libsec: add TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher suits
This commit is contained in:
cinap_lenrek
parent
be3ba38c45
commit
9733434e6e
1 changed files with 41 additions and 39 deletions
|
|
@ -253,8 +253,7 @@ enum {
|
|||
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0X0019,
|
||||
TLS_DH_anon_WITH_DES_CBC_SHA = 0X001A,
|
||||
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0X001B,
|
||||
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA = 0X002f, // aes, aka rijndael with 128 bit blocks
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA = 0X002F, // aes, aka rijndael with 128 bit blocks
|
||||
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0X0030,
|
||||
TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0X0031,
|
||||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0X0032,
|
||||
|
|
@ -266,15 +265,14 @@ enum {
|
|||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0X0038,
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0X0039,
|
||||
TLS_DH_anon_WITH_AES_256_CBC_SHA = 0X003A,
|
||||
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0X003C,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0X003D,
|
||||
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
|
||||
CipherMax
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0XC009,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0XC00A,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0XC013,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0XC014,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0XC023,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
|
||||
};
|
||||
|
||||
// compression methods
|
||||
|
|
@ -284,8 +282,10 @@ enum {
|
|||
};
|
||||
|
||||
static Algs cipherAlgs[] = {
|
||||
{"aes_128_cbc", "sha256", 2*(16+16+SHA2_256dlen), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
|
||||
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
|
||||
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
|
||||
{"aes_128_cbc", "sha256", 2*(16+16+SHA2_256dlen), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
|
||||
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
|
||||
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
|
||||
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
|
||||
|
|
@ -802,8 +802,10 @@ static int
|
|||
isECDHE(int tlsid)
|
||||
{
|
||||
switch(tlsid){
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
|
||||
return 1;
|
||||
|
|
@ -2026,36 +2028,36 @@ tlsConnectionFree(TlsConnection *c)
|
|||
|
||||
//================= cipher choices ========================
|
||||
|
||||
static int weakCipher[CipherMax] =
|
||||
static int weakCipher[] =
|
||||
{
|
||||
1, /* TLS_NULL_WITH_NULL_NULL */
|
||||
1, /* TLS_RSA_WITH_NULL_MD5 */
|
||||
1, /* TLS_RSA_WITH_NULL_SHA */
|
||||
1, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */
|
||||
0, /* TLS_RSA_WITH_RC4_128_MD5 */
|
||||
0, /* TLS_RSA_WITH_RC4_128_SHA */
|
||||
1, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */
|
||||
0, /* TLS_RSA_WITH_IDEA_CBC_SHA */
|
||||
1, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */
|
||||
0, /* TLS_RSA_WITH_DES_CBC_SHA */
|
||||
0, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */
|
||||
1, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */
|
||||
0, /* TLS_DH_DSS_WITH_DES_CBC_SHA */
|
||||
0, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */
|
||||
1, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */
|
||||
0, /* TLS_DH_RSA_WITH_DES_CBC_SHA */
|
||||
0, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */
|
||||
1, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */
|
||||
0, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */
|
||||
0, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
|
||||
1, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */
|
||||
0, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */
|
||||
0, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */
|
||||
1, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */
|
||||
1, /* TLS_DH_anon_WITH_RC4_128_MD5 */
|
||||
1, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
|
||||
1, /* TLS_DH_anon_WITH_DES_CBC_SHA */
|
||||
1, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
|
||||
[TLS_NULL_WITH_NULL_NULL] 1,
|
||||
[TLS_RSA_WITH_NULL_MD5] 1,
|
||||
[TLS_RSA_WITH_NULL_SHA] 1,
|
||||
[TLS_RSA_EXPORT_WITH_RC4_40_MD5] 1,
|
||||
[TLS_RSA_WITH_RC4_128_MD5] 0,
|
||||
[TLS_RSA_WITH_RC4_128_SHA] 0,
|
||||
[TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5] 1,
|
||||
[TLS_RSA_WITH_IDEA_CBC_SHA] 0,
|
||||
[TLS_RSA_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||
[TLS_RSA_WITH_DES_CBC_SHA] 0,
|
||||
[TLS_RSA_WITH_3DES_EDE_CBC_SHA] 0,
|
||||
[TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||
[TLS_DH_DSS_WITH_DES_CBC_SHA] 0,
|
||||
[TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA] 0,
|
||||
[TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||
[TLS_DH_RSA_WITH_DES_CBC_SHA] 0,
|
||||
[TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA] 0,
|
||||
[TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||
[TLS_DHE_DSS_WITH_DES_CBC_SHA] 0,
|
||||
[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA] 0,
|
||||
[TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||
[TLS_DHE_RSA_WITH_DES_CBC_SHA] 0,
|
||||
[TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA] 0,
|
||||
[TLS_DH_anon_EXPORT_WITH_RC4_40_MD5] 1,
|
||||
[TLS_DH_anon_WITH_RC4_128_MD5] 1,
|
||||
[TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA] 1,
|
||||
[TLS_DH_anon_WITH_DES_CBC_SHA] 1,
|
||||
[TLS_DH_anon_WITH_3DES_EDE_CBC_SHA] 1,
|
||||
};
|
||||
|
||||
static int
|
||||
|
|
@ -2085,7 +2087,7 @@ okCipher(Ints *cv)
|
|||
weak = 1;
|
||||
for(i = 0; i < cv->len; i++) {
|
||||
c = cv->data[i];
|
||||
if(c >= CipherMax)
|
||||
if(c >= nelem(weakCipher))
|
||||
weak = 0;
|
||||
else
|
||||
weak &= weakCipher[c];
|
||||
|
|
|
|||
Loading…
Reference in a new issue