Register CCM ciphersuites (not implemented yet)
diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h
index 28a5855..5ecd5fe 100644
--- a/include/polarssl/ssl_ciphersuites.h
+++ b/include/polarssl/ssl_ciphersuites.h
@@ -210,6 +210,29 @@
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
+#define TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
+#define TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */
+#define TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */
+#define TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */
+#define TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */
+#define TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */
+#define TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */
+#define TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */
+#define TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */
+#define TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */
+/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
+
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */
+
typedef enum {
POLARSSL_KEY_EXCHANGE_NONE = 0,
POLARSSL_KEY_EXCHANGE_RSA,
@@ -226,7 +249,9 @@
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
-#define POLARSSL_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
+#define POLARSSL_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
+#define POLARSSL_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag,
+ eg for CCM_8 */
/**
* \brief This structure is used for storing ciphersuite information
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index e88c5d4..b973aaa 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -51,13 +51,15 @@
* Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
* 2. By key length and cipher:
* AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
- * 3. By cipher mode when relevant GCM > CBC
- * 4. By hash function used
+ * 3. By cipher mode when relevant CCM > GCM > CBC > CCM_8
+ * 4. By hash function used when relevant
* 5. By key exchange/auth again: EC > non-EC
*/
static const int ciphersuite_preference[] =
{
/* All AES-256 ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
+ TLS_DHE_RSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
@@ -67,6 +69,8 @@
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+ TLS_DHE_RSA_WITH_AES_256_CCM_8,
/* All CAMELLIA-256 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
@@ -78,6 +82,8 @@
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
/* All AES-128 ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
+ TLS_DHE_RSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -87,6 +93,8 @@
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+ TLS_DHE_RSA_WITH_AES_128_CCM_8,
/* All CAMELLIA-128 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
@@ -103,6 +111,7 @@
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
/* The PSK ephemeral suites */
+ TLS_DHE_PSK_WITH_AES_256_CCM,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
@@ -111,7 +120,9 @@
TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS_DHE_PSK_WITH_AES_256_CCM_8,
+ TLS_DHE_PSK_WITH_AES_128_CCM,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
@@ -120,11 +131,13 @@
TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS_DHE_PSK_WITH_AES_128_CCM_8,
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
/* All AES-256 suites */
+ TLS_RSA_WITH_AES_256_CCM,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
@@ -134,6 +147,7 @@
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CCM_8,
/* All CAMELLIA-256 suites */
TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
@@ -145,6 +159,7 @@
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
/* All AES-128 suites */
+ TLS_RSA_WITH_AES_128_CCM,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
@@ -154,6 +169,7 @@
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CCM_8,
/* All CAMELLIA-128 suites */
TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
@@ -185,17 +201,21 @@
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
/* The PSK suites */
+ TLS_PSK_WITH_AES_256_CCM,
TLS_PSK_WITH_AES_256_GCM_SHA384,
TLS_PSK_WITH_AES_256_CBC_SHA384,
TLS_PSK_WITH_AES_256_CBC_SHA,
TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+ TLS_PSK_WITH_AES_256_CCM_8,
+ TLS_PSK_WITH_AES_128_CCM,
TLS_PSK_WITH_AES_128_GCM_SHA256,
TLS_PSK_WITH_AES_128_CBC_SHA256,
TLS_PSK_WITH_AES_128_CBC_SHA,
TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+ TLS_PSK_WITH_AES_128_CCM_8,
TLS_PSK_WITH_3DES_EDE_CBC_SHA,
@@ -240,7 +260,7 @@
0
};
-#define MAX_CIPHERSUITES 160
+#define MAX_CIPHERSUITES 176
static int supported_ciphersuites[MAX_CIPHERSUITES];
static int supported_init = 0;
@@ -294,6 +314,28 @@
0 },
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_SHA512_C */
+#if defined(POLARSSL_CCM_C)
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
+ POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
+ POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_SHORT_TAG },
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+ POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
+ POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_SHORT_TAG },
+#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
@@ -533,6 +575,28 @@
0 },
#endif /* POLARSSL_SHA1_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_CCM_C)
+ { TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
+ POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
+ POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_SHORT_TAG },
+ { TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
+ POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
+ POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_SHORT_TAG },
+#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
@@ -646,6 +710,28 @@
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_SHA1_C */
+#if defined(POLARSSL_CCM_C)
+ { TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
+ POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
+ POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_SHORT_TAG },
+ { TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
+ POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
+ POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_SHORT_TAG },
+#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
@@ -1018,6 +1104,28 @@
0 },
#endif /* POLARSSL_SHA1_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_CCM_C)
+ { TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
+ POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
+ POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_SHORT_TAG },
+ { TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
+ POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
+ POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_SHORT_TAG },
+#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
@@ -1132,6 +1240,28 @@
0 },
#endif /* POLARSSL_SHA1_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_CCM_C)
+ { TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
+ POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
+ POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_SHORT_TAG },
+ { TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
+ POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ 0 },
+ { TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
+ POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_SHORT_TAG },
+#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)