Re: Enable Camellia ciphers with SHA-2 family HMAC

2016-08-25 Thread Bob Beck 
On Thursday, 25 August 2016, Ted Unangst  wrote:

> Andreas Bartelt wrote:
> > On 08/25/16 15:58, Brent Cook wrote:
> > > No objection here. Anyone else?
> > >
> >
> > in general, I personally would only add further cryptographic primitives
> > to a TLS configuration in case they provide sufficiently distinctive
> > advantages over the already available primitives. I don't see this for
> > Camellia since it doesn't seem to provide any better trade-offs than
> > AES. Or am I missing something here?
>
> Oh, I don't think we should add this to any default config. But the option
> should be available for users to configure.
>

yes on both counts

Re: Enable Camellia ciphers with SHA-2 family HMAC

2016-08-25 Thread Ted Unangst 
Andreas Bartelt wrote:
> On 08/25/16 15:58, Brent Cook wrote:
> > No objection here. Anyone else?
> >
> 
> in general, I personally would only add further cryptographic primitives 
> to a TLS configuration in case they provide sufficiently distinctive 
> advantages over the already available primitives. I don't see this for 
> Camellia since it doesn't seem to provide any better trade-offs than 
> AES. Or am I missing something here?

Oh, I don't think we should add this to any default config. But the option
should be available for users to configure.

Re: Enable Camellia ciphers with SHA-2 family HMAC

2016-08-25 Thread Ted Unangst 
Brent Cook wrote:
> No objection here. Anyone else?

No. Camellia doesn't get much attention, but if somebody cares to add new
modes for it, no reason to reject it.

Re: Enable Camellia ciphers with SHA-2 family HMAC

2016-08-25 Thread Andreas Bartelt 

On 08/25/16 15:58, Brent Cook wrote:

No objection here. Anyone else?



in general, I personally would only add further cryptographic primitives 
to a TLS configuration in case they provide sufficiently distinctive 
advantages over the already available primitives. I don't see this for 
Camellia since it doesn't seem to provide any better trade-offs than 
AES. Or am I missing something here?

Re: Enable Camellia ciphers with SHA-2 family HMAC

2016-08-25 Thread Brent Cook 
No objection here. Anyone else?

> On Aug 25, 2016, at 8:54 AM, Guenther Niess  wrote:
> 
> Hi,
> 
> is there a reason why the Camellia cipher suits with SHA2 HMAC is not
> supported?
> 
> I added them and tested the result with an Nginx server and the s_client
> command.
> 
> I would like to have a look to support the Camellia GCM based cipher
> suites, but if there is a reason why libressl shouldn't support them, I
> would spend my time with something else.
> 
> Best Regards,
> Guenther
> 
> 
> 
> Index: lib/libssl/src/ssl/s3_lib.c
> ===
> RCS file: /cvs/src/lib/libssl/src/ssl/s3_lib.c,v
> retrieving revision 1.108
> diff -u -p -r1.108 s3_lib.c
> --- lib/libssl/src/ssl/s3_lib.c   28 Apr 2016 16:39:45 -  1.108
> +++ lib/libssl/src/ssl/s3_lib.c   25 Aug 2016 13:45:27 -
> @@ -1805,6 +1805,138 @@ SSL_CIPHER ssl3_ciphers[] = {
>   .strength_bits = 256,
>   .alg_bits = 256,
>   },
> +
> +#ifndef OPENSSL_NO_CAMELLIA
> + /* TLS 1.2 ECDH Camellia based ciphersuites from RFC 6367 */
> +
> + /* Cipher C072 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .id = TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aECDSA,
> + .algorithm_enc = SSL_CAMELLIA128,
> + .algorithm_mac = SSL_SHA256,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
> + .strength_bits = 128,
> + .alg_bits = 128,
> + },
> +
> + /* Cipher C073 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .id = TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aECDSA,
> + .algorithm_enc = SSL_CAMELLIA256,
> + .algorithm_mac = SSL_SHA384,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
> + .strength_bits = 256,
> + .alg_bits = 256,
> + },
> +
> + /* Cipher C074 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .id = TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .algorithm_mkey = SSL_kECDHe,
> + .algorithm_auth = SSL_aECDH,
> + .algorithm_enc = SSL_CAMELLIA128,
> + .algorithm_mac = SSL_SHA256,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
> + .strength_bits = 128,
> + .alg_bits = 128,
> + },
> +
> + /* Cipher C075 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .id = TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .algorithm_mkey = SSL_kECDHe,
> + .algorithm_auth = SSL_aECDH,
> + .algorithm_enc = SSL_CAMELLIA256,
> + .algorithm_mac = SSL_SHA384,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
> + .strength_bits = 256,
> + .alg_bits = 256,
> + },
> +
> + /* Cipher C076 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .id = TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aRSA,
> + .algorithm_enc = SSL_CAMELLIA128,
> + .algorithm_mac = SSL_SHA256,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
> + .strength_bits = 128,
> + .alg_bits = 128,
> + },
> +
> + /* Cipher C077 */
> + {
> + .valid = 1,
> + .name = TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .id = TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
> + .algorithm_mkey = SSL_kECDHE,
> + .algorithm_auth = SSL_aRSA,
> + .algorithm_enc = SSL_CAMELLIA256,
> + .algorithm_mac = SSL_SHA384,
> + .algorithm_ssl = SSL_TLSV1_2,
> + .algo_strength = SSL_HIGH,
> + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
> + .strength_bits = 256,
> + .alg_bits = 256,
> + },
> +
> + /* Cipher