From d56349a2aa0ef13487a230949990ed42421b4bc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 13 Dec 2005 07:33:35 +0000 Subject: update TLS-ECC code Submitted by: Douglas Stebila --- ssl/tls1.h | 103 ++++++++++++++++++++++++++----------------------------------- 1 file changed, 43 insertions(+), 60 deletions(-) (limited to 'ssl/tls1.h') diff --git a/ssl/tls1.h b/ssl/tls1.h index 112ef3a99f..e7eaa835db 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -126,51 +126,36 @@ extern "C" { #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A -/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001). - * XXX NOTE: There is a bug in the draft, cipher numbers 4B, and 4C - * are defined twice so we define ECDH_ECDSA_EXPORT cipher - * suites to use 5B and 5C instead (this may change with future - * updates to the IETF draft). - */ -/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of - * ciphersuites, but does not define numbers for all of them - * because of possible conflicts with other Internet Drafts; - * most numbers are still subject to change. */ -#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x03000047 -#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x03000048 -#define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA 0x03000049 -#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300004A -#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300004B -#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300004C -#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA 0x0300005B -#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA 0x0300005C +/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ +#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 -#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300004D -#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300004E -#define TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA 0x0300004F -#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x03000050 -#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x03000051 -#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x03000052 -#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA 0x03000053 -#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA 0x03000054 +#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A -#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x03000055 -#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x03000056 -#define TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA 0x03000057 -#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x03000058 -#define TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA 0x03000059 -#define TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA 0x0300005A +#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F -/* XXX: ECC ciphersuites offering forward secrecy are not yet specified - * in the ECC/TLS draft but our code allows them to be implemented - * very easily. To add such a cipher suite, one needs to add two constant - * definitions to this file and a new structure in s3_lib.c. We illustrate - * the process for the made-up ciphers ECDHE-ECDSA-AES128-SHA and - * ECDHE-RSA-AES128-SHA. - */ -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x03000077 -#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x03000078 +#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 +#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 /* XXX * Inconsistency alert: @@ -205,43 +190,41 @@ extern "C" { /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" -#define TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA "ECDH-ECDSA-DES-CBC-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" -#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-ECDSA-RC4-40-SHA" -#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-ECDSA-RC4-56-SHA" + +#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" -#define TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA "ECDH-RSA-DES-CBC-SHA" #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" -#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-RSA-RC4-40-SHA" -#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-RSA-RC4-56-SHA" + +#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" -#define TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA "AECDH-DES-CBC-SHA" #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" -#define TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA "EXP-AECDH-DES-40-CBC-SHA" -#define TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA "EXP-AECDH-RC4-40-SHA" - -/* XXX: Made-up ECC cipher suites offering forward secrecy. This is for - * illustration only. - */ -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" - +#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 #define TLS_CT_RSA_FIXED_DH 3 #define TLS_CT_DSS_FIXED_DH 4 -#define TLS_CT_ECDSA_SIGN 5 -#define TLS_CT_RSA_FIXED_ECDH 6 -#define TLS_CT_ECDSA_FIXED_ECDH 7 +#define TLS_CT_ECDSA_SIGN 64 +#define TLS_CT_RSA_FIXED_ECDH 65 +#define TLS_CT_ECDSA_FIXED_ECDH 66 #define TLS_CT_NUMBER 7 #define TLS1_FINISH_MAC_LENGTH 12 -- cgit v1.2.3