From: Martin Willi <martin@revosec.ch>
Date: Mon, 3 Feb 2014 17:08:11 +0000 (+0100)
Subject: tls: Define AES-GCM cipher suites from RFC 5288/5289
X-Git-Tag: 5.1.3rc1~11^2~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d06890d6e2bcea757c20cdf192badfd17fac8172;p=thirdparty%2Fstrongswan.git

tls: Define AES-GCM cipher suites from RFC 5288/5289
---

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 82b4b4cc76..0783b12b03 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -440,6 +440,16 @@ static suite_algs_t suite_algs[] = {
 		HASH_SHA384, PRF_HMAC_SHA2_384,
 		AUTH_HMAC_SHA2_384_384, ENCR_AES_CBC, 32
 	},
+	{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		KEY_ECDSA, ECP_256_BIT,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
+		AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16
+	},
+	{ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		KEY_ECDSA, ECP_384_BIT,
+		HASH_SHA384, PRF_HMAC_SHA2_384,
+		AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32
+	},
 	{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 		KEY_RSA, ECP_256_BIT,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
@@ -460,6 +470,16 @@ static suite_algs_t suite_algs[] = {
 		HASH_SHA384, PRF_HMAC_SHA2_384,
 		AUTH_HMAC_SHA2_384_384, ENCR_AES_CBC, 32
 	},
+	{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		KEY_RSA, ECP_256_BIT,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
+		AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16
+	},
+	{ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		KEY_RSA, ECP_384_BIT,
+		HASH_SHA384, PRF_HMAC_SHA2_384,
+		AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32
+	},
 	{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
 		KEY_RSA, MODP_2048_BIT,
 		HASH_SHA256,PRF_HMAC_SHA2_256,
@@ -480,6 +500,16 @@ static suite_algs_t suite_algs[] = {
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32
 	},
+	{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+		KEY_RSA, MODP_3072_BIT,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
+		AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16
+	},
+	{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+		KEY_RSA, MODP_4096_BIT,
+		HASH_SHA384, PRF_HMAC_SHA2_384,
+		AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32
+	},
 	{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
 		KEY_RSA, MODP_2048_BIT,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
@@ -525,6 +555,16 @@ static suite_algs_t suite_algs[] = {
 		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32
 	},
+	{ TLS_RSA_WITH_AES_128_GCM_SHA256,
+		KEY_RSA, MODP_NONE,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
+		AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16
+	},
+	{ TLS_RSA_WITH_AES_256_GCM_SHA384,
+		KEY_RSA, MODP_NONE,
+		HASH_SHA384, PRF_HMAC_SHA2_384,
+		AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32
+	},
 	{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
 		KEY_RSA, MODP_NONE,
 		HASH_SHA256, PRF_HMAC_SHA2_256,
@@ -771,6 +811,20 @@ static void filter_cipher_config_suites(private_tls_crypto_t *this,
 					suites[remaining++] = suites[i];
 					break;
 				}
+				if (strcaseeq(token, "aes128gcm") &&
+					suites[i].encr == ENCR_AES_GCM_ICV16 &&
+					suites[i].encr_size == 16)
+				{
+					suites[remaining++] = suites[i];
+					break;
+				}
+				if (strcaseeq(token, "aes256gcm") &&
+					suites[i].encr == ENCR_AES_GCM_ICV16 &&
+					suites[i].encr_size == 32)
+				{
+					suites[remaining++] = suites[i];
+					break;
+				}
 				if (strcaseeq(token, "camellia128") &&
 					suites[i].encr == ENCR_CAMELLIA_CBC &&
 					suites[i].encr_size == 16)