diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index 0f420aeb5..af179e3f3 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -24,6 +24,10 @@ pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true); pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true); +pref("security.ssl3.ecdhe_ecdsa_camellia_128_gcm_sha256", true); +pref("security.ssl3.ecdhe_rsa_camellia_128_gcm_sha256", true); +pref("security.ssl3.ecdhe_ecdsa_camellia_256_gcm_sha384", true); +pref("security.ssl3.ecdhe_rsa_camellia_256_gcm_sha384", true); pref("security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384", true); pref("security.ssl3.ecdhe_rsa_aes_256_gcm_sha384", true); pref("security.ssl3.ecdhe_ecdsa_camellia_256_sha384", true); @@ -34,10 +38,14 @@ pref("security.ssl3.ecdhe_rsa_aes_128_sha", true); pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true); pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); +pref("security.ssl3.dhe_rsa_camellia_256_gcm_sha384", true); +pref("security.ssl3.dhe_rsa_camellia_128_gcm_sha256", true); pref("security.ssl3.dhe_rsa_camellia_256_sha", true); pref("security.ssl3.dhe_rsa_camellia_128_sha", true); pref("security.ssl3.rsa_aes_256_gcm_sha384", true); pref("security.ssl3.rsa_aes_256_sha256", true); +pref("security.ssl3.rsa_camellia_128_gcm_sha256", true); +pref("security.ssl3.rsa_camellia_256_gcm_sha384", true); pref("security.ssl3.rsa_camellia_128_sha", true); pref("security.ssl3.rsa_camellia_256_sha", true); pref("security.ssl3.rsa_aes_128_sha", true); diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index 6fbe295ac..63cd58c15 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1328,6 +1328,16 @@ static const CipherPref sCipherPrefs[] = { { "security.ssl3.ecdhe_rsa_aes_256_gcm_sha384", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, true }, + { "security.ssl3.ecdhe_ecdsa_camellia_256_gcm_sha384", + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, true }, + { "security.ssl3.ecdhe_rsa_camellia_256_gcm_sha384", + TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, true }, + + { "security.ssl3.ecdhe_ecdsa_camellia_128_gcm_sha256", + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, true }, + { "security.ssl3.ecdhe_rsa_camellia_128_gcm_sha256", + TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, true }, + { "security.ssl3.ecdhe_ecdsa_camellia_256_sha384", TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, true }, { "security.ssl3.ecdhe_rsa_camellia_256_sha384", @@ -1348,6 +1358,11 @@ static const CipherPref sCipherPrefs[] = { { "security.ssl3.ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true }, + { "security.ssl3.dhe_rsa_camellia_256_gcm_sha384", + TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, true}, + { "security.ssl3.dhe_rsa_camellia_128_gcm_sha256", + TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, true }, + { "security.ssl3.dhe_rsa_camellia_256_sha", TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, true}, { "security.ssl3.dhe_rsa_aes_256_sha", @@ -1370,9 +1385,13 @@ static const CipherPref sCipherPrefs[] = { TLS_RSA_WITH_AES_256_GCM_SHA384, true }, { "security.ssl3.rsa_aes_256_sha256", TLS_RSA_WITH_AES_256_CBC_SHA256, true }, - {"security.ssl3.rsa_camellia_128_sha", + { "security.ssl3.rsa_camellia_256_gcm_sha384", + TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, true}, + { "security.ssl3.rsa_camellia_128_gcm_sha256", + TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, true }, + { "security.ssl3.rsa_camellia_128_sha", TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, true }, - {"security.ssl3.rsa_camellia_256_sha", + { "security.ssl3.rsa_camellia_256_sha", TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, true }, { "security.ssl3.rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA, true }, diff --git a/security/nss/lib/pk11wrap/debug_module.c b/security/nss/lib/pk11wrap/debug_module.c index 6dddb24b4..f1f33103d 100644 --- a/security/nss/lib/pk11wrap/debug_module.c +++ b/security/nss/lib/pk11wrap/debug_module.c @@ -409,6 +409,7 @@ print_mechanism(CK_MECHANISM_PTR m) CASE(CKM_CAMELLIA_KEY_GEN); CASE(CKM_CAMELLIA_MAC); CASE(CKM_CAMELLIA_MAC_GENERAL); + CASE(CKM_CAMELLIA_GCM); CASE(CKM_CDMF_CBC); CASE(CKM_CDMF_CBC_PAD); CASE(CKM_CDMF_ECB); diff --git a/security/nss/lib/pk11wrap/pk11mech.c b/security/nss/lib/pk11wrap/pk11mech.c index cfbe45b22..c0eab2699 100644 --- a/security/nss/lib/pk11wrap/pk11mech.c +++ b/security/nss/lib/pk11wrap/pk11mech.c @@ -223,6 +223,7 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len) case CKM_CAMELLIA_MAC_GENERAL: case CKM_CAMELLIA_CBC_PAD: case CKM_CAMELLIA_KEY_GEN: + case CKM_CAMELLIA_GCM: return CKK_CAMELLIA; case CKM_NSS_CHACHA20_POLY1305: case CKM_NSS_CHACHA20_KEY_GEN: @@ -443,6 +444,7 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size) case CKM_CAMELLIA_MAC_GENERAL: case CKM_CAMELLIA_CBC_PAD: case CKM_CAMELLIA_KEY_GEN: + case CKM_CAMELLIA_GCM: return CKM_CAMELLIA_KEY_GEN; case CKM_NSS_CHACHA20_POLY1305: case CKM_NSS_CHACHA20_CTR: @@ -796,6 +798,7 @@ PK11_GetIVLength(CK_MECHANISM_TYPE type) case CKM_CAST5_CBC_PAD: return 8; case CKM_AES_GCM: + case CKM_CAMELLIA_GCM: case CKM_NSS_CHACHA20_POLY1305: return 12; case CKM_SEED_CBC: diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index c44ed9b49..2b741ab27 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -879,6 +879,7 @@ PK11_GetSlotList(CK_MECHANISM_TYPE type) return &pk11_seedSlotList; case CKM_CAMELLIA_CBC: case CKM_CAMELLIA_ECB: + case CKM_CAMELLIA_GCM: return &pk11_camelliaSlotList; case CKM_AES_CBC: case CKM_AES_CCM: diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 6c535cf77..10e564d02 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -339,6 +339,7 @@ static const struct mechanismList mechanisms[] = { { CKM_CAMELLIA_MAC, { 16, 32, CKF_SN_VR }, PR_TRUE }, { CKM_CAMELLIA_MAC_GENERAL, { 16, 32, CKF_SN_VR }, PR_TRUE }, { CKM_CAMELLIA_CBC_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE }, + { CKM_CAMELLIA_GCM, { 16, 32, CKF_EN_DE }, PR_TRUE}, /* ------------------------- SEED Operations --------------------------- */ { CKM_SEED_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE }, { CKM_SEED_ECB, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE }, diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 245376a5e..2750e5861 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -98,6 +98,10 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around * bug 946147. */ @@ -123,6 +127,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -151,6 +157,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { /* RSA */ { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, @@ -297,6 +305,14 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = cipher_camellia_256, ssl_mac_sha, kea_dhe_dss, ssl_hash_none }, { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, ssl_mac_sha, kea_dhe_rsa, ssl_hash_none }, + { TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, + cipher_camellia_256_gcm, ssl_mac_aead, kea_dhe_rsa, ssl_hash_sha384}, + { TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + cipher_camellia_128_gcm, ssl_mac_aead, kea_dhe_rsa, ssl_hash_sha256}, + { TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, + cipher_camellia_256_gcm, ssl_mac_aead, kea_rsa, ssl_hash_sha384}, + { TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, + cipher_camellia_128_gcm, ssl_mac_aead, kea_rsa, ssl_hash_sha256}, { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, ssl_mac_aead, kea_dhe_rsa, ssl_hash_sha256 }, { TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, ssl_mac_aead, kea_rsa, ssl_hash_sha256 }, @@ -308,6 +324,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, ssl_hmac_sha384, kea_ecdhe_ecdsa, ssl_hash_sha384 }, { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, ssl_hmac_sha384, kea_ecdhe_rsa, ssl_hash_sha384 }, + { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, cipher_camellia_256_gcm, ssl_mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha384}, + { TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, cipher_camellia_256_gcm, ssl_mac_aead, kea_ecdhe_rsa, ssl_hash_sha384}, + { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, ssl_mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha256}, + { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, ssl_mac_aead, kea_ecdhe_rsa, ssl_hash_sha256}, { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, cipher_camellia_256, ssl_hmac_sha384, kea_ecdhe_ecdsa, ssl_hash_sha384 }, { TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, cipher_camellia_256, ssl_hmac_sha384, kea_ecdhe_rsa, ssl_hash_sha384 }, { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, cipher_camellia_128, ssl_hmac_sha256, kea_ecdhe_ecdsa, ssl_hash_sha256 }, @@ -401,6 +421,7 @@ static const SSLCipher2Mech alg2Mech[] = { { ssl_calg_camellia, CKM_CAMELLIA_CBC }, { ssl_calg_seed, CKM_SEED_CBC }, { ssl_calg_aes_gcm, CKM_AES_GCM }, + { ssl_calg_camellia_gcm, CKM_CAMELLIA_GCM }, { ssl_calg_chacha20, CKM_NSS_CHACHA20_POLY1305 }, }; @@ -599,6 +620,14 @@ ssl3_CipherSuiteAllowedForVersionRange(ssl3CipherSuite cipherSuite, case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: + case TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256: + case TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384: + case TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: + case TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: + case TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: + case TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: + case TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: + case TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2 && vrange->min < SSL_LIBRARY_VERSION_TLS_1_3; @@ -1815,6 +1844,68 @@ ssl3_AESGCM(const ssl3KeyMaterial *keys, return rv; } +static SECStatus +ssl3_CamelliaGCM(const ssl3KeyMaterial *keys, + PRBool doDecrypt, + unsigned char *out, + unsigned int *outlen, + unsigned int maxout, + const unsigned char *in, + unsigned int inlen, + const unsigned char *additionalData, + unsigned int additionalDataLen) +{ + SECItem param; + SECStatus rv = SECFailure; + unsigned char nonce[12]; + unsigned int uOutLen; + CK_GCM_PARAMS gcmParams; + + const int tagSize = 16; + const int explicitNonceLen = 8; + + /* See https://tools.ietf.org/html/rfc5288#section-3 for details of how the + * nonce is formed. */ + memcpy(nonce, keys->iv, 4); + if (doDecrypt) { + memcpy(nonce + 4, in, explicitNonceLen); + in += explicitNonceLen; + inlen -= explicitNonceLen; + *outlen = 0; + } else { + if (maxout < explicitNonceLen) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + /* Use the 64-bit sequence number as the explicit nonce. */ + memcpy(nonce + 4, additionalData, explicitNonceLen); + memcpy(out, additionalData, explicitNonceLen); + out += explicitNonceLen; + maxout -= explicitNonceLen; + *outlen = explicitNonceLen; + } + + param.type = siBuffer; + param.data = (unsigned char *)&gcmParams; + param.len = sizeof(gcmParams); + gcmParams.pIv = nonce; + gcmParams.ulIvLen = sizeof(nonce); + gcmParams.pAAD = (unsigned char *)additionalData; /* const cast */ + gcmParams.ulAADLen = additionalDataLen; + gcmParams.ulTagBits = tagSize * 8; + + if (doDecrypt) { + rv = PK11_Decrypt(keys->key, CKM_CAMELLIA_GCM, ¶m, out, &uOutLen, + maxout, in, inlen); + } else { + rv = PK11_Encrypt(keys->key, CKM_CAMELLIA_GCM, ¶m, out, &uOutLen, + maxout, in, inlen); + } + *outlen += (int)uOutLen; + + return rv; +} + static SECStatus ssl3_ChaCha20Poly1305(const ssl3KeyMaterial *keys, PRBool doDecrypt, unsigned char *out, unsigned int *outlen, unsigned int maxout, @@ -1892,6 +1983,9 @@ ssl3_InitPendingContexts(sslSocket *ss, ssl3CipherSpec *spec) case ssl_calg_aes_gcm: spec->aead = ssl3_AESGCM; break; + case ssl_calg_camellia_gcm: + spec->aead = ssl3_CamelliaGCM; + break; case ssl_calg_chacha20: spec->aead = ssl3_ChaCha20Poly1305; break; diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index eac20ab3e..0c85e7e35 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -763,21 +763,25 @@ static const ssl3CipherSuite ssl_all_ec_suites[] = { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, @@ -804,12 +808,14 @@ static const ssl3CipherSuite ssl_dhe_suites[] = { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index 56df461a7..41b8a8634 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -65,6 +65,10 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. */ @@ -90,6 +94,8 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, @@ -117,6 +123,8 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 1b3eeb293..c5aaee83b 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -236,7 +236,7 @@ typedef struct { #endif } ssl3CipherSuiteCfg; -#define ssl_V3_SUITES_IMPLEMENTED 75 +#define ssl_V3_SUITES_IMPLEMENTED 83 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 6d5a39cc8..1818620ae 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -210,6 +210,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, #define C_SJ "SKIPJACK", ssl_calg_sj #define C_AESGCM "AES-GCM", ssl_calg_aes_gcm #define C_CHACHA20 "CHACHA20POLY1305", ssl_calg_chacha20 +#define C_CAMELLIAGCM "CAMELLIA-GCM", ssl_calg_camellia_gcm /* "block cipher" sizes */ #define B_256 256, 256, 256 @@ -248,16 +249,19 @@ static const SSLCipherSuiteInfo suiteInfo[] = { { 0, CS(RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_RSAD, ssl_hash_sha256 }, { 0, CS(DHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_DHE, C_CHACHA20, B_256, M_AEAD_128, F_NFIPS_STD, A_RSAS, ssl_hash_sha256 }, + { 0, CS(DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384), S_RSA, K_DHE, C_CAMELLIAGCM, B_256, M_SHA, F_NFIPS_STD, A_RSAS, ssl_hash_sha384 }, { 0, CS(DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, F_NFIPS_STD, A_RSAS, ssl_hash_none }, { 0, CS(DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, F_NFIPS_STD, A_DSA, ssl_hash_none }, { 0, CS(DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, F_FIPS_STD, A_RSAS, ssl_hash_sha256 }, { 0, CS(DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, F_FIPS_STD, A_RSAS, ssl_hash_none }, { 0, CS(DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, F_FIPS_STD, A_DSA, ssl_hash_none }, { 0, CS(DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, F_FIPS_STD, A_DSA, ssl_hash_sha256 }, + { 0, CS(RSA_WITH_CAMELLIA_256_GCM_SHA384), S_RSA, K_RSA, C_CAMELLIAGCM, B_256, M_SHA, F_NFIPS_STD, A_RSAS, ssl_hash_sha384 }, { 0, CS(RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, F_NFIPS_STD, A_RSAD, ssl_hash_none }, { 0, CS(RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, F_FIPS_STD, A_RSAD, ssl_hash_sha256 }, { 0, CS(RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, F_FIPS_STD, A_RSAD, ssl_hash_none }, + { 0, CS(DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256), S_RSA, K_DHE, C_CAMELLIAGCM, B_128, M_SHA, F_NFIPS_STD, A_RSAS, ssl_hash_sha256 }, { 0, CS(DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M_SHA, F_NFIPS_STD, A_RSAS, ssl_hash_none }, { 0, CS(DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, F_NFIPS_STD, A_DSA, ssl_hash_none }, { 0, CS(DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, F_NFIPS_STD, A_DSA, ssl_hash_none }, @@ -268,6 +272,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { { 0, CS(DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, F_FIPS_STD, A_DSA, ssl_hash_none }, { 0, CS(DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, F_FIPS_STD, A_DSA, ssl_hash_sha256 }, { 0, CS(RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED, B_128, M_SHA, F_FIPS_STD, A_RSAD, ssl_hash_none }, + { 0, CS(RSA_WITH_CAMELLIA_128_GCM_SHA256), S_RSA, K_RSA, C_CAMELLIAGCM, B_128, M_SHA, F_NFIPS_STD, A_RSAS, ssl_hash_sha256 }, { 0, CS(RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, F_NFIPS_STD, A_RSAD, ssl_hash_none }, { 0, CS(RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, F_NFIPS_STD, A_RSAD, ssl_hash_none }, { 0, CS(RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, F_NFIPS_STD, A_RSAD, ssl_hash_none }, @@ -325,6 +330,11 @@ static const SSLCipherSuiteInfo suiteInfo[] = { { 0, CS(ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAS, ssl_hash_sha384 }, { 0, CS(ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384), S_RSA, K_ECDHE, C_CAMELLIA, B_256, M_SHA384, F_NFIPS_STD, A_RSAS, ssl_hash_sha384 }, + { 0, CS(ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_CAMELLIAGCM, B_128, M_AEAD_128, F_NFIPS_STD, A_ECDSA, ssl_hash_sha256 }, + { 0, CS(ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256), S_RSA, K_ECDHE, C_CAMELLIAGCM, B_128, M_AEAD_128, F_NFIPS_STD, A_RSAS, ssl_hash_sha256 }, + { 0, CS(ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384), S_ECDSA, K_ECDHE, C_CAMELLIAGCM, B_256, M_AEAD_128, F_NFIPS_STD, A_ECDSA, ssl_hash_sha384 }, + { 0, CS(ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384), S_RSA, K_ECDHE, C_CAMELLIAGCM, B_256, M_AEAD_128, F_NFIPS_STD, A_RSAS, ssl_hash_sha384 }, + { 0, CS(DHE_DSS_WITH_AES_256_GCM_SHA384), S_DSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_DSA, ssl_hash_sha384 }, { 0, CS(DHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAS, ssl_hash_sha384 }, { 0, CS(RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_RSA, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAD, ssl_hash_sha384 }, diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index ba5239b25..ddf73b379 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -143,6 +143,11 @@ #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2 #define TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 0x00A3 +#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A +#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B +#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C +#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D + /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client. * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending * back an empty Renegotiation Info (RI) server hello extension. @@ -205,6 +210,13 @@ #define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 #define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 +/* RFC 6367 2.2 GCM, ephemeral only */ +#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 +#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 +#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A +#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B + + /* draft-ietf-tls-chacha20-poly1305-04 */ #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 diff --git a/security/nss/lib/ssl/sslspec.h b/security/nss/lib/ssl/sslspec.h index ca9ef540f..66774d8df 100644 --- a/security/nss/lib/ssl/sslspec.h +++ b/security/nss/lib/ssl/sslspec.h @@ -43,6 +43,8 @@ typedef enum { cipher_aes_128_gcm, cipher_aes_256_gcm, cipher_chacha20, + cipher_camellia_128_gcm, + cipher_camellia_256_gcm, cipher_missing /* reserved for no such supported cipher */ /* This enum must match ssl3_cipherName[] in ssl3con.c. */ } SSL3BulkCipher; diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index 47efa2e4d..561d78f8f 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -199,7 +199,8 @@ typedef enum { ssl_calg_camellia = 8, ssl_calg_seed = 9, ssl_calg_aes_gcm = 10, - ssl_calg_chacha20 = 11 + ssl_calg_chacha20 = 11, + ssl_calg_camellia_gcm = 12 } SSLCipherAlgorithm; typedef enum { diff --git a/security/nss/lib/util/pkcs11t.h b/security/nss/lib/util/pkcs11t.h index ca0001710..1e42553d8 100644 --- a/security/nss/lib/util/pkcs11t.h +++ b/security/nss/lib/util/pkcs11t.h @@ -918,6 +918,7 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_CAMELLIA_CBC_PAD 0x00000555 #define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556 #define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557 +#define CKM_CAMELLIA_GCM 0x00000558 #define CKM_SEED_KEY_GEN 0x00000650 #define CKM_SEED_ECB 0x00000651