summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdam Langley <agl@google.com>2015-06-15 13:52:15 -0700
committerKenny Root <kroot@google.com>2015-06-15 15:50:04 -0700
commitdfb3ba68fd0011cba7d8e4c1a46295099fef85bf (patch)
tree179de31d373d518d1e129eca1d63a2974c999fe7
parent4bae3aba0494da7c4e3c1b28ff978eb38e6323e6 (diff)
downloadexternal_boringssl-dfb3ba68fd0011cba7d8e4c1a46295099fef85bf.zip
external_boringssl-dfb3ba68fd0011cba7d8e4c1a46295099fef85bf.tar.gz
external_boringssl-dfb3ba68fd0011cba7d8e4c1a46295099fef85bf.tar.bz2
Add ECDHE-PSK-AES{128,256}-SHA cipher suites.
If we're going to have PSK and use standard cipher suites, this might be the best that we can do for the moment. (This is a cherry-pick of BoringSSL's 85bc5601.) (cherry picked from commit 0e6bb1c72014c26289d09f4deea9c25706be5824) Bug: 21522548 Change-Id: Ic94c74a2b3ee2387f640efff510646d1836efbfb
-rw-r--r--src/include/openssl/tls1.h8
-rw-r--r--src/ssl/ssl_cipher.c23
-rw-r--r--src/ssl/ssl_test.cc2
-rw-r--r--src/ssl/test/runner/cipher_suites.go4
-rw-r--r--src/ssl/test/runner/runner.go2
5 files changed, 38 insertions, 1 deletions
diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h
index 999a5ca..f2bee27 100644
--- a/src/include/openssl/tls1.h
+++ b/src/include/openssl/tls1.h
@@ -361,6 +361,10 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb(
#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
+/* PSK ciphersuites from RFC 5489 */
+#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035
+#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036
+
/* Additional TLS ciphersuites from expired Internet Draft
* draft-ietf-tls-56-bit-ciphersuites-01.txt
* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
@@ -580,6 +584,10 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb(
#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
+/* PSK ciphersuites from RFC 5489 */
+#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA"
+#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA"
+
/* SRP ciphersuite from RFC 5054 */
#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
diff --git a/src/ssl/ssl_cipher.c b/src/ssl/ssl_cipher.c
index 2f1548a..8d03c9e 100644
--- a/src/ssl/ssl_cipher.c
+++ b/src/ssl/ssl_cipher.c
@@ -240,6 +240,8 @@ const SSL_CIPHER kCiphers[] = {
SSL_HANDSHAKE_MAC_SHA256, 256, 256,
},
+ /* PSK cipher suites. */
+
/* Cipher 8A */
{
TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK,
@@ -261,7 +263,6 @@ const SSL_CIPHER kCiphers[] = {
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
-
/* GCM ciphersuites from RFC5288 */
/* Cipher 9C */
@@ -429,6 +430,26 @@ const SSL_CIPHER kCiphers[] = {
256, 256,
},
+ /* ECDHE-PSK cipher suites. */
+
+ /* Cipher C035 */
+ {
+ TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kECDHE, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
+ },
+
+ /* Cipher C036 */
+ {
+ TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kECDHE, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
+ },
+
+ /* ChaCha20-Poly1305 cipher suites. */
+
#if !defined(ANDROID)
{
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc
index decf893..1c6e24a 100644
--- a/src/ssl/ssl_test.cc
+++ b/src/ssl/ssl_test.cc
@@ -502,6 +502,8 @@ static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
{ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" },
{ TLS1_CK_PSK_WITH_RC4_128_SHA, "TLS_PSK_WITH_RC4_SHA" },
+ { TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" },
// These names are non-standard:
{ TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
diff --git a/src/ssl/test/runner/cipher_suites.go b/src/ssl/test/runner/cipher_suites.go
index 162c0c0..70c7262 100644
--- a/src/ssl/test/runner/cipher_suites.go
+++ b/src/ssl/test/runner/cipher_suites.go
@@ -124,6 +124,8 @@ var cipherSuites = []*cipherSuite{
{TLS_PSK_WITH_RC4_128_SHA, 16, 20, 0, pskKA, suiteNoDTLS | suitePSK, cipherRC4, macSHA1, nil},
{TLS_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, pskKA, suitePSK, cipherAES, macSHA1, nil},
{TLS_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, pskKA, suitePSK, cipherAES, macSHA1, nil},
+ {TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdhePSKKA, suiteECDHE | suitePSK, cipherAES, macSHA1, nil},
+ {TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdhePSKKA, suiteECDHE | suitePSK, cipherAES, macSHA1, nil},
}
func cipherRC4(key, iv []byte, isRead bool) interface{} {
@@ -402,6 +404,8 @@ const (
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0xc035
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0xc036
fallbackSCSV uint16 = 0x5600
)
diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go
index f60d8ba..94c1d32 100644
--- a/src/ssl/test/runner/runner.go
+++ b/src/ssl/test/runner/runner.go
@@ -1625,6 +1625,8 @@ var testCipherSuites = []struct {
{"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
{"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
{"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
+ {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
+ {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
{"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
{"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
{"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},