From 2d8f8979c793048fd16eabfb070b227f2ecb4042 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 28 Apr 2016 16:39:45 +0000 Subject: Implement the IETF ChaCha20-Poly1305 cipher suites. Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix, effectively replaces the original Google implementation. We continue to support both the IETF and Google versions, however the existing names now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04. Feedback from doug@ --- src/lib/libssl/s3_lib.c | 63 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 57 insertions(+), 6 deletions(-) (limited to 'src/lib/libssl/s3_lib.c') diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index e7f71d6b6f..e873c17c87 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.107 2016/01/27 02:06:16 beck Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.108 2016/04/28 16:39:45 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1808,6 +1808,57 @@ SSL_CIPHER ssl3_ciphers[] = { #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) /* Cipher CC13 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD, + .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CHACHA20POLY1305_OLD, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher CC14 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD, + .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_CHACHA20POLY1305_OLD, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher CC15 */ + { + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD, + .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CHACHA20POLY1305_OLD, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher CCA8 */ { .valid = 1, .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, @@ -1819,12 +1870,12 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1_2, .algo_strength = SSL_HIGH, .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), + SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), .strength_bits = 256, .alg_bits = 256, }, - /* Cipher CC14 */ + /* Cipher CCA9 */ { .valid = 1, .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, @@ -1836,12 +1887,12 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1_2, .algo_strength = SSL_HIGH, .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), + SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), .strength_bits = 256, .alg_bits = 256, }, - /* Cipher CC15 */ + /* Cipher CCAA */ { .valid = 1, .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, @@ -1853,7 +1904,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_ssl = SSL_TLSV1_2, .algo_strength = SSL_HIGH, .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), + SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(12), .strength_bits = 256, .alg_bits = 256, }, -- cgit v1.2.3-55-g6feb