From: Nikos Mavrogiannopoulos Date: Sat, 4 Jun 2011 08:03:55 +0000 (+0200) Subject: Added SuiteB ciphersuites. Added SUITEB128 and SUITEB192 priority strings. X-Git-Tag: gnutls_2_99_3~52 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=402df96be2bad49e8ea371334ce5df3acb48fbbb;p=thirdparty%2Fgnutls.git Added SuiteB ciphersuites. Added SUITEB128 and SUITEB192 priority strings. SECURE256 was renamed to SECURE192 (because TLS ciphersuite's security level was not enough to justify 256-bits). --- diff --git a/NEWS b/NEWS index abf9d1855c..3562b9b9fe 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,9 @@ See the end for copying conditions. * Version 2.99.3 (unreleased) +** libgnutls: Added SUITEB128 and SUITEB192 priority +strings to enable the NSA SuiteB cryptography ciphersuites. + ** libgnutls: Added gnutls_pubkey_verify_data2() that will verify data provided the signature algorithm. diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index 7646992fba..2f65e657c2 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -445,12 +445,20 @@ included as a fallback only. The ciphers are sorted by security margin. @item SECURE128: -Means all "secure" ciphersuites with ciphers up to 128 -bits, sorted by security margin. +Means all "secure" ciphersuites of security level 128-bit +or more. -@item SECURE256: -Means all "secure" ciphersuites including the 256 bit -ciphers, sorted by security margin. +@item SECURE192: +Means all "secure" ciphersuites of security level 192-bit +or more. + +@item SUITEB128: +Means all the NSA Suite B cryptography (RFC5430) ciphersuites +with an 128 bit security level. + +@item SUITEB192: +Means all the NSA Suite B cryptography (RFC5430) ciphersuites +with an 192 bit security level. @item EXPORT: Means all ciphersuites are enabled, including the diff --git a/lib/accelerated/intel/aes-gcm-x86.c b/lib/accelerated/intel/aes-gcm-x86.c index 22bbac9069..2d5329b1b5 100644 --- a/lib/accelerated/intel/aes-gcm-x86.c +++ b/lib/accelerated/intel/aes-gcm-x86.c @@ -79,7 +79,8 @@ aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx) struct aes_gcm_ctx *ctx; /* we use key size to distinguish */ - if (algorithm != GNUTLS_CIPHER_AES_128_GCM) + if (algorithm != GNUTLS_CIPHER_AES_128_GCM && + algorithm != GNUTLS_CIPHER_AES_256_GCM) return GNUTLS_E_INVALID_REQUEST; *_ctx = gnutls_calloc (1, sizeof (struct aes_gcm_ctx)); diff --git a/lib/accelerated/intel/aes-x86.c b/lib/accelerated/intel/aes-x86.c index 02c4549a1f..a04ffd4210 100644 --- a/lib/accelerated/intel/aes-x86.c +++ b/lib/accelerated/intel/aes-x86.c @@ -205,6 +205,14 @@ register_x86_crypto (void) { gnutls_assert (); } + + ret = + gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_GCM, + 80, &aes_gcm_struct); + if (ret < 0) + { + gnutls_assert (); + } } } diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 773d30fe53..c371733fe6 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -38,10 +38,8 @@ _gnutls_qsort (gnutls_session_t session, void *_base, size_t nmemb, /* Cipher SUITES */ #define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls ) \ { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, GNUTLS_MAC_SHA256} -#if 0 #define GNUTLS_CIPHER_SUITE_ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, prf ) \ { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, prf} -#endif typedef struct { @@ -220,6 +218,12 @@ typedef struct /* ECC with AES-GCM */ #define GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256 {0xC0,0x2B} #define GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 {0xC0,0x2F} +#define GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 {0xC0,0x30} + +/* SuiteB */ +#define GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 {0xC0,0x2E} +#define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384 {0xC0,0x24} + /* ECC with PSK */ #define GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA { 0xC0, 0x34 } @@ -612,18 +616,31 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, + GNUTLS_CIPHER_SUITE_ENTRY_PRF (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_0, - GNUTLS_VERSION_MAX, 1), + GNUTLS_VERSION_MAX, 1, GNUTLS_MAC_SHA384), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA384, + GNUTLS_CIPHER_SUITE_ENTRY_PRF (GNUTLS_ECDHE_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_0, - GNUTLS_VERSION_MAX, 1), + GNUTLS_VERSION_MAX, 1, GNUTLS_MAC_SHA384), + GNUTLS_CIPHER_SUITE_ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), + GNUTLS_CIPHER_SUITE_ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), + GNUTLS_CIPHER_SUITE_ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), + {0, {{0, 0}}, 0, 0, 0, 0, 0, 0} }; diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 73138b113d..fb04232f37 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -230,7 +230,17 @@ static const int supported_ecc_secure128[] = { 0 }; -static const int supported_ecc_secure256[] = { +static const int supported_ecc_suiteb128[] = { + GNUTLS_ECC_CURVE_SECP256R1, + 0 +}; + +static const int supported_ecc_suiteb192[] = { + GNUTLS_ECC_CURVE_SECP384R1, + 0 +}; + +static const int supported_ecc_secure192[] = { GNUTLS_ECC_CURVE_SECP521R1, 0 }; @@ -244,15 +254,22 @@ static const int protocol_priority[] = { 0 }; +static const int protocol_priority_suiteb[] = { + GNUTLS_TLS1_2, + 0 +}; + static const int kx_priority_performance[] = { GNUTLS_KX_RSA, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_KX_ECDHE_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, - /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add! - * GNUTLS_KX_RSA_EXPORT: Deprecated, don't add! - */ + 0 +}; + +static const int kx_priority_suiteb[] = { + GNUTLS_KX_ECDHE_ECDSA, 0 }; @@ -283,33 +300,34 @@ static const int kx_priority_secure[] = { static const int cipher_priority_performance[] = { GNUTLS_CIPHER_ARCFOUR_128, -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, -#endif GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_AES_256_CBC, -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_256_CBC, -#endif -#ifdef NETTLE_GCM GNUTLS_CIPHER_AES_128_GCM, -#endif + GNUTLS_CIPHER_AES_256_GCM, + 0 +}; + +static const int cipher_priority_suiteb128[] = { + GNUTLS_CIPHER_AES_128_GCM, + GNUTLS_CIPHER_AES_128_CBC, + 0 +}; + +static const int cipher_priority_suiteb192[] = { + GNUTLS_CIPHER_AES_256_GCM, + GNUTLS_CIPHER_AES_256_CBC, 0 }; static const int cipher_priority_normal[] = { GNUTLS_CIPHER_AES_128_CBC, -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, -#endif GNUTLS_CIPHER_AES_256_CBC, -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_256_CBC, -#endif -#ifdef NETTLE_GCM GNUTLS_CIPHER_AES_128_GCM, -#endif GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, 0 @@ -317,29 +335,20 @@ static const int cipher_priority_normal[] = { static const int cipher_priority_secure128[] = { GNUTLS_CIPHER_AES_128_CBC, -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, -#endif -#ifdef NETTLE_GCM GNUTLS_CIPHER_AES_128_GCM, -#endif GNUTLS_CIPHER_3DES_CBC, 0 }; -static const int cipher_priority_secure256[] = { +static const int cipher_priority_secure192[] = { GNUTLS_CIPHER_AES_256_CBC, -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_256_CBC, -#endif GNUTLS_CIPHER_AES_128_CBC, -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, -#endif -#ifdef NETTLE_GCM GNUTLS_CIPHER_AES_128_GCM, -#endif + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_3DES_CBC, 0 }; @@ -348,10 +357,8 @@ static const int cipher_priority_secure256[] = { static const int cipher_priority_export[] = { GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, -#ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_CAMELLIA_256_CBC, -#endif GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, @@ -386,14 +393,28 @@ static const int sign_priority_default[] = { 0 }; +static const int sign_priority_suiteb128[] = { + GNUTLS_SIGN_ECDSA_SHA256, + 0 +}; + +static const int sign_priority_suiteb192[] = { + GNUTLS_SIGN_ECDSA_SHA384, + 0 +}; + static const int sign_priority_secure128[] = { GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_DSA_SHA256, GNUTLS_SIGN_ECDSA_SHA256, + GNUTLS_SIGN_RSA_SHA384, + GNUTLS_SIGN_ECDSA_SHA384, + GNUTLS_SIGN_RSA_SHA512, + GNUTLS_SIGN_ECDSA_SHA512, 0 }; -static const int sign_priority_secure256[] = { +static const int sign_priority_secure192[] = { GNUTLS_SIGN_RSA_SHA512, GNUTLS_SIGN_ECDSA_SHA512, 0 @@ -402,16 +423,35 @@ static const int sign_priority_secure256[] = { static const int mac_priority_normal[] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_SHA256, + GNUTLS_MAC_SHA384, GNUTLS_MAC_AEAD, GNUTLS_MAC_MD5, 0 }; +static const int mac_priority_suiteb128[] = { + GNUTLS_MAC_SHA256, + GNUTLS_MAC_SHA384, + GNUTLS_MAC_AEAD, + 0 +}; + +static const int mac_priority_suiteb192[] = { + GNUTLS_MAC_SHA384, + GNUTLS_MAC_AEAD, + 0 +}; -static const int mac_priority_secure[] = { +static const int mac_priority_secure128[] = { GNUTLS_MAC_SHA256, + GNUTLS_MAC_SHA384, + GNUTLS_MAC_AEAD, + 0 +}; + +static const int mac_priority_secure192[] = { + GNUTLS_MAC_SHA384, GNUTLS_MAC_AEAD, - GNUTLS_MAC_SHA1, 0 }; @@ -526,11 +566,17 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) * included as a fallback only. The ciphers are sorted by security * margin. * - * "SECURE128" means all "secure" ciphersuites with ciphers up to 128 - * bits, sorted by security margin. + * "SECURE128" means all "secure" ciphersuites of security level 128-bit + * or more. + * + * "SECURE192" means all "secure" ciphersuites of security level 192-bit + * or more. * - * "SECURE256" means all "secure" ciphersuites including the 256 bit - * ciphers, sorted by security margin. + * "SUITEB128" means all the NSA SuiteB ciphersuites with security level + * of 128. + * + * "SUITEB192" means all the NSA SuiteB ciphersuites with security level + * of 192. * * "EXPORT" means all ciphersuites are enabled, including the * low-security 40 bit ciphers. @@ -638,31 +684,54 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal); } else if (strcasecmp (broken_list[i], "SECURE256") == 0 - || strcasecmp (broken_list[i], "SECURE") == 0) + || strcasecmp (broken_list[i], "SECURE192") == 0) { _set_priority (&(*priority_cache)->cipher, - cipher_priority_secure256); + cipher_priority_secure192); _set_priority (&(*priority_cache)->kx, kx_priority_secure); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->mac, mac_priority_secure192); _set_priority (&(*priority_cache)->sign_algo, - sign_priority_secure256); - _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_secure256); + sign_priority_secure192); + _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_secure192); } - else if (strcasecmp (broken_list[i], "SECURE128") == 0) + else if (strcasecmp (broken_list[i], "SECURE128") == 0 + || strcasecmp (broken_list[i], "SECURE") == 0) { _set_priority (&(*priority_cache)->cipher, cipher_priority_secure128); _set_priority (&(*priority_cache)->kx, kx_priority_secure); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->mac, mac_priority_secure128); _set_priority (&(*priority_cache)->sign_algo, sign_priority_secure128); _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_secure128); } + else if (strcasecmp (broken_list[i], "SUITEB128") == 0) + { + _set_priority (&(*priority_cache)->protocol, protocol_priority_suiteb); + _set_priority (&(*priority_cache)->cipher, + cipher_priority_suiteb128); + _set_priority (&(*priority_cache)->kx, kx_priority_suiteb); + _set_priority (&(*priority_cache)->mac, mac_priority_suiteb128); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_suiteb128); + _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_suiteb128); + } + else if (strcasecmp (broken_list[i], "SUITEB192") == 0) + { + _set_priority (&(*priority_cache)->protocol, protocol_priority_suiteb); + _set_priority (&(*priority_cache)->cipher, + cipher_priority_suiteb192); + _set_priority (&(*priority_cache)->kx, kx_priority_suiteb); + _set_priority (&(*priority_cache)->mac, mac_priority_suiteb192); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_suiteb192); + _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_suiteb192); + } else if (strcasecmp (broken_list[i], "EXPORT") == 0) { _set_priority (&(*priority_cache)->cipher, cipher_priority_export); _set_priority (&(*priority_cache)->kx, kx_priority_export); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->mac, mac_priority_secure128); _set_priority (&(*priority_cache)->sign_algo, sign_priority_default); _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal); @@ -779,7 +848,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, else if (strncasecmp (&broken_list[i][1], "MAC-ALL", 7) == 0) { bulk_fn (&(*priority_cache)->mac, - mac_priority_secure); + mac_priority_secure128); } else if (strncasecmp (&broken_list[i][1], "CIPHER-ALL", 10) == 0) { diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 95a575ff09..9c4b690d55 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -81,6 +81,7 @@ extern "C" * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys. * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys). * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys. + * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys. * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode. * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode. * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode. @@ -108,6 +109,7 @@ extern "C" GNUTLS_CIPHER_DES_CBC = 91, GNUTLS_CIPHER_AES_192_CBC = 92, GNUTLS_CIPHER_AES_128_GCM = 93, + GNUTLS_CIPHER_AES_256_GCM = 94, /* used only for PGP internals. Ignored in TLS/SSL */ diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index 6e5946130a..9c8d1267ca 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -183,6 +183,7 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx) { #ifdef NETTLE_GCM case GNUTLS_CIPHER_AES_128_GCM: + case GNUTLS_CIPHER_AES_256_GCM: ctx->encrypt = _gcm_encrypt; ctx->decrypt = _gcm_decrypt; ctx->i_encrypt = (nettle_crypt_func*) aes_bidi_encrypt; @@ -264,6 +265,7 @@ wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize) { #ifdef NETTLE_GCM case GNUTLS_CIPHER_AES_128_GCM: + case GNUTLS_CIPHER_AES_256_GCM: gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key); break; #endif @@ -331,6 +333,7 @@ struct nettle_cipher_ctx *ctx = _ctx; { #ifdef NETTLE_GCM case GNUTLS_CIPHER_AES_128_GCM: + case GNUTLS_CIPHER_AES_256_GCM: if (ivsize != GCM_DEFAULT_NONCE_SIZE) { gnutls_assert ();