From 163a772124af2bf0b216558016de574127da37b6 Mon Sep 17 00:00:00 2001
From: mischief <mischief@offblast.org>
Date: Thu, 27 Aug 2015 01:46:28 -0700
Subject: devtls: add sha256 mac

---
 sys/src/9/port/devtls.c | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/sys/src/9/port/devtls.c b/sys/src/9/port/devtls.c
index 6b728dba5..57835d339 100644
--- a/sys/src/9/port/devtls.c
+++ b/sys/src/9/port/devtls.c
@@ -21,12 +21,13 @@ enum {
 	MaxRecLen	= 1<<14,	/* max payload length of a record layer message */
 	MaxCipherRecLen	= MaxRecLen + 2048,
 	RecHdrLen	= 5,
-	MaxMacLen	= SHA1dlen,
+	MaxMacLen	= SHA2_256dlen,
 
 	/* protocol versions we can accept */
 	SSL3Version	= 0x0300,
 	TLS10Version	= 0x0301,
 	TLS11Version	= 0x0302,
+	TLS12Version	= 0x0303,
 	MinProtoVersion	= 0x0300,	/* limits on version we accept */
 	MaxProtoVersion	= 0x03ff,
 
@@ -1417,11 +1418,25 @@ initsha1key(Hashalg *ha, int version, Secret *s, uchar *p)
 	memmove(s->mackey, p, ha->maclen);
 }
 
+static void
+initsha2_256key(Hashalg *ha, int version, Secret *s, uchar *p)
+{
+	s->maclen = ha->maclen;
+
+	/* only TLS 1.2 has SHA256. */
+	if(version != TLS12Version)
+		error("sha256 is TLS 1.2 only");
+
+	s->mac = hmac_sha2_256;
+	memmove(s->mackey, p, ha->maclen);
+}
+
 static Hashalg hashtab[] =
 {
-	{ "clear", 0, initclearmac, },
-	{ "md5", MD5dlen, initmd5key, },
-	{ "sha1", SHA1dlen, initsha1key, },
+	{ "clear",	0,		initclearmac, },
+	{ "md5",	MD5dlen,	initmd5key, },
+	{ "sha1",	SHA1dlen,	initsha1key, },
+	{ "sha256",	SHA2_256dlen,	initsha2_256key, },
 	{ 0 }
 };
 
-- 
cgit v1.2.3


From 07b245943ac5991b98ee4683f6c40efdf0fca351 Mon Sep 17 00:00:00 2001
From: mischief <mischief@offblast.org>
Date: Thu, 27 Aug 2015 01:53:48 -0700
Subject: libsec: add TLS_RSA_WITH_AES_128_CBC_SHA256 and
 TLS_RSA_WITH_AES_256_CBC_SHA256 ciphers

---
 sys/src/libsec/port/tlshand.c | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c
index a0872ed75..bf63312e7 100644
--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -17,7 +17,7 @@
 enum {
 	TLSFinishedLen = 12,
 	SSL3FinishedLen = MD5dlen+SHA1dlen,
-	MaxKeyData = 136,	// amount of secret we may need
+	MaxKeyData = 160,	// amount of secret we may need
 	MaxChunk = 1<<15,
 	RandomSize = 32,
 	SidSize = 32,
@@ -224,14 +224,14 @@ enum {
 
 // cipher suites
 enum {
-	TLS_NULL_WITH_NULL_NULL	 		= 0x0000,
-	TLS_RSA_WITH_NULL_MD5 			= 0x0001,
-	TLS_RSA_WITH_NULL_SHA 			= 0x0002,
-	TLS_RSA_EXPORT_WITH_RC4_40_MD5 		= 0x0003,
-	TLS_RSA_WITH_RC4_128_MD5 		= 0x0004,
-	TLS_RSA_WITH_RC4_128_SHA 		= 0x0005,
+	TLS_NULL_WITH_NULL_NULL			= 0x0000,
+	TLS_RSA_WITH_NULL_MD5			= 0x0001,
+	TLS_RSA_WITH_NULL_SHA			= 0x0002,
+	TLS_RSA_EXPORT_WITH_RC4_40_MD5		= 0x0003,
+	TLS_RSA_WITH_RC4_128_MD5		= 0x0004,
+	TLS_RSA_WITH_RC4_128_SHA		= 0x0005,
 	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	= 0X0006,
-	TLS_RSA_WITH_IDEA_CBC_SHA 		= 0X0007,
+	TLS_RSA_WITH_IDEA_CBC_SHA		= 0X0007,
 	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	= 0X0008,
 	TLS_RSA_WITH_DES_CBC_SHA		= 0X0009,
 	TLS_RSA_WITH_3DES_EDE_CBC_SHA		= 0X000A,
@@ -248,7 +248,7 @@ enum {
 	TLS_DHE_RSA_WITH_DES_CBC_SHA		= 0X0015,
 	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	= 0X0016,
 	TLS_DH_anon_EXPORT_WITH_RC4_40_MD5	= 0x0017,
-	TLS_DH_anon_WITH_RC4_128_MD5 		= 0x0018,
+	TLS_DH_anon_WITH_RC4_128_MD5		= 0x0018,
 	TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA	= 0X0019,
 	TLS_DH_anon_WITH_DES_CBC_SHA		= 0X001A,
 	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	= 0X001B,
@@ -265,11 +265,14 @@ enum {
 	TLS_DHE_DSS_WITH_AES_256_CBC_SHA	= 0X0038,
 	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	= 0X0039,
 	TLS_DH_anon_WITH_AES_256_CBC_SHA	= 0X003A,
-	
+
+	TLS_RSA_WITH_AES_128_CBC_SHA256		= 0X003C,
+	TLS_RSA_WITH_AES_256_CBC_SHA256		= 0X003D,
+
 	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	= 0xC013,
 	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	= 0xC014,
-	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA  = 0xC009,
-	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	= 0xC009,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	= 0xC00A,
 	CipherMax
 };
 
@@ -288,6 +291,8 @@ static Algs cipherAlgs[] = {
 	{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
 	{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_RSA_WITH_AES_256_CBC_SHA},
 	{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_RSA_WITH_AES_128_CBC_SHA},
+	{"aes_128_cbc", "sha256", 2*(16+16+SHA2_256dlen), TLS_RSA_WITH_AES_128_CBC_SHA256},
+	{"aes_256_cbc", "sha256", 2*(32+16+SHA2_256dlen), TLS_RSA_WITH_AES_256_CBC_SHA256},
 	{"3des_ede_cbc","sha1",	2*(4*8+SHA1dlen), TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA},
 	{"3des_ede_cbc","sha1",	2*(4*8+SHA1dlen), TLS_RSA_WITH_3DES_EDE_CBC_SHA},
 	{"rc4_128", "sha1",	2*(16+SHA1dlen), TLS_RSA_WITH_RC4_128_SHA},
-- 
cgit v1.2.3


From d8a1f1a647d396bda237df5e996b4d49a948eda9 Mon Sep 17 00:00:00 2001
From: glenda <glenda@cirno.localdomain>
Date: Thu, 27 Aug 2015 13:34:02 +0000
Subject: mp.h: define mpnrand

---
 sys/include/mp.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/include/mp.h b/sys/include/mp.h
index c7179c959..04ef6a7b5 100644
--- a/sys/include/mp.h
+++ b/sys/include/mp.h
@@ -38,6 +38,8 @@ void	mpassign(mpint *old, mpint *new);
 
 /* random bits */
 mpint*	mprand(int bits, void (*gen)(uchar*, int), mpint *b);
+/* return uniform random [0..n-1] */
+mmpint*	mpnrand(mpint *n, void (*gen)(uchar*, int), mpint *b)
 
 /* conversion */
 mpint*	strtomp(char*, char**, int, mpint*);	/* ascii */
-- 
cgit v1.2.3


From 82a922d9ed10d33d04f80d3fc19d0be4c74e9843 Mon Sep 17 00:00:00 2001
From: glenda <glenda@cirno.localdomain>
Date: Thu, 27 Aug 2015 13:35:13 +0000
Subject: mp.h: oops

---
 sys/include/mp.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/include/mp.h b/sys/include/mp.h
index 04ef6a7b5..bcf91f20b 100644
--- a/sys/include/mp.h
+++ b/sys/include/mp.h
@@ -39,7 +39,7 @@ void	mpassign(mpint *old, mpint *new);
 /* random bits */
 mpint*	mprand(int bits, void (*gen)(uchar*, int), mpint *b);
 /* return uniform random [0..n-1] */
-mmpint*	mpnrand(mpint *n, void (*gen)(uchar*, int), mpint *b)
+mpint*	mpnrand(mpint *n, void (*gen)(uchar*, int), mpint *b)
 
 /* conversion */
 mpint*	strtomp(char*, char**, int, mpint*);	/* ascii */
-- 
cgit v1.2.3


From 2bc15fbabddf1f1b9921dade33e64fe83eaf377a Mon Sep 17 00:00:00 2001
From: glenda <glenda@cirno.localdomain>
Date: Thu, 27 Aug 2015 13:40:34 +0000
Subject: mp.h: third time's a charm

---
 sys/include/mp.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/include/mp.h b/sys/include/mp.h
index bcf91f20b..14061adc7 100644
--- a/sys/include/mp.h
+++ b/sys/include/mp.h
@@ -39,7 +39,7 @@ void	mpassign(mpint *old, mpint *new);
 /* random bits */
 mpint*	mprand(int bits, void (*gen)(uchar*, int), mpint *b);
 /* return uniform random [0..n-1] */
-mpint*	mpnrand(mpint *n, void (*gen)(uchar*, int), mpint *b)
+mpint*	mpnrand(mpint *n, void (*gen)(uchar*, int), mpint *b);
 
 /* conversion */
 mpint*	strtomp(char*, char**, int, mpint*);	/* ascii */
-- 
cgit v1.2.3