From 3e36432062f6a1a1758a13591aed7951d4081a30 Mon Sep 17 00:00:00 2001 From: Simon Josefsson Date: Mon, 24 Sep 2007 12:39:58 +0200 Subject: Add patch to support Camellia, contributed by Yoshisato YANAGISAWA. Fixes #1. See http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2331 --- lib/gnutls_algorithms.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++ lib/gnutls_cipher_int.c | 10 +++++++++ lib/gnutls_priority.c | 19 +++++++++++++---- 3 files changed, 81 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 7ec696e253..d1fdd577a9 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -163,6 +163,10 @@ static const gnutls_cipher_entry algorithms[] = { {"ARCFOUR 128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0}, {"ARCFOUR 40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1}, {"RC2 40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1}, +#ifdef ENABLE_CAMELLIA + {"CAMELLIA 256 CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0}, + {"CAMELLIA 128 CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0}, +#endif {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0}, {0, 0, 0, 0, 0, 0, 0} }; @@ -176,6 +180,10 @@ static const gnutls_cipher_algorithm_t supported_ciphers[] = { GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_ARCFOUR_40, GNUTLS_CIPHER_RC2_40_CBC, +#ifdef ENABLE_CAMELLIA + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_CIPHER_CAMELLIA_128_CBC, +#endif GNUTLS_CIPHER_NULL, 0 }; @@ -377,6 +385,10 @@ typedef struct #define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 } #define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A } +/* rfc4132 */ +#define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 } +#define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 } + /* PSK (not in TLS 1.0) * draft-ietf-tls-psk: */ @@ -419,6 +431,10 @@ typedef struct #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F } #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 } +/* rfc4132 */ +#define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 } +#define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 } + /* DHE DSS */ @@ -435,6 +451,10 @@ typedef struct #define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 } #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 } +/* rfc4132 */ +#define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 } +#define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 } + /* DHE RSA */ #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 } @@ -444,6 +464,10 @@ typedef struct #define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 } #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 } +/* rfc4132 */ +#define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 } +#define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 } + #define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1 static const gnutls_cipher_suite_entry cs_algorithms[] = { @@ -461,6 +485,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3), +#ifdef ENABLE_CAMELLIA + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1), +#endif /* PSK */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1, @@ -538,6 +570,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3), +#ifdef ENABLE_CAMELLIA + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1), +#endif /* DHE_RSA */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, @@ -548,6 +588,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3), +#ifdef ENABLE_CAMELLIA + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1), +#endif /* RSA */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5, GNUTLS_CIPHER_NULL, @@ -573,6 +621,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3), +#ifdef ENABLE_CAMELLIA + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1), +#endif {0, {{0, 0}}, 0, 0, 0, 0} }; diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index 36b2e24754..148b297a3b 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -64,6 +64,16 @@ _gnutls_cipher_init (gnutls_cipher_algorithm_t cipher, err = gc_cipher_open (GC_ARCTWO40, GC_CBC, &ret); break; +#ifdef ENABLE_CAMELLIA + case GNUTLS_CIPHER_CAMELLIA_128_CBC: + err = gc_cipher_open (GC_CAMELLIA128, GC_CBC, &ret); + break; + + case GNUTLS_CIPHER_CAMELLIA_256_CBC: + err = gc_cipher_open (GC_CAMELLIA256, GC_CBC, &ret); + break; +#endif + default: return NULL; } diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 8acb903826..0f5c016f62 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -263,7 +263,8 @@ gnutls_certificate_type_set_priority (gnutls_session_t session, * Protocols: TLS 1.2, TLS 1.1, TLS 1.0, and SSL3. * Key exchange algorithm: DHE-PSK, PSK, SRP-RSA, SRP-DSS, SRP, * DHE-RSA, DHE-DSS, RSA. - * Cipher: AES_256_CBC, AES_128_CBC, 3DES_CBC, and ARCFOUR_128. + * Cipher: AES_256_CBC, AES_128_CBC, 3DES_CBC, CAMELLIA_256_CBC, CAMELLIA_128_CBC, + * and ARCFOUR_128. * MAC algorithm: SHA, and MD5. * Certificate types: X.509, OpenPGP * Compression: DEFLATE, NULL. @@ -299,6 +300,10 @@ gnutls_set_default_priority (gnutls_session_t session) GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, +#ifdef ENABLE_CAMELLIA + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_CIPHER_CAMELLIA_128_CBC, +#endif GNUTLS_CIPHER_ARCFOUR_128, /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ 0 @@ -340,8 +345,8 @@ gnutls_set_default_priority (gnutls_session_t session) * The order is TLS1, SSL3 for protocols, RSA, DHE_DSS, * DHE_RSA, RSA_EXPORT for key exchange algorithms. * SHA, MD5, RIPEMD160 for MAC algorithms, - * AES_256_CBC, AES_128_CBC, - * and 3DES_CBC, ARCFOUR_128, ARCFOUR_40 for ciphers. + * AES_256_CBC, AES_128_CBC, 3DES_CBC, CAMELLIA_256_CBC, CAMELLIA_128_CBC, + * ARCFOUR_128, ARCFOUR_40 for ciphers. * * Returns 0 on success. * @@ -357,8 +362,14 @@ gnutls_set_default_export_priority (gnutls_session_t session) GNUTLS_KX_RSA_EXPORT, 0 }; static const int cipher_priority[] = { + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_CIPHER_3DES_CBC, +#ifdef ENABLE_CAMELLIA + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_CIPHER_CAMELLIA_128_CBC, +#endif + GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_ARCFOUR_40, 0 }; static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 }; -- cgit v1.2.1