From 4c04b6e7148f9607446284ae896d979be96ababd Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 24 Oct 2013 11:30:51 -0700 Subject: [PATCH] add AES Blake2b 256 basic suites for speed tests --- cyassl/internal.h | 11 ++++++++++- src/internal.c | 36 +++++++++++++++++++++++++++++++++++ src/keys.c | 34 +++++++++++++++++++++++++++++++++ src/ssl.c | 6 ++++++ tests/test.conf | 48 +++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 134 insertions(+), 1 deletion(-) diff --git a/cyassl/internal.h b/cyassl/internal.h index 231cc03b1..6a87ec8bb 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -192,6 +192,10 @@ void c32to24(word32 in, word24 out); #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 #endif + #if defined(HAVE_BLAKE2) + #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 + #endif #endif #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) @@ -466,11 +470,16 @@ enum { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26, /* CyaSSL extension - eSTREAM */ - TLS_RSA_WITH_HC_128_CBC_B2B256 = 0xFA, TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB, TLS_RSA_WITH_HC_128_CBC_SHA = 0xFC, TLS_RSA_WITH_RABBIT_CBC_SHA = 0xFD, + /* CyaSSL extension - Blake2b 256 */ + TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8, + TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9, + TLS_RSA_WITH_HC_128_CBC_B2B256 = 0xFA, /* eSTREAM too */ + + /* CyaSSL extension - NTRU */ TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, diff --git a/src/internal.c b/src/internal.c index 6a4357544..fa53b3369 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1112,6 +1112,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #endif +#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 + if (tls && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256; + } +#endif + +#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 + if (tls && haveRSA) { + suites->suites[idx++] = 0; + suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256; + } +#endif + #ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA if (tls && haveRSA) { suites->suites[idx++] = 0; @@ -6153,6 +6167,14 @@ const char* const cipher_names[] = "HC128-B2B256", #endif +#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 + "AES128-B2B256", +#endif + +#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 + "AES256-B2B256", +#endif + #ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA "RABBIT-SHA", #endif @@ -6465,6 +6487,14 @@ int cipher_name_idx[] = TLS_RSA_WITH_HC_128_CBC_B2B256, #endif +#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 + TLS_RSA_WITH_AES_128_CBC_B2B256, +#endif + +#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 + TLS_RSA_WITH_AES_256_CBC_B2B256, +#endif + #ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA TLS_RSA_WITH_RABBIT_CBC_SHA, #endif @@ -9325,6 +9355,12 @@ static void PickHashSigAlgo(CYASSL* ssl, return 1; break; + case TLS_RSA_WITH_AES_128_CBC_B2B256: + case TLS_RSA_WITH_AES_256_CBC_B2B256: + if (requirement == REQUIRES_RSA) + return 1; + break; + case TLS_RSA_WITH_RABBIT_CBC_SHA : if (requirement == REQUIRES_RSA) return 1; diff --git a/src/keys.c b/src/keys.c index 0ccec8498..8ce2de04b 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1139,6 +1139,40 @@ int SetCipherSpecs(CYASSL* ssl) break; #endif +#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 + case TLS_RSA_WITH_AES_128_CBC_B2B256: + ssl->specs.bulk_cipher_algorithm = cyassl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = blake2b_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = BLAKE2B_256; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_128_KEY_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + + break; +#endif + +#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 + case TLS_RSA_WITH_AES_256_CBC_B2B256: + ssl->specs.bulk_cipher_algorithm = cyassl_aes; + ssl->specs.cipher_type = block; + ssl->specs.mac_algorithm = blake2b_mac; + ssl->specs.kea = rsa_kea; + ssl->specs.sig_algo = rsa_sa_algo; + ssl->specs.hash_size = BLAKE2B_256; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = AES_256_KEY_SIZE; + ssl->specs.iv_size = AES_IV_SIZE; + ssl->specs.block_size = AES_BLOCK_SIZE; + + break; +#endif + #ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA case TLS_RSA_WITH_RABBIT_CBC_SHA : ssl->specs.bulk_cipher_algorithm = cyassl_rabbit; diff --git a/src/ssl.c b/src/ssl.c index 3397c9f2c..164060186 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7530,6 +7530,12 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format) return "TLS_RSA_WITH_AES_128_CBC_SHA256"; case TLS_RSA_WITH_AES_256_CBC_SHA256 : return "TLS_RSA_WITH_AES_256_CBC_SHA256"; + #ifdef HAVE_BLAKE2 + case TLS_RSA_WITH_AES_128_CBC_B2B256: + return "TLS_RSA_WITH_AES_128_CBC_B2B256"; + case TLS_RSA_WITH_AES_256_CBC_B2B256: + return "TLS_RSA_WITH_AES_256_CBC_B2B256"; + #endif #ifndef NO_SHA case TLS_RSA_WITH_NULL_SHA : return "TLS_RSA_WITH_NULL_SHA"; diff --git a/tests/test.conf b/tests/test.conf index 87f73211f..6a646e554 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -774,6 +774,22 @@ -v 1 -l HC128-B2B256 +# server TLSv1 AES128-B2B256 +-v 1 +-l AES128-B2B256 + +# client TLSv1 AES128-B2B256 +-v 1 +-l AES128-B2B256 + +# server TLSv1 AES256-B2B256 +-v 1 +-l AES256-B2B256 + +# client TLSv1 AES256-B2B256 +-v 1 +-l AES256-B2B256 + # server TLSv1.1 HC128-SHA -v 2 -l HC128-SHA @@ -798,6 +814,22 @@ -v 2 -l HC128-B2B256 +# server TLSv1.1 AES128-B2B256 +-v 2 +-l AES128-B2B256 + +# client TLSv1.1 AES128-B2B256 +-v 2 +-l AES128-B2B256 + +# server TLSv1.1 AES256-B2B256 +-v 2 +-l AES256-B2B256 + +# client TLSv1.1 AES256-B2B256 +-v 2 +-l AES256-B2B256 + # server TLSv1.2 HC128-SHA -v 3 -l HC128-SHA @@ -822,6 +854,22 @@ -v 3 -l HC128-B2B256 +# server TLSv1.2 AES128-B2B256 +-v 3 +-l AES128-B2B256 + +# client TLSv1.2 AES128-B2B256 +-v 3 +-l AES128-B2B256 + +# server TLSv1.2 AES256-B2B256 +-v 3 +-l AES256-B2B256 + +# client TLSv1.2 AES256-B2B256 +-v 3 +-l AES256-B2B256 + # server TLSv1 RABBIT-SHA -v 1 -l RABBIT-SHA