Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- diff --git a/src/tls/cipher_suites.go b/src/cipher_suites.go
- index 9eb699f1c..99c169a7a 100644
- --- a/src/tls/cipher_suites.go
- +++ b/src/tls/cipher_suites.go
- @@ -13,6 +13,7 @@ import (
- "crypto/rc4"
- "crypto/sha1"
- "crypto/sha256"
- + "crypto/sha512"
- "crypto/x509"
- "hash"
- "internal/x/crypto/chacha20poly1305"
- @@ -85,7 +86,9 @@ var cipherSuites = []*cipherSuite{
- {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM},
- {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
- {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil},
- + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, cipherAES, macSHA384, nil},
- {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
- + {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, cipherAES, macSHA256, nil},
- {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil},
- {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil},
- {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil},
- @@ -94,6 +97,7 @@ var cipherSuites = []*cipherSuite{
- {TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, rsaKA, suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
- {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil},
- {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil},
- + {TLS_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, rsaKA, suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
- {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil},
- {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, 0, cipher3DES, macSHA1, nil},
- @@ -152,6 +156,19 @@ func macSHA1(version uint16, key []byte) macFunction {
- return tls10MAC{h: hmac.New(newConstantTimeHash(sha1.New), key)}
- }
- +// macSHA384 returns a macFunction for the given protocol version.
- +func macSHA384(version uint16, key []byte) macFunction {
- + if version == VersionSSL30 {
- + mac := ssl30MAC{
- + h: sha512.New384(),
- + key: make([]byte, len(key)),
- + }
- + copy(mac.key, key)
- + return mac
- + }
- + return tls10MAC{h: hmac.New(sha512.New384, key)}
- +}
- +
- // macSHA256 returns a SHA-256 based MAC. These are only supported in TLS 1.2
- // so the given version is ignored.
- func macSHA256(version uint16, key []byte) macFunction {
- @@ -443,6 +460,7 @@ const (
- TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f
- TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035
- TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003c
- + TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003d
- TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c
- TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007
- @@ -453,7 +471,9 @@ const (
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc023
- + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xc024
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc027
- + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xc028
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030
- diff --git a/src/tls/decrypt.go b/src/tls/decrypt.go
- index 0cc354a61..e9569a81c 100644
- --- a/src/tls/decrypt.go
- +++ b/src/tls/decrypt.go
- @@ -178,6 +178,7 @@ var csByName = map[string]uint16{
- "TLS_RSA_WITH_3DES_EDE_CBC_SHA": 0x000a,
- "TLS_RSA_WITH_AES_128_CBC_SHA": 0x002f,
- "TLS_RSA_WITH_AES_256_CBC_SHA": 0x0035,
- + "TLS_RSA_WITH_AES_256_CBC_SHA256": 0x003d,
- "TLS_RSA_WITH_AES_128_GCM_SHA256": 0x009c,
- "TLS_RSA_WITH_AES_256_GCM_SHA384": 0x009d,
- "TLS_AES_128_GCM_SHA256": 0x1301,
- @@ -191,7 +192,9 @@ var csByName = map[string]uint16{
- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 0xc013,
- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 0xc014,
- "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 0xc023,
- + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 0xc024,
- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 0xc027,
- + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": 0xc028,
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 0xc02b,
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 0xc02c,
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 0xc02f,
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement