summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSimon Josefsson <simon@josefsson.org>2007-09-24 12:39:58 +0200
committerSimon Josefsson <simon@josefsson.org>2007-09-24 12:39:58 +0200
commit3e36432062f6a1a1758a13591aed7951d4081a30 (patch)
treec79fec7a1692bbd9259bf974220617607cb04793 /lib
parent4f1a8ab89e804066e54dce364b15f00d9c2e3f30 (diff)
downloadgnutls-3e36432062f6a1a1758a13591aed7951d4081a30.tar.gz
Add patch to support Camellia, contributed by Yoshisato YANAGISAWA. Fixes #1.
See http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2331
Diffstat (limited to 'lib')
-rw-r--r--lib/gnutls_algorithms.c56
-rw-r--r--lib/gnutls_cipher_int.c10
-rw-r--r--lib/gnutls_priority.c19
3 files changed, 81 insertions, 4 deletions
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 7ec696e253..d1fdd577a9 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -163,6 +163,10 @@ static const gnutls_cipher_entry algorithms[] = {
{"ARCFOUR 128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0},
{"ARCFOUR 40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1},
{"RC2 40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1},
+#ifdef ENABLE_CAMELLIA
+ {"CAMELLIA 256 CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0},
+ {"CAMELLIA 128 CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0},
+#endif
{"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0},
{0, 0, 0, 0, 0, 0, 0}
};
@@ -176,6 +180,10 @@ static const gnutls_cipher_algorithm_t supported_ciphers[] = {
GNUTLS_CIPHER_ARCFOUR_128,
GNUTLS_CIPHER_ARCFOUR_40,
GNUTLS_CIPHER_RC2_40_CBC,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+#endif
GNUTLS_CIPHER_NULL,
0
};
@@ -377,6 +385,10 @@ typedef struct
#define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
#define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
+/* rfc4132 */
+#define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
+#define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
+
/* PSK (not in TLS 1.0)
* draft-ietf-tls-psk:
*/
@@ -419,6 +431,10 @@ typedef struct
#define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
#define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
+/* rfc4132 */
+#define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
+#define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
+
/* DHE DSS
*/
@@ -435,6 +451,10 @@ typedef struct
#define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 }
#define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
+/* rfc4132 */
+#define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
+#define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
+
/* DHE RSA
*/
#define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
@@ -444,6 +464,10 @@ typedef struct
#define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 }
#define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
+/* rfc4132 */
+#define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
+#define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
+
#define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
static const gnutls_cipher_suite_entry cs_algorithms[] = {
@@ -461,6 +485,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+#endif
/* PSK */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
@@ -538,6 +570,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+#endif
/* DHE_RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
@@ -548,6 +588,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+#endif
/* RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
GNUTLS_CIPHER_NULL,
@@ -573,6 +621,14 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+#endif
{0, {{0, 0}}, 0, 0, 0, 0}
};
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 36b2e24754..148b297a3b 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -64,6 +64,16 @@ _gnutls_cipher_init (gnutls_cipher_algorithm_t cipher,
err = gc_cipher_open (GC_ARCTWO40, GC_CBC, &ret);
break;
+#ifdef ENABLE_CAMELLIA
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ err = gc_cipher_open (GC_CAMELLIA128, GC_CBC, &ret);
+ break;
+
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ err = gc_cipher_open (GC_CAMELLIA256, GC_CBC, &ret);
+ break;
+#endif
+
default:
return NULL;
}
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 8acb903826..0f5c016f62 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -263,7 +263,8 @@ gnutls_certificate_type_set_priority (gnutls_session_t session,
* Protocols: TLS 1.2, TLS 1.1, TLS 1.0, and SSL3.
* Key exchange algorithm: DHE-PSK, PSK, SRP-RSA, SRP-DSS, SRP,
* DHE-RSA, DHE-DSS, RSA.
- * Cipher: AES_256_CBC, AES_128_CBC, 3DES_CBC, and ARCFOUR_128.
+ * Cipher: AES_256_CBC, AES_128_CBC, 3DES_CBC, CAMELLIA_256_CBC, CAMELLIA_128_CBC,
+ * and ARCFOUR_128.
* MAC algorithm: SHA, and MD5.
* Certificate types: X.509, OpenPGP
* Compression: DEFLATE, NULL.
@@ -299,6 +300,10 @@ gnutls_set_default_priority (gnutls_session_t session)
GNUTLS_CIPHER_AES_256_CBC,
GNUTLS_CIPHER_AES_128_CBC,
GNUTLS_CIPHER_3DES_CBC,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+#endif
GNUTLS_CIPHER_ARCFOUR_128,
/* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */
0
@@ -340,8 +345,8 @@ gnutls_set_default_priority (gnutls_session_t session)
* The order is TLS1, SSL3 for protocols, RSA, DHE_DSS,
* DHE_RSA, RSA_EXPORT for key exchange algorithms.
* SHA, MD5, RIPEMD160 for MAC algorithms,
- * AES_256_CBC, AES_128_CBC,
- * and 3DES_CBC, ARCFOUR_128, ARCFOUR_40 for ciphers.
+ * AES_256_CBC, AES_128_CBC, 3DES_CBC, CAMELLIA_256_CBC, CAMELLIA_128_CBC,
+ * ARCFOUR_128, ARCFOUR_40 for ciphers.
*
* Returns 0 on success.
*
@@ -357,8 +362,14 @@ gnutls_set_default_export_priority (gnutls_session_t session)
GNUTLS_KX_RSA_EXPORT, 0
};
static const int cipher_priority[] = {
+ GNUTLS_CIPHER_AES_256_CBC,
GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_CIPHER_3DES_CBC,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+#endif
+ GNUTLS_CIPHER_ARCFOUR_128,
GNUTLS_CIPHER_ARCFOUR_40, 0
};
static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 };