Skip to content
Permalink
Browse files
8140466: ChaCha20 and Poly1305 TLS Cipher Suites
Reviewed-by: mdoerr
Backport-of: 962e755
  • Loading branch information
Alexey Bakhtin authored and Vladimir Kempik committed Jun 28, 2021
1 parent 8a40d25 commit e62d6a2f388dda2678b59e079e7e879a46164ce2
@@ -70,6 +70,9 @@
TLS_AES_256_GCM_SHA384(
0x1302, true, "TLS_AES_256_GCM_SHA384",
ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384),
TLS_CHACHA20_POLY1305_SHA256(
0x1303, true, "TLS_CHACHA20_POLY1305_SHA256",
ProtocolVersion.PROTOCOLS_OF_13, B_CC20_P1305, H_SHA256),

// Suite B compliant cipher suites, see RFC 6460.
//
@@ -91,11 +94,22 @@
// not forward secret cipher suites.
//

// Not suite B, but we want it to position the suite early in the list
// of 1.2 suites.
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(
0xCCA9, true, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "",
ProtocolVersion.PROTOCOLS_OF_12,
K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256),

// AES_256(GCM)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "",
ProtocolVersion.PROTOCOLS_OF_12,
K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(
0xCCA8, true, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "",
ProtocolVersion.PROTOCOLS_OF_12,
K_ECDHE_RSA, B_CC20_P1305, M_NULL, H_SHA256),
TLS_RSA_WITH_AES_256_GCM_SHA384(
0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "",
ProtocolVersion.PROTOCOLS_OF_12,
@@ -112,6 +126,10 @@
0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "",
ProtocolVersion.PROTOCOLS_OF_12,
K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(
0xCCAA, true, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "",
ProtocolVersion.PROTOCOLS_OF_12,
K_DHE_RSA, B_CC20_P1305, M_NULL, H_SHA256),
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "",
ProtocolVersion.PROTOCOLS_OF_12,
@@ -484,8 +502,6 @@

// Definition of the cipher suites that are not supported but the names
// are known.
TLS_CHACHA20_POLY1305_SHA256( // TLS 1.3
"TLS_CHACHA20_POLY1305_SHA256", 0x1303),
TLS_AES_128_CCM_SHA256( // TLS 1.3
"TLS_AES_128_CCM_SHA256", 0x1304),
TLS_AES_128_CCM_8_SHA256( // TLS 1.3
@@ -129,6 +129,11 @@ public Object run() {
*/
static final String CIPHER_AES_GCM = "AES/GCM/NoPadding";

/**
* JCE transformation string for ChaCha20-Poly1305
*/
static final String CIPHER_CHACHA20_POLY1305 = "ChaCha20-Poly1305";

/**
* JCA identifier string for DSA, i.e. a DSA with SHA-1.
*/

1 comment on commit e62d6a2

@openjdk-notifier

This comment has been minimized.

Copy link

@openjdk-notifier openjdk-notifier bot commented on e62d6a2 Jun 28, 2021

Please sign in to comment.