提交 176f85a2 编写于 作者: D Dr. Stephen Henson

Add CCM ciphersuites from RFC6655 and RFC7251

Reviewed-by: NTim Hudson <tjh@openssl.org>
上级 3d3701ea
...@@ -519,6 +519,31 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) ...@@ -519,6 +519,31 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 # define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 # define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
/* CCM ciphersuites from RFC6655 */
# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C
# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D
# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E
# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F
# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0
# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1
# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2
# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3
# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4
# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5
# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6
# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7
# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8
# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9
# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA
# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB
/* CCM ciphersuites from RFC7251 */
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF
/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA # define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA
# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB # define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB
...@@ -823,6 +848,35 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) ...@@ -823,6 +848,35 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" # define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" # define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
/* CCM ciphersuites from RFC6655 */
# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM"
# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM"
# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM"
# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM"
# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8"
# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8"
# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8"
# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8"
# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM"
# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM"
# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM"
# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM"
# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8"
# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8"
# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8"
# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8"
/* CCM ciphersuites from RFC7251 */
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM"
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM"
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8"
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8"
/* ECDH HMAC based ciphersuites from RFC5289 */ /* ECDH HMAC based ciphersuites from RFC5289 */
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
......
...@@ -3450,6 +3450,326 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { ...@@ -3450,6 +3450,326 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256}, 256},
#endif #endif
/* Cipher C09C */
{
1,
TLS1_TXT_RSA_WITH_AES_128_CCM,
TLS1_CK_RSA_WITH_AES_128_CCM,
SSL_kRSA,
SSL_aRSA,
SSL_AES128CCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C09D */
{
1,
TLS1_TXT_RSA_WITH_AES_256_CCM,
TLS1_CK_RSA_WITH_AES_256_CCM,
SSL_kRSA,
SSL_aRSA,
SSL_AES256CCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* Cipher C09E */
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
SSL_kDHE,
SSL_aRSA,
SSL_AES128CCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C09F */
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
SSL_kDHE,
SSL_aRSA,
SSL_AES256CCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* Cipher C0A0 */
{
1,
TLS1_TXT_RSA_WITH_AES_128_CCM_8,
TLS1_CK_RSA_WITH_AES_128_CCM_8,
SSL_kRSA,
SSL_aRSA,
SSL_AES128CCM8,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C0A1 */
{
1,
TLS1_TXT_RSA_WITH_AES_256_CCM_8,
TLS1_CK_RSA_WITH_AES_256_CCM_8,
SSL_kRSA,
SSL_aRSA,
SSL_AES256CCM8,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* Cipher C0A2 */
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
SSL_kDHE,
SSL_aRSA,
SSL_AES128CCM8,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C0A3 */
{
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
SSL_kDHE,
SSL_aRSA,
SSL_AES256CCM8,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* Cipher C0A4 */
{
1,
TLS1_TXT_PSK_WITH_AES_128_CCM,
TLS1_CK_PSK_WITH_AES_128_CCM,
SSL_kPSK,
SSL_aPSK,
SSL_AES128CCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C0A4 */
{
1,
TLS1_TXT_PSK_WITH_AES_256_CCM,
TLS1_CK_PSK_WITH_AES_256_CCM,
SSL_kPSK,
SSL_aPSK,
SSL_AES256CCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* Cipher C0A6 */
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
SSL_kDHEPSK,
SSL_aPSK,
SSL_AES128CCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C0A7 */
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
SSL_kDHEPSK,
SSL_aPSK,
SSL_AES256CCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* Cipher C0A8 */
{
1,
TLS1_TXT_PSK_WITH_AES_128_CCM_8,
TLS1_CK_PSK_WITH_AES_128_CCM_8,
SSL_kPSK,
SSL_aPSK,
SSL_AES128CCM8,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C0A9 */
{
1,
TLS1_TXT_PSK_WITH_AES_256_CCM_8,
TLS1_CK_PSK_WITH_AES_256_CCM_8,
SSL_kPSK,
SSL_aPSK,
SSL_AES256CCM8,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* Cipher C0AA */
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
SSL_kDHEPSK,
SSL_aPSK,
SSL_AES128CCM8,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C0AB */
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
SSL_kDHEPSK,
SSL_aPSK,
SSL_AES256CCM8,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* Cipher C0AC */
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
SSL_kECDHE,
SSL_aECDSA,
SSL_AES128CCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C0AD */
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
SSL_kECDHE,
SSL_aECDSA,
SSL_AES256CCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* Cipher C0AE */
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
SSL_kECDHE,
SSL_aECDSA,
SSL_AES128CCM8,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C0AF */
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
SSL_kECDHE,
SSL_aECDSA,
SSL_AES256CCM8,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* end of list */ /* end of list */
}; };
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册