]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Added ECC ciphersuites from rfc5289.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 22 May 2011 20:27:59 +0000 (22:27 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 22 May 2011 20:27:59 +0000 (22:27 +0200)
lib/algorithms/ciphersuites.c

index a765cb924b381d89e3dc71d0168f845c58fc6901..2f775bca0e7dcd8ff3bb3520e2ce0b378db471cc 100644 (file)
@@ -208,6 +208,14 @@ typedef struct
 #define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA    { 0xC0, 0x09 }
 #define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA    { 0xC0, 0x0A }
 
+/* ECC with SHA2 */
+#define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256     {0xC0,0x23}
+#define GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256       {0xC0,0x27}
+
+/* ECC with AES-GCM */
+#define GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256   {0xC0,0x2B}
+#define GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256     {0xC0,0x2F}
+
 #define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1)
 
 /* FIXME: what we don't handle here is TLS 1.2 requirement
@@ -555,6 +563,25 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
                              GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
                              GNUTLS_VERSION_MAX, 1),
+  /* More ECC */
+
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
+                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
+                             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+                             GNUTLS_VERSION_MAX, 1),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
+                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
+                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_2,
+                             GNUTLS_VERSION_MAX, 1),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256,
+                             GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
+                             GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+                             GNUTLS_VERSION_MAX, 1),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256,
+                             GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA,
+                             GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+                             GNUTLS_VERSION_MAX, 1),
+  {0, {{0, 0}}, 0, 0, 0, 0, 0, 0}
 };
 
 #define GNUTLS_CIPHER_SUITE_LOOP(b) \