diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-25 17:04:25 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-12-03 10:12:19 +0100 |
commit | 25373307147b03b51541cf35db04a51f8ec87768 (patch) | |
tree | 53a4ac1ec08d0148277ea84a7f4feeea58ba2b3b | |
parent | 7d1308f29b7512a2913a031f5baccab65f68073d (diff) | |
download | gnutls-25373307147b03b51541cf35db04a51f8ec87768.tar.gz |
Added definitions for CCM ciphersuites
-rw-r--r-- | lib/algorithms/ciphers.c | 18 | ||||
-rw-r--r-- | lib/algorithms/ciphersuites.c | 58 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 12 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 4 | ||||
-rw-r--r-- | lib/nettle/cipher.c | 61 |
5 files changed, 153 insertions, 0 deletions
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index d1501d6f25..b91eac7e1b 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -73,6 +73,24 @@ static const cipher_entry_st algorithms[] = { .explicit_iv = 8, .cipher_iv = 12, .tagsize = 16}, + { .name = "AES-128-CCM", + .id = GNUTLS_CIPHER_AES_128_CCM, + .blocksize = 16, + .keysize = 16, + .type = CIPHER_AEAD, + .implicit_iv = 4, + .explicit_iv = 8, + .cipher_iv = 12, + .tagsize = 16}, + { .name = "AES-256-CCM", + .id = GNUTLS_CIPHER_AES_256_CCM, + .blocksize = 16, + .keysize = 32, + .type = CIPHER_AEAD, + .implicit_iv = 4, + .explicit_iv = 8, + .cipher_iv = 12, + .tagsize = 16}, { .name = "ARCFOUR-128", .id = GNUTLS_CIPHER_ARCFOUR_128, .blocksize = 1, diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index f397dedc27..06504a7d6d 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -209,6 +209,20 @@ typedef struct { #define GNUTLS_DHE_DSS_AES_256_GCM_SHA384 {0x00,0xA3} #define GNUTLS_DH_ANON_AES_256_GCM_SHA384 {0x00,0xA7} +/* CCM: RFC6655 */ +#define GNUTLS_RSA_AES_128_CCM_SHA256 { 0xC0, 0x9C } +#define GNUTLS_RSA_AES_256_CCM_SHA256 { 0xC0, 0x9D } +#define GNUTLS_DHE_RSA_AES_128_CCM_SHA256 {0xC0,0x9E} +#define GNUTLS_DHE_RSA_AES_256_CCM_SHA256 {0xC0,0x9F} + +#define GNUTLS_ECDHE_ECDSA_AES_128_CCM_SHA256 {0xC0,0xAC} +#define GNUTLS_ECDHE_ECDSA_AES_256_CCM_SHA256 {0xC0,0xAD} + +#define GNUTLS_PSK_AES_128_CCM_SHA256 { 0xC0, 0xA4 } +#define GNUTLS_PSK_AES_256_CCM_SHA256 { 0xC0, 0xA5 } +#define GNUTLS_DHE_PSK_AES_128_CCM_SHA256 {0xC0,0xA6} +#define GNUTLS_DHE_PSK_AES_256_CCM_SHA256 {0xC0,0xA7} + /* RFC 5487 */ /* GCM-PSK */ @@ -373,6 +387,50 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), +/* CCM */ + ENTRY(GNUTLS_RSA_AES_128_CCM_SHA256, + GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_RSA_AES_256_CCM_SHA256, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DHE_RSA_AES_128_CCM_SHA256, + GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DHE_RSA_AES_256_CCM_SHA256, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + + ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM_SHA256, + GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM_SHA256, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + + ENTRY(GNUTLS_PSK_AES_128_CCM_SHA256, + GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_PSK_AES_256_CCM_SHA256, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DHE_PSK_AES_128_CCM_SHA256, + GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DHE_PSK_AES_256_CCM_SHA256, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + /* DHE_DSS */ #ifdef ENABLE_DHE ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1, diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index ce53a84ae3..0e4f78865f 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -210,6 +210,8 @@ static const int _cipher_priority_performance_default[] = { GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_CIPHER_CAMELLIA_256_GCM, + GNUTLS_CIPHER_AES_128_CCM, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_CAMELLIA_128_CBC, @@ -226,6 +228,8 @@ static const int _cipher_priority_normal_default[] = { GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_CIPHER_CAMELLIA_256_GCM, + GNUTLS_CIPHER_AES_128_CCM, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_CAMELLIA_128_CBC, @@ -238,6 +242,8 @@ static const int _cipher_priority_normal_default[] = { static const int cipher_priority_performance_fips[] = { GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_AES_256_GCM, + GNUTLS_CIPHER_AES_128_CCM, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_3DES_CBC, @@ -247,6 +253,8 @@ static const int cipher_priority_performance_fips[] = { static const int cipher_priority_normal_fips[] = { GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_AES_256_GCM, + GNUTLS_CIPHER_AES_128_CCM, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_3DES_CBC, @@ -271,8 +279,11 @@ static const int* cipher_priority_suiteb192 = _cipher_priority_suiteb192; static const int _cipher_priority_secure128[] = { GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_CAMELLIA_128_GCM, + GNUTLS_CIPHER_AES_128_CCM, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_CAMELLIA_256_GCM, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_CAMELLIA_128_CBC, @@ -286,6 +297,7 @@ static const int *cipher_priority_secure128 = _cipher_priority_secure128; static const int _cipher_priority_secure192[] = { GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_CAMELLIA_256_GCM, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_CAMELLIA_256_CBC, 0 diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 0abb0534e3..77dedc8c76 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -90,6 +90,8 @@ extern "C" { * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys). * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys. * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys. + * @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys. + * @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys. * @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys. * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys. * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys. @@ -126,6 +128,8 @@ typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_CAMELLIA_256_GCM = 16, GNUTLS_CIPHER_RC2_40_CBC = 17, GNUTLS_CIPHER_DES_CBC = 18, + GNUTLS_CIPHER_AES_128_CCM = 19, + GNUTLS_CIPHER_AES_256_CCM = 20, /* used only for PGP internals. Ignored in TLS/SSL */ diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index f85e8cc271..d8d9626d68 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -36,6 +36,7 @@ #include <nettle/nettle-meta.h> #include <nettle/cbc.h> #include <nettle/gcm.h> +#include <nettle/ccm.h> #include <fips.h> struct nettle_cipher_ctx; @@ -123,6 +124,38 @@ _cbc_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, } static void +_ccm_aes_encrypt(struct nettle_cipher_ctx *ctx, + size_t nonce_size, const void *nonce, + size_t auth_size, const void *auth, + size_t tag_size, + size_t length, uint8_t * dst, + const uint8_t * src) +{ + ccm_encrypt_message((void*)ctx->ctx_ptr, ctx->cipher->encrypt_block, + nonce_size, nonce, + auth_size, auth, + tag_size, length, dst, src); +} + +static int +_ccm_aes_decrypt(struct nettle_cipher_ctx *ctx, + size_t nonce_size, const void *nonce, + size_t auth_size, const void *auth, + size_t tag_size, + size_t length, uint8_t * dst, + const uint8_t * src) +{ + int ret; + ret = ccm_decrypt_message((void*)ctx->ctx_ptr, ctx->cipher->encrypt_block, + nonce_size, nonce, + auth_size, auth, + tag_size, length, dst, src); + if (ret == 0) + return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + return 0; +} + +static void _gcm_aes128_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst, const uint8_t * src) { @@ -213,6 +246,34 @@ static const struct nettle_cipher_st builtin_ciphers[] = { .set_iv = (setiv_func)gcm_aes256_set_iv, .fips_allowed = 1 }, + { .algo = GNUTLS_CIPHER_AES_128_CCM, + .block_size = AES_BLOCK_SIZE, + .key_size = AES128_KEY_SIZE, + .encrypt_block = (nettle_cipher_func*)aes128_encrypt, + .decrypt_block = (nettle_cipher_func*)aes128_decrypt, + + .ctx_size = sizeof(struct aes128_ctx), + .aead_encrypt = _ccm_aes_encrypt, + .aead_decrypt = _ccm_aes_decrypt, + .set_encrypt_key = (setkey_func)aes128_set_encrypt_key, + .set_decrypt_key = (setkey_func)aes128_set_encrypt_key, + + .fips_allowed = 1 + }, + { .algo = GNUTLS_CIPHER_AES_256_CCM, + .block_size = AES_BLOCK_SIZE, + .key_size = AES256_KEY_SIZE, + .encrypt_block = (nettle_cipher_func*)aes256_encrypt, + .decrypt_block = (nettle_cipher_func*)aes256_decrypt, + + .ctx_size = sizeof(struct aes256_ctx), + .aead_encrypt = _ccm_aes_encrypt, + .aead_decrypt = _ccm_aes_decrypt, + .set_encrypt_key = (setkey_func)aes256_set_encrypt_key, + .set_decrypt_key = (setkey_func)aes256_set_encrypt_key, + + .fips_allowed = 1 + }, { .algo = GNUTLS_CIPHER_CAMELLIA_128_GCM, .block_size = CAMELLIA_BLOCK_SIZE, .key_size = CAMELLIA128_KEY_SIZE, |