|

»

GnuPG - Gnutls - Dev

ECC cipher suites

View: New views

16 Messages — Rating Filter: Alert me

	ECC cipher suites by Daiki Ueno :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello, I looked at the feature comparison table of TLS libraries and noticed that GnuTLS still lacks ECC support: http://www.gnu.org/software/gnutls/comparison.html Is anyone working on this? Otherwise, I would like to give it a try[1]. After a quick search on Gmane, the primary (technical) reason seems that there is no way to compute ECDH with libgcrypt. If so, how about simply exporting the EC version of powm and curve selection API[2]? Anyway, would it make sense? Comments are appreciated. Footnotes: [1] I recently got my paperwork done for both GnuTLS/libgcrypt, and I am seeking for next interesting project. [2] I have first considered a generic key-agreement interface in libgcrypt, but I now think that it's too much - currently only DH variants are used in practice. Regards, -- Daiki Ueno _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: ECC cipher suites by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Daiki Ueno <ueno@...> writes: > Hello, > > I looked at the feature comparison table of TLS libraries and noticed > that GnuTLS still lacks ECC support: > http://www.gnu.org/software/gnutls/comparison.html > > Is anyone working on this? Otherwise, I would like to give it a try[1]. Nobody is working on it, but there are patent issues with ECC that has to be resolved. To avoid wasting time, we may want to approach the FSF and the SFLC first to get a better understanding of what's involved here (I've been deferring this since nobody has expressed interest in ECC). > [1] I recently got my paperwork done for both GnuTLS/libgcrypt, and I am > seeking for next interesting project. Finishing the TLS 1.2 support and adding the new cipher suites is a high-priority task and it shouldn't be too difficult since there are TLS 1.2 test servers out there to test with. /Simon _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: ECC cipher suites by Daiki Ueno :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message >>>>> In <87eiqzedlg.fsf@...> >>>>> Simon Josefsson <simon@...> wrote: > > I looked at the feature comparison table of TLS libraries and noticed > > that GnuTLS still lacks ECC support: > > http://www.gnu.org/software/gnutls/comparison.html > > > > Is anyone working on this? Otherwise, I would like to give it a try[1]. > Nobody is working on it, but there are patent issues with ECC that has > to be resolved. To avoid wasting time, we may want to approach the FSF > and the SFLC first to get a better understanding of what's involved here > (I've been deferring this since nobody has expressed interest in ECC). Good to know before stepping into further. I hope that the situation will change in the near future. > Finishing the TLS 1.2 support and adding the new cipher suites is a > high-priority task and it shouldn't be too difficult since there are TLS > 1.2 test servers out there to test with. Thanks for the hint. I'll check which features of TLS 1.2 are not implemented. Adding HMAC-SHA256 cipher suites looks one thing to do. Regards, -- Daiki Ueno _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Poll: What do you want to see implemented in GnuTLS next? by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Daiki Ueno <ueno@...> writes: >> Finishing the TLS 1.2 support and adding the new cipher suites is a >> high-priority task and it shouldn't be too difficult since there are TLS >> 1.2 test servers out there to test with. > > Thanks for the hint. I'll check which features of TLS 1.2 are not > implemented. Adding HMAC-SHA256 cipher suites looks one thing to do. Actually TLS 1.2 is not working in GnuTLS now, the drafts changed how the negotiation worked after I implemented it and I never found time to update it to support the protocol defined by the final RFC. I don't expect finishing this would require major changes, so it would be a great contribution to finish the TLS 1.2 support. Definitely adding SHA256 ciphers would be good. Reading doc/TODO I couldn't find any other easily identifiable task that is more important except possibly DTLS support (but Jonathan is working on that already). Maybe we can turn this into an open poll. What do people want to see happen next? AES-GCM cipher suites would be nice. There is also the OCSP extension, which would be fairly easy to add. /Simon _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	[PATCH] client-side TLS 1.2 support by Daiki Ueno :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message >>>>> In <87fxbdjt8v.fsf_-_@...> >>>>> Simon Josefsson <simon@...> wrote: > Daiki Ueno <ueno@...> writes: > >> Finishing the TLS 1.2 support and adding the new cipher suites is a > >> high-priority task and it shouldn't be too difficult since there are TLS > >> 1.2 test servers out there to test with. > > > > Thanks for the hint. I'll check which features of TLS 1.2 are not > > implemented. Adding HMAC-SHA256 cipher suites looks one thing to do. > Actually TLS 1.2 is not working in GnuTLS now, the drafts changed how > the negotiation worked after I implemented it and I never found time to > update it to support the protocol defined by the final RFC. I just realized it ;-) I'm attaching a set of patches to provide minimal fix for client side TLS 1.2 support. I've confirmed them working against Mike's test server: $ gnutls-cli --debug 10 --protocols TLS1.2 -p 443 www.mikestoolbox.net > I don't expect finishing this would require major changes, so it would > be a great contribution to finish the TLS 1.2 support. While server-side support would require a bit more work, for the moment I would like to ask for comments on my approach. The patches mainly follow the changes regarding SignatureAndHashAlgorithm usage. Here is a summary of each patch: * 0001-Add-functions-for-TLS-signature-algorithm.patch This patch adds helper functions which convert SignatureAndHashAlgorithm value from/to `gnutls_sign_algorithm_t'. * 0002-Respect-TLS-signature-algorithm-in-server-KX.patch The signature of DH params in Server Key Exchange is now a "digitally-signed" struct. This patch makes it read the algorithm IDs at the beginning of the actual signature bytes. * 0003-Use-SHA256-for-PRF-if-TLS-1.2.patch TLS 1.2 mandates that the algorithm for the basis of PRF is SHA256, and the same algorithm is used for the hash over handshake messages (to be used to verify Finished message). This patch makes it use SHA256 in both places. * 0004-Fix-parsing-Certificate-Request-for-TLS-1.2.patch This patch fixes a logic to skip supported_signature_algorithms in Certificate Request, whose type seemes to have changed from the draft. From 4ed3bb2ac905c13ab06c11d28f6ce7bb7e44149f Mon Sep 17 00:00:00 2001 From: Daiki Ueno <ueno@...> Date: Mon, 31 Aug 2009 14:34:01 +0900 Subject: [PATCH 1/4] Add functions for TLS signature algorithm. Add functions to convert TLS signature algorithm from/to constants defined by GnuTLS. --- lib/gnutls_algorithms.c \| 71 +++++++++++++++++++++++++++++++++++++++------- lib/gnutls_algorithms.h \| 4 ++ lib/gnutls_int.h \| 6 ++++ 3 files changed, 70 insertions(+), 11 deletions(-) diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 08054c4..73179bb 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -1787,29 +1787,32 @@ struct gnutls_sign_entry gnutls_sign_algorithm_t id; gnutls_pk_algorithm_t pk; gnutls_mac_algorithm_t mac; + sign_algorithm_st aid; }; typedef struct gnutls_sign_entry gnutls_sign_entry; +#define TLS_SIGN_AID_UNKNOWN {255, 255} + static const gnutls_sign_entry sign_algorithms[] = { {"RSA-SHA", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA1}, + GNUTLS_MAC_SHA1, {2, 1}}, {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA256}, + GNUTLS_MAC_SHA256, {4, 1}}, {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA384}, + GNUTLS_MAC_SHA384, {5, 1}}, {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA512}, + GNUTLS_MAC_SHA512, {6, 1}}, {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA, - GNUTLS_MAC_RMD160}, + GNUTLS_MAC_RMD160, TLS_SIGN_AID_UNKNOWN}, {"DSA-SHA", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA, - GNUTLS_MAC_SHA1}, + GNUTLS_MAC_SHA1, {2, 2}}, {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA, - GNUTLS_MAC_MD5}, + GNUTLS_MAC_MD5, {1, 1}}, {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA, - GNUTLS_MAC_MD2}, - {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0}, - {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0}, - {0, 0, 0, 0, 0} + GNUTLS_MAC_MD2, TLS_SIGN_AID_UNKNOWN}, + {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}, + {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}, + {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN} }; /* Keep the contents of this struct the same as the previous one. / @@ -1958,6 +1961,52 @@ _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk, return ret; } +gnutls_mac_algorithm_t +_gnutls_sign_get_mac_algorithm (gnutls_sign_algorithm_t sign) +{ + gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN; + + GNUTLS_SIGN_ALG_LOOP (ret = p->mac); + + return ret; +} + +gnutls_pk_algorithm_t +_gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign) +{ + gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN; + + GNUTLS_SIGN_ALG_LOOP (ret = p->pk); + + return ret; +} + +gnutls_sign_algorithm_t +_gnutls_tls_aid_to_sign (sign_algorithm_st aid) +{ + gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN; + + GNUTLS_SIGN_LOOP ( if (p->aid.hash_algorithm == aid.hash_algorithm + && p->aid.sign_algorithm == aid.sign_algorithm) + { + ret = p->id; + break; + } ); + + return ret; +} + +sign_algorithm_st +_gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign) +{ + sign_algorithm_st ret = TLS_SIGN_AID_UNKNOWN; + + GNUTLS_SIGN_ALG_LOOP (ret = p->aid); + + return ret; +} + + / pk algorithms; / diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h index 0e2f2b7..0a2faac 100644 --- a/lib/gnutls_algorithms.h +++ b/lib/gnutls_algorithms.h @@ -105,6 +105,10 @@ gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_mac_algorithm_t mac); const char _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t, gnutls_mac_algorithm_t mac); +gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (sign_algorithm_st aid); +sign_algorithm_st _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign); +gnutls_mac_algorithm_t _gnutls_sign_get_mac_algorithm (gnutls_sign_algorithm_t); +gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t); int _gnutls_mac_priority (gnutls_session_t session, gnutls_mac_algorithm_t algorithm); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 9af17b0..100ad37 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -273,6 +273,12 @@ typedef struct uint8_t suite[2]; } cipher_suite_st; +typedef struct +{ + uint8_t hash_algorithm; + uint8_t sign_algorithm; +} sign_algorithm_st; + /* This structure holds parameters got from TLS extension * mechanism. (some extensions may hold parameters in auth_info_t * structures also - see SRP). -- 1.6.3.3 From bea4b6f892da08f9f5f9100628b8bd97b40c5771 Mon Sep 17 00:00:00 2001 From: Daiki Ueno <ueno@...> Date: Mon, 31 Aug 2009 14:40:38 +0900 Subject: [PATCH 2/4] Respect TLS signature algorithm in server KX. Verify signature of DH parameters in Server Key Exchange with the embedded signature algorithm. --- lib/auth_dhe.c \| 27 ++++++++++++++++++++++++--- lib/auth_rsa_export.c \| 3 ++- lib/auth_srp_rsa.c \| 3 ++- lib/gnutls_sig.c \| 23 ++++++++++++++++------- lib/gnutls_sig.h \| 3 ++- 5 files changed, 46 insertions(+), 13 deletions(-) diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index ec595ee..ea9cf3a 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -180,11 +180,14 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, size_t _data_size) { int sigsize; + opaque sigdata; gnutls_datum_t vparams, signature; int ret; cert_auth_info_t info = _gnutls_get_auth_info (session); ssize_t data_size = _data_size; gnutls_cert peer_cert; + gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN; + gnutls_protocol_t ver = gnutls_protocol_get_version (session); if (info == NULL \|\| info->ncerts == 0) { @@ -205,11 +208,28 @@ proc_dhe_server_kx (gnutls_session_t session, opaque data, vparams.size = ret; vparams.data = data; + sigdata = &data[vparams.size]; + if (_gnutls_version_has_selectable_sighash (ver)) + { + sign_algorithm_st aid; + + DECR_LEN(data_size, 1); + aid.hash_algorithm = sigdata++; + DECR_LEN(data_size, 1); + aid.sign_algorithm = sigdata++; + sign_algo = _gnutls_tls_aid_to_sign (aid); + if (sign_algo == GNUTLS_SIGN_UNKNOWN) + { + gnutls_assert (); + return GNUTLS_E_UNKNOWN_PK_ALGORITHM; + } + } DECR_LEN (data_size, 2); - sigsize = _gnutls_read_uint16 (&data[vparams.size]); + sigsize = _gnutls_read_uint16 (sigdata); + sigdata += 2; DECR_LEN (data_size, sigsize); - signature.data = &data[vparams.size + 2]; + signature.data = sigdata; signature.size = sigsize; if ((ret = @@ -221,7 +241,8 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, return ret; } - ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature); + ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature, + sign_algo); _gnutls_gcert_deinit (&peer_cert); if (ret < 0) diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index b561063..f96fc79 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -310,7 +310,8 @@ proc_rsa_export_server_kx (gnutls_session_t session, return ret; } - ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature); + ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature, + GNUTLS_SIGN_UNKNOWN); _gnutls_gcert_deinit (&peer_cert); if (ret < 0) diff --git a/lib/auth_srp_rsa.c b/lib/auth_srp_rsa.c index 2f2ea96..1689ce2 100644 --- a/lib/auth_srp_rsa.c +++ b/lib/auth_srp_rsa.c @@ -191,7 +191,8 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque * data, return ret; } - ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature); + ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature, + GNUTLS_SIGN_UNKNOWN); _gnutls_gcert_deinit (&peer_cert); if (ret < 0) diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index bcc4412..81e8336 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -298,7 +298,8 @@ _gnutls_tls_sign (gnutls_session_t session, static int _gnutls_verify_sig (gnutls_cert * cert, const gnutls_datum_t * hash_concat, - gnutls_datum_t * signature, size_t sha1pos) + gnutls_datum_t * signature, size_t sha1pos, + gnutls_pk_algorithm_t pk_algo) { int ret; gnutls_datum_t vdata; @@ -321,7 +322,9 @@ _gnutls_verify_sig (gnutls_cert * cert, return GNUTLS_E_KEY_USAGE_VIOLATION; } - switch (cert->subject_pk_algorithm) + if (pk_algo == GNUTLS_PK_UNKNOWN) + pk_algo = cert->subject_pk_algorithm; + switch (pk_algo) { case GNUTLS_PK_RSA: @@ -340,7 +343,7 @@ _gnutls_verify_sig (gnutls_cert * cert, case GNUTLS_PK_DSA: vdata.data = &hash_concat->data[sha1pos]; - vdata.size = 20; /* sha1 / + vdata.size = hash_concat->size - sha1pos; / verify signature / if ((ret = _gnutls_dsa_verify (&vdata, signature, cert->params, @@ -419,7 +422,7 @@ _gnutls_verify_sig_hdata (gnutls_session_t session, gnutls_cert cert, dconcat.data = concat; dconcat.size = 20 + 16; /* md5+ sha / - ret = _gnutls_verify_sig (cert, &dconcat, signature, 16); + ret = _gnutls_verify_sig (cert, &dconcat, signature, 16, GNUTLS_SIGN_UNKNOWN); if (ret < 0) { gnutls_assert (); @@ -436,7 +439,8 @@ _gnutls_verify_sig_hdata (gnutls_session_t session, gnutls_cert cert, int _gnutls_verify_sig_params (gnutls_session_t session, gnutls_cert * cert, const gnutls_datum_t * params, - gnutls_datum_t * signature) + gnutls_datum_t * signature, + gnutls_sign_algorithm_t algo) { gnutls_datum_t dconcat; int ret; @@ -444,6 +448,7 @@ _gnutls_verify_sig_params (gnutls_session_t session, gnutls_cert * cert, digest_hd_st td_sha; opaque concat[36]; gnutls_protocol_t ver = gnutls_protocol_get_version (session); + gnutls_mac_algorithm_t mac_algo = GNUTLS_MAC_SHA1; if (!_gnutls_version_has_selectable_prf (ver)) { @@ -461,7 +466,9 @@ _gnutls_verify_sig_params (gnutls_session_t session, gnutls_cert * cert, _gnutls_hash (&td_md5, params->data, params->size); } - ret = _gnutls_hash_init (&td_sha, GNUTLS_MAC_SHA1); + if (algo != GNUTLS_SIGN_UNKNOWN) + mac_algo = _gnutls_sign_get_mac_algorithm (algo); + ret = _gnutls_hash_init (&td_sha, mac_algo); if (ret < 0) { gnutls_assert (); @@ -502,7 +509,9 @@ _gnutls_verify_sig_params (gnutls_session_t session, gnutls_cert * cert, dconcat.data = concat; - ret = _gnutls_verify_sig (cert, &dconcat, signature, dconcat.size - 20); + ret = _gnutls_verify_sig (cert, &dconcat, signature, + dconcat.size - _gnutls_hash_get_algo_len (mac_algo), + _gnutls_sign_get_pk_algorithm (algo)); if (ret < 0) { gnutls_assert (); diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h index f16114c..81890c4 100644 --- a/lib/gnutls_sig.h +++ b/lib/gnutls_sig.h @@ -42,7 +42,8 @@ int _gnutls_verify_sig_hdata (gnutls_session_t session, int _gnutls_verify_sig_params (gnutls_session_t session, gnutls_cert * cert, const gnutls_datum_t * params, - gnutls_datum_t * signature); + gnutls_datum_t * signature, + gnutls_sign_algorithm_t algo); int _gnutls_sign (gnutls_pk_algorithm_t algo, bigint_t * params, int params_size, -- 1.6.3.3 From 9c823ed1449f1c83e73e9e8e513a4671a37b1b00 Mon Sep 17 00:00:00 2001 From: Daiki Ueno <ueno@...> Date: Mon, 31 Aug 2009 14:44:51 +0900 Subject: [PATCH 3/4] Use SHA256 for PRF if TLS 1.2. Use SHA256 for the basis of PRF, and for the hash over handshake messages. --- lib/gnutls_handshake.c \| 12 ++++++++++-- lib/gnutls_pk.c \| 4 ++-- lib/gnutls_state.c \| 4 ++-- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 7c10fbb..83dc54e 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -236,7 +236,7 @@ _gnutls_finished (gnutls_session_t session, int type, void ret) else { _gnutls_hash_deinit (&td_sha, concat); - len = 20; + len = _gnutls_hash_get_algo_len (td_sha.algorithm); } if (type == GNUTLS_SERVER) @@ -2170,6 +2170,8 @@ _gnutls_abort_handshake (gnutls_session_t session, int ret) inline static int _gnutls_handshake_hash_init (gnutls_session_t session) { + gnutls_protocol_t ver = gnutls_protocol_get_version (session); + gnutls_digest_algorithm_t hash_algo = GNUTLS_MAC_SHA1; if (session->internals.handshake_mac_handle_init == 0) { @@ -2183,9 +2185,15 @@ _gnutls_handshake_hash_init (gnutls_session_t session) return ret; } + / The algorithm to compute hash over handshake messages must be + same as the one used as the basis for PRF. By now we use + SHA256. / + if (_gnutls_version_has_selectable_prf (ver)) + hash_algo = GNUTLS_MAC_SHA256; + ret = _gnutls_hash_init (&session->internals.handshake_mac_handle_sha, - GNUTLS_MAC_SHA1); + hash_algo); if (ret < 0) { gnutls_assert (); diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index ff9fbf1..ccd98a4 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -500,8 +500,8 @@ _gnutls_dsa_verify (const gnutls_datum_t vdata, pk_params.params[i] = params[i]; pk_params.params_nr = params_len; - if (vdata->size != 20) - { /* sha-1 only / + if (vdata->size > 20) + { / SHA1 or better only / gnutls_assert (); return GNUTLS_E_PK_SIG_VERIFY_FAILED; } diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index e1bfc66..fede2a0 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -785,7 +785,7 @@ _gnutls_P_hash (gnutls_mac_algorithm_t algorithm, digest_hd_st td2; int i, times, how, blocksize, A_size; - opaque final[20], Atmp[MAX_SEED_SIZE]; + opaque final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE]; int output_bytes, result; if (seed_size > MAX_SEED_SIZE \|\| total_bytes <= 0) @@ -906,7 +906,7 @@ _gnutls_PRF (gnutls_session_t session, if (_gnutls_version_has_selectable_prf(ver)) { result = - _gnutls_P_hash (GNUTLS_MAC_SHA1, secret, secret_size, + _gnutls_P_hash (GNUTLS_MAC_SHA256, secret, secret_size, s_seed, s_seed_size, total_bytes, ret); if (result < 0) { -- 1.6.3.3 From ce9c5df0a84121129df9b32fdb6e379a61f111b2 Mon Sep 17 00:00:00 2001 From: Daiki Ueno <ueno@...> Date: Mon, 31 Aug 2009 14:48:12 +0900 Subject: [PATCH 4/4] Fix parsing Certificate Request for TLS 1.2. Fix the logic to skip supported_signature_algorithms in Certificate Request. --- lib/auth_cert.c \| 7 +++---- 1 files changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/auth_cert.c b/lib/auth_cert.c index a5244c8..0262878 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -1356,10 +1356,9 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque data, { /* read supported hashes */ int hash_num; - DECR_LEN (dsize, 1); - - hash_num = p[0] & 0xFF; - p++; + DECR_LEN (dsize, 2); + hash_num = _gnutls_read_uint16 (p); + p += 2; DECR_LEN (dsize, hash_num); p += hash_num; -- 1.6.3.3 Regards, -- Daiki Ueno _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: [PATCH] client-side TLS 1.2 support by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Daiki Ueno <ueno@...> writes: > I'm attaching a set of patches to provide minimal fix for client side > TLS 1.2 support. I've confirmed them working against Mike's test > server: > > $ gnutls-cli --debug 10 --protocols TLS1.2 -p 443 www.mikestoolbox.net Great! > static const gnutls_sign_entry sign_algorithms[] = { > {"RSA-SHA", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, > - GNUTLS_MAC_SHA1}, > + GNUTLS_MAC_SHA1, {2, 1}}, > {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA, > - GNUTLS_MAC_SHA256}, > + GNUTLS_MAC_SHA256, {4, 1}}, Please define some constants here instead of using hard coded values. Otherwise it looks good, I'll apply and test more carefully once you have fixed the above. /Simon _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: [PATCH] client-side TLS 1.2 support by Daiki Ueno :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message >>>>> In <87zl9gdxte.fsf@...> >>>>> Simon Josefsson <simon@...> wrote: > > static const gnutls_sign_entry sign_algorithms[] = { > > {"RSA-SHA", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, > > - GNUTLS_MAC_SHA1}, > > + GNUTLS_MAC_SHA1, {2, 1}}, > > {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA, > > - GNUTLS_MAC_SHA256}, > > + GNUTLS_MAC_SHA256, {4, 1}}, > Please define some constants here instead of using hard coded values. OK, here it is: From c79b147a3fc3cc048b501f46c8343b4efb2cfa48 Mon Sep 17 00:00:00 2001 From: Daiki Ueno <ueno@...> Date: Mon, 31 Aug 2009 21:09:18 +0900 Subject: [PATCH 5/5] Define constants for known SignatureAndHashAlgorithms. --- lib/gnutls_algorithms.c \| 20 +++++++++++++------- 1 files changed, 13 insertions(+), 7 deletions(-) diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 73179bb..9b8274c 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -1787,27 +1787,33 @@ struct gnutls_sign_entry gnutls_sign_algorithm_t id; gnutls_pk_algorithm_t pk; gnutls_mac_algorithm_t mac; - sign_algorithm_st aid; + sign_algorithm_st aid; /* SignatureAndHashAlgorithm */ }; typedef struct gnutls_sign_entry gnutls_sign_entry; #define TLS_SIGN_AID_UNKNOWN {255, 255} +#define TLS_SIGN_AID_RSA_SHA1 {2, 1} +#define TLS_SIGN_AID_RSA_SHA256 {4, 1} +#define TLS_SIGN_AID_RSA_SHA384 {5, 1} +#define TLS_SIGN_AID_RSA_SHA512 {6, 1} +#define TLS_SIGN_AID_DSA_SHA1 {2, 2} +#define TLS_SIGN_AID_RSA_MD5 {1, 2} static const gnutls_sign_entry sign_algorithms[] = { {"RSA-SHA", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA1, {2, 1}}, + GNUTLS_MAC_SHA1, TLS_SIGN_AID_RSA_SHA1}, {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA256, {4, 1}}, + GNUTLS_MAC_SHA256, TLS_SIGN_AID_RSA_SHA256}, {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA384, {5, 1}}, + GNUTLS_MAC_SHA384, TLS_SIGN_AID_RSA_SHA384}, {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA512, {6, 1}}, + GNUTLS_MAC_SHA512, TLS_SIGN_AID_RSA_SHA512}, {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA, GNUTLS_MAC_RMD160, TLS_SIGN_AID_UNKNOWN}, {"DSA-SHA", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA, - GNUTLS_MAC_SHA1, {2, 2}}, + GNUTLS_MAC_SHA1, TLS_SIGN_AID_DSA_SHA1}, {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA, - GNUTLS_MAC_MD5, {1, 1}}, + GNUTLS_MAC_MD5, TLS_SIGN_AID_RSA_MD5}, {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA, GNUTLS_MAC_MD2, TLS_SIGN_AID_UNKNOWN}, {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}, -- 1.6.3.3 Regards, -- Daiki Ueno _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: [PATCH] client-side TLS 1.2 support by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Daiki Ueno <ueno@...> writes: >>>>>> In <87zl9gdxte.fsf@...> >>>>>> Simon Josefsson <simon@...> wrote: >> > static const gnutls_sign_entry sign_algorithms[] = { >> > {"RSA-SHA", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, >> > - GNUTLS_MAC_SHA1}, >> > + GNUTLS_MAC_SHA1, {2, 1}}, >> > {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA, >> > - GNUTLS_MAC_SHA256}, >> > + GNUTLS_MAC_SHA256, {4, 1}}, > >> Please define some constants here instead of using hard coded values. > > OK, here it is: Thanks. > +#define TLS_SIGN_AID_RSA_SHA1 {2, 1} > +#define TLS_SIGN_AID_RSA_SHA256 {4, 1} > +#define TLS_SIGN_AID_RSA_SHA384 {5, 1} > +#define TLS_SIGN_AID_RSA_SHA512 {6, 1} > +#define TLS_SIGN_AID_DSA_SHA1 {2, 2} > +#define TLS_SIGN_AID_RSA_MD5 {1, 2} Where does these "magic" values come from? It was these values that I would prefer to use symbolic names for. /Simon _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: [PATCH] client-side TLS 1.2 support by Daiki Ueno :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message >>>>> In <87d46cdvg3.fsf@...> >>>>> Simon Josefsson <simon@...> wrote: > > +#define TLS_SIGN_AID_RSA_SHA1 {2, 1} > > +#define TLS_SIGN_AID_RSA_SHA256 {4, 1} > > +#define TLS_SIGN_AID_RSA_SHA384 {5, 1} > > +#define TLS_SIGN_AID_RSA_SHA512 {6, 1} > > +#define TLS_SIGN_AID_DSA_SHA1 {2, 2} > > +#define TLS_SIGN_AID_RSA_MD5 {1, 2} > Where does these "magic" values come from? It was these values that I > would prefer to use symbolic names for. RFC5246 7.4.1.4.1. defines those values as: enum { none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), sha512(6), (255) } HashAlgorithm; enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } SignatureAlgorithm; I first thought of redefining GNUTLS_SIGN_* with pairs of those values (like cipher suites definitions), but it will break the ABI... Regards, -- Daiki Ueno _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: [PATCH] client-side TLS 1.2 support by Daiki Ueno :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > > Where does these "magic" values come from? It was these values that I > > would prefer to use symbolic names for. Ah, sorry. Perhaps the attached might be better (it uses separate symbolic names for sign/hash algorithms). diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 73179bb..577d272 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -1787,27 +1787,51 @@ struct gnutls_sign_entry gnutls_sign_algorithm_t id; gnutls_pk_algorithm_t pk; gnutls_mac_algorithm_t mac; - sign_algorithm_st aid; + sign_algorithm_st aid; /* SignatureAndHashAlgorithm */ }; typedef struct gnutls_sign_entry gnutls_sign_entry; -#define TLS_SIGN_AID_UNKNOWN {255, 255} +#define TLS_SIGN_AID_HASH_UNKNOWN 255 +#define TLS_SIGN_AID_HASH_MD5 1 +#define TLS_SIGN_AID_HASH_SHA1 2 +#define TLS_SIGN_AID_HASH_SHA256 4 +#define TLS_SIGN_AID_HASH_SHA384 5 +#define TLS_SIGN_AID_HASH_SHA512 6 + +#define TLS_SIGN_AID_SIGN_UNKNOWN 255 +#define TLS_SIGN_AID_SIGN_RSA 1 +#define TLS_SIGN_AID_SIGN_DSA 2 + +#define TLS_SIGN_AID_UNKNOWN {TLS_SIGN_AID_HASH_UNKNOWN,\ + TLS_SIGN_AID_SIGN_UNKNOWN} +#define TLS_SIGN_AID_RSA_SHA1 {TLS_SIGN_AID_HASH_SHA1,\ + TLS_SIGN_AID_SIGN_RSA} +#define TLS_SIGN_AID_RSA_SHA256 {TLS_SIGN_AID_HASH_SHA256,\ + TLS_SIGN_AID_SIGN_RSA} +#define TLS_SIGN_AID_RSA_SHA384 {TLS_SIGN_AID_HASH_SHA384,\ + TLS_SIGN_AID_SIGN_RSA} +#define TLS_SIGN_AID_RSA_SHA512 {TLS_SIGN_AID_HASH_SHA512,\ + TLS_SIGN_AID_SIGN_RSA} +#define TLS_SIGN_AID_DSA_SHA1 {TLS_SIGN_AID_HASH_SHA1,\ + TLS_SIGN_AID_SIGN_DSA} +#define TLS_SIGN_AID_RSA_MD5 {TLS_SIGN_AID_HASH_MD5,\ + TLS_SIGN_AID_SIGN_RSA} static const gnutls_sign_entry sign_algorithms[] = { {"RSA-SHA", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA1, {2, 1}}, + GNUTLS_MAC_SHA1, TLS_SIGN_AID_RSA_SHA1}, {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA256, {4, 1}}, + GNUTLS_MAC_SHA256, TLS_SIGN_AID_RSA_SHA256}, {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA384, {5, 1}}, + GNUTLS_MAC_SHA384, TLS_SIGN_AID_RSA_SHA384}, {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA, - GNUTLS_MAC_SHA512, {6, 1}}, + GNUTLS_MAC_SHA512, TLS_SIGN_AID_RSA_SHA512}, {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA, GNUTLS_MAC_RMD160, TLS_SIGN_AID_UNKNOWN}, {"DSA-SHA", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA, - GNUTLS_MAC_SHA1, {2, 2}}, + GNUTLS_MAC_SHA1, TLS_SIGN_AID_DSA_SHA1}, {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA, - GNUTLS_MAC_MD5, {1, 1}}, + GNUTLS_MAC_MD5, TLS_SIGN_AID_RSA_MD5}, {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA, GNUTLS_MAC_MD2, TLS_SIGN_AID_UNKNOWN}, {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}, Regards, -- Daiki Ueno _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: [PATCH] client-side TLS 1.2 support by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Daiki Ueno <ueno@...> writes: >>>>>> In <87d46cdvg3.fsf@...> >>>>>> Simon Josefsson <simon@...> wrote: >> > +#define TLS_SIGN_AID_RSA_SHA1 {2, 1} >> > +#define TLS_SIGN_AID_RSA_SHA256 {4, 1} >> > +#define TLS_SIGN_AID_RSA_SHA384 {5, 1} >> > +#define TLS_SIGN_AID_RSA_SHA512 {6, 1} >> > +#define TLS_SIGN_AID_DSA_SHA1 {2, 2} >> > +#define TLS_SIGN_AID_RSA_MD5 {1, 2} > >> Where does these "magic" values come from? It was these values that I >> would prefer to use symbolic names for. > > RFC5246 7.4.1.4.1. defines those values as: > > enum { > none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), > sha512(6), (255) > } HashAlgorithm; > > enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } > SignatureAlgorithm; Thanks, I pushed your patches and added a comment explaining this. > I first thought of redefining GNUTLS_SIGN_* with pairs of those values > (like cipher suites definitions), but it will break the ABI... Right, it is not worth it. /Simon _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: [PATCH] client-side TLS 1.2 support by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some part was missing, for example the definition of the _gnutls_version_has_selectable_sighash function. /Simon _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: [PATCH] client-side TLS 1.2 support by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Simon Josefsson <simon@...> writes: > Some part was missing, for example the definition of the > _gnutls_version_has_selectable_sighash function. Never mind, I added a '#include <gnutls_algorithms.h>' and it compiled fine. Now testing... /Simon _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: [PATCH] client-side TLS 1.2 support by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Daiki Ueno <ueno@...> writes: >>>>>> In <87fxbdjt8v.fsf_-_@...> >>>>>> Simon Josefsson <simon@...> wrote: >> Daiki Ueno <ueno@...> writes: > >> >> Finishing the TLS 1.2 support and adding the new cipher suites is a >> >> high-priority task and it shouldn't be too difficult since there are TLS >> >> 1.2 test servers out there to test with. >> > >> > Thanks for the hint. I'll check which features of TLS 1.2 are not >> > implemented. Adding HMAC-SHA256 cipher suites looks one thing to do. > >> Actually TLS 1.2 is not working in GnuTLS now, the drafts changed how >> the negotiation worked after I implemented it and I never found time to >> update it to support the protocol defined by the final RFC. > > I just realized it ;-) > > I'm attaching a set of patches to provide minimal fix for client side > TLS 1.2 support. I've confirmed them working against Mike's test > server: > > $ gnutls-cli --debug 10 --protocols TLS1.2 -p 443 www.mikestoolbox.net Confirmed, also working against https://tls.woodgrovebank.com/ Before we enable TLS 1.2 by default, I think what is missing are: * Check server-side TLS 1.2 * Add SHA-2 ciphersuites * Add self-test of TLS 1.2 ciphers/features /Simon _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	[PATCH] add SHA-2 ciphersuites by Daiki Ueno :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message >>>>> In <87r5uscdkt.fsf@...> >>>>> Simon Josefsson <simon@...> wrote: > Confirmed, also working against Thanks for testing (and the #include fix). > Before we enable TLS 1.2 by default, I think what is missing are: > * Add SHA-2 ciphersuites Here it is: From b5e12a20a6894ed920fe79a3a336217f868769d1 Mon Sep 17 00:00:00 2001 From: Daiki Ueno <ueno@...> Date: Tue, 1 Sep 2009 08:02:05 +0900 Subject: [PATCH 1/2] Add SHA-2 cipher suites. --- lib/gnutls_algorithms.c \| 36 ++++++++++++++++++++++++++++++++++++ 1 files changed, 36 insertions(+), 0 deletions(-) diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index abf05a3..bfd8545 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -373,6 +373,9 @@ typedef struct #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 } #endif +#define GNUTLS_ANON_DH_AES_128_CBC_SHA256 { 0x00, 0x6C } +#define GNUTLS_ANON_DH_AES_256_CBC_SHA256 { 0x00, 0x6D } + /* PSK (not in TLS 1.0) * draft-ietf-tls-psk: / @@ -420,6 +423,9 @@ typedef struct #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 } #endif +#define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C } +#define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D } + / DHE DSS / @@ -442,6 +448,9 @@ typedef struct #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 } #endif +#define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 } +#define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A } + / DHE RSA / #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 } @@ -457,6 +466,9 @@ typedef struct #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 } #endif +#define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 } +#define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B } + #define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1 static const gnutls_cipher_suite_entry cs_algorithms[] = { @@ -484,6 +496,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_TLS1), #endif + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2), / PSK / GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1, @@ -571,6 +589,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_TLS1), #endif + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2), / DHE_RSA / GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, @@ -591,6 +615,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1), #endif + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2), / RSA */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5, GNUTLS_CIPHER_NULL, @@ -624,6 +654,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1), #endif + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2), + GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2), {0, {{0, 0}}, 0, 0, 0, 0} }; -- 1.6.3.3 As a next step, I will look into the server-side TLS 1.2 support. Regards, -- Daiki Ueno _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel
	Re: [PATCH] add SHA-2 ciphersuites by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Daiki Ueno <ueno@...> writes: >> Before we enable TLS 1.2 by default, I think what is missing are: > >> * Add SHA-2 ciphersuites > > Here it is: Short and simple, pushed. I also changed gnutls_priority.c so that SHA-256 is preferred over SHA-1 by default (only effective when TLS 1.2 is enabled, which it currently isn't until we've checked that server-side works). Thanks, /Simon _______________________________________________ Gnutls-devel mailing list Gnutls-devel@... http://lists.gnu.org/mailman/listinfo/gnutls-devel