1 files changed, 64 insertions, 76 deletions
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 2395e98642..71e5f349dd 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -1,18 +1,19 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2013. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2015. All Rights Reserved.
 %%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
 %%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
 %%
 %% %CopyrightEnd%
 %%
@@ -166,7 +167,7 @@ setup_keys(Version, PrfAlgo, MasterSecret, ServerRandom, ClientRandom, HashSize,
     {ClientWriteMacSecret, ServerWriteMacSecret, ClientWriteKey,
      ServerWriteKey, ClientIV, ServerIV}.
 
--spec mac_hash(integer(), binary(), integer(), integer(), tls_version(),
+-spec mac_hash(integer(), binary(), integer(), integer(), tls_record:tls_version(),
 	       integer(), binary()) -> binary().
 
 mac_hash(Method, Mac_write_secret, Seq_num, Type, {Major, Minor},
@@ -181,25 +182,9 @@ mac_hash(Method, Mac_write_secret, Seq_num, Type, {Major, Minor},
 		     Fragment]),
     Mac.
 
--spec suites(1|2|3) -> [cipher_suite()].
-
-suites(Minor) when Minor == 1; Minor == 2->
-    case sufficent_ec_support() of
-	true ->
-	    all_suites(Minor);
-	false ->
-	    no_ec_suites(Minor)
-    end;
-
-suites(Minor) when Minor == 3 ->
-    case sufficent_ec_support() of
-	true ->
-	    all_suites(3) ++ all_suites(2);
-	false ->
-	    no_ec_suites(3) ++ no_ec_suites(2)
-    end.
-
-all_suites(Minor) when Minor == 1; Minor == 2->
+-spec suites(1|2|3) -> [ssl_cipher:cipher_suite()].
+
+suites(Minor) when Minor == 1; Minor == 2 ->
     [
       ?TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
       ?TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
@@ -224,63 +209,54 @@ all_suites(Minor) when Minor == 1; Minor == 2->
       ?TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
       ?TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
       ?TLS_RSA_WITH_AES_128_CBC_SHA,
-
-      ?TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-      ?TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-      ?TLS_RSA_WITH_RC4_128_SHA,
-      ?TLS_RSA_WITH_RC4_128_MD5,
       ?TLS_DHE_RSA_WITH_DES_CBC_SHA,
-      ?TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-      ?TLS_ECDH_RSA_WITH_RC4_128_SHA,
-
       ?TLS_RSA_WITH_DES_CBC_SHA
     ];
-all_suites(3) ->
+suites(3) ->
     [
+     ?TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+     ?TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+
+     ?TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     ?TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
      ?TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
      ?TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+     ?TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+     ?TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
      ?TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
      ?TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
 
+     ?TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+     ?TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     ?TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
      ?TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
      ?TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
+     ?TLS_RSA_WITH_AES_256_GCM_SHA384,
      ?TLS_RSA_WITH_AES_256_CBC_SHA256,
 
+     ?TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     ?TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
      ?TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
      ?TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+     ?TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+     ?TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
      ?TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
      ?TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
 
+     ?TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     ?TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
      ?TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
      ?TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+     ?TLS_RSA_WITH_AES_128_GCM_SHA256,
      ?TLS_RSA_WITH_AES_128_CBC_SHA256
-    ].
 
-no_ec_suites(Minor) when Minor == 1; Minor == 2->
-    [
-      ?TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-      ?TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
-      ?TLS_RSA_WITH_AES_256_CBC_SHA,
-      ?TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-      ?TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
-      ?TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-      ?TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
-      ?TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
-      ?TLS_RSA_WITH_AES_128_CBC_SHA,
-      ?TLS_RSA_WITH_RC4_128_SHA,
-      ?TLS_RSA_WITH_RC4_128_MD5,
-      ?TLS_DHE_RSA_WITH_DES_CBC_SHA,
-      ?TLS_RSA_WITH_DES_CBC_SHA
-    ];
-no_ec_suites(3) ->
-    [
-     ?TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
-     ?TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
-     ?TLS_RSA_WITH_AES_256_CBC_SHA256,
-     ?TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-     ?TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
-     ?TLS_RSA_WITH_AES_128_CBC_SHA256
-    ].
+     %% not supported
+     %% ?TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
+     %% ?TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
+     %% ?TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
+     %% ?TLS_DH_DSS_WITH_AES_128_GCM_SHA256
+    ] ++ suites(2).
+
 
 %%--------------------------------------------------------------------
 %%% Internal functions
@@ -368,11 +344,19 @@ finished_label(server) ->
 
 %% list ECC curves in prefered order
 ecc_curves(_Minor) ->
-    [?sect571r1,?sect571k1,?secp521r1,?sect409k1,?sect409r1,
-     ?secp384r1,?sect283k1,?sect283r1,?secp256k1,?secp256r1,
-     ?sect239k1,?sect233k1,?sect233r1,?secp224k1,?secp224r1,
-     ?sect193r1,?sect193r2,?secp192k1,?secp192r1,?sect163k1,
-     ?sect163r1,?sect163r2,?secp160k1,?secp160r1,?secp160r2].
+    TLSCurves = [sect571r1,sect571k1,secp521r1,brainpoolP512r1,
+		 sect409k1,sect409r1,brainpoolP384r1,secp384r1,
+		 sect283k1,sect283r1,brainpoolP256r1,secp256k1,secp256r1,
+		 sect239k1,sect233k1,sect233r1,secp224k1,secp224r1,
+		 sect193r1,sect193r2,secp192k1,secp192r1,sect163k1,
+		 sect163r1,sect163r2,secp160k1,secp160r1,secp160r2],
+    CryptoCurves = crypto:ec_curves(),
+    lists:foldr(fun(Curve, Curves) ->
+			case proplists:get_bool(Curve, CryptoCurves) of
+			    true ->  [pubkey_cert_records:namedCurves(Curve)|Curves];
+			    false -> Curves
+			end
+		end, [], TLSCurves).
 
 %% ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005)
 oid_to_enum(?sect163k1) -> 1;
@@ -399,7 +383,10 @@ oid_to_enum(?secp224r1) -> 21;
 oid_to_enum(?secp256k1) -> 22;
 oid_to_enum(?secp256r1) -> 23;
 oid_to_enum(?secp384r1) -> 24;
-oid_to_enum(?secp521r1) -> 25.
+oid_to_enum(?secp521r1) -> 25;
+oid_to_enum(?brainpoolP256r1) -> 26;
+oid_to_enum(?brainpoolP384r1) -> 27;
+oid_to_enum(?brainpoolP512r1) -> 28.
 
 enum_to_oid(1) -> ?sect163k1;
 enum_to_oid(2) -> ?sect163r1;
@@ -425,8 +412,9 @@ enum_to_oid(21) -> ?secp224r1;
 enum_to_oid(22) -> ?secp256k1;
 enum_to_oid(23) -> ?secp256r1;
 enum_to_oid(24) -> ?secp384r1;
-enum_to_oid(25) -> ?secp521r1.
-
-sufficent_ec_support() ->
-    CryptoSupport = crypto:supports(),
-    proplists:get_bool(ecdh, proplists:get_value(public_keys, CryptoSupport)).
+enum_to_oid(25) -> ?secp521r1;
+enum_to_oid(26) -> ?brainpoolP256r1;
+enum_to_oid(27) -> ?brainpoolP384r1;
+enum_to_oid(28) -> ?brainpoolP512r1;
+enum_to_oid(_) ->
+    undefined.