* Added AES128 and AES256 ciphers in devtls.
* Added TLS_RSA_WITH_AES_128_CBC_SHA and
  TLS_RSA_WITH_AES_256_CBC_SHA handling in tlshand.
* Updated tls(3) manual accordingly.

These ciphers are not part of TLS 1.0 (RFC2246),
but were added by RFC3268. However, they are part
of TLS 1.1 (RFC4346) and TLS 1.2 (RFC5246).

Reference: /n/sources/patch/applied/tls-aes
Date: Tue Oct 19 12:16:57 CES 2010
Signed-off-by: djc@9grid.fr

--- /sys/src/9/port/devtls.c	Tue Oct 19 12:03:46 2010
+++ /sys/src/9/port/devtls.c	Tue Oct 19 12:03:34 2010
@@ -234,6 +234,8 @@
 static int	rc4enc(Secret *sec, uchar *buf, int n);
 static int	des3enc(Secret *sec, uchar *buf, int n);
 static int	des3dec(Secret *sec, uchar *buf, int n);
+static int	aesenc(Secret *sec, uchar *buf, int n);
+static int	aesdec(Secret *sec, uchar *buf, int n);
 static int	noenc(Secret *sec, uchar *buf, int n);
 static int	sslunpad(uchar *buf, int n, int block);
 static int	tlsunpad(uchar *buf, int n, int block);
@@ -1428,6 +1430,16 @@
 }
 
 static void
+initAESkey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
+{
+	s->enckey = smalloc(sizeof(AESstate));
+	s->enc = aesenc;
+	s->dec = aesdec;
+	s->block = 16;
+	setupAESstate(s->enckey, p, ea->keylen, iv);
+}
+
+static void
 initclearenc(Encalg *, Secret *s, uchar *, uchar *)
 {
 	s->enc = noenc;
@@ -1440,6 +1452,8 @@
 	{ "clear", 0, 0, initclearenc },
 	{ "rc4_128", 128/8, 0, initRC4key },
 	{ "3des_ede_cbc", 3 * 8, 8, initDES3key },
+	{ "aes_128_cbc", 128/8, 16, initAESkey },
+	{ "aes_256_cbc", 256/8, 16, initAESkey },
 	{ 0 }
 };
 
@@ -2000,7 +2014,7 @@
 		buf[n++] = pad;
 	return nn;
 }
-		
+
 static int
 des3enc(Secret *sec, uchar *buf, int n)
 {
@@ -2015,6 +2029,22 @@
 	des3CBCdecrypt(buf, n, sec->enckey);
 	return (*sec->unpad)(buf, n, 8);
 }
+
+static int
+aesenc(Secret *sec, uchar *buf, int n)
+{
+	n = blockpad(buf, n, 16);
+	aesCBCencrypt(buf, n, sec->enckey);
+	return n;
+}
+
+static int
+aesdec(Secret *sec, uchar *buf, int n)
+{
+	aesCBCdecrypt(buf, n, sec->enckey);
+	return (*sec->unpad)(buf, n, 16);
+}
+
 static DigestState*
 nomac(uchar *, ulong, uchar *, ulong, uchar *, DigestState *)
 {
--- /sys/src/libsec/port/tlshand.c	Tue Oct 19 12:04:04 2010
+++ /sys/src/libsec/port/tlshand.c	Tue Oct 19 12:03:51 2010
@@ -17,7 +17,7 @@
 enum {
 	TLSFinishedLen = 12,
 	SSL3FinishedLen = MD5dlen+SHA1dlen,
-	MaxKeyData = 104,	// amount of secret we may need
+	MaxKeyData = 136,	// amount of secret we may need
 	MaxChunk = 1<<14,
 	RandomSize = 32,
 	SidSize = 32,
@@ -239,9 +239,11 @@
 };
 
 static Algs cipherAlgs[] = {
-	{"rc4_128", "md5",	2 * (16 + MD5dlen), TLS_RSA_WITH_RC4_128_MD5},
-	{"rc4_128", "sha1",	2 * (16 + SHA1dlen), TLS_RSA_WITH_RC4_128_SHA},
-	{"3des_ede_cbc","sha1",2*(4*8+SHA1dlen), TLS_RSA_WITH_3DES_EDE_CBC_SHA},
+	{"rc4_128", "md5", 2*(16+MD5dlen), TLS_RSA_WITH_RC4_128_MD5},
+	{"rc4_128", "sha1", 2*(16+SHA1dlen), TLS_RSA_WITH_RC4_128_SHA},
+	{"3des_ede_cbc", "sha1", 2*(4*8+SHA1dlen), TLS_RSA_WITH_3DES_EDE_CBC_SHA},
+	{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_RSA_WITH_AES_128_CBC_SHA},
+	{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_RSA_WITH_AES_256_CBC_SHA}
 };
 
 static uchar compressors[] = {
--- /sys/man/3/tls	Tue Oct 19 12:04:13 2010
+++ /sys/man/3/tls	Tue Oct 19 12:04:08 2010
@@ -258,9 +258,11 @@
 .BR clear ,
 meaning no encryption or digesting.
 Currently implemented encryption algorithms are
-.B 'rc4_128'
+.B 'rc4_128',
+.B '3des_ede_cbc',
+.B 'aes_128_cbc'
 and
-.BR '3des_ede_cbc' .
+.BR 'aes_256_cbc' .
 Currently implemented hashing algorithms are
 .B 'md5'
 and