCFOUR_40, 0
   };
   static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 };