]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Added SuiteB ciphersuites. Added SUITEB128 and SUITEB192 priority strings.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 4 Jun 2011 08:03:55 +0000 (10:03 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 4 Jun 2011 18:21:32 +0000 (20:21 +0200)
SECURE256 was renamed to SECURE192 (because TLS ciphersuite's security level
was not enough to justify 256-bits).

NEWS
doc/cha-intro-tls.texi
lib/accelerated/intel/aes-gcm-x86.c
lib/accelerated/intel/aes-x86.c
lib/algorithms/ciphersuites.c
lib/gnutls_priority.c
lib/includes/gnutls/gnutls.h.in
lib/nettle/cipher.c

diff --git a/NEWS b/NEWS
index abf9d1855cad4d72d96e838e58e8748983b79a66..3562b9b9fecacafde7fecc823c78cd51464b94bf 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,9 @@ See the end for copying conditions.
 
 * Version 2.99.3 (unreleased)
 
+** libgnutls: Added SUITEB128 and SUITEB192 priority
+strings to enable the NSA SuiteB cryptography ciphersuites.
+
 ** libgnutls: Added gnutls_pubkey_verify_data2() that will
 verify data provided the signature algorithm.
 
index 7646992fba1726260033c135f35bf3ba914d0725..2f65e657c24f8ef9d9653b66a1dd27801c7f81fd 100644 (file)
@@ -445,12 +445,20 @@ included as a fallback only.  The ciphers are sorted by security
 margin.
 
 @item SECURE128: 
-Means all "secure" ciphersuites with ciphers up to 128
-bits, sorted by security margin.
+Means all "secure" ciphersuites of security level 128-bit
+or more.
 
-@item SECURE256:
-Means all "secure" ciphersuites including the 256 bit
-ciphers, sorted by security margin.
+@item SECURE192:
+Means all "secure" ciphersuites of security level 192-bit
+or more.
+
+@item SUITEB128: 
+Means all the NSA Suite B cryptography (RFC5430) ciphersuites
+with an 128 bit security level.
+
+@item SUITEB192:
+Means all the NSA Suite B cryptography (RFC5430) ciphersuites
+with an 192 bit security level.
 
 @item EXPORT:
 Means all ciphersuites are enabled, including the
index 22bbac9069a33f86dca3e66450ff60c45cff7fc8..2d5329b1b5869b841fd91f8a6b70e24eb54e54ea 100644 (file)
@@ -79,7 +79,8 @@ aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx)
   struct aes_gcm_ctx *ctx;
 
   /* we use key size to distinguish */
-  if (algorithm != GNUTLS_CIPHER_AES_128_GCM)
+  if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+      algorithm != GNUTLS_CIPHER_AES_256_GCM)
     return GNUTLS_E_INVALID_REQUEST;
 
   *_ctx = gnutls_calloc (1, sizeof (struct aes_gcm_ctx));
index 02c4549a1f04a18022134911cabbc31294aaff61..a04ffd4210cc430a5f08fa813d5923b15112ae92 100644 (file)
@@ -205,6 +205,14 @@ register_x86_crypto (void)
             {
               gnutls_assert ();
             }
+
+          ret =
+            gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_GCM,
+                                                  80, &aes_gcm_struct);
+          if (ret < 0)
+            {
+              gnutls_assert ();
+            }
         }
     }
 
index 773d30fe53f64026e4488081b7821727b6e24a1e..c371733fe6495b8549eae7152db0e02384dd895d 100644 (file)
@@ -38,10 +38,8 @@ _gnutls_qsort (gnutls_session_t session, void *_base, size_t nmemb,
 /* Cipher SUITES */
 #define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls ) \
        { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, GNUTLS_MAC_SHA256}
-#if 0
 #define GNUTLS_CIPHER_SUITE_ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, prf ) \
        { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, prf}
-#endif
 
 typedef struct
 {
@@ -220,6 +218,12 @@ typedef struct
 /* ECC with AES-GCM */
 #define GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256   {0xC0,0x2B}
 #define GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256     {0xC0,0x2F}
+#define GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384     {0xC0,0x30}
+
+/* SuiteB */
+#define GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384   {0xC0,0x2E}
+#define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384   {0xC0,0x24}
+
 
 /* ECC with PSK */
 #define GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA { 0xC0, 0x34 }
@@ -612,18 +616,31 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
                              GNUTLS_MAC_SHA256, GNUTLS_TLS1_0,
                              GNUTLS_VERSION_MAX, 1),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
+  GNUTLS_CIPHER_SUITE_ENTRY_PRF (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
                              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
                              GNUTLS_MAC_SHA384, GNUTLS_TLS1_0,
-                             GNUTLS_VERSION_MAX, 1),
+                             GNUTLS_VERSION_MAX, 1, GNUTLS_MAC_SHA384),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA256,
                              GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
                              GNUTLS_MAC_SHA256, GNUTLS_TLS1_0,
                              GNUTLS_VERSION_MAX, 1),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA384,
+  GNUTLS_CIPHER_SUITE_ENTRY_PRF (GNUTLS_ECDHE_PSK_NULL_SHA384,
                              GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
                              GNUTLS_MAC_SHA384, GNUTLS_TLS1_0,
-                             GNUTLS_VERSION_MAX, 1),
+                             GNUTLS_VERSION_MAX, 1, GNUTLS_MAC_SHA384),
+  GNUTLS_CIPHER_SUITE_ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
+                                GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
+                                GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+                                GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
+  GNUTLS_CIPHER_SUITE_ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
+                                GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
+                                GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+                                GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
+  GNUTLS_CIPHER_SUITE_ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
+                                GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
+                                GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                                GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
+
   {0, {{0, 0}}, 0, 0, 0, 0, 0, 0}
 };
 
index 73138b113d6afbc75d81b227b9c66b88850494a8..fb04232f3711f737496d463dad8a3a4df25fdec8 100644 (file)
@@ -230,7 +230,17 @@ static const int supported_ecc_secure128[] = {
   0
 };
 
-static const int supported_ecc_secure256[] = {
+static const int supported_ecc_suiteb128[] = {
+  GNUTLS_ECC_CURVE_SECP256R1,
+  0
+};
+
+static const int supported_ecc_suiteb192[] = {
+  GNUTLS_ECC_CURVE_SECP384R1,
+  0
+};
+
+static const int supported_ecc_secure192[] = {
   GNUTLS_ECC_CURVE_SECP521R1,
   0
 };
@@ -244,15 +254,22 @@ static const int protocol_priority[] = {
   0
 };
 
+static const int protocol_priority_suiteb[] = {
+  GNUTLS_TLS1_2,
+  0
+};
+
 static const int kx_priority_performance[] = {
   GNUTLS_KX_RSA,
   GNUTLS_KX_ECDHE_ECDSA,
   GNUTLS_KX_ECDHE_RSA,
   GNUTLS_KX_DHE_RSA,
   GNUTLS_KX_DHE_DSS,
-  /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
-   * GNUTLS_KX_RSA_EXPORT: Deprecated, don't add!
-   */
+  0
+};
+
+static const int kx_priority_suiteb[] = {
+  GNUTLS_KX_ECDHE_ECDSA,
   0
 };
 
@@ -283,33 +300,34 @@ static const int kx_priority_secure[] = {
 
 static const int cipher_priority_performance[] = {
   GNUTLS_CIPHER_ARCFOUR_128,
-#ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_CAMELLIA_128_CBC,
-#endif
   GNUTLS_CIPHER_AES_128_CBC,
   GNUTLS_CIPHER_3DES_CBC,
   GNUTLS_CIPHER_AES_256_CBC,
-#ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_CAMELLIA_256_CBC,
-#endif
-#ifdef NETTLE_GCM
   GNUTLS_CIPHER_AES_128_GCM,
-#endif
+  GNUTLS_CIPHER_AES_256_GCM,
+  0
+};
+
+static const int cipher_priority_suiteb128[] = {
+  GNUTLS_CIPHER_AES_128_GCM,
+  GNUTLS_CIPHER_AES_128_CBC,
+  0
+};
+
+static const int cipher_priority_suiteb192[] = {
+  GNUTLS_CIPHER_AES_256_GCM,
+  GNUTLS_CIPHER_AES_256_CBC,
   0
 };
 
 static const int cipher_priority_normal[] = {
   GNUTLS_CIPHER_AES_128_CBC,
-#ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_CAMELLIA_128_CBC,
-#endif
   GNUTLS_CIPHER_AES_256_CBC,
-#ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_CAMELLIA_256_CBC,
-#endif
-#ifdef NETTLE_GCM
   GNUTLS_CIPHER_AES_128_GCM,
-#endif
   GNUTLS_CIPHER_3DES_CBC,
   GNUTLS_CIPHER_ARCFOUR_128,
   0
@@ -317,29 +335,20 @@ static const int cipher_priority_normal[] = {
 
 static const int cipher_priority_secure128[] = {
   GNUTLS_CIPHER_AES_128_CBC,
-#ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_CAMELLIA_128_CBC,
-#endif
-#ifdef NETTLE_GCM
   GNUTLS_CIPHER_AES_128_GCM,
-#endif
   GNUTLS_CIPHER_3DES_CBC,
   0
 };
 
 
-static const int cipher_priority_secure256[] = {
+static const int cipher_priority_secure192[] = {
   GNUTLS_CIPHER_AES_256_CBC,
-#ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_CAMELLIA_256_CBC,
-#endif
   GNUTLS_CIPHER_AES_128_CBC,
-#ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_CAMELLIA_128_CBC,
-#endif
-#ifdef NETTLE_GCM
   GNUTLS_CIPHER_AES_128_GCM,
-#endif
+  GNUTLS_CIPHER_AES_256_GCM,
   GNUTLS_CIPHER_3DES_CBC,
   0
 };
@@ -348,10 +357,8 @@ static const int cipher_priority_secure256[] = {
 static const int cipher_priority_export[] = {
   GNUTLS_CIPHER_AES_128_CBC,
   GNUTLS_CIPHER_AES_256_CBC,
-#ifdef ENABLE_CAMELLIA
   GNUTLS_CIPHER_CAMELLIA_128_CBC,
   GNUTLS_CIPHER_CAMELLIA_256_CBC,
-#endif
   GNUTLS_CIPHER_AES_128_GCM,
   GNUTLS_CIPHER_3DES_CBC,
   GNUTLS_CIPHER_ARCFOUR_128,
@@ -386,14 +393,28 @@ static const int sign_priority_default[] = {
   0
 };
 
+static const int sign_priority_suiteb128[] = {
+  GNUTLS_SIGN_ECDSA_SHA256,
+  0
+};
+
+static const int sign_priority_suiteb192[] = {
+  GNUTLS_SIGN_ECDSA_SHA384,
+  0
+};
+
 static const int sign_priority_secure128[] = {
   GNUTLS_SIGN_RSA_SHA256,
   GNUTLS_SIGN_DSA_SHA256,
   GNUTLS_SIGN_ECDSA_SHA256,
+  GNUTLS_SIGN_RSA_SHA384,
+  GNUTLS_SIGN_ECDSA_SHA384,
+  GNUTLS_SIGN_RSA_SHA512,
+  GNUTLS_SIGN_ECDSA_SHA512,
   0
 };
 
-static const int sign_priority_secure256[] = {
+static const int sign_priority_secure192[] = {
   GNUTLS_SIGN_RSA_SHA512,
   GNUTLS_SIGN_ECDSA_SHA512,
   0
@@ -402,16 +423,35 @@ static const int sign_priority_secure256[] = {
 static const int mac_priority_normal[] = {
   GNUTLS_MAC_SHA1,
   GNUTLS_MAC_SHA256,
+  GNUTLS_MAC_SHA384,
   GNUTLS_MAC_AEAD,
   GNUTLS_MAC_MD5,
   0
 };
 
+static const int mac_priority_suiteb128[] = {
+  GNUTLS_MAC_SHA256,
+  GNUTLS_MAC_SHA384,
+  GNUTLS_MAC_AEAD,
+  0
+};
+
+static const int mac_priority_suiteb192[] = {
+  GNUTLS_MAC_SHA384,
+  GNUTLS_MAC_AEAD,
+  0
+};
 
-static const int mac_priority_secure[] = {
+static const int mac_priority_secure128[] = {
   GNUTLS_MAC_SHA256,
+  GNUTLS_MAC_SHA384,
+  GNUTLS_MAC_AEAD,
+  0
+};
+
+static const int mac_priority_secure192[] = {
+  GNUTLS_MAC_SHA384,
   GNUTLS_MAC_AEAD,
-  GNUTLS_MAC_SHA1,
   0
 };
 
@@ -526,11 +566,17 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority)
  * included as a fallback only.  The ciphers are sorted by security
  * margin.
  *
- * "SECURE128" means all "secure" ciphersuites with ciphers up to 128
- * bits, sorted by security margin.
+ * "SECURE128" means all "secure" ciphersuites of security level 128-bit
+ * or more.
+ *
+ * "SECURE192" means all "secure" ciphersuites of security level 192-bit
+ * or more.
  *
- * "SECURE256" means all "secure" ciphersuites including the 256 bit
- * ciphers, sorted by security margin.
+ * "SUITEB128" means all the NSA SuiteB ciphersuites with security level
+ * of 128.
+ *
+ * "SUITEB192" means all the NSA SuiteB ciphersuites with security level
+ * of 192.
  *
  * "EXPORT" means all ciphersuites are enabled, including the
  * low-security 40 bit ciphers.
@@ -638,31 +684,54 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
           _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
         }
       else if (strcasecmp (broken_list[i], "SECURE256") == 0
-               || strcasecmp (broken_list[i], "SECURE") == 0)
+               || strcasecmp (broken_list[i], "SECURE192") == 0)
         {
           _set_priority (&(*priority_cache)->cipher,
-                         cipher_priority_secure256);
+                         cipher_priority_secure192);
           _set_priority (&(*priority_cache)->kx, kx_priority_secure);
-          _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+          _set_priority (&(*priority_cache)->mac, mac_priority_secure192);
           _set_priority (&(*priority_cache)->sign_algo,
-                         sign_priority_secure256);
-          _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_secure256);
+                         sign_priority_secure192);
+          _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_secure192);
         }
-      else if (strcasecmp (broken_list[i], "SECURE128") == 0)
+      else if (strcasecmp (broken_list[i], "SECURE128") == 0
+               || strcasecmp (broken_list[i], "SECURE") == 0)
         {
           _set_priority (&(*priority_cache)->cipher,
                          cipher_priority_secure128);
           _set_priority (&(*priority_cache)->kx, kx_priority_secure);
-          _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+          _set_priority (&(*priority_cache)->mac, mac_priority_secure128);
           _set_priority (&(*priority_cache)->sign_algo,
                          sign_priority_secure128);
           _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_secure128);
         }
+      else if (strcasecmp (broken_list[i], "SUITEB128") == 0)
+        {
+          _set_priority (&(*priority_cache)->protocol, protocol_priority_suiteb);
+          _set_priority (&(*priority_cache)->cipher,
+                         cipher_priority_suiteb128);
+          _set_priority (&(*priority_cache)->kx, kx_priority_suiteb);
+          _set_priority (&(*priority_cache)->mac, mac_priority_suiteb128);
+          _set_priority (&(*priority_cache)->sign_algo,
+                         sign_priority_suiteb128);
+          _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_suiteb128);
+        }
+      else if (strcasecmp (broken_list[i], "SUITEB192") == 0)
+        {
+          _set_priority (&(*priority_cache)->protocol, protocol_priority_suiteb);
+          _set_priority (&(*priority_cache)->cipher,
+                         cipher_priority_suiteb192);
+          _set_priority (&(*priority_cache)->kx, kx_priority_suiteb);
+          _set_priority (&(*priority_cache)->mac, mac_priority_suiteb192);
+          _set_priority (&(*priority_cache)->sign_algo,
+                         sign_priority_suiteb192);
+          _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_suiteb192);
+        }
       else if (strcasecmp (broken_list[i], "EXPORT") == 0)
         {
           _set_priority (&(*priority_cache)->cipher, cipher_priority_export);
           _set_priority (&(*priority_cache)->kx, kx_priority_export);
-          _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+          _set_priority (&(*priority_cache)->mac, mac_priority_secure128);
           _set_priority (&(*priority_cache)->sign_algo,
                          sign_priority_default);
           _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
@@ -779,7 +848,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
           else if (strncasecmp (&broken_list[i][1], "MAC-ALL", 7) == 0)
             {
                   bulk_fn (&(*priority_cache)->mac,
-                                mac_priority_secure);
+                                mac_priority_secure128);
             }
           else if (strncasecmp (&broken_list[i][1], "CIPHER-ALL", 10) == 0)
             {
index 95a575ff09e203d3b6ac120aaf55220642ff344e..9c4b690d55bec1a06f9549f1824a575f4febb580 100644 (file)
@@ -81,6 +81,7 @@ extern "C"
    * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
    * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
    * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
+   * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
    * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
    * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
    * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
@@ -108,6 +109,7 @@ extern "C"
     GNUTLS_CIPHER_DES_CBC = 91,
     GNUTLS_CIPHER_AES_192_CBC = 92,
     GNUTLS_CIPHER_AES_128_GCM = 93,
+    GNUTLS_CIPHER_AES_256_GCM = 94,
 
     /* used only for PGP internals. Ignored in TLS/SSL
      */
index 6e5946130a02298d3c0f25005df9ac2909b47211..9c8d1267caed551c7cb2d3ec12d21c513e2c23f9 100644 (file)
@@ -183,6 +183,7 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx)
     {
 #ifdef NETTLE_GCM
     case GNUTLS_CIPHER_AES_128_GCM:
+    case GNUTLS_CIPHER_AES_256_GCM:
       ctx->encrypt = _gcm_encrypt;
       ctx->decrypt = _gcm_decrypt;
       ctx->i_encrypt = (nettle_crypt_func*) aes_bidi_encrypt;
@@ -264,6 +265,7 @@ wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize)
     {
 #ifdef NETTLE_GCM
     case GNUTLS_CIPHER_AES_128_GCM:
+    case GNUTLS_CIPHER_AES_256_GCM:
       gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
       break;
 #endif
@@ -331,6 +333,7 @@ struct nettle_cipher_ctx *ctx = _ctx;
     {
 #ifdef NETTLE_GCM
     case GNUTLS_CIPHER_AES_128_GCM:
+    case GNUTLS_CIPHER_AES_256_GCM:
       if (ivsize != GCM_DEFAULT_NONCE_SIZE)
         {
           gnutls_assert ();