Annotation of embedaddon/strongswan/src/libtls/tls_crypto.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2010-2014 Martin Willi
! 3: * Copyright (C) 2010-2014 revosec AG
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "tls_crypto.h"
! 17:
! 18: #include <utils/debug.h>
! 19: #include <plugins/plugin_feature.h>
! 20:
! 21: ENUM_BEGIN(tls_cipher_suite_names, TLS_NULL_WITH_NULL_NULL,
! 22: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
! 23: "TLS_NULL_WITH_NULL_NULL",
! 24: "TLS_RSA_WITH_NULL_MD5",
! 25: "TLS_RSA_WITH_NULL_SHA",
! 26: "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
! 27: "TLS_RSA_WITH_RC4_128_MD5",
! 28: "TLS_RSA_WITH_RC4_128_SHA",
! 29: "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
! 30: "TLS_RSA_WITH_IDEA_CBC_SHA",
! 31: "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
! 32: "TLS_RSA_WITH_DES_CBC_SHA",
! 33: "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
! 34: "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
! 35: "TLS_DH_DSS_WITH_DES_CBC_SHA",
! 36: "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
! 37: "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
! 38: "TLS_DH_RSA_WITH_DES_CBC_SHA",
! 39: "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
! 40: "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
! 41: "TLS_DHE_DSS_WITH_DES_CBC_SHA",
! 42: "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
! 43: "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
! 44: "TLS_DHE_RSA_WITH_DES_CBC_SHA",
! 45: "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
! 46: "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
! 47: "TLS_DH_anon_WITH_RC4_128_MD5",
! 48: "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
! 49: "TLS_DH_anon_WITH_DES_CBC_SHA",
! 50: "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA");
! 51: ENUM_NEXT(tls_cipher_suite_names, TLS_KRB5_WITH_DES_CBC_SHA,
! 52: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
! 53: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
! 54: "TLS_KRB5_WITH_DES_CBC_SHA",
! 55: "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
! 56: "TLS_KRB5_WITH_RC4_128_SHA",
! 57: "TLS_KRB5_WITH_IDEA_CBC_SHA",
! 58: "TLS_KRB5_WITH_DES_CBC_MD5",
! 59: "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
! 60: "TLS_KRB5_WITH_RC4_128_MD5",
! 61: "TLS_KRB5_WITH_IDEA_CBC_MD5",
! 62: "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
! 63: "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
! 64: "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
! 65: "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
! 66: "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
! 67: "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
! 68: "TLS_PSK_WITH_NULL_SHA",
! 69: "TLS_DHE_PSK_WITH_NULL_SHA",
! 70: "TLS_RSA_PSK_WITH_NULL_SHA",
! 71: "TLS_RSA_WITH_AES_128_CBC_SHA",
! 72: "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
! 73: "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
! 74: "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
! 75: "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
! 76: "TLS_DH_anon_WITH_AES_128_CBC_SHA",
! 77: "TLS_RSA_WITH_AES_256_CBC_SHA",
! 78: "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
! 79: "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
! 80: "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
! 81: "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
! 82: "TLS_DH_anon_WITH_AES_256_CBC_SHA",
! 83: "TLS_RSA_WITH_NULL_SHA256",
! 84: "TLS_RSA_WITH_AES_128_CBC_SHA256",
! 85: "TLS_RSA_WITH_AES_256_CBC_SHA256",
! 86: "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
! 87: "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
! 88: "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
! 89: "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
! 90: "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
! 91: "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
! 92: "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
! 93: "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
! 94: "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA");
! 95: ENUM_NEXT(tls_cipher_suite_names, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
! 96: TLS_DH_anon_WITH_AES_256_CBC_SHA256,
! 97: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
! 98: "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
! 99: "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
! 100: "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
! 101: "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
! 102: "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
! 103: "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
! 104: "TLS_DH_anon_WITH_AES_256_CBC_SHA256");
! 105: ENUM_NEXT(tls_cipher_suite_names, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
! 106: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,
! 107: TLS_DH_anon_WITH_AES_256_CBC_SHA256,
! 108: "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
! 109: "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
! 110: "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
! 111: "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
! 112: "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
! 113: "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
! 114: "TLS_PSK_WITH_RC4_128_SHA",
! 115: "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
! 116: "TLS_PSK_WITH_AES_128_CBC_SHA",
! 117: "TLS_PSK_WITH_AES_256_CBC_SHA",
! 118: "TLS_DHE_PSK_WITH_RC4_128_SHA",
! 119: "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
! 120: "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
! 121: "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
! 122: "TLS_RSA_PSK_WITH_RC4_128_SHA",
! 123: "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
! 124: "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
! 125: "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
! 126: "TLS_RSA_WITH_SEED_CBC_SHA",
! 127: "TLS_DH_DSS_WITH_SEED_CBC_SHA",
! 128: "TLS_DH_RSA_WITH_SEED_CBC_SHA",
! 129: "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
! 130: "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
! 131: "TLS_DH_anon_WITH_SEED_CBC_SHA",
! 132: "TLS_RSA_WITH_AES_128_GCM_SHA256",
! 133: "TLS_RSA_WITH_AES_256_GCM_SHA384",
! 134: "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
! 135: "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
! 136: "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
! 137: "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
! 138: "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
! 139: "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
! 140: "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
! 141: "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
! 142: "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
! 143: "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
! 144: "TLS_PSK_WITH_AES_128_GCM_SHA256",
! 145: "TLS_PSK_WITH_AES_256_GCM_SHA384",
! 146: "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
! 147: "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
! 148: "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
! 149: "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
! 150: "TLS_PSK_WITH_AES_128_CBC_SHA256",
! 151: "TLS_PSK_WITH_AES_256_CBC_SHA384",
! 152: "TLS_PSK_WITH_NULL_SHA256",
! 153: "TLS_PSK_WITH_NULL_SHA384",
! 154: "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
! 155: "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
! 156: "TLS_DHE_PSK_WITH_NULL_SHA256",
! 157: "TLS_DHE_PSK_WITH_NULL_SHA384",
! 158: "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
! 159: "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
! 160: "TLS_RSA_PSK_WITH_NULL_SHA256",
! 161: "TLS_RSA_PSK_WITH_NULL_SHA384",
! 162: "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
! 163: "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
! 164: "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
! 165: "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
! 166: "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
! 167: "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
! 168: "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
! 169: "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
! 170: "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
! 171: "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
! 172: "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
! 173: "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256");
! 174: ENUM_NEXT(tls_cipher_suite_names, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
! 175: TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
! 176: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,
! 177: "TLS_EMPTY_RENEGOTIATION_INFO_SCSV");
! 178: ENUM_NEXT(tls_cipher_suite_names, TLS_ECDH_ECDSA_WITH_NULL_SHA,
! 179: TLS_ECDHE_PSK_WITH_NULL_SHA384,
! 180: TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
! 181: "TLS_ECDH_ECDSA_WITH_NULL_SHA",
! 182: "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
! 183: "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
! 184: "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
! 185: "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
! 186: "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
! 187: "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
! 188: "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
! 189: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
! 190: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
! 191: "TLS_ECDH_RSA_WITH_NULL_SHA",
! 192: "TLS_ECDH_RSA_WITH_RC4_128_SHA",
! 193: "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
! 194: "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
! 195: "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
! 196: "TLS_ECDHE_RSA_WITH_NULL_SHA",
! 197: "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
! 198: "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
! 199: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
! 200: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
! 201: "TLS_ECDH_anon_WITH_NULL_SHA",
! 202: "TLS_ECDH_anon_WITH_RC4_128_SHA",
! 203: "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
! 204: "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
! 205: "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
! 206: "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
! 207: "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
! 208: "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
! 209: "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
! 210: "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
! 211: "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
! 212: "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
! 213: "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
! 214: "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
! 215: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
! 216: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
! 217: "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
! 218: "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
! 219: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
! 220: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
! 221: "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
! 222: "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
! 223: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
! 224: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
! 225: "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
! 226: "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
! 227: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
! 228: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
! 229: "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
! 230: "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
! 231: "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
! 232: "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
! 233: "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
! 234: "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
! 235: "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
! 236: "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
! 237: "TLS_ECDHE_PSK_WITH_NULL_SHA",
! 238: "TLS_ECDHE_PSK_WITH_NULL_SHA256",
! 239: "TLS_ECDHE_PSK_WITH_NULL_SHA384");
! 240: ENUM_END(tls_cipher_suite_names, TLS_ECDHE_PSK_WITH_NULL_SHA384);
! 241:
! 242: ENUM(tls_hash_algorithm_names, TLS_HASH_NONE, TLS_HASH_SHA512,
! 243: "NONE",
! 244: "MD5",
! 245: "SHA1",
! 246: "SHA224",
! 247: "SHA256",
! 248: "SHA384",
! 249: "SHA512",
! 250: );
! 251:
! 252: ENUM(tls_signature_algorithm_names, TLS_SIG_RSA, TLS_SIG_ECDSA,
! 253: "RSA",
! 254: "DSA",
! 255: "ECDSA",
! 256: );
! 257:
! 258: ENUM_BEGIN(tls_client_certificate_type_names,
! 259: TLS_RSA_SIGN, TLS_DSS_EPHEMERAL_DH,
! 260: "RSA_SIGN",
! 261: "DSA_SIGN",
! 262: "RSA_FIXED_DH",
! 263: "DSS_FIXED_DH",
! 264: "RSA_EPHEMERAL_DH",
! 265: "DSS_EPHEMERAL_DH");
! 266: ENUM_NEXT(tls_client_certificate_type_names,
! 267: TLS_FORTEZZA_DMS, TLS_FORTEZZA_DMS, TLS_DSS_EPHEMERAL_DH,
! 268: "FORTEZZA_DMS");
! 269: ENUM_NEXT(tls_client_certificate_type_names,
! 270: TLS_ECDSA_SIGN, TLS_ECDSA_FIXED_ECDH, TLS_FORTEZZA_DMS,
! 271: "ECDSA_SIGN",
! 272: "RSA_FIXED_ECDH",
! 273: "ECDSA_FIXED_ECDH");
! 274: ENUM_END(tls_client_certificate_type_names, TLS_ECDSA_FIXED_ECDH);
! 275:
! 276: ENUM(tls_ecc_curve_type_names, TLS_ECC_EXPLICIT_PRIME, TLS_ECC_NAMED_CURVE,
! 277: "EXPLICIT_PRIME",
! 278: "EXPLICIT_CHAR2",
! 279: "NAMED_CURVE",
! 280: );
! 281:
! 282: ENUM(tls_named_curve_names, TLS_SECT163K1, TLS_SECP521R1,
! 283: "SECT163K1",
! 284: "SECT163R1",
! 285: "SECT163R2",
! 286: "SECT193R1",
! 287: "SECT193R2",
! 288: "SECT233K1",
! 289: "SECT233R1",
! 290: "SECT239K1",
! 291: "SECT283K1",
! 292: "SECT283R1",
! 293: "SECT409K1",
! 294: "SECT409R1",
! 295: "SECT571K1",
! 296: "SECT571R1",
! 297: "SECP160K1",
! 298: "SECP160R1",
! 299: "SECP160R2",
! 300: "SECP192K1",
! 301: "SECP192R1",
! 302: "SECP224K1",
! 303: "SECP224R1",
! 304: "SECP256K1",
! 305: "SECP256R1",
! 306: "SECP384R1",
! 307: "SECP521R1",
! 308: );
! 309:
! 310: ENUM(tls_ansi_point_format_names, TLS_ANSI_COMPRESSED, TLS_ANSI_HYBRID_Y,
! 311: "compressed",
! 312: "compressed y",
! 313: "uncompressed",
! 314: "uncompressed y",
! 315: "hybrid",
! 316: "hybrid y",
! 317: );
! 318:
! 319: ENUM(tls_ec_point_format_names,
! 320: TLS_EC_POINT_UNCOMPRESSED, TLS_EC_POINT_ANSIX962_COMPRESSED_CHAR2,
! 321: "uncompressed",
! 322: "ansiX962 compressed prime",
! 323: "ansiX962 compressed char2",
! 324: );
! 325:
! 326: typedef struct private_tls_crypto_t private_tls_crypto_t;
! 327:
! 328: /**
! 329: * Private data of an tls_crypto_t object.
! 330: */
! 331: struct private_tls_crypto_t {
! 332:
! 333: /**
! 334: * Public tls_crypto_t interface.
! 335: */
! 336: tls_crypto_t public;
! 337:
! 338: /**
! 339: * Protection layer
! 340: */
! 341: tls_protection_t *protection;
! 342:
! 343: /**
! 344: * List of supported/acceptable cipher suites
! 345: */
! 346: tls_cipher_suite_t *suites;
! 347:
! 348: /**
! 349: * Number of supported suites
! 350: */
! 351: int suite_count;
! 352:
! 353: /**
! 354: * Selected cipher suite
! 355: */
! 356: tls_cipher_suite_t suite;
! 357:
! 358: /**
! 359: * RSA supported?
! 360: */
! 361: bool rsa;
! 362:
! 363: /**
! 364: * ECDSA supported?
! 365: */
! 366: bool ecdsa;
! 367:
! 368: /**
! 369: * TLS context
! 370: */
! 371: tls_t *tls;
! 372:
! 373: /**
! 374: * TLS session cache
! 375: */
! 376: tls_cache_t *cache;
! 377:
! 378: /**
! 379: * All handshake data concatenated
! 380: */
! 381: chunk_t handshake;
! 382:
! 383: /**
! 384: * Connection state TLS PRF
! 385: */
! 386: tls_prf_t *prf;
! 387:
! 388: /**
! 389: * AEAD transform for inbound traffic
! 390: */
! 391: tls_aead_t *aead_in;
! 392:
! 393: /**
! 394: * AEAD transform for outbound traffic
! 395: */
! 396: tls_aead_t *aead_out;
! 397:
! 398: /**
! 399: * EAP-[T]TLS MSK
! 400: */
! 401: chunk_t msk;
! 402:
! 403: /**
! 404: * ASCII string constant used as seed for EAP-[T]TLS MSK PRF
! 405: */
! 406: char *msk_label;
! 407: };
! 408:
! 409: typedef struct {
! 410: tls_cipher_suite_t suite;
! 411: key_type_t key;
! 412: diffie_hellman_group_t dh;
! 413: hash_algorithm_t hash;
! 414: pseudo_random_function_t prf;
! 415: integrity_algorithm_t mac;
! 416: encryption_algorithm_t encr;
! 417: size_t encr_size;
! 418: } suite_algs_t;
! 419:
! 420: /**
! 421: * Mapping suites to a set of algorithms
! 422: */
! 423: static suite_algs_t suite_algs[] = {
! 424: { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
! 425: KEY_ECDSA, ECP_256_BIT,
! 426: HASH_SHA256, PRF_HMAC_SHA2_256,
! 427: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
! 428: },
! 429: { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
! 430: KEY_ECDSA, ECP_256_BIT,
! 431: HASH_SHA256, PRF_HMAC_SHA2_256,
! 432: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
! 433: },
! 434: { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
! 435: KEY_ECDSA, ECP_384_BIT,
! 436: HASH_SHA256, PRF_HMAC_SHA2_256,
! 437: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
! 438: },
! 439: { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
! 440: KEY_ECDSA, ECP_384_BIT,
! 441: HASH_SHA384, PRF_HMAC_SHA2_384,
! 442: AUTH_HMAC_SHA2_384_384, ENCR_AES_CBC, 32
! 443: },
! 444: { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
! 445: KEY_ECDSA, ECP_256_BIT,
! 446: HASH_SHA256, PRF_HMAC_SHA2_256,
! 447: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16
! 448: },
! 449: { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
! 450: KEY_ECDSA, ECP_384_BIT,
! 451: HASH_SHA384, PRF_HMAC_SHA2_384,
! 452: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32
! 453: },
! 454: { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
! 455: KEY_RSA, ECP_256_BIT,
! 456: HASH_SHA256, PRF_HMAC_SHA2_256,
! 457: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
! 458: },
! 459: { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
! 460: KEY_RSA, ECP_256_BIT,
! 461: HASH_SHA256, PRF_HMAC_SHA2_256,
! 462: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
! 463: },
! 464: { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
! 465: KEY_RSA, ECP_384_BIT,
! 466: HASH_SHA256, PRF_HMAC_SHA2_256,
! 467: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
! 468: },
! 469: { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
! 470: KEY_RSA, ECP_384_BIT,
! 471: HASH_SHA384, PRF_HMAC_SHA2_384,
! 472: AUTH_HMAC_SHA2_384_384, ENCR_AES_CBC, 32
! 473: },
! 474: { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
! 475: KEY_RSA, ECP_256_BIT,
! 476: HASH_SHA256, PRF_HMAC_SHA2_256,
! 477: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16
! 478: },
! 479: { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
! 480: KEY_RSA, ECP_384_BIT,
! 481: HASH_SHA384, PRF_HMAC_SHA2_384,
! 482: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32
! 483: },
! 484: { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
! 485: KEY_RSA, MODP_2048_BIT,
! 486: HASH_SHA256,PRF_HMAC_SHA2_256,
! 487: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
! 488: },
! 489: { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
! 490: KEY_RSA, MODP_3072_BIT,
! 491: HASH_SHA256, PRF_HMAC_SHA2_256,
! 492: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
! 493: },
! 494: { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
! 495: KEY_RSA, MODP_3072_BIT,
! 496: HASH_SHA256, PRF_HMAC_SHA2_256,
! 497: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
! 498: },
! 499: { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
! 500: KEY_RSA, MODP_4096_BIT,
! 501: HASH_SHA256, PRF_HMAC_SHA2_256,
! 502: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32
! 503: },
! 504: { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
! 505: KEY_RSA, MODP_3072_BIT,
! 506: HASH_SHA256, PRF_HMAC_SHA2_256,
! 507: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16
! 508: },
! 509: { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
! 510: KEY_RSA, MODP_4096_BIT,
! 511: HASH_SHA384, PRF_HMAC_SHA2_384,
! 512: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32
! 513: },
! 514: { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
! 515: KEY_RSA, MODP_2048_BIT,
! 516: HASH_SHA256, PRF_HMAC_SHA2_256,
! 517: AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16
! 518: },
! 519: { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
! 520: KEY_RSA, MODP_3072_BIT,
! 521: HASH_SHA256, PRF_HMAC_SHA2_256,
! 522: AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16
! 523: },
! 524: { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
! 525: KEY_RSA, MODP_3072_BIT,
! 526: HASH_SHA256, PRF_HMAC_SHA2_256,
! 527: AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32
! 528: },
! 529: { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
! 530: KEY_RSA, MODP_4096_BIT,
! 531: HASH_SHA256, PRF_HMAC_SHA2_256,
! 532: AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32
! 533: },
! 534: { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
! 535: KEY_RSA, MODP_2048_BIT,
! 536: HASH_SHA256, PRF_HMAC_SHA2_256,
! 537: AUTH_HMAC_SHA1_160, ENCR_3DES, 0
! 538: },
! 539: { TLS_RSA_WITH_AES_128_CBC_SHA,
! 540: KEY_RSA, MODP_NONE,
! 541: HASH_SHA256, PRF_HMAC_SHA2_256,
! 542: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
! 543: },
! 544: { TLS_RSA_WITH_AES_128_CBC_SHA256,
! 545: KEY_RSA, MODP_NONE,
! 546: HASH_SHA256, PRF_HMAC_SHA2_256,
! 547: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
! 548: },
! 549: { TLS_RSA_WITH_AES_256_CBC_SHA,
! 550: KEY_RSA, MODP_NONE,
! 551: HASH_SHA256, PRF_HMAC_SHA2_256,
! 552: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
! 553: },
! 554: { TLS_RSA_WITH_AES_256_CBC_SHA256,
! 555: KEY_RSA, MODP_NONE,
! 556: HASH_SHA256, PRF_HMAC_SHA2_256,
! 557: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32
! 558: },
! 559: { TLS_RSA_WITH_AES_128_GCM_SHA256,
! 560: KEY_RSA, MODP_NONE,
! 561: HASH_SHA256, PRF_HMAC_SHA2_256,
! 562: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16
! 563: },
! 564: { TLS_RSA_WITH_AES_256_GCM_SHA384,
! 565: KEY_RSA, MODP_NONE,
! 566: HASH_SHA384, PRF_HMAC_SHA2_384,
! 567: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32
! 568: },
! 569: { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
! 570: KEY_RSA, MODP_NONE,
! 571: HASH_SHA256, PRF_HMAC_SHA2_256,
! 572: AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16
! 573: },
! 574: { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
! 575: KEY_RSA, MODP_NONE,
! 576: HASH_SHA256, PRF_HMAC_SHA2_256,
! 577: AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16
! 578: },
! 579: { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
! 580: KEY_RSA, MODP_NONE,
! 581: HASH_SHA256, PRF_HMAC_SHA2_256,
! 582: AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32
! 583: },
! 584: { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
! 585: KEY_RSA, MODP_NONE,
! 586: HASH_SHA256, PRF_HMAC_SHA2_256,
! 587: AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32
! 588: },
! 589: { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
! 590: KEY_ECDSA, ECP_256_BIT,
! 591: HASH_SHA256, PRF_HMAC_SHA2_256,
! 592: AUTH_HMAC_SHA1_160, ENCR_3DES, 0
! 593: },
! 594: { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
! 595: KEY_RSA, ECP_256_BIT,
! 596: HASH_SHA256, PRF_HMAC_SHA2_256,
! 597: AUTH_HMAC_SHA1_160, ENCR_3DES, 0
! 598: },
! 599: { TLS_RSA_WITH_3DES_EDE_CBC_SHA,
! 600: KEY_RSA, MODP_NONE,
! 601: HASH_SHA256, PRF_HMAC_SHA2_256,
! 602: AUTH_HMAC_SHA1_160, ENCR_3DES, 0
! 603: },
! 604: { TLS_ECDHE_ECDSA_WITH_NULL_SHA,
! 605: KEY_ECDSA, ECP_256_BIT,
! 606: HASH_SHA256, PRF_HMAC_SHA2_256,
! 607: AUTH_HMAC_SHA1_160, ENCR_NULL, 0
! 608: },
! 609: { TLS_ECDHE_RSA_WITH_NULL_SHA,
! 610: KEY_ECDSA, ECP_256_BIT,
! 611: HASH_SHA256, PRF_HMAC_SHA2_256,
! 612: AUTH_HMAC_SHA1_160, ENCR_NULL, 0
! 613: },
! 614: { TLS_RSA_WITH_NULL_SHA,
! 615: KEY_RSA, MODP_NONE,
! 616: HASH_SHA256, PRF_HMAC_SHA2_256,
! 617: AUTH_HMAC_SHA1_160, ENCR_NULL, 0
! 618: },
! 619: { TLS_RSA_WITH_NULL_SHA256,
! 620: KEY_RSA, MODP_NONE,
! 621: HASH_SHA256, PRF_HMAC_SHA2_256,
! 622: AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0
! 623: },
! 624: { TLS_RSA_WITH_NULL_MD5,
! 625: KEY_RSA, MODP_NONE,
! 626: HASH_SHA256, PRF_HMAC_SHA2_256,
! 627: AUTH_HMAC_MD5_128, ENCR_NULL, 0
! 628: },
! 629: };
! 630:
! 631: /**
! 632: * Look up algorithms by a suite
! 633: */
! 634: static suite_algs_t *find_suite(tls_cipher_suite_t suite)
! 635: {
! 636: int i;
! 637:
! 638: for (i = 0; i < countof(suite_algs); i++)
! 639: {
! 640: if (suite_algs[i].suite == suite)
! 641: {
! 642: return &suite_algs[i];
! 643: }
! 644: }
! 645: return NULL;
! 646: }
! 647:
! 648: /**
! 649: * Filter a suite list using a transform enumerator
! 650: */
! 651: static void filter_suite(suite_algs_t suites[], int *count, int offset,
! 652: enumerator_t*(*create_enumerator)(crypto_factory_t*))
! 653: {
! 654: const char *plugin_name;
! 655: suite_algs_t current;
! 656: int *current_alg, i, remaining = 0;
! 657: enumerator_t *enumerator;
! 658:
! 659: memset(¤t, 0, sizeof(current));
! 660: current_alg = (int*)((char*)¤t + offset);
! 661:
! 662: for (i = 0; i < *count; i++)
! 663: {
! 664: if (create_enumerator == lib->crypto->create_crypter_enumerator &&
! 665: encryption_algorithm_is_aead(suites[i].encr))
! 666: { /* filtering crypters, but current suite uses an AEAD, apply */
! 667: suites[remaining] = suites[i];
! 668: remaining++;
! 669: continue;
! 670: }
! 671: if (create_enumerator == lib->crypto->create_aead_enumerator &&
! 672: !encryption_algorithm_is_aead(suites[i].encr))
! 673: { /* filtering AEADs, but current suite doesn't use one, apply */
! 674: suites[remaining] = suites[i];
! 675: remaining++;
! 676: continue;
! 677: }
! 678: enumerator = create_enumerator(lib->crypto);
! 679: while (enumerator->enumerate(enumerator, current_alg, &plugin_name))
! 680: {
! 681: if (current.encr && current.encr != suites[i].encr)
! 682: {
! 683: if (suites[i].encr != ENCR_NULL)
! 684: { /* skip, ENCR does not match nor is NULL */
! 685: continue;
! 686: }
! 687: }
! 688: if (current.mac && current.mac != suites[i].mac)
! 689: {
! 690: if (suites[i].mac != AUTH_UNDEFINED)
! 691: { /* skip, MAC does not match nor is it undefined */
! 692: continue;
! 693: }
! 694: }
! 695: if (current.prf && current.prf != suites[i].prf)
! 696: { /* skip, PRF does not match */
! 697: continue;
! 698: }
! 699: if (current.hash && current.hash != suites[i].hash)
! 700: { /* skip, hash does not match */
! 701: continue;
! 702: }
! 703: if (current.dh && current.dh != suites[i].dh)
! 704: {
! 705: if (suites[i].dh != MODP_NONE)
! 706: { /* skip DH group, does not match nor NONE */
! 707: continue;
! 708: }
! 709: }
! 710: /* suite supported, apply */
! 711: suites[remaining] = suites[i];
! 712: remaining++;
! 713: break;
! 714: }
! 715: enumerator->destroy(enumerator);
! 716: }
! 717: *count = remaining;
! 718: }
! 719:
! 720: /**
! 721: * Purge NULL encryption cipher suites from list
! 722: */
! 723: static void filter_null_suites(suite_algs_t suites[], int *count)
! 724: {
! 725: int i, remaining = 0;
! 726:
! 727: for (i = 0; i < *count; i++)
! 728: {
! 729: if (suites[i].encr != ENCR_NULL)
! 730: {
! 731: suites[remaining] = suites[i];
! 732: remaining++;
! 733: }
! 734: }
! 735: *count = remaining;
! 736: }
! 737:
! 738: /**
! 739: * Purge suites using a given key type
! 740: */
! 741: static void filter_key_suites(private_tls_crypto_t *this,
! 742: suite_algs_t suites[], int *count, key_type_t key)
! 743: {
! 744: int i, remaining = 0;
! 745:
! 746: DBG2(DBG_TLS, "disabling %N suites, no backend found", key_type_names, key);
! 747: for (i = 0; i < *count; i++)
! 748: {
! 749: if (suites[i].key != key)
! 750: {
! 751: suites[remaining] = suites[i];
! 752: remaining++;
! 753: }
! 754: }
! 755: *count = remaining;
! 756: }
! 757:
! 758: /**
! 759: * Filter suites by key exchange user config
! 760: */
! 761: static void filter_key_exchange_config_suites(private_tls_crypto_t *this,
! 762: suite_algs_t suites[], int *count)
! 763: {
! 764: enumerator_t *enumerator;
! 765: int i, remaining = 0;
! 766: char *token, *config;
! 767:
! 768: config = lib->settings->get_str(lib->settings, "%s.tls.key_exchange", NULL,
! 769: lib->ns);
! 770: if (config)
! 771: {
! 772: for (i = 0; i < *count; i++)
! 773: {
! 774: enumerator = enumerator_create_token(config, ",", " ");
! 775: while (enumerator->enumerate(enumerator, &token))
! 776: {
! 777: if (strcaseeq(token, "ecdhe-ecdsa") &&
! 778: diffie_hellman_group_is_ec(suites[i].dh) &&
! 779: suites[i].key == KEY_ECDSA)
! 780: {
! 781: suites[remaining++] = suites[i];
! 782: break;
! 783: }
! 784: if (strcaseeq(token, "ecdhe-rsa") &&
! 785: diffie_hellman_group_is_ec(suites[i].dh) &&
! 786: suites[i].key == KEY_RSA)
! 787: {
! 788: suites[remaining++] = suites[i];
! 789: break;
! 790: }
! 791: if (strcaseeq(token, "dhe-rsa") &&
! 792: !diffie_hellman_group_is_ec(suites[i].dh) &&
! 793: suites[i].dh != MODP_NONE &&
! 794: suites[i].key == KEY_RSA)
! 795: {
! 796: suites[remaining++] = suites[i];
! 797: break;
! 798: }
! 799: if (strcaseeq(token, "rsa") &&
! 800: suites[i].dh == MODP_NONE &&
! 801: suites[i].key == KEY_RSA)
! 802: {
! 803: suites[remaining++] = suites[i];
! 804: break;
! 805: }
! 806: }
! 807: enumerator->destroy(enumerator);
! 808: }
! 809: *count = remaining;
! 810: }
! 811: }
! 812:
! 813: /**
! 814: * Filter suites by cipher user config
! 815: */
! 816: static void filter_cipher_config_suites(private_tls_crypto_t *this,
! 817: suite_algs_t suites[], int *count)
! 818: {
! 819: enumerator_t *enumerator;
! 820: int i, remaining = 0;
! 821: char *token, *config;
! 822:
! 823: config = lib->settings->get_str(lib->settings, "%s.tls.cipher", NULL,
! 824: lib->ns);
! 825: if (config)
! 826: {
! 827: for (i = 0; i < *count; i++)
! 828: {
! 829: enumerator = enumerator_create_token(config, ",", " ");
! 830: while (enumerator->enumerate(enumerator, &token))
! 831: {
! 832: if (strcaseeq(token, "aes128") &&
! 833: suites[i].encr == ENCR_AES_CBC &&
! 834: suites[i].encr_size == 16)
! 835: {
! 836: suites[remaining++] = suites[i];
! 837: break;
! 838: }
! 839: if (strcaseeq(token, "aes256") &&
! 840: suites[i].encr == ENCR_AES_CBC &&
! 841: suites[i].encr_size == 32)
! 842: {
! 843: suites[remaining++] = suites[i];
! 844: break;
! 845: }
! 846: if (strcaseeq(token, "aes128gcm") &&
! 847: suites[i].encr == ENCR_AES_GCM_ICV16 &&
! 848: suites[i].encr_size == 16)
! 849: {
! 850: suites[remaining++] = suites[i];
! 851: break;
! 852: }
! 853: if (strcaseeq(token, "aes256gcm") &&
! 854: suites[i].encr == ENCR_AES_GCM_ICV16 &&
! 855: suites[i].encr_size == 32)
! 856: {
! 857: suites[remaining++] = suites[i];
! 858: break;
! 859: }
! 860: if (strcaseeq(token, "camellia128") &&
! 861: suites[i].encr == ENCR_CAMELLIA_CBC &&
! 862: suites[i].encr_size == 16)
! 863: {
! 864: suites[remaining++] = suites[i];
! 865: break;
! 866: }
! 867: if (strcaseeq(token, "camellia256") &&
! 868: suites[i].encr == ENCR_CAMELLIA_CBC &&
! 869: suites[i].encr_size == 32)
! 870: {
! 871: suites[remaining++] = suites[i];
! 872: break;
! 873: }
! 874: if (strcaseeq(token, "3des") &&
! 875: suites[i].encr == ENCR_3DES)
! 876: {
! 877: suites[remaining++] = suites[i];
! 878: break;
! 879: }
! 880: if (strcaseeq(token, "null") &&
! 881: suites[i].encr == ENCR_NULL)
! 882: {
! 883: suites[remaining++] = suites[i];
! 884: break;
! 885: }
! 886: }
! 887: enumerator->destroy(enumerator);
! 888: }
! 889: *count = remaining;
! 890: }
! 891: }
! 892:
! 893: /**
! 894: * Filter suites by mac user config
! 895: */
! 896: static void filter_mac_config_suites(private_tls_crypto_t *this,
! 897: suite_algs_t suites[], int *count)
! 898: {
! 899: enumerator_t *enumerator;
! 900: int i, remaining = 0;
! 901: char *token, *config;
! 902:
! 903: config = lib->settings->get_str(lib->settings, "%s.tls.mac", NULL,
! 904: lib->ns);
! 905: if (config)
! 906: {
! 907: for (i = 0; i < *count; i++)
! 908: {
! 909: enumerator = enumerator_create_token(config, ",", " ");
! 910: while (enumerator->enumerate(enumerator, &token))
! 911: {
! 912: if (strcaseeq(token, "md5") &&
! 913: suites[i].mac == AUTH_HMAC_MD5_128)
! 914: {
! 915: suites[remaining++] = suites[i];
! 916: break;
! 917: }
! 918: if (strcaseeq(token, "sha1") &&
! 919: suites[i].mac == AUTH_HMAC_SHA1_160)
! 920: {
! 921: suites[remaining++] = suites[i];
! 922: break;
! 923: }
! 924: if (strcaseeq(token, "sha256") &&
! 925: suites[i].mac == AUTH_HMAC_SHA2_256_256)
! 926: {
! 927: suites[remaining++] = suites[i];
! 928: break;
! 929: }
! 930: if (strcaseeq(token, "sha384") &&
! 931: suites[i].mac == AUTH_HMAC_SHA2_384_384)
! 932: {
! 933: suites[remaining++] = suites[i];
! 934: break;
! 935: }
! 936: }
! 937: enumerator->destroy(enumerator);
! 938: }
! 939: *count = remaining;
! 940: }
! 941: }
! 942:
! 943: /**
! 944: * Filter for specific suites specified in strongswan.conf
! 945: */
! 946: static void filter_specific_config_suites(private_tls_crypto_t *this,
! 947: suite_algs_t suites[], int *count)
! 948: {
! 949: enumerator_t *enumerator;
! 950: int i, remaining = 0, suite;
! 951: char *token, *config;
! 952:
! 953: config = lib->settings->get_str(lib->settings, "%s.tls.suites", NULL,
! 954: lib->ns);
! 955: if (config)
! 956: {
! 957: for (i = 0; i < *count; i++)
! 958: {
! 959: enumerator = enumerator_create_token(config, ",", " ");
! 960: while (enumerator->enumerate(enumerator, &token))
! 961: {
! 962: if (enum_from_name(tls_cipher_suite_names, token, &suite) &&
! 963: suite == suites[i].suite)
! 964: {
! 965: suites[remaining++] = suites[i];
! 966: break;
! 967: }
! 968: }
! 969: enumerator->destroy(enumerator);
! 970: }
! 971: *count = remaining;
! 972: }
! 973: }
! 974:
! 975: /**
! 976: * Filter out unsupported suites on given suite array
! 977: */
! 978: static void filter_unsupported_suites(suite_algs_t suites[], int *count)
! 979: {
! 980: /* filter suite list by each algorithm */
! 981: filter_suite(suites, count, offsetof(suite_algs_t, encr),
! 982: lib->crypto->create_crypter_enumerator);
! 983: filter_suite(suites, count, offsetof(suite_algs_t, encr),
! 984: lib->crypto->create_aead_enumerator);
! 985: filter_suite(suites, count, offsetof(suite_algs_t, mac),
! 986: lib->crypto->create_signer_enumerator);
! 987: filter_suite(suites, count, offsetof(suite_algs_t, prf),
! 988: lib->crypto->create_prf_enumerator);
! 989: filter_suite(suites, count, offsetof(suite_algs_t, hash),
! 990: lib->crypto->create_hasher_enumerator);
! 991: filter_suite(suites, count, offsetof(suite_algs_t, dh),
! 992: lib->crypto->create_dh_enumerator);
! 993: }
! 994:
! 995: /**
! 996: * Initialize the cipher suite list
! 997: */
! 998: static void build_cipher_suite_list(private_tls_crypto_t *this,
! 999: bool require_encryption)
! 1000: {
! 1001: suite_algs_t suites[countof(suite_algs)];
! 1002: int count = countof(suite_algs), i;
! 1003:
! 1004: /* copy all suites */
! 1005: for (i = 0; i < count; i++)
! 1006: {
! 1007: suites[i] = suite_algs[i];
! 1008: }
! 1009:
! 1010: if (require_encryption)
! 1011: {
! 1012: filter_null_suites(suites, &count);
! 1013: }
! 1014: if (!this->rsa)
! 1015: {
! 1016: filter_key_suites(this, suites, &count, KEY_RSA);
! 1017: }
! 1018: if (!this->ecdsa)
! 1019: {
! 1020: filter_key_suites(this, suites, &count, KEY_ECDSA);
! 1021: }
! 1022:
! 1023: filter_unsupported_suites(suites, &count);
! 1024:
! 1025: /* filter suites with strongswan.conf options */
! 1026: filter_key_exchange_config_suites(this, suites, &count);
! 1027: filter_cipher_config_suites(this, suites, &count);
! 1028: filter_mac_config_suites(this, suites, &count);
! 1029: filter_specific_config_suites(this, suites, &count);
! 1030:
! 1031: free(this->suites);
! 1032: this->suite_count = count;
! 1033: this->suites = malloc(sizeof(tls_cipher_suite_t) * count);
! 1034:
! 1035: DBG2(DBG_TLS, "%d supported TLS cipher suites:", count);
! 1036: for (i = 0; i < count; i++)
! 1037: {
! 1038: DBG2(DBG_TLS, " %N", tls_cipher_suite_names, suites[i].suite);
! 1039: this->suites[i] = suites[i].suite;
! 1040: }
! 1041: }
! 1042:
! 1043: METHOD(tls_crypto_t, get_cipher_suites, int,
! 1044: private_tls_crypto_t *this, tls_cipher_suite_t **suites)
! 1045: {
! 1046: *suites = this->suites;
! 1047: return this->suite_count;
! 1048: }
! 1049:
! 1050: /**
! 1051: * Create NULL encryption transforms
! 1052: */
! 1053: static bool create_null(private_tls_crypto_t *this, suite_algs_t *algs)
! 1054: {
! 1055: this->aead_in = tls_aead_create_null(algs->mac);
! 1056: this->aead_out = tls_aead_create_null(algs->mac);
! 1057: if (!this->aead_in || !this->aead_out)
! 1058: {
! 1059: DBG1(DBG_TLS, "selected TLS MAC %N not supported",
! 1060: integrity_algorithm_names, algs->mac);
! 1061: return FALSE;
! 1062: }
! 1063: return TRUE;
! 1064: }
! 1065:
! 1066: /**
! 1067: * Create traditional transforms
! 1068: */
! 1069: static bool create_traditional(private_tls_crypto_t *this, suite_algs_t *algs)
! 1070: {
! 1071: if (this->tls->get_version(this->tls) < TLS_1_1)
! 1072: {
! 1073: this->aead_in = tls_aead_create_implicit(algs->mac,
! 1074: algs->encr, algs->encr_size);
! 1075: this->aead_out = tls_aead_create_implicit(algs->mac,
! 1076: algs->encr, algs->encr_size);
! 1077: }
! 1078: else
! 1079: {
! 1080: this->aead_in = tls_aead_create_explicit(algs->mac,
! 1081: algs->encr, algs->encr_size);
! 1082: this->aead_out = tls_aead_create_explicit(algs->mac,
! 1083: algs->encr, algs->encr_size);
! 1084: }
! 1085: if (!this->aead_in || !this->aead_out)
! 1086: {
! 1087: DBG1(DBG_TLS, "selected TLS transforms %N-%u-%N not supported",
! 1088: encryption_algorithm_names, algs->encr, algs->encr_size * 8,
! 1089: integrity_algorithm_names, algs->mac);
! 1090: return FALSE;
! 1091: }
! 1092: return TRUE;
! 1093: }
! 1094:
! 1095: /**
! 1096: * Create AEAD transforms
! 1097: */
! 1098: static bool create_aead(private_tls_crypto_t *this, suite_algs_t *algs)
! 1099: {
! 1100: this->aead_in = tls_aead_create_aead(algs->encr, algs->encr_size);
! 1101: this->aead_out = tls_aead_create_aead(algs->encr, algs->encr_size);
! 1102: if (!this->aead_in || !this->aead_out)
! 1103: {
! 1104: DBG1(DBG_TLS, "selected TLS transforms %N-%u not supported",
! 1105: encryption_algorithm_names, algs->encr, algs->encr_size * 8);
! 1106: return FALSE;
! 1107: }
! 1108: return TRUE;
! 1109: }
! 1110:
! 1111: /**
! 1112: * Clean up and unset AEAD transforms
! 1113: */
! 1114: static void destroy_aeads(private_tls_crypto_t *this)
! 1115: {
! 1116: DESTROY_IF(this->aead_in);
! 1117: DESTROY_IF(this->aead_out);
! 1118: this->aead_in = this->aead_out = NULL;
! 1119: }
! 1120:
! 1121: /**
! 1122: * Create crypto primitives
! 1123: */
! 1124: static bool create_ciphers(private_tls_crypto_t *this, suite_algs_t *algs)
! 1125: {
! 1126: destroy_aeads(this);
! 1127: DESTROY_IF(this->prf);
! 1128: if (this->tls->get_version(this->tls) < TLS_1_2)
! 1129: {
! 1130: this->prf = tls_prf_create_10();
! 1131: }
! 1132: else
! 1133: {
! 1134: this->prf = tls_prf_create_12(algs->prf);
! 1135: }
! 1136: if (!this->prf)
! 1137: {
! 1138: DBG1(DBG_TLS, "selected TLS PRF not supported");
! 1139: return FALSE;
! 1140: }
! 1141: if (algs->encr == ENCR_NULL)
! 1142: {
! 1143: if (create_null(this, algs))
! 1144: {
! 1145: return TRUE;
! 1146: }
! 1147: }
! 1148: else if (encryption_algorithm_is_aead(algs->encr))
! 1149: {
! 1150: if (create_aead(this, algs))
! 1151: {
! 1152: return TRUE;
! 1153: }
! 1154: }
! 1155: else
! 1156: {
! 1157: if (create_traditional(this, algs))
! 1158: {
! 1159: return TRUE;
! 1160: }
! 1161: }
! 1162: destroy_aeads(this);
! 1163: return FALSE;
! 1164: }
! 1165:
! 1166: METHOD(tls_crypto_t, select_cipher_suite, tls_cipher_suite_t,
! 1167: private_tls_crypto_t *this, tls_cipher_suite_t *suites, int count,
! 1168: key_type_t key)
! 1169: {
! 1170: suite_algs_t *algs;
! 1171: int i, j;
! 1172:
! 1173: for (i = 0; i < this->suite_count; i++)
! 1174: {
! 1175: for (j = 0; j < count; j++)
! 1176: {
! 1177: if (this->suites[i] == suites[j])
! 1178: {
! 1179: algs = find_suite(this->suites[i]);
! 1180: if (algs)
! 1181: {
! 1182: if (key == KEY_ANY || key == algs->key)
! 1183: {
! 1184: if (create_ciphers(this, algs))
! 1185: {
! 1186: this->suite = this->suites[i];
! 1187: return this->suite;
! 1188: }
! 1189: }
! 1190: }
! 1191: }
! 1192: }
! 1193: }
! 1194: return 0;
! 1195: }
! 1196:
! 1197: METHOD(tls_crypto_t, get_dh_group, diffie_hellman_group_t,
! 1198: private_tls_crypto_t *this)
! 1199: {
! 1200: suite_algs_t *algs;
! 1201:
! 1202: algs = find_suite(this->suite);
! 1203: if (algs)
! 1204: {
! 1205: return algs->dh;
! 1206: }
! 1207: return MODP_NONE;
! 1208: }
! 1209:
! 1210: /**
! 1211: * Map signature schemes to TLS key types and hashes, ordered by preference
! 1212: */
! 1213: static struct {
! 1214: tls_signature_algorithm_t sig;
! 1215: tls_hash_algorithm_t hash;
! 1216: signature_scheme_t scheme;
! 1217: } schemes[] = {
! 1218: { TLS_SIG_ECDSA, TLS_HASH_SHA256, SIGN_ECDSA_WITH_SHA256_DER },
! 1219: { TLS_SIG_ECDSA, TLS_HASH_SHA384, SIGN_ECDSA_WITH_SHA384_DER },
! 1220: { TLS_SIG_ECDSA, TLS_HASH_SHA512, SIGN_ECDSA_WITH_SHA512_DER },
! 1221: { TLS_SIG_ECDSA, TLS_HASH_SHA1, SIGN_ECDSA_WITH_SHA1_DER },
! 1222: { TLS_SIG_RSA, TLS_HASH_SHA256, SIGN_RSA_EMSA_PKCS1_SHA2_256 },
! 1223: { TLS_SIG_RSA, TLS_HASH_SHA384, SIGN_RSA_EMSA_PKCS1_SHA2_384 },
! 1224: { TLS_SIG_RSA, TLS_HASH_SHA512, SIGN_RSA_EMSA_PKCS1_SHA2_512 },
! 1225: { TLS_SIG_RSA, TLS_HASH_SHA224, SIGN_RSA_EMSA_PKCS1_SHA2_224 },
! 1226: { TLS_SIG_RSA, TLS_HASH_SHA1, SIGN_RSA_EMSA_PKCS1_SHA1 },
! 1227: { TLS_SIG_RSA, TLS_HASH_MD5, SIGN_RSA_EMSA_PKCS1_MD5 },
! 1228: };
! 1229:
! 1230: METHOD(tls_crypto_t, get_signature_algorithms, void,
! 1231: private_tls_crypto_t *this, bio_writer_t *writer)
! 1232: {
! 1233: bio_writer_t *supported;
! 1234: int i;
! 1235:
! 1236: supported = bio_writer_create(32);
! 1237:
! 1238: for (i = 0; i < countof(schemes); i++)
! 1239: {
! 1240: if (schemes[i].sig == TLS_SIG_RSA && !this->rsa)
! 1241: {
! 1242: continue;
! 1243: }
! 1244: if (schemes[i].sig == TLS_SIG_ECDSA && !this->ecdsa)
! 1245: {
! 1246: continue;
! 1247: }
! 1248: if (!lib->plugins->has_feature(lib->plugins,
! 1249: PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i].scheme)))
! 1250: {
! 1251: continue;
! 1252: }
! 1253: supported->write_uint8(supported, schemes[i].hash);
! 1254: supported->write_uint8(supported, schemes[i].sig);
! 1255: }
! 1256:
! 1257: supported->wrap16(supported);
! 1258: writer->write_data16(writer, supported->get_buf(supported));
! 1259: supported->destroy(supported);
! 1260: }
! 1261:
! 1262: /**
! 1263: * Get the signature scheme from a TLS 1.2 hash/sig algorithm pair
! 1264: */
! 1265: static signature_scheme_t hashsig_to_scheme(key_type_t type,
! 1266: tls_hash_algorithm_t hash,
! 1267: tls_signature_algorithm_t sig)
! 1268: {
! 1269: int i;
! 1270:
! 1271: if ((sig == TLS_SIG_RSA && type == KEY_RSA) ||
! 1272: (sig == TLS_SIG_ECDSA && type == KEY_ECDSA))
! 1273: {
! 1274: for (i = 0; i < countof(schemes); i++)
! 1275: {
! 1276: if (schemes[i].sig == sig && schemes[i].hash == hash)
! 1277: {
! 1278: return schemes[i].scheme;
! 1279: }
! 1280: }
! 1281: }
! 1282: return SIGN_UNKNOWN;
! 1283: }
! 1284:
! 1285: /**
! 1286: * Mapping groups to TLS named curves
! 1287: */
! 1288: static struct {
! 1289: diffie_hellman_group_t group;
! 1290: tls_named_curve_t curve;
! 1291: } curves[] = {
! 1292: { ECP_256_BIT, TLS_SECP256R1},
! 1293: { ECP_384_BIT, TLS_SECP384R1},
! 1294: { ECP_521_BIT, TLS_SECP521R1},
! 1295: { ECP_224_BIT, TLS_SECP224R1},
! 1296: { ECP_192_BIT, TLS_SECP192R1},
! 1297: };
! 1298:
! 1299: CALLBACK(group_filter, bool,
! 1300: void *null, enumerator_t *orig, va_list args)
! 1301: {
! 1302: diffie_hellman_group_t group, *out;
! 1303: tls_named_curve_t *curve;
! 1304: char *plugin;
! 1305: int i;
! 1306:
! 1307: VA_ARGS_VGET(args, out, curve);
! 1308:
! 1309: while (orig->enumerate(orig, &group, &plugin))
! 1310: {
! 1311: for (i = 0; i < countof(curves); i++)
! 1312: {
! 1313: if (curves[i].group == group)
! 1314: {
! 1315: if (out)
! 1316: {
! 1317: *out = curves[i].group;
! 1318: }
! 1319: if (curve)
! 1320: {
! 1321: *curve = curves[i].curve;
! 1322: }
! 1323: return TRUE;
! 1324: }
! 1325: }
! 1326: }
! 1327: return FALSE;
! 1328: }
! 1329:
! 1330: METHOD(tls_crypto_t, create_ec_enumerator, enumerator_t*,
! 1331: private_tls_crypto_t *this)
! 1332: {
! 1333: return enumerator_create_filter(
! 1334: lib->crypto->create_dh_enumerator(lib->crypto),
! 1335: group_filter, NULL, NULL);
! 1336: }
! 1337:
! 1338: METHOD(tls_crypto_t, set_protection, void,
! 1339: private_tls_crypto_t *this, tls_protection_t *protection)
! 1340: {
! 1341: this->protection = protection;
! 1342: }
! 1343:
! 1344: METHOD(tls_crypto_t, append_handshake, void,
! 1345: private_tls_crypto_t *this, tls_handshake_type_t type, chunk_t data)
! 1346: {
! 1347: uint32_t header;
! 1348:
! 1349: /* reconstruct handshake header */
! 1350: header = htonl(data.len | (type << 24));
! 1351: this->handshake = chunk_cat("mcc", this->handshake,
! 1352: chunk_from_thing(header), data);
! 1353: }
! 1354:
! 1355: /**
! 1356: * Create a hash using the suites HASH algorithm
! 1357: */
! 1358: static bool hash_data(private_tls_crypto_t *this, chunk_t data, chunk_t *hash)
! 1359: {
! 1360: if (this->tls->get_version(this->tls) >= TLS_1_2)
! 1361: {
! 1362: hasher_t *hasher;
! 1363: suite_algs_t *alg;
! 1364:
! 1365: alg = find_suite(this->suite);
! 1366: if (!alg)
! 1367: {
! 1368: return FALSE;
! 1369: }
! 1370: hasher = lib->crypto->create_hasher(lib->crypto, alg->hash);
! 1371: if (!hasher || !hasher->allocate_hash(hasher, data, hash))
! 1372: {
! 1373: DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, alg->hash);
! 1374: DESTROY_IF(hasher);
! 1375: return FALSE;
! 1376: }
! 1377: hasher->destroy(hasher);
! 1378: }
! 1379: else
! 1380: {
! 1381: hasher_t *md5, *sha1;
! 1382: char buf[HASH_SIZE_MD5 + HASH_SIZE_SHA1];
! 1383:
! 1384: md5 = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
! 1385: if (!md5 || !md5->get_hash(md5, data, buf))
! 1386: {
! 1387: DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_MD5);
! 1388: DESTROY_IF(md5);
! 1389: return FALSE;
! 1390: }
! 1391: md5->destroy(md5);
! 1392: sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
! 1393: if (!sha1 || !sha1->get_hash(sha1, data, buf + HASH_SIZE_MD5))
! 1394: {
! 1395: DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_SHA1);
! 1396: DESTROY_IF(sha1);
! 1397: return FALSE;
! 1398: }
! 1399: sha1->destroy(sha1);
! 1400:
! 1401: *hash = chunk_clone(chunk_from_thing(buf));
! 1402: }
! 1403: return TRUE;
! 1404: }
! 1405:
! 1406: METHOD(tls_crypto_t, sign, bool,
! 1407: private_tls_crypto_t *this, private_key_t *key, bio_writer_t *writer,
! 1408: chunk_t data, chunk_t hashsig)
! 1409: {
! 1410: if (this->tls->get_version(this->tls) >= TLS_1_2)
! 1411: {
! 1412: const chunk_t hashsig_def = chunk_from_chars(
! 1413: TLS_HASH_SHA1, TLS_SIG_RSA, TLS_HASH_SHA1, TLS_SIG_ECDSA);
! 1414: signature_scheme_t scheme;
! 1415: bio_reader_t *reader;
! 1416: uint8_t hash, alg;
! 1417: chunk_t sig;
! 1418: bool done = FALSE;
! 1419:
! 1420: if (!hashsig.len)
! 1421: { /* fallback if none given */
! 1422: hashsig = hashsig_def;
! 1423: }
! 1424: reader = bio_reader_create(hashsig);
! 1425: while (reader->remaining(reader) >= 2)
! 1426: {
! 1427: if (reader->read_uint8(reader, &hash) &&
! 1428: reader->read_uint8(reader, &alg))
! 1429: {
! 1430: scheme = hashsig_to_scheme(key->get_type(key), hash, alg);
! 1431: if (scheme != SIGN_UNKNOWN &&
! 1432: key->sign(key, scheme, NULL, data, &sig))
! 1433: {
! 1434: done = TRUE;
! 1435: break;
! 1436: }
! 1437: }
! 1438: }
! 1439: reader->destroy(reader);
! 1440: if (!done)
! 1441: {
! 1442: DBG1(DBG_TLS, "none of the proposed hash/sig algorithms supported");
! 1443: return FALSE;
! 1444: }
! 1445: DBG2(DBG_TLS, "created signature with %N/%N",
! 1446: tls_hash_algorithm_names, hash, tls_signature_algorithm_names, alg);
! 1447: writer->write_uint8(writer, hash);
! 1448: writer->write_uint8(writer, alg);
! 1449: writer->write_data16(writer, sig);
! 1450: free(sig.ptr);
! 1451: }
! 1452: else
! 1453: {
! 1454: chunk_t sig, hash;
! 1455: bool done;
! 1456:
! 1457: switch (key->get_type(key))
! 1458: {
! 1459: case KEY_RSA:
! 1460: if (!hash_data(this, data, &hash))
! 1461: {
! 1462: return FALSE;
! 1463: }
! 1464: done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash,
! 1465: &sig);
! 1466: free(hash.ptr);
! 1467: if (!done)
! 1468: {
! 1469: return FALSE;
! 1470: }
! 1471: DBG2(DBG_TLS, "created signature with MD5+SHA1/RSA");
! 1472: break;
! 1473: case KEY_ECDSA:
! 1474: if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data, &sig))
! 1475: {
! 1476: return FALSE;
! 1477: }
! 1478: DBG2(DBG_TLS, "created signature with SHA1/ECDSA");
! 1479: break;
! 1480: default:
! 1481: return FALSE;
! 1482: }
! 1483: writer->write_data16(writer, sig);
! 1484: free(sig.ptr);
! 1485: }
! 1486: return TRUE;
! 1487: }
! 1488:
! 1489: METHOD(tls_crypto_t, verify, bool,
! 1490: private_tls_crypto_t *this, public_key_t *key, bio_reader_t *reader,
! 1491: chunk_t data)
! 1492: {
! 1493: if (this->tls->get_version(this->tls) >= TLS_1_2)
! 1494: {
! 1495: signature_scheme_t scheme = SIGN_UNKNOWN;
! 1496: uint8_t hash, alg;
! 1497: chunk_t sig;
! 1498:
! 1499: if (!reader->read_uint8(reader, &hash) ||
! 1500: !reader->read_uint8(reader, &alg) ||
! 1501: !reader->read_data16(reader, &sig))
! 1502: {
! 1503: DBG1(DBG_TLS, "received invalid signature");
! 1504: return FALSE;
! 1505: }
! 1506: scheme = hashsig_to_scheme(key->get_type(key), hash, alg);
! 1507: if (scheme == SIGN_UNKNOWN)
! 1508: {
! 1509: DBG1(DBG_TLS, "signature algorithms %N/%N not supported",
! 1510: tls_hash_algorithm_names, hash,
! 1511: tls_signature_algorithm_names, alg);
! 1512: return FALSE;
! 1513: }
! 1514: if (!key->verify(key, scheme, NULL, data, sig))
! 1515: {
! 1516: return FALSE;
! 1517: }
! 1518: DBG2(DBG_TLS, "verified signature with %N/%N",
! 1519: tls_hash_algorithm_names, hash, tls_signature_algorithm_names, alg);
! 1520: }
! 1521: else
! 1522: {
! 1523: chunk_t sig, hash;
! 1524: bool done;
! 1525:
! 1526: if (!reader->read_data16(reader, &sig))
! 1527: {
! 1528: DBG1(DBG_TLS, "received invalid signature");
! 1529: return FALSE;
! 1530: }
! 1531: switch (key->get_type(key))
! 1532: {
! 1533: case KEY_RSA:
! 1534: if (!hash_data(this, data, &hash))
! 1535: {
! 1536: return FALSE;
! 1537: }
! 1538: done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash,
! 1539: sig);
! 1540: free(hash.ptr);
! 1541: if (!done)
! 1542: {
! 1543: return FALSE;
! 1544: }
! 1545: DBG2(DBG_TLS, "verified signature data with MD5+SHA1/RSA");
! 1546: break;
! 1547: case KEY_ECDSA:
! 1548: if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data,
! 1549: sig))
! 1550: {
! 1551: return FALSE;
! 1552: }
! 1553: DBG2(DBG_TLS, "verified signature with SHA1/ECDSA");
! 1554: break;
! 1555: default:
! 1556: return FALSE;
! 1557: }
! 1558: }
! 1559: return TRUE;
! 1560: }
! 1561:
! 1562: METHOD(tls_crypto_t, sign_handshake, bool,
! 1563: private_tls_crypto_t *this, private_key_t *key, bio_writer_t *writer,
! 1564: chunk_t hashsig)
! 1565: {
! 1566: return sign(this, key, writer, this->handshake, hashsig);
! 1567: }
! 1568:
! 1569: METHOD(tls_crypto_t, verify_handshake, bool,
! 1570: private_tls_crypto_t *this, public_key_t *key, bio_reader_t *reader)
! 1571: {
! 1572: return verify(this, key, reader, this->handshake);
! 1573: }
! 1574:
! 1575: METHOD(tls_crypto_t, calculate_finished, bool,
! 1576: private_tls_crypto_t *this, char *label, char out[12])
! 1577: {
! 1578: chunk_t seed;
! 1579:
! 1580: if (!this->prf)
! 1581: {
! 1582: return FALSE;
! 1583: }
! 1584: if (!hash_data(this, this->handshake, &seed))
! 1585: {
! 1586: return FALSE;
! 1587: }
! 1588: if (!this->prf->get_bytes(this->prf, label, seed, 12, out))
! 1589: {
! 1590: free(seed.ptr);
! 1591: return FALSE;
! 1592: }
! 1593: free(seed.ptr);
! 1594: return TRUE;
! 1595: }
! 1596:
! 1597: /**
! 1598: * Derive master secret from premaster, optionally save session
! 1599: */
! 1600: static bool derive_master(private_tls_crypto_t *this, chunk_t premaster,
! 1601: chunk_t session, identification_t *id,
! 1602: chunk_t client_random, chunk_t server_random)
! 1603: {
! 1604: char master[48];
! 1605: chunk_t seed;
! 1606:
! 1607: /* derive master secret */
! 1608: seed = chunk_cata("cc", client_random, server_random);
! 1609:
! 1610: if (!this->prf->set_key(this->prf, premaster) ||
! 1611: !this->prf->get_bytes(this->prf, "master secret", seed,
! 1612: sizeof(master), master) ||
! 1613: !this->prf->set_key(this->prf, chunk_from_thing(master)))
! 1614: {
! 1615: return FALSE;
! 1616: }
! 1617:
! 1618: if (this->cache && session.len)
! 1619: {
! 1620: this->cache->create(this->cache, session, id, chunk_from_thing(master),
! 1621: this->suite);
! 1622: }
! 1623: memwipe(master, sizeof(master));
! 1624: return TRUE;
! 1625: }
! 1626:
! 1627: /**
! 1628: * Expand key material from master secret
! 1629: */
! 1630: static bool expand_keys(private_tls_crypto_t *this,
! 1631: chunk_t client_random, chunk_t server_random)
! 1632: {
! 1633: chunk_t seed, block;
! 1634: chunk_t cw_mac, cw, cw_iv;
! 1635: chunk_t sw_mac, sw, sw_iv;
! 1636: int mklen, eklen, ivlen;
! 1637:
! 1638: if (!this->aead_in || !this->aead_out)
! 1639: {
! 1640: return FALSE;
! 1641: }
! 1642:
! 1643: /* derive key block for key expansion */
! 1644: mklen = this->aead_in->get_mac_key_size(this->aead_in);
! 1645: eklen = this->aead_in->get_encr_key_size(this->aead_in);
! 1646: ivlen = this->aead_in->get_iv_size(this->aead_in);
! 1647: seed = chunk_cata("cc", server_random, client_random);
! 1648: block = chunk_alloca((mklen + eklen + ivlen) * 2);
! 1649: if (!this->prf->get_bytes(this->prf, "key expansion", seed,
! 1650: block.len, block.ptr))
! 1651: {
! 1652: return FALSE;
! 1653: }
! 1654:
! 1655: /* client/server write signer keys */
! 1656: cw_mac = chunk_create(block.ptr, mklen);
! 1657: block = chunk_skip(block, mklen);
! 1658: sw_mac = chunk_create(block.ptr, mklen);
! 1659: block = chunk_skip(block, mklen);
! 1660:
! 1661: /* client/server write encryption keys */
! 1662: cw = chunk_create(block.ptr, eklen);
! 1663: block = chunk_skip(block, eklen);
! 1664: sw = chunk_create(block.ptr, eklen);
! 1665: block = chunk_skip(block, eklen);
! 1666:
! 1667: /* client/server write IV; TLS 1.0 implicit IVs or AEAD salt, if any */
! 1668: cw_iv = chunk_create(block.ptr, ivlen);
! 1669: block = chunk_skip(block, ivlen);
! 1670: sw_iv = chunk_create(block.ptr, ivlen);
! 1671: block = chunk_skip(block, ivlen);
! 1672:
! 1673: if (this->tls->is_server(this->tls))
! 1674: {
! 1675: if (!this->aead_in->set_keys(this->aead_in, cw_mac, cw, cw_iv) ||
! 1676: !this->aead_out->set_keys(this->aead_out, sw_mac, sw, sw_iv))
! 1677: {
! 1678: return FALSE;
! 1679: }
! 1680: }
! 1681: else
! 1682: {
! 1683: if (!this->aead_out->set_keys(this->aead_out, cw_mac, cw, cw_iv) ||
! 1684: !this->aead_in->set_keys(this->aead_in, sw_mac, sw, sw_iv))
! 1685: {
! 1686: return FALSE;
! 1687: }
! 1688: }
! 1689:
! 1690: /* EAP-MSK */
! 1691: if (this->msk_label)
! 1692: {
! 1693: seed = chunk_cata("cc", client_random, server_random);
! 1694: this->msk = chunk_alloc(64);
! 1695: if (!this->prf->get_bytes(this->prf, this->msk_label, seed,
! 1696: this->msk.len, this->msk.ptr))
! 1697: {
! 1698: return FALSE;
! 1699: }
! 1700: }
! 1701: return TRUE;
! 1702: }
! 1703:
! 1704: METHOD(tls_crypto_t, derive_secrets, bool,
! 1705: private_tls_crypto_t *this, chunk_t premaster, chunk_t session,
! 1706: identification_t *id, chunk_t client_random, chunk_t server_random)
! 1707: {
! 1708: return derive_master(this, premaster, session, id,
! 1709: client_random, server_random) &&
! 1710: expand_keys(this, client_random, server_random);
! 1711: }
! 1712:
! 1713: METHOD(tls_crypto_t, resume_session, tls_cipher_suite_t,
! 1714: private_tls_crypto_t *this, chunk_t session, identification_t *id,
! 1715: chunk_t client_random, chunk_t server_random)
! 1716: {
! 1717: chunk_t master;
! 1718:
! 1719: if (this->cache && session.len)
! 1720: {
! 1721: this->suite = this->cache->lookup(this->cache, session, id, &master);
! 1722: if (this->suite)
! 1723: {
! 1724: this->suite = select_cipher_suite(this, &this->suite, 1, KEY_ANY);
! 1725: if (this->suite)
! 1726: {
! 1727: if (!this->prf->set_key(this->prf, master) ||
! 1728: !expand_keys(this, client_random, server_random))
! 1729: {
! 1730: this->suite = 0;
! 1731: }
! 1732: }
! 1733: chunk_clear(&master);
! 1734: }
! 1735: return this->suite;
! 1736: }
! 1737: return 0;
! 1738: }
! 1739:
! 1740: METHOD(tls_crypto_t, get_session, chunk_t,
! 1741: private_tls_crypto_t *this, identification_t *server)
! 1742: {
! 1743: if (this->cache)
! 1744: {
! 1745: return this->cache->check(this->cache, server);
! 1746: }
! 1747: return chunk_empty;
! 1748: }
! 1749:
! 1750: METHOD(tls_crypto_t, change_cipher, void,
! 1751: private_tls_crypto_t *this, bool inbound)
! 1752: {
! 1753: if (this->protection)
! 1754: {
! 1755: if (inbound)
! 1756: {
! 1757: this->protection->set_cipher(this->protection, TRUE, this->aead_in);
! 1758: }
! 1759: else
! 1760: {
! 1761: this->protection->set_cipher(this->protection, FALSE, this->aead_out);
! 1762: }
! 1763: }
! 1764: }
! 1765:
! 1766: METHOD(tls_crypto_t, get_eap_msk, chunk_t,
! 1767: private_tls_crypto_t *this)
! 1768: {
! 1769: return this->msk;
! 1770: }
! 1771:
! 1772: METHOD(tls_crypto_t, destroy, void,
! 1773: private_tls_crypto_t *this)
! 1774: {
! 1775: destroy_aeads(this);
! 1776: free(this->handshake.ptr);
! 1777: free(this->msk.ptr);
! 1778: DESTROY_IF(this->prf);
! 1779: free(this->suites);
! 1780: free(this);
! 1781: }
! 1782:
! 1783: /**
! 1784: * See header
! 1785: */
! 1786: tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
! 1787: {
! 1788: private_tls_crypto_t *this;
! 1789: enumerator_t *enumerator;
! 1790: credential_type_t type;
! 1791: int subtype;
! 1792:
! 1793: INIT(this,
! 1794: .public = {
! 1795: .get_cipher_suites = _get_cipher_suites,
! 1796: .select_cipher_suite = _select_cipher_suite,
! 1797: .get_dh_group = _get_dh_group,
! 1798: .get_signature_algorithms = _get_signature_algorithms,
! 1799: .create_ec_enumerator = _create_ec_enumerator,
! 1800: .set_protection = _set_protection,
! 1801: .append_handshake = _append_handshake,
! 1802: .sign = _sign,
! 1803: .verify = _verify,
! 1804: .sign_handshake = _sign_handshake,
! 1805: .verify_handshake = _verify_handshake,
! 1806: .calculate_finished = _calculate_finished,
! 1807: .derive_secrets = _derive_secrets,
! 1808: .resume_session = _resume_session,
! 1809: .get_session = _get_session,
! 1810: .change_cipher = _change_cipher,
! 1811: .get_eap_msk = _get_eap_msk,
! 1812: .destroy = _destroy,
! 1813: },
! 1814: .tls = tls,
! 1815: .cache = cache,
! 1816: );
! 1817:
! 1818: enumerator = lib->creds->create_builder_enumerator(lib->creds);
! 1819: while (enumerator->enumerate(enumerator, &type, &subtype))
! 1820: {
! 1821: if (type == CRED_PUBLIC_KEY)
! 1822: {
! 1823: switch (subtype)
! 1824: {
! 1825: case KEY_RSA:
! 1826: this->rsa = TRUE;
! 1827: break;
! 1828: case KEY_ECDSA:
! 1829: this->ecdsa = TRUE;
! 1830: break;
! 1831: default:
! 1832: break;
! 1833: }
! 1834: }
! 1835: }
! 1836: enumerator->destroy(enumerator);
! 1837:
! 1838: switch (tls->get_purpose(tls))
! 1839: {
! 1840: case TLS_PURPOSE_EAP_TLS:
! 1841: /* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */
! 1842: this->msk_label = "client EAP encryption";
! 1843: build_cipher_suite_list(this, FALSE);
! 1844: break;
! 1845: case TLS_PURPOSE_EAP_PEAP:
! 1846: this->msk_label = "client EAP encryption";
! 1847: build_cipher_suite_list(this, TRUE);
! 1848: break;
! 1849: case TLS_PURPOSE_EAP_TTLS:
! 1850: /* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */
! 1851: this->msk_label = "ttls keying material";
! 1852: build_cipher_suite_list(this, TRUE);
! 1853: break;
! 1854: case TLS_PURPOSE_GENERIC:
! 1855: build_cipher_suite_list(this, TRUE);
! 1856: break;
! 1857: case TLS_PURPOSE_GENERIC_NULLOK:
! 1858: build_cipher_suite_list(this, FALSE);
! 1859: break;
! 1860: default:
! 1861: break;
! 1862: }
! 1863: return &this->public;
! 1864: }
! 1865:
! 1866: /**
! 1867: * See header.
! 1868: */
! 1869: int tls_crypto_get_supported_suites(bool null, tls_cipher_suite_t **out)
! 1870: {
! 1871: suite_algs_t suites[countof(suite_algs)];
! 1872: int count = countof(suite_algs), i;
! 1873:
! 1874: /* initialize copy of suite list */
! 1875: for (i = 0; i < count; i++)
! 1876: {
! 1877: suites[i] = suite_algs[i];
! 1878: }
! 1879:
! 1880: filter_unsupported_suites(suites, &count);
! 1881:
! 1882: if (!null)
! 1883: {
! 1884: filter_null_suites(suites, &count);
! 1885: }
! 1886:
! 1887: if (out)
! 1888: {
! 1889: *out = calloc(count, sizeof(tls_cipher_suite_t));
! 1890: for (i = 0; i < count; i++)
! 1891: {
! 1892: (*out)[i] = suites[i].suite;
! 1893: }
! 1894: }
! 1895: return count;
! 1896: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tls_crypto.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtls