Annotation of embedaddon/strongswan/src/libtls/tls_crypto.c, revision 1.1.1.2
1.1 misho 1: /*
1.1.1.2 ! misho 2: * Copyright (C) 2020 Tobias Brunner
! 3: * Copyright (C) 2020-2021 Pascal Knecht
! 4: * Copyright (C) 2020 Méline Sieber
! 5: * HSR Hochschule fuer Technik Rapperswil
! 6: *
1.1 misho 7: * Copyright (C) 2010-2014 Martin Willi
8: * Copyright (C) 2010-2014 revosec AG
9: *
10: * This program is free software; you can redistribute it and/or modify it
11: * under the terms of the GNU General Public License as published by the
12: * Free Software Foundation; either version 2 of the License, or (at your
13: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
14: *
15: * This program is distributed in the hope that it will be useful, but
16: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
17: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18: * for more details.
19: */
20:
21: #include "tls_crypto.h"
1.1.1.2 ! misho 22: #include "tls_hkdf.h"
1.1 misho 23:
24: #include <utils/debug.h>
25: #include <plugins/plugin_feature.h>
1.1.1.2 ! misho 26: #include <collections/hashtable.h>
! 27: #include <collections/array.h>
1.1 misho 28:
29: ENUM_BEGIN(tls_cipher_suite_names, TLS_NULL_WITH_NULL_NULL,
30: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
31: "TLS_NULL_WITH_NULL_NULL",
32: "TLS_RSA_WITH_NULL_MD5",
33: "TLS_RSA_WITH_NULL_SHA",
34: "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
35: "TLS_RSA_WITH_RC4_128_MD5",
36: "TLS_RSA_WITH_RC4_128_SHA",
37: "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
38: "TLS_RSA_WITH_IDEA_CBC_SHA",
39: "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
40: "TLS_RSA_WITH_DES_CBC_SHA",
41: "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
42: "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
43: "TLS_DH_DSS_WITH_DES_CBC_SHA",
44: "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
45: "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
46: "TLS_DH_RSA_WITH_DES_CBC_SHA",
47: "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
48: "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
49: "TLS_DHE_DSS_WITH_DES_CBC_SHA",
50: "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
51: "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
52: "TLS_DHE_RSA_WITH_DES_CBC_SHA",
53: "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
54: "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
55: "TLS_DH_anon_WITH_RC4_128_MD5",
56: "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
57: "TLS_DH_anon_WITH_DES_CBC_SHA",
58: "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA");
59: ENUM_NEXT(tls_cipher_suite_names, TLS_KRB5_WITH_DES_CBC_SHA,
60: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
61: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
62: "TLS_KRB5_WITH_DES_CBC_SHA",
63: "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
64: "TLS_KRB5_WITH_RC4_128_SHA",
65: "TLS_KRB5_WITH_IDEA_CBC_SHA",
66: "TLS_KRB5_WITH_DES_CBC_MD5",
67: "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
68: "TLS_KRB5_WITH_RC4_128_MD5",
69: "TLS_KRB5_WITH_IDEA_CBC_MD5",
70: "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
71: "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
72: "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
73: "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
74: "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
75: "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
76: "TLS_PSK_WITH_NULL_SHA",
77: "TLS_DHE_PSK_WITH_NULL_SHA",
78: "TLS_RSA_PSK_WITH_NULL_SHA",
79: "TLS_RSA_WITH_AES_128_CBC_SHA",
80: "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
81: "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
82: "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
83: "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
84: "TLS_DH_anon_WITH_AES_128_CBC_SHA",
85: "TLS_RSA_WITH_AES_256_CBC_SHA",
86: "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
87: "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
88: "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
89: "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
90: "TLS_DH_anon_WITH_AES_256_CBC_SHA",
91: "TLS_RSA_WITH_NULL_SHA256",
92: "TLS_RSA_WITH_AES_128_CBC_SHA256",
93: "TLS_RSA_WITH_AES_256_CBC_SHA256",
94: "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
95: "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
96: "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
97: "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
98: "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
99: "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
100: "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
101: "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
102: "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA");
103: ENUM_NEXT(tls_cipher_suite_names, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
104: TLS_DH_anon_WITH_AES_256_CBC_SHA256,
105: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
106: "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
107: "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
108: "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
109: "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
110: "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
111: "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
112: "TLS_DH_anon_WITH_AES_256_CBC_SHA256");
113: ENUM_NEXT(tls_cipher_suite_names, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
114: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,
115: TLS_DH_anon_WITH_AES_256_CBC_SHA256,
116: "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
117: "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
118: "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
119: "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
120: "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
121: "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
122: "TLS_PSK_WITH_RC4_128_SHA",
123: "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
124: "TLS_PSK_WITH_AES_128_CBC_SHA",
125: "TLS_PSK_WITH_AES_256_CBC_SHA",
126: "TLS_DHE_PSK_WITH_RC4_128_SHA",
127: "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
128: "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
129: "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
130: "TLS_RSA_PSK_WITH_RC4_128_SHA",
131: "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
132: "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
133: "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
134: "TLS_RSA_WITH_SEED_CBC_SHA",
135: "TLS_DH_DSS_WITH_SEED_CBC_SHA",
136: "TLS_DH_RSA_WITH_SEED_CBC_SHA",
137: "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
138: "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
139: "TLS_DH_anon_WITH_SEED_CBC_SHA",
140: "TLS_RSA_WITH_AES_128_GCM_SHA256",
141: "TLS_RSA_WITH_AES_256_GCM_SHA384",
142: "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
143: "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
144: "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
145: "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
146: "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
147: "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
148: "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
149: "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
150: "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
151: "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
152: "TLS_PSK_WITH_AES_128_GCM_SHA256",
153: "TLS_PSK_WITH_AES_256_GCM_SHA384",
154: "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
155: "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
156: "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
157: "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
158: "TLS_PSK_WITH_AES_128_CBC_SHA256",
159: "TLS_PSK_WITH_AES_256_CBC_SHA384",
160: "TLS_PSK_WITH_NULL_SHA256",
161: "TLS_PSK_WITH_NULL_SHA384",
162: "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
163: "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
164: "TLS_DHE_PSK_WITH_NULL_SHA256",
165: "TLS_DHE_PSK_WITH_NULL_SHA384",
166: "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
167: "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
168: "TLS_RSA_PSK_WITH_NULL_SHA256",
169: "TLS_RSA_PSK_WITH_NULL_SHA384",
170: "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
171: "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
172: "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
173: "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
174: "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
175: "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
176: "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
177: "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
178: "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
179: "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
180: "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
181: "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256");
182: ENUM_NEXT(tls_cipher_suite_names, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
183: TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
184: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,
185: "TLS_EMPTY_RENEGOTIATION_INFO_SCSV");
1.1.1.2 ! misho 186: ENUM_NEXT(tls_cipher_suite_names, TLS_AES_128_GCM_SHA256,
! 187: TLS_AES_128_CCM_8_SHA256,
! 188: TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
! 189: "TLS_AES_128_GCM_SHA256",
! 190: "TLS_AES_256_GCM_SHA384",
! 191: "TLS_CHACHA20_POLY1305_SHA256",
! 192: "TLS_AES_128_CCM_SHA256",
! 193: "TLS_AES_128_CCM_8_SHA256");
1.1 misho 194: ENUM_NEXT(tls_cipher_suite_names, TLS_ECDH_ECDSA_WITH_NULL_SHA,
195: TLS_ECDHE_PSK_WITH_NULL_SHA384,
1.1.1.2 ! misho 196: TLS_AES_128_CCM_8_SHA256,
1.1 misho 197: "TLS_ECDH_ECDSA_WITH_NULL_SHA",
198: "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
199: "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
200: "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
201: "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
202: "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
203: "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
204: "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
205: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
206: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
207: "TLS_ECDH_RSA_WITH_NULL_SHA",
208: "TLS_ECDH_RSA_WITH_RC4_128_SHA",
209: "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
210: "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
211: "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
212: "TLS_ECDHE_RSA_WITH_NULL_SHA",
213: "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
214: "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
215: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
216: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
217: "TLS_ECDH_anon_WITH_NULL_SHA",
218: "TLS_ECDH_anon_WITH_RC4_128_SHA",
219: "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
220: "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
221: "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
222: "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
223: "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
224: "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
225: "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
226: "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
227: "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
228: "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
229: "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
230: "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
231: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
232: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
233: "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
234: "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
235: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
236: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
237: "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
238: "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
239: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
240: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
241: "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
242: "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
243: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
244: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
245: "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
246: "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
247: "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
248: "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
249: "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
250: "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
251: "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
252: "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
253: "TLS_ECDHE_PSK_WITH_NULL_SHA",
254: "TLS_ECDHE_PSK_WITH_NULL_SHA256",
255: "TLS_ECDHE_PSK_WITH_NULL_SHA384");
1.1.1.2 ! misho 256: ENUM_NEXT(tls_cipher_suite_names, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
! 257: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
! 258: TLS_ECDHE_PSK_WITH_NULL_SHA384,
! 259: "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
! 260: "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
! 261: "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256");
! 262: ENUM_END(tls_cipher_suite_names, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
! 263:
1.1 misho 264:
265: ENUM(tls_hash_algorithm_names, TLS_HASH_NONE, TLS_HASH_SHA512,
266: "NONE",
267: "MD5",
268: "SHA1",
269: "SHA224",
270: "SHA256",
271: "SHA384",
272: "SHA512",
273: );
274:
1.1.1.2 ! misho 275: ENUM_BEGIN(tls_signature_scheme_names,
! 276: TLS_SIG_RSA_PKCS1_SHA1, TLS_SIG_RSA_PKCS1_SHA1,
! 277: "RSA_PKCS1_SHA1");
! 278: ENUM_NEXT(tls_signature_scheme_names,
! 279: TLS_SIG_ECDSA_SHA1, TLS_SIG_ECDSA_SHA1, TLS_SIG_RSA_PKCS1_SHA1,
! 280: "ECDSA_SHA1");
! 281: ENUM_NEXT(tls_signature_scheme_names,
! 282: TLS_SIG_RSA_PKCS1_SHA224, TLS_SIG_ECDSA_SHA224, TLS_SIG_ECDSA_SHA1,
! 283: "RSA_PKCS1_SHA224",
! 284: "DSA_SHA224",
! 285: "ECDSA_SHA224");
! 286: ENUM_NEXT(tls_signature_scheme_names,
! 287: TLS_SIG_RSA_PKCS1_SHA256, TLS_SIG_ECDSA_SHA256, TLS_SIG_ECDSA_SHA224,
! 288: "RSA_PKCS1_SHA256",
! 289: "DSA_SHA256",
! 290: "ECDSA_SHA256");
! 291: ENUM_NEXT(tls_signature_scheme_names,
! 292: TLS_SIG_RSA_PKCS1_SHA384, TLS_SIG_ECDSA_SHA384, TLS_SIG_ECDSA_SHA256,
! 293: "RSA_PKCS1_SHA384",
! 294: "DSA_SHA384",
! 295: "ECDSA_SHA384");
! 296: ENUM_NEXT(tls_signature_scheme_names,
! 297: TLS_SIG_RSA_PKCS1_SHA512, TLS_SIG_ECDSA_SHA512, TLS_SIG_ECDSA_SHA384,
! 298: "RSA_PKCS1_SHA512",
! 299: "DSA_SHA512",
! 300: "ECDSA_SHA512");
! 301: ENUM_NEXT(tls_signature_scheme_names,
! 302: TLS_SIG_RSA_PSS_RSAE_SHA256, TLS_SIG_RSA_PSS_PSS_SHA512, TLS_SIG_ECDSA_SHA512,
! 303: "RSA_PSS_RSAE_SHA256",
! 304: "RSA_PSS_RSAE_SHA384",
! 305: "RSA_PSS_RSAE_SHA512",
! 306: "ED25519",
! 307: "ED448",
! 308: "RSA_PSS_PSS_SHA256",
! 309: "RSA_PSS_PSS_SHA384",
! 310: "RSA_PSS_PSS_SHA512",
1.1 misho 311: );
1.1.1.2 ! misho 312: ENUM_END(tls_signature_scheme_names, TLS_SIG_RSA_PSS_PSS_SHA512);
1.1 misho 313:
314: ENUM_BEGIN(tls_client_certificate_type_names,
315: TLS_RSA_SIGN, TLS_DSS_EPHEMERAL_DH,
316: "RSA_SIGN",
317: "DSA_SIGN",
318: "RSA_FIXED_DH",
319: "DSS_FIXED_DH",
320: "RSA_EPHEMERAL_DH",
321: "DSS_EPHEMERAL_DH");
322: ENUM_NEXT(tls_client_certificate_type_names,
323: TLS_FORTEZZA_DMS, TLS_FORTEZZA_DMS, TLS_DSS_EPHEMERAL_DH,
324: "FORTEZZA_DMS");
325: ENUM_NEXT(tls_client_certificate_type_names,
326: TLS_ECDSA_SIGN, TLS_ECDSA_FIXED_ECDH, TLS_FORTEZZA_DMS,
327: "ECDSA_SIGN",
328: "RSA_FIXED_ECDH",
329: "ECDSA_FIXED_ECDH");
330: ENUM_END(tls_client_certificate_type_names, TLS_ECDSA_FIXED_ECDH);
331:
332: ENUM(tls_ecc_curve_type_names, TLS_ECC_EXPLICIT_PRIME, TLS_ECC_NAMED_CURVE,
333: "EXPLICIT_PRIME",
334: "EXPLICIT_CHAR2",
335: "NAMED_CURVE",
336: );
337:
1.1.1.2 ! misho 338: ENUM_BEGIN(tls_named_group_names, TLS_SECT163K1, TLS_SECP521R1,
1.1 misho 339: "SECT163K1",
340: "SECT163R1",
341: "SECT163R2",
342: "SECT193R1",
343: "SECT193R2",
344: "SECT233K1",
345: "SECT233R1",
346: "SECT239K1",
347: "SECT283K1",
348: "SECT283R1",
349: "SECT409K1",
350: "SECT409R1",
351: "SECT571K1",
352: "SECT571R1",
353: "SECP160K1",
354: "SECP160R1",
355: "SECP160R2",
356: "SECP192K1",
357: "SECP192R1",
358: "SECP224K1",
359: "SECP224R1",
360: "SECP256K1",
361: "SECP256R1",
362: "SECP384R1",
363: "SECP521R1",
364: );
1.1.1.2 ! misho 365: ENUM_NEXT(tls_named_group_names, TLS_CURVE25519, TLS_CURVE448, TLS_SECP521R1,
! 366: "CURVE25519",
! 367: "CURVE448",
! 368: );
! 369: ENUM_NEXT(tls_named_group_names, TLS_FFDHE2048, TLS_FFDHE8192, TLS_CURVE448,
! 370: "FFDHE2048",
! 371: "FFDHE3072",
! 372: "FFDHE4096",
! 373: "FFDHE6144",
! 374: "FFDHE8192",
! 375: );
! 376: ENUM_END(tls_named_group_names, TLS_FFDHE8192);
1.1 misho 377:
378: ENUM(tls_ansi_point_format_names, TLS_ANSI_COMPRESSED, TLS_ANSI_HYBRID_Y,
379: "compressed",
380: "compressed y",
381: "uncompressed",
382: "uncompressed y",
383: "hybrid",
384: "hybrid y",
385: );
386:
387: ENUM(tls_ec_point_format_names,
388: TLS_EC_POINT_UNCOMPRESSED, TLS_EC_POINT_ANSIX962_COMPRESSED_CHAR2,
389: "uncompressed",
390: "ansiX962 compressed prime",
391: "ansiX962 compressed char2",
392: );
393:
394: typedef struct private_tls_crypto_t private_tls_crypto_t;
395:
396: /**
397: * Private data of an tls_crypto_t object.
398: */
399: struct private_tls_crypto_t {
400:
401: /**
402: * Public tls_crypto_t interface.
403: */
404: tls_crypto_t public;
405:
406: /**
407: * Protection layer
408: */
409: tls_protection_t *protection;
410:
411: /**
412: * List of supported/acceptable cipher suites
413: */
414: tls_cipher_suite_t *suites;
415:
416: /**
417: * Number of supported suites
418: */
419: int suite_count;
420:
421: /**
1.1.1.2 ! misho 422: * HKDF for TLS 1.3
! 423: */
! 424: tls_hkdf_t *hkdf;
! 425:
! 426: /**
1.1 misho 427: * Selected cipher suite
428: */
429: tls_cipher_suite_t suite;
430:
431: /**
432: * RSA supported?
433: */
434: bool rsa;
435:
436: /**
437: * ECDSA supported?
438: */
439: bool ecdsa;
440:
441: /**
442: * TLS context
443: */
444: tls_t *tls;
445:
446: /**
447: * TLS session cache
448: */
449: tls_cache_t *cache;
450:
451: /**
452: * All handshake data concatenated
453: */
454: chunk_t handshake;
455:
456: /**
457: * Connection state TLS PRF
458: */
459: tls_prf_t *prf;
460:
461: /**
462: * AEAD transform for inbound traffic
463: */
464: tls_aead_t *aead_in;
465:
466: /**
467: * AEAD transform for outbound traffic
468: */
469: tls_aead_t *aead_out;
470:
471: /**
472: * EAP-[T]TLS MSK
473: */
474: chunk_t msk;
475:
476: /**
477: * ASCII string constant used as seed for EAP-[T]TLS MSK PRF
478: */
479: char *msk_label;
480: };
481:
482: typedef struct {
483: tls_cipher_suite_t suite;
484: key_type_t key;
485: diffie_hellman_group_t dh;
486: hash_algorithm_t hash;
487: pseudo_random_function_t prf;
488: integrity_algorithm_t mac;
489: encryption_algorithm_t encr;
490: size_t encr_size;
1.1.1.2 ! misho 491: tls_version_t min_version;
! 492: tls_version_t max_version;
1.1 misho 493: } suite_algs_t;
494:
495: /**
496: * Mapping suites to a set of algorithms
1.1.1.2 ! misho 497: *
! 498: * The order represents the descending preference of cipher suites and follows
! 499: * this rule set:
! 500: *
! 501: * 1. TLS 1.3 > Legacy TLS
! 502: * 2. AES > CAMELLIA > NULL
! 503: * 3. AES256 > AES128
! 504: * 4. GCM > CBC
! 505: * 5. ECDHE > DHE > NULL
! 506: * 6. ECDSA > RSA
! 507: * 7. SHA384 > SHA256 > SHA1
! 508: *
1.1 misho 509: */
510: static suite_algs_t suite_algs[] = {
1.1.1.2 ! misho 511: /* Cipher suites of TLS 1.3: key exchange and authentication
! 512: * delegated to extensions, therefore KEY_ANY, MODP_NONE, PRF_UNDEFINED */
! 513: { TLS_AES_256_GCM_SHA384,
! 514: KEY_ANY, MODP_NONE,
! 515: HASH_SHA384, PRF_UNDEFINED,
! 516: AUTH_HMAC_SHA2_384_384, ENCR_AES_GCM_ICV16, 32,
! 517: TLS_1_3, TLS_1_3,
! 518: },
! 519: { TLS_AES_128_GCM_SHA256,
! 520: KEY_ANY, MODP_NONE,
! 521: HASH_SHA256, PRF_UNDEFINED,
! 522: AUTH_HMAC_SHA2_256_256, ENCR_AES_GCM_ICV16, 16,
! 523: TLS_1_3, TLS_1_3,
! 524: },
! 525: { TLS_CHACHA20_POLY1305_SHA256,
! 526: KEY_ANY, MODP_NONE,
! 527: HASH_SHA256, PRF_UNDEFINED,
! 528: AUTH_HMAC_SHA2_256_256, ENCR_CHACHA20_POLY1305, 32,
! 529: TLS_1_3, TLS_1_3,
! 530: },
! 531: { TLS_AES_128_CCM_SHA256,
! 532: KEY_ANY, MODP_NONE,
! 533: HASH_SHA256, PRF_UNDEFINED,
! 534: AUTH_HMAC_SHA2_256_256, ENCR_AES_CCM_ICV16, 16,
! 535: TLS_1_3, TLS_1_3,
! 536: },
! 537: { TLS_AES_128_CCM_8_SHA256,
! 538: KEY_ANY, MODP_NONE,
! 539: HASH_SHA256, PRF_UNDEFINED,
! 540: AUTH_HMAC_SHA2_256_256, ENCR_AES_CCM_ICV8, 16,
! 541: TLS_1_3, TLS_1_3,
1.1 misho 542: },
1.1.1.2 ! misho 543: /* Legacy TLS cipher suites */
! 544: { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1.1 misho 545: KEY_ECDSA, ECP_384_BIT,
1.1.1.2 ! misho 546: HASH_SHA384, PRF_HMAC_SHA2_384,
! 547: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32,
! 548: TLS_1_2, TLS_1_2,
1.1 misho 549: },
550: { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
551: KEY_ECDSA, ECP_384_BIT,
552: HASH_SHA384, PRF_HMAC_SHA2_384,
1.1.1.2 ! misho 553: AUTH_HMAC_SHA2_384_384, ENCR_AES_CBC, 32,
! 554: TLS_1_2, TLS_1_2,
! 555: },
! 556: { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
! 557: KEY_ECDSA, ECP_384_BIT,
! 558: HASH_SHA256, PRF_HMAC_SHA2_256,
! 559: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32,
! 560: TLS_1_0, TLS_1_2,
1.1 misho 561: },
562: { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
563: KEY_ECDSA, ECP_256_BIT,
564: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 565: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16,
! 566: TLS_1_2, TLS_1_2,
1.1 misho 567: },
1.1.1.2 ! misho 568: { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
! 569: KEY_ECDSA, ECP_256_BIT,
1.1 misho 570: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 571: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16,
! 572: TLS_1_2, TLS_1_2,
1.1 misho 573: },
1.1.1.2 ! misho 574: { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
! 575: KEY_ECDSA, ECP_256_BIT,
1.1 misho 576: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 577: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16,
! 578: TLS_1_0, TLS_1_2,
1.1 misho 579: },
1.1.1.2 ! misho 580: { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1.1 misho 581: KEY_RSA, ECP_384_BIT,
1.1.1.2 ! misho 582: HASH_SHA384, PRF_HMAC_SHA2_384,
! 583: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32,
! 584: TLS_1_2, TLS_1_2,
1.1 misho 585: },
586: { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
587: KEY_RSA, ECP_384_BIT,
588: HASH_SHA384, PRF_HMAC_SHA2_384,
1.1.1.2 ! misho 589: AUTH_HMAC_SHA2_384_384, ENCR_AES_CBC, 32,
! 590: TLS_1_2, TLS_1_2,
! 591: },
! 592: { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
! 593: KEY_RSA, ECP_384_BIT,
! 594: HASH_SHA256, PRF_HMAC_SHA2_256,
! 595: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32,
! 596: TLS_1_0, TLS_1_2,
1.1 misho 597: },
598: { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
599: KEY_RSA, ECP_256_BIT,
600: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 601: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16,
! 602: TLS_1_2, TLS_1_2,
1.1 misho 603: },
1.1.1.2 ! misho 604: { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
! 605: KEY_RSA, ECP_256_BIT,
1.1 misho 606: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 607: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16,
! 608: TLS_1_2, TLS_1_2,
1.1 misho 609: },
1.1.1.2 ! misho 610: { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
! 611: KEY_RSA, ECP_256_BIT,
1.1 misho 612: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 613: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16,
! 614: TLS_1_0, TLS_1_2,
! 615: },
! 616: { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
! 617: KEY_RSA, MODP_4096_BIT,
! 618: HASH_SHA384, PRF_HMAC_SHA2_384,
! 619: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32,
! 620: TLS_1_2, TLS_1_2,
1.1 misho 621: },
622: { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
623: KEY_RSA, MODP_4096_BIT,
624: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 625: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32,
! 626: TLS_1_2, TLS_1_2,
1.1 misho 627: },
1.1.1.2 ! misho 628: { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
1.1 misho 629: KEY_RSA, MODP_3072_BIT,
630: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 631: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32,
! 632: SSL_3_0, TLS_1_2,
1.1 misho 633: },
1.1.1.2 ! misho 634: { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1.1 misho 635: KEY_RSA, MODP_4096_BIT,
636: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 637: AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32,
! 638: TLS_1_2, TLS_1_2,
1.1 misho 639: },
1.1.1.2 ! misho 640: { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1.1 misho 641: KEY_RSA, MODP_3072_BIT,
642: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 643: AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32,
! 644: SSL_3_0, TLS_1_2,
1.1 misho 645: },
1.1.1.2 ! misho 646: { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1.1 misho 647: KEY_RSA, MODP_3072_BIT,
648: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 649: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16,
! 650: TLS_1_2, TLS_1_2,
1.1 misho 651: },
1.1.1.2 ! misho 652: { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
! 653: KEY_RSA, MODP_3072_BIT,
1.1 misho 654: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 655: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16,
! 656: TLS_1_2, TLS_1_2,
1.1 misho 657: },
1.1.1.2 ! misho 658: { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
1.1 misho 659: KEY_RSA, MODP_2048_BIT,
1.1.1.2 ! misho 660: HASH_SHA256,PRF_HMAC_SHA2_256,
! 661: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16,
! 662: SSL_3_0, TLS_1_2,
1.1 misho 663: },
1.1.1.2 ! misho 664: { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
! 665: KEY_RSA, MODP_3072_BIT,
1.1 misho 666: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 667: AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16,
! 668: TLS_1_2, TLS_1_2,
1.1 misho 669: },
1.1.1.2 ! misho 670: { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
! 671: KEY_RSA, MODP_2048_BIT,
1.1 misho 672: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 673: AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16,
! 674: SSL_3_0, TLS_1_2,
1.1 misho 675: },
1.1.1.2 ! misho 676: { TLS_RSA_WITH_AES_256_GCM_SHA384,
1.1 misho 677: KEY_RSA, MODP_NONE,
1.1.1.2 ! misho 678: HASH_SHA384, PRF_HMAC_SHA2_384,
! 679: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 32,
! 680: TLS_1_2, TLS_1_2,
1.1 misho 681: },
682: { TLS_RSA_WITH_AES_256_CBC_SHA256,
683: KEY_RSA, MODP_NONE,
684: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 685: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32,
! 686: TLS_1_2, TLS_1_2,
1.1 misho 687: },
1.1.1.2 ! misho 688: { TLS_RSA_WITH_AES_256_CBC_SHA,
1.1 misho 689: KEY_RSA, MODP_NONE,
690: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 691: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32,
! 692: SSL_3_0, TLS_1_2,
1.1 misho 693: },
1.1.1.2 ! misho 694: { TLS_RSA_WITH_AES_128_GCM_SHA256,
1.1 misho 695: KEY_RSA, MODP_NONE,
696: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 697: AUTH_UNDEFINED, ENCR_AES_GCM_ICV16, 16,
! 698: TLS_1_2, TLS_1_2,
1.1 misho 699: },
1.1.1.2 ! misho 700: { TLS_RSA_WITH_AES_128_CBC_SHA256,
1.1 misho 701: KEY_RSA, MODP_NONE,
702: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 703: AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16,
! 704: TLS_1_2, TLS_1_2,
1.1 misho 705: },
1.1.1.2 ! misho 706: { TLS_RSA_WITH_AES_128_CBC_SHA,
1.1 misho 707: KEY_RSA, MODP_NONE,
708: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 709: AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16,
! 710: SSL_3_0, TLS_1_2,
1.1 misho 711: },
712: { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
713: KEY_RSA, MODP_NONE,
714: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 715: AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32,
! 716: TLS_1_2, TLS_1_2,
1.1 misho 717: },
1.1.1.2 ! misho 718: { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
! 719: KEY_RSA, MODP_NONE,
1.1 misho 720: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 721: AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32,
! 722: SSL_3_0, TLS_1_2,
1.1 misho 723: },
1.1.1.2 ! misho 724: { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
! 725: KEY_RSA, MODP_NONE,
1.1 misho 726: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 727: AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16,
! 728: TLS_1_2, TLS_1_2,
1.1 misho 729: },
1.1.1.2 ! misho 730: { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
1.1 misho 731: KEY_RSA, MODP_NONE,
732: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 733: AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16,
! 734: SSL_3_0, TLS_1_2,
1.1 misho 735: },
736: { TLS_ECDHE_ECDSA_WITH_NULL_SHA,
737: KEY_ECDSA, ECP_256_BIT,
738: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 739: AUTH_HMAC_SHA1_160, ENCR_NULL, 0,
! 740: TLS_1_0, TLS_1_2,
1.1 misho 741: },
742: { TLS_ECDHE_RSA_WITH_NULL_SHA,
743: KEY_ECDSA, ECP_256_BIT,
744: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 745: AUTH_HMAC_SHA1_160, ENCR_NULL, 0,
! 746: TLS_1_0, TLS_1_2,
1.1 misho 747: },
748: { TLS_RSA_WITH_NULL_SHA256,
749: KEY_RSA, MODP_NONE,
750: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 751: AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0,
! 752: TLS_1_2, TLS_1_2,
1.1 misho 753: },
1.1.1.2 ! misho 754: { TLS_RSA_WITH_NULL_SHA,
1.1 misho 755: KEY_RSA, MODP_NONE,
756: HASH_SHA256, PRF_HMAC_SHA2_256,
1.1.1.2 ! misho 757: AUTH_HMAC_SHA1_160, ENCR_NULL, 0,
! 758: SSL_3_0, TLS_1_2,
1.1 misho 759: },
760: };
761:
762: /**
763: * Look up algorithms by a suite
764: */
765: static suite_algs_t *find_suite(tls_cipher_suite_t suite)
766: {
767: int i;
768:
769: for (i = 0; i < countof(suite_algs); i++)
770: {
771: if (suite_algs[i].suite == suite)
772: {
773: return &suite_algs[i];
774: }
775: }
776: return NULL;
777: }
778:
779: /**
780: * Filter a suite list using a transform enumerator
781: */
782: static void filter_suite(suite_algs_t suites[], int *count, int offset,
783: enumerator_t*(*create_enumerator)(crypto_factory_t*))
784: {
785: const char *plugin_name;
786: suite_algs_t current;
787: int *current_alg, i, remaining = 0;
788: enumerator_t *enumerator;
789:
790: memset(¤t, 0, sizeof(current));
791: current_alg = (int*)((char*)¤t + offset);
792:
793: for (i = 0; i < *count; i++)
794: {
795: if (create_enumerator == lib->crypto->create_crypter_enumerator &&
796: encryption_algorithm_is_aead(suites[i].encr))
797: { /* filtering crypters, but current suite uses an AEAD, apply */
798: suites[remaining] = suites[i];
799: remaining++;
800: continue;
801: }
802: if (create_enumerator == lib->crypto->create_aead_enumerator &&
803: !encryption_algorithm_is_aead(suites[i].encr))
804: { /* filtering AEADs, but current suite doesn't use one, apply */
805: suites[remaining] = suites[i];
806: remaining++;
807: continue;
808: }
809: enumerator = create_enumerator(lib->crypto);
810: while (enumerator->enumerate(enumerator, current_alg, &plugin_name))
811: {
812: if (current.encr && current.encr != suites[i].encr)
813: {
814: if (suites[i].encr != ENCR_NULL)
815: { /* skip, ENCR does not match nor is NULL */
816: continue;
817: }
818: }
819: if (current.mac && current.mac != suites[i].mac)
820: {
821: if (suites[i].mac != AUTH_UNDEFINED)
822: { /* skip, MAC does not match nor is it undefined */
823: continue;
824: }
825: }
826: if (current.prf && current.prf != suites[i].prf)
1.1.1.2 ! misho 827: {
! 828: if (suites[i].prf != PRF_UNDEFINED)
! 829: {
! 830: /* skip, PRF does not match nor is it undefined */
! 831: continue;
! 832: }
1.1 misho 833: }
834: if (current.hash && current.hash != suites[i].hash)
835: { /* skip, hash does not match */
836: continue;
837: }
838: if (current.dh && current.dh != suites[i].dh)
839: {
1.1.1.2 ! misho 840: if (suites[i].dh != MODP_NONE &&
! 841: !(diffie_hellman_group_is_ec(current.dh) &&
! 842: diffie_hellman_group_is_ec(suites[i].dh)))
! 843: { /* skip DH group, does not match nor NONE nor both ECDH */
1.1 misho 844: continue;
845: }
846: }
847: /* suite supported, apply */
848: suites[remaining] = suites[i];
849: remaining++;
850: break;
851: }
852: enumerator->destroy(enumerator);
853: }
854: *count = remaining;
855: }
856:
857: /**
858: * Purge NULL encryption cipher suites from list
859: */
860: static void filter_null_suites(suite_algs_t suites[], int *count)
861: {
862: int i, remaining = 0;
863:
864: for (i = 0; i < *count; i++)
865: {
866: if (suites[i].encr != ENCR_NULL)
867: {
868: suites[remaining] = suites[i];
869: remaining++;
870: }
871: }
872: *count = remaining;
873: }
874:
875: /**
876: * Purge suites using a given key type
877: */
878: static void filter_key_suites(private_tls_crypto_t *this,
879: suite_algs_t suites[], int *count, key_type_t key)
880: {
881: int i, remaining = 0;
882:
883: DBG2(DBG_TLS, "disabling %N suites, no backend found", key_type_names, key);
884: for (i = 0; i < *count; i++)
885: {
886: if (suites[i].key != key)
887: {
888: suites[remaining] = suites[i];
889: remaining++;
890: }
891: }
892: *count = remaining;
893: }
894:
895: /**
896: * Filter suites by key exchange user config
897: */
898: static void filter_key_exchange_config_suites(private_tls_crypto_t *this,
899: suite_algs_t suites[], int *count)
900: {
901: enumerator_t *enumerator;
902: int i, remaining = 0;
903: char *token, *config;
904:
905: config = lib->settings->get_str(lib->settings, "%s.tls.key_exchange", NULL,
906: lib->ns);
907: if (config)
908: {
909: for (i = 0; i < *count; i++)
910: {
911: enumerator = enumerator_create_token(config, ",", " ");
912: while (enumerator->enumerate(enumerator, &token))
913: {
914: if (strcaseeq(token, "ecdhe-ecdsa") &&
915: diffie_hellman_group_is_ec(suites[i].dh) &&
916: suites[i].key == KEY_ECDSA)
917: {
918: suites[remaining++] = suites[i];
919: break;
920: }
921: if (strcaseeq(token, "ecdhe-rsa") &&
922: diffie_hellman_group_is_ec(suites[i].dh) &&
923: suites[i].key == KEY_RSA)
924: {
925: suites[remaining++] = suites[i];
926: break;
927: }
928: if (strcaseeq(token, "dhe-rsa") &&
929: !diffie_hellman_group_is_ec(suites[i].dh) &&
930: suites[i].dh != MODP_NONE &&
931: suites[i].key == KEY_RSA)
932: {
933: suites[remaining++] = suites[i];
934: break;
935: }
936: if (strcaseeq(token, "rsa") &&
937: suites[i].dh == MODP_NONE &&
938: suites[i].key == KEY_RSA)
939: {
940: suites[remaining++] = suites[i];
941: break;
942: }
943: }
944: enumerator->destroy(enumerator);
945: }
946: *count = remaining;
947: }
948: }
949:
950: /**
951: * Filter suites by cipher user config
952: */
953: static void filter_cipher_config_suites(private_tls_crypto_t *this,
954: suite_algs_t suites[], int *count)
955: {
956: enumerator_t *enumerator;
957: int i, remaining = 0;
958: char *token, *config;
959:
960: config = lib->settings->get_str(lib->settings, "%s.tls.cipher", NULL,
961: lib->ns);
962: if (config)
963: {
964: for (i = 0; i < *count; i++)
965: {
966: enumerator = enumerator_create_token(config, ",", " ");
967: while (enumerator->enumerate(enumerator, &token))
968: {
1.1.1.2 ! misho 969: const proposal_token_t *tok;
! 970:
! 971: tok = lib->proposal->get_token(lib->proposal, token);
! 972: if (tok != NULL && tok->type == ENCRYPTION_ALGORITHM &&
! 973: suites[i].encr == tok->algorithm &&
! 974: (!tok->keysize || suites[i].encr_size == tok->keysize / 8))
1.1 misho 975: {
976: suites[remaining++] = suites[i];
977: break;
978: }
979: }
980: enumerator->destroy(enumerator);
981: }
982: *count = remaining;
983: }
984: }
985:
986: /**
987: * Filter suites by mac user config
988: */
989: static void filter_mac_config_suites(private_tls_crypto_t *this,
990: suite_algs_t suites[], int *count)
991: {
992: enumerator_t *enumerator;
993: int i, remaining = 0;
994: char *token, *config;
995:
996: config = lib->settings->get_str(lib->settings, "%s.tls.mac", NULL,
997: lib->ns);
998: if (config)
999: {
1000: for (i = 0; i < *count; i++)
1001: {
1002: enumerator = enumerator_create_token(config, ",", " ");
1003: while (enumerator->enumerate(enumerator, &token))
1004: {
1005: if (strcaseeq(token, "sha1") &&
1006: suites[i].mac == AUTH_HMAC_SHA1_160)
1007: {
1008: suites[remaining++] = suites[i];
1009: break;
1010: }
1011: if (strcaseeq(token, "sha256") &&
1012: suites[i].mac == AUTH_HMAC_SHA2_256_256)
1013: {
1014: suites[remaining++] = suites[i];
1015: break;
1016: }
1017: if (strcaseeq(token, "sha384") &&
1018: suites[i].mac == AUTH_HMAC_SHA2_384_384)
1019: {
1020: suites[remaining++] = suites[i];
1021: break;
1022: }
1023: }
1024: enumerator->destroy(enumerator);
1025: }
1026: *count = remaining;
1027: }
1028: }
1029:
1030: /**
1031: * Filter for specific suites specified in strongswan.conf
1032: */
1033: static void filter_specific_config_suites(private_tls_crypto_t *this,
1034: suite_algs_t suites[], int *count)
1035: {
1036: enumerator_t *enumerator;
1037: int i, remaining = 0, suite;
1038: char *token, *config;
1039:
1040: config = lib->settings->get_str(lib->settings, "%s.tls.suites", NULL,
1041: lib->ns);
1042: if (config)
1043: {
1044: for (i = 0; i < *count; i++)
1045: {
1046: enumerator = enumerator_create_token(config, ",", " ");
1047: while (enumerator->enumerate(enumerator, &token))
1048: {
1049: if (enum_from_name(tls_cipher_suite_names, token, &suite) &&
1050: suite == suites[i].suite)
1051: {
1052: suites[remaining++] = suites[i];
1053: break;
1054: }
1055: }
1056: enumerator->destroy(enumerator);
1057: }
1058: *count = remaining;
1059: }
1060: }
1061:
1062: /**
1.1.1.2 ! misho 1063: * Filter key exchange curves by curve user config
! 1064: */
! 1065: static bool filter_curve_config(tls_named_group_t curve)
! 1066: {
! 1067: enumerator_t *enumerator;
! 1068: char *token, *config;
! 1069:
! 1070: config = lib->settings->get_str(lib->settings, "%s.tls.ke_group", NULL,
! 1071: lib->ns);
! 1072: if (config)
! 1073: {
! 1074: enumerator = enumerator_create_token(config, ",", " ");
! 1075: while (enumerator->enumerate(enumerator, &token))
! 1076: {
! 1077: const proposal_token_t *tok;
! 1078:
! 1079: tok = lib->proposal->get_token(lib->proposal, token);
! 1080: if (tok != NULL && tok->type == DIFFIE_HELLMAN_GROUP &&
! 1081: curve == tls_ec_group_to_curve(tok->algorithm))
! 1082: {
! 1083: enumerator->destroy(enumerator);
! 1084: return TRUE;
! 1085: }
! 1086: }
! 1087: enumerator->destroy(enumerator);
! 1088: }
! 1089: return !config;
! 1090: }
! 1091:
! 1092: /**
1.1 misho 1093: * Filter out unsupported suites on given suite array
1094: */
1095: static void filter_unsupported_suites(suite_algs_t suites[], int *count)
1096: {
1097: /* filter suite list by each algorithm */
1098: filter_suite(suites, count, offsetof(suite_algs_t, encr),
1099: lib->crypto->create_aead_enumerator);
1100: filter_suite(suites, count, offsetof(suite_algs_t, prf),
1101: lib->crypto->create_prf_enumerator);
1.1.1.2 ! misho 1102: filter_suite(suites, count, offsetof(suite_algs_t, encr),
! 1103: lib->crypto->create_crypter_enumerator);
! 1104: filter_suite(suites, count, offsetof(suite_algs_t, mac),
! 1105: lib->crypto->create_signer_enumerator);
1.1 misho 1106: filter_suite(suites, count, offsetof(suite_algs_t, hash),
1107: lib->crypto->create_hasher_enumerator);
1108: filter_suite(suites, count, offsetof(suite_algs_t, dh),
1109: lib->crypto->create_dh_enumerator);
1110: }
1111:
1112: /**
1113: * Initialize the cipher suite list
1114: */
1.1.1.2 ! misho 1115: static void build_cipher_suite_list(private_tls_crypto_t *this)
1.1 misho 1116: {
1117: suite_algs_t suites[countof(suite_algs)];
1.1.1.2 ! misho 1118: tls_version_t min_version, max_version, new_min_version, new_max_version;
! 1119: bool require_encryption = TRUE;
! 1120: int count = 0, i;
1.1 misho 1121:
1.1.1.2 ! misho 1122: switch (this->tls->get_purpose(this->tls))
! 1123: {
! 1124: case TLS_PURPOSE_EAP_TLS:
! 1125: require_encryption = FALSE;
! 1126: break;
! 1127: case TLS_PURPOSE_GENERIC:
! 1128: if (this->tls->get_flags(this->tls) & TLS_FLAG_ENCRYPTION_OPTIONAL)
! 1129: {
! 1130: require_encryption = FALSE;
! 1131: }
! 1132: break;
! 1133: default:
! 1134: break;
! 1135: }
! 1136:
! 1137: min_version = this->tls->get_version_min(this->tls);
! 1138: max_version = this->tls->get_version_max(this->tls);
! 1139:
! 1140: /* copy all suites appropriate for the current min/max versions */
! 1141: for (i = 0; i < countof(suite_algs); i++)
1.1 misho 1142: {
1.1.1.2 ! misho 1143: if (suite_algs[i].min_version <= max_version &&
! 1144: suite_algs[i].max_version >= min_version)
! 1145: {
! 1146: suites[count++] = suite_algs[i];
! 1147: }
1.1 misho 1148: }
1149:
1150: if (require_encryption)
1151: {
1152: filter_null_suites(suites, &count);
1153: }
1154: if (!this->rsa)
1155: {
1156: filter_key_suites(this, suites, &count, KEY_RSA);
1157: }
1158: if (!this->ecdsa)
1159: {
1160: filter_key_suites(this, suites, &count, KEY_ECDSA);
1161: }
1162:
1163: filter_unsupported_suites(suites, &count);
1164:
1165: /* filter suites with strongswan.conf options */
1166: filter_key_exchange_config_suites(this, suites, &count);
1167: filter_cipher_config_suites(this, suites, &count);
1168: filter_mac_config_suites(this, suites, &count);
1169: filter_specific_config_suites(this, suites, &count);
1170:
1171: free(this->suites);
1172: this->suite_count = count;
1173: this->suites = malloc(sizeof(tls_cipher_suite_t) * count);
1174:
1175: DBG2(DBG_TLS, "%d supported TLS cipher suites:", count);
1.1.1.2 ! misho 1176: new_min_version = max_version;
! 1177: new_max_version = min_version;
1.1 misho 1178: for (i = 0; i < count; i++)
1179: {
1180: DBG2(DBG_TLS, " %N", tls_cipher_suite_names, suites[i].suite);
1181: this->suites[i] = suites[i].suite;
1.1.1.2 ! misho 1182:
! 1183: /* set TLS min/max versions appropriate to the final cipher suites */
! 1184: new_max_version = max(new_max_version, suites[i].max_version);
! 1185: new_min_version = min(new_min_version, suites[i].min_version);
! 1186: }
! 1187: new_max_version = min(new_max_version, max_version);
! 1188: new_min_version = max(new_min_version, min_version);
! 1189:
! 1190: if ((min_version != new_min_version || max_version != new_max_version) &&
! 1191: this->tls->set_version(this->tls, new_min_version, new_max_version))
! 1192: {
! 1193: DBG2(DBG_TLS, "TLS min/max %N/%N according to the cipher suites",
! 1194: tls_numeric_version_names, new_min_version,
! 1195: tls_numeric_version_names, new_max_version);
1.1 misho 1196: }
1197: }
1198:
1199: METHOD(tls_crypto_t, get_cipher_suites, int,
1200: private_tls_crypto_t *this, tls_cipher_suite_t **suites)
1201: {
1.1.1.2 ! misho 1202: if (!this->suites)
! 1203: {
! 1204: build_cipher_suite_list(this);
! 1205: }
! 1206: if (suites)
! 1207: {
! 1208: *suites = this->suites;
! 1209: }
1.1 misho 1210: return this->suite_count;
1211: }
1212:
1213: /**
1214: * Create NULL encryption transforms
1215: */
1216: static bool create_null(private_tls_crypto_t *this, suite_algs_t *algs)
1217: {
1218: this->aead_in = tls_aead_create_null(algs->mac);
1219: this->aead_out = tls_aead_create_null(algs->mac);
1220: if (!this->aead_in || !this->aead_out)
1221: {
1222: DBG1(DBG_TLS, "selected TLS MAC %N not supported",
1223: integrity_algorithm_names, algs->mac);
1224: return FALSE;
1225: }
1226: return TRUE;
1227: }
1228:
1229: /**
1230: * Create traditional transforms
1231: */
1232: static bool create_traditional(private_tls_crypto_t *this, suite_algs_t *algs)
1233: {
1.1.1.2 ! misho 1234: if (this->tls->get_version_max(this->tls) < TLS_1_1)
1.1 misho 1235: {
1236: this->aead_in = tls_aead_create_implicit(algs->mac,
1237: algs->encr, algs->encr_size);
1238: this->aead_out = tls_aead_create_implicit(algs->mac,
1239: algs->encr, algs->encr_size);
1240: }
1241: else
1242: {
1243: this->aead_in = tls_aead_create_explicit(algs->mac,
1244: algs->encr, algs->encr_size);
1245: this->aead_out = tls_aead_create_explicit(algs->mac,
1246: algs->encr, algs->encr_size);
1247: }
1248: if (!this->aead_in || !this->aead_out)
1249: {
1250: DBG1(DBG_TLS, "selected TLS transforms %N-%u-%N not supported",
1251: encryption_algorithm_names, algs->encr, algs->encr_size * 8,
1252: integrity_algorithm_names, algs->mac);
1253: return FALSE;
1254: }
1255: return TRUE;
1256: }
1257:
1258: /**
1259: * Create AEAD transforms
1260: */
1261: static bool create_aead(private_tls_crypto_t *this, suite_algs_t *algs)
1262: {
1.1.1.2 ! misho 1263: if (this->tls->get_version_max(this->tls) < TLS_1_3)
! 1264: {
! 1265: this->aead_in = tls_aead_create_aead(algs->encr, algs->encr_size);
! 1266: this->aead_out = tls_aead_create_aead(algs->encr, algs->encr_size);
! 1267: }
! 1268: else
! 1269: {
! 1270: this->aead_in = tls_aead_create_seq(algs->encr, algs->encr_size);
! 1271: this->aead_out = tls_aead_create_seq(algs->encr, algs->encr_size);
! 1272: }
1.1 misho 1273: if (!this->aead_in || !this->aead_out)
1274: {
1275: DBG1(DBG_TLS, "selected TLS transforms %N-%u not supported",
1276: encryption_algorithm_names, algs->encr, algs->encr_size * 8);
1277: return FALSE;
1278: }
1279: return TRUE;
1280: }
1281:
1282: /**
1283: * Clean up and unset AEAD transforms
1284: */
1285: static void destroy_aeads(private_tls_crypto_t *this)
1286: {
1287: DESTROY_IF(this->aead_in);
1288: DESTROY_IF(this->aead_out);
1289: this->aead_in = this->aead_out = NULL;
1290: }
1291:
1292: /**
1293: * Create crypto primitives
1294: */
1295: static bool create_ciphers(private_tls_crypto_t *this, suite_algs_t *algs)
1296: {
1297: destroy_aeads(this);
1.1.1.2 ! misho 1298: DESTROY_IF(this->hkdf);
1.1 misho 1299: DESTROY_IF(this->prf);
1.1.1.2 ! misho 1300: if (this->tls->get_version_max(this->tls) < TLS_1_3)
1.1 misho 1301: {
1.1.1.2 ! misho 1302: if (this->tls->get_version_max(this->tls) < TLS_1_2)
! 1303: {
! 1304: this->prf = tls_prf_create_10();
! 1305: }
! 1306: else
! 1307: {
! 1308: this->prf = tls_prf_create_12(algs->prf);
! 1309: }
! 1310: if (!this->prf)
! 1311: {
! 1312: DBG1(DBG_TLS, "selected TLS PRF not supported");
! 1313: return FALSE;
! 1314: }
1.1 misho 1315: }
1316: else
1317: {
1.1.1.2 ! misho 1318: this->hkdf = tls_hkdf_create(algs->hash, chunk_empty);
! 1319: if (!this->hkdf)
! 1320: {
! 1321: DBG1(DBG_TLS, "TLS HKDF creation unsuccessful");
! 1322: return FALSE;
! 1323: }
1.1 misho 1324: }
1325: if (algs->encr == ENCR_NULL)
1326: {
1327: if (create_null(this, algs))
1328: {
1329: return TRUE;
1330: }
1331: }
1332: else if (encryption_algorithm_is_aead(algs->encr))
1333: {
1334: if (create_aead(this, algs))
1335: {
1336: return TRUE;
1337: }
1338: }
1339: else
1340: {
1341: if (create_traditional(this, algs))
1342: {
1343: return TRUE;
1344: }
1345: }
1346: destroy_aeads(this);
1347: return FALSE;
1348: }
1349:
1350: METHOD(tls_crypto_t, select_cipher_suite, tls_cipher_suite_t,
1351: private_tls_crypto_t *this, tls_cipher_suite_t *suites, int count,
1352: key_type_t key)
1353: {
1354: suite_algs_t *algs;
1355: int i, j;
1356:
1357: for (i = 0; i < this->suite_count; i++)
1358: {
1359: for (j = 0; j < count; j++)
1360: {
1361: if (this->suites[i] == suites[j])
1362: {
1363: algs = find_suite(this->suites[i]);
1364: if (algs)
1365: {
1.1.1.2 ! misho 1366: if (key == KEY_ANY || key == algs->key ||
! 1367: (algs->key == KEY_ECDSA && key == KEY_ED25519) ||
! 1368: (algs->key == KEY_ECDSA && key == KEY_ED448))
1.1 misho 1369: {
1370: if (create_ciphers(this, algs))
1371: {
1372: this->suite = this->suites[i];
1373: return this->suite;
1374: }
1375: }
1376: }
1377: }
1378: }
1379: }
1380: return 0;
1381: }
1382:
1383: /**
1.1.1.2 ! misho 1384: * Parameters for RSA/PSS signature schemes
1.1 misho 1385: */
1.1.1.2 ! misho 1386: #define PSS_PARAMS(bits) static rsa_pss_params_t pss_params_sha##bits = { \
! 1387: .hash = HASH_SHA##bits, \
! 1388: .mgf1_hash = HASH_SHA##bits, \
! 1389: .salt_len = HASH_SIZE_SHA##bits, \
! 1390: }
! 1391:
! 1392: PSS_PARAMS(256);
! 1393: PSS_PARAMS(384);
! 1394: PSS_PARAMS(512);
! 1395:
! 1396: typedef struct {
! 1397: tls_signature_scheme_t sig;
! 1398: signature_params_t params;
! 1399: /* min/max versions for use in CertificateVerify */
! 1400: tls_version_t min_version;
! 1401: tls_version_t max_version;
! 1402: } scheme_algs_t;
! 1403:
! 1404: /**
! 1405: * Map TLS signature schemes, ordered by preference
! 1406: */
! 1407: static scheme_algs_t schemes[] = {
! 1408: { TLS_SIG_ECDSA_SHA256, { .scheme = SIGN_ECDSA_WITH_SHA256_DER },
! 1409: TLS_1_0, TLS_1_3 },
! 1410: { TLS_SIG_ECDSA_SHA384, { .scheme = SIGN_ECDSA_WITH_SHA384_DER },
! 1411: TLS_1_0, TLS_1_3 },
! 1412: { TLS_SIG_ECDSA_SHA512, { .scheme = SIGN_ECDSA_WITH_SHA512_DER },
! 1413: TLS_1_0, TLS_1_3 },
! 1414: { TLS_SIG_ED25519, { .scheme = SIGN_ED25519 },
! 1415: TLS_1_0, TLS_1_3 },
! 1416: { TLS_SIG_ED448, { .scheme = SIGN_ED448 },
! 1417: TLS_1_0, TLS_1_3 },
! 1418: { TLS_SIG_RSA_PSS_RSAE_SHA256, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha256, },
! 1419: TLS_1_2, TLS_1_3 },
! 1420: { TLS_SIG_RSA_PSS_RSAE_SHA384, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha384, },
! 1421: TLS_1_2, TLS_1_3 },
! 1422: { TLS_SIG_RSA_PSS_RSAE_SHA512, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha512, },
! 1423: TLS_1_2, TLS_1_3 },
! 1424: /* the parameters for the next three should actually be taken from the
! 1425: * public key, we currently don't have an API for that, so assume defaults */
! 1426: { TLS_SIG_RSA_PSS_PSS_SHA256, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha256, },
! 1427: TLS_1_2, TLS_1_3 },
! 1428: { TLS_SIG_RSA_PSS_PSS_SHA384, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha384, },
! 1429: TLS_1_2, TLS_1_3 },
! 1430: { TLS_SIG_RSA_PSS_PSS_SHA512, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha512, },
! 1431: TLS_1_2, TLS_1_3 },
! 1432: { TLS_SIG_RSA_PKCS1_SHA256, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256 },
! 1433: TLS_1_0, TLS_1_2 },
! 1434: { TLS_SIG_RSA_PKCS1_SHA384, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384 },
! 1435: TLS_1_0, TLS_1_2 },
! 1436: { TLS_SIG_RSA_PKCS1_SHA512, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512 },
! 1437: TLS_1_0, TLS_1_2 },
1.1 misho 1438: };
1439:
1.1.1.2 ! misho 1440: /**
! 1441: * Filter signature scheme config
! 1442: */
! 1443: static bool filter_signature_scheme_config(tls_signature_scheme_t signature)
1.1 misho 1444: {
1.1.1.2 ! misho 1445: enumerator_t *enumerator;
! 1446: char *token, *config;
1.1 misho 1447:
1.1.1.2 ! misho 1448: config = lib->settings->get_str(lib->settings, "%s.tls.signature", NULL,
! 1449: lib->ns);
! 1450: if (config)
1.1 misho 1451: {
1.1.1.2 ! misho 1452: enumerator = enumerator_create_token(config, ",", " ");
! 1453: while (enumerator->enumerate(enumerator, &token))
1.1 misho 1454: {
1.1.1.2 ! misho 1455: tls_signature_scheme_t sig;
! 1456:
! 1457: if (enum_from_name(tls_signature_scheme_names, token, &sig) &&
! 1458: sig == signature)
! 1459: {
! 1460: enumerator->destroy(enumerator);
! 1461: return TRUE;
! 1462: }
1.1 misho 1463: }
1.1.1.2 ! misho 1464: enumerator->destroy(enumerator);
! 1465: }
! 1466: return !config;
! 1467: }
! 1468:
! 1469: METHOD(tls_crypto_t, get_signature_algorithms, void,
! 1470: private_tls_crypto_t *this, bio_writer_t *writer, bool cert)
! 1471: {
! 1472: bio_writer_t *supported;
! 1473: tls_version_t min_version, max_version;
! 1474: int i;
! 1475:
! 1476: supported = bio_writer_create(32);
! 1477:
! 1478: if (!cert)
! 1479: {
! 1480: min_version = this->tls->get_version_min(this->tls);
! 1481: max_version = this->tls->get_version_max(this->tls);
! 1482: }
! 1483:
! 1484: for (i = 0; i < countof(schemes); i++)
! 1485: {
! 1486: if ((cert || (schemes[i].min_version <= max_version &&
! 1487: schemes[i].max_version >= min_version)) &&
! 1488: lib->plugins->has_feature(lib->plugins,
! 1489: PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i].params.scheme)) &&
! 1490: filter_signature_scheme_config(schemes[i].sig))
1.1 misho 1491: {
1.1.1.2 ! misho 1492: supported->write_uint16(supported, schemes[i].sig);
1.1 misho 1493: }
1494: }
1495:
1496: writer->write_data16(writer, supported->get_buf(supported));
1497: supported->destroy(supported);
1498: }
1499:
1500: /**
1.1.1.2 ! misho 1501: * Get the signature parameters from a TLS signature scheme
1.1 misho 1502: */
1.1.1.2 ! misho 1503: static signature_params_t *params_for_scheme(tls_signature_scheme_t sig,
! 1504: bool sign)
1.1 misho 1505: {
1506: int i;
1507:
1.1.1.2 ! misho 1508: for (i = 0; i < countof(schemes); i++)
1.1 misho 1509: {
1.1.1.2 ! misho 1510: /* strongSwan supports only RSA_PSS_RSAE schemes for signing but can
! 1511: * verify public keys in rsaEncryption as well as rsassaPss encoding. */
! 1512: if (sign && (sig == TLS_SIG_RSA_PSS_PSS_SHA256 ||
! 1513: sig == TLS_SIG_RSA_PSS_PSS_SHA384 ||
! 1514: sig == TLS_SIG_RSA_PSS_PSS_SHA512))
1.1 misho 1515: {
1.1.1.2 ! misho 1516: continue;
! 1517: }
! 1518: if (schemes[i].sig == sig)
! 1519: {
! 1520: return &schemes[i].params;
1.1 misho 1521: }
1522: }
1.1.1.2 ! misho 1523: return NULL;
1.1 misho 1524: }
1525:
1526: /**
1527: * Mapping groups to TLS named curves
1528: */
1529: static struct {
1530: diffie_hellman_group_t group;
1.1.1.2 ! misho 1531: tls_named_group_t curve;
1.1 misho 1532: } curves[] = {
1533: { ECP_256_BIT, TLS_SECP256R1},
1534: { ECP_384_BIT, TLS_SECP384R1},
1535: { ECP_521_BIT, TLS_SECP521R1},
1536: { ECP_224_BIT, TLS_SECP224R1},
1537: { ECP_192_BIT, TLS_SECP192R1},
1.1.1.2 ! misho 1538: { CURVE_25519, TLS_CURVE25519},
! 1539: { CURVE_448, TLS_CURVE448},
1.1 misho 1540: };
1541:
1542: CALLBACK(group_filter, bool,
1543: void *null, enumerator_t *orig, va_list args)
1544: {
1.1.1.2 ! misho 1545: diffie_hellman_group_t group, *group_out;
! 1546: tls_named_group_t curve, *curve_out;
1.1 misho 1547: char *plugin;
1548:
1.1.1.2 ! misho 1549: VA_ARGS_VGET(args, group_out, curve_out);
1.1 misho 1550:
1551: while (orig->enumerate(orig, &group, &plugin))
1552: {
1.1.1.2 ! misho 1553: curve = tls_ec_group_to_curve(group);
! 1554: if (curve)
1.1 misho 1555: {
1.1.1.2 ! misho 1556: if (group_out)
1.1 misho 1557: {
1.1.1.2 ! misho 1558: *group_out = group;
! 1559: }
! 1560: if (curve_out)
! 1561: {
! 1562: *curve_out = curve;
! 1563: }
! 1564: return TRUE;
! 1565: }
! 1566: }
! 1567: return FALSE;
! 1568: }
! 1569:
! 1570: CALLBACK(config_filter, bool,
! 1571: void *null, enumerator_t *orig, va_list args)
! 1572: {
! 1573: diffie_hellman_group_t group, *group_out;
! 1574: tls_named_group_t curve, *curve_out;
! 1575:
! 1576: VA_ARGS_VGET(args, group_out, curve_out);
! 1577:
! 1578: while (orig->enumerate(orig, &group, &curve))
! 1579: {
! 1580: if (filter_curve_config(curve))
! 1581:
! 1582: {
! 1583: if (group_out)
! 1584: {
! 1585: *group_out = group;
! 1586: }
! 1587: if (curve_out)
! 1588: {
! 1589: *curve_out = curve;
1.1 misho 1590: }
1.1.1.2 ! misho 1591: return TRUE;
1.1 misho 1592: }
1593: }
1594: return FALSE;
1595: }
1596:
1597: METHOD(tls_crypto_t, create_ec_enumerator, enumerator_t*,
1598: private_tls_crypto_t *this)
1599: {
1600: return enumerator_create_filter(
1.1.1.2 ! misho 1601: enumerator_create_filter(
! 1602: lib->crypto->create_dh_enumerator(lib->crypto),
! 1603: group_filter, NULL, NULL),
! 1604: config_filter, NULL, NULL);
! 1605: }
! 1606:
! 1607: /**
! 1608: * Check if the given ECDH group is supported or return the first one we
! 1609: * actually do support.
! 1610: */
! 1611: static diffie_hellman_group_t supported_ec_group(private_tls_crypto_t *this,
! 1612: diffie_hellman_group_t orig)
! 1613: {
! 1614: diffie_hellman_group_t current, first = MODP_NONE;
! 1615: enumerator_t *enumerator;
! 1616:
! 1617: enumerator = create_ec_enumerator(this);
! 1618: while (enumerator->enumerate(enumerator, ¤t, NULL))
! 1619: {
! 1620: if (current == orig)
! 1621: {
! 1622: enumerator->destroy(enumerator);
! 1623: return orig;
! 1624: }
! 1625: else if (first == MODP_NONE)
! 1626: {
! 1627: first = current;
! 1628: }
! 1629: }
! 1630: enumerator->destroy(enumerator);
! 1631: return first;
! 1632: }
! 1633:
! 1634: METHOD(tls_crypto_t, get_dh_group, diffie_hellman_group_t,
! 1635: private_tls_crypto_t *this)
! 1636: {
! 1637: suite_algs_t *algs;
! 1638:
! 1639: algs = find_suite(this->suite);
! 1640: if (algs)
! 1641: {
! 1642: if (diffie_hellman_group_is_ec(algs->dh))
! 1643: {
! 1644: return supported_ec_group(this, algs->dh);
! 1645: }
! 1646: return algs->dh;
! 1647: }
! 1648: return MODP_NONE;
1.1 misho 1649: }
1650:
1651: METHOD(tls_crypto_t, set_protection, void,
1652: private_tls_crypto_t *this, tls_protection_t *protection)
1653: {
1654: this->protection = protection;
1655: }
1656:
1657: METHOD(tls_crypto_t, append_handshake, void,
1658: private_tls_crypto_t *this, tls_handshake_type_t type, chunk_t data)
1659: {
1660: uint32_t header;
1661:
1662: /* reconstruct handshake header */
1663: header = htonl(data.len | (type << 24));
1664: this->handshake = chunk_cat("mcc", this->handshake,
1665: chunk_from_thing(header), data);
1666: }
1667:
1668: /**
1669: * Create a hash using the suites HASH algorithm
1670: */
1671: static bool hash_data(private_tls_crypto_t *this, chunk_t data, chunk_t *hash)
1672: {
1.1.1.2 ! misho 1673: if (this->tls->get_version_max(this->tls) >= TLS_1_2)
1.1 misho 1674: {
1675: hasher_t *hasher;
1676: suite_algs_t *alg;
1677:
1678: alg = find_suite(this->suite);
1679: if (!alg)
1680: {
1681: return FALSE;
1682: }
1683: hasher = lib->crypto->create_hasher(lib->crypto, alg->hash);
1684: if (!hasher || !hasher->allocate_hash(hasher, data, hash))
1685: {
1686: DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, alg->hash);
1687: DESTROY_IF(hasher);
1688: return FALSE;
1689: }
1690: hasher->destroy(hasher);
1691: }
1692: else
1693: {
1694: hasher_t *md5, *sha1;
1695: char buf[HASH_SIZE_MD5 + HASH_SIZE_SHA1];
1696:
1697: md5 = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
1698: if (!md5 || !md5->get_hash(md5, data, buf))
1699: {
1700: DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_MD5);
1701: DESTROY_IF(md5);
1702: return FALSE;
1703: }
1704: md5->destroy(md5);
1705: sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
1706: if (!sha1 || !sha1->get_hash(sha1, data, buf + HASH_SIZE_MD5))
1707: {
1708: DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_SHA1);
1709: DESTROY_IF(sha1);
1710: return FALSE;
1711: }
1712: sha1->destroy(sha1);
1713:
1714: *hash = chunk_clone(chunk_from_thing(buf));
1715: }
1716: return TRUE;
1717: }
1718:
1.1.1.2 ! misho 1719: METHOD(tls_crypto_t, hash_handshake, bool,
! 1720: private_tls_crypto_t *this, chunk_t *out)
! 1721: {
! 1722: chunk_t hash;
! 1723:
! 1724: if (!hash_data(this, this->handshake, &hash))
! 1725: {
! 1726: return FALSE;
! 1727: }
! 1728:
! 1729: chunk_free(&this->handshake);
! 1730: append_handshake(this, TLS_MESSAGE_HASH, hash);
! 1731:
! 1732: if (out)
! 1733: {
! 1734: *out = hash;
! 1735: }
! 1736: else
! 1737: {
! 1738: free(hash.ptr);
! 1739: }
! 1740: return TRUE;
! 1741: }
! 1742:
! 1743: /**
! 1744: * TLS 1.3 static part of the data the server signs (64 spaces followed by the
! 1745: * context string "TLS 1.3, server CertificateVerify" and a 0 byte).
! 1746: */
! 1747: static chunk_t tls13_sig_data_server = chunk_from_chars(
! 1748: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1749: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1750: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1751: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1752: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1753: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1754: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1755: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1756: 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x2c,
! 1757: 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
! 1758: 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
! 1759: 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66,
! 1760: 0x79, 0x00,
! 1761: );
! 1762:
! 1763: /**
! 1764: * TLS 1.3 static part of the data the peer signs (64 spaces followed by the
! 1765: * context string "TLS 1.3, client CertificateVerify" and a 0 byte).
! 1766: */
! 1767: static chunk_t tls13_sig_data_client = chunk_from_chars(
! 1768: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1769: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1770: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1771: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1772: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1773: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1774: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1775: 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
! 1776: 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x2c,
! 1777: 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20,
! 1778: 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
! 1779: 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66,
! 1780: 0x79, 0x00,
! 1781: );
! 1782:
1.1 misho 1783: METHOD(tls_crypto_t, sign, bool,
1784: private_tls_crypto_t *this, private_key_t *key, bio_writer_t *writer,
1785: chunk_t data, chunk_t hashsig)
1786: {
1.1.1.2 ! misho 1787: if (this->tls->get_version_max(this->tls) >= TLS_1_2)
1.1 misho 1788: {
1.1.1.2 ! misho 1789: /* fallback to SHA1/RSA and SHA1/ECDSA */
! 1790: const chunk_t hashsig_def = chunk_from_chars(0x02, 0x01, 0x02, 0x03);
! 1791: signature_params_t *params;
! 1792: key_type_t type;
! 1793: uint16_t scheme;
1.1 misho 1794: bio_reader_t *reader;
1795: chunk_t sig;
1796: bool done = FALSE;
1797:
1.1.1.2 ! misho 1798: if (this->tls->get_version_max(this->tls) >= TLS_1_3)
! 1799: {
! 1800: chunk_t transcript_hash;
! 1801:
! 1802: if (!hash_data(this, data, &transcript_hash))
! 1803: {
! 1804: DBG1(DBG_TLS, "unable to create transcript hash");
! 1805: return FALSE;
! 1806: }
! 1807: if (this->tls->is_server(this->tls))
! 1808: {
! 1809: data = chunk_cata("cm", tls13_sig_data_server, transcript_hash);
! 1810: }
! 1811: else
! 1812: {
! 1813: data = chunk_cata("cm", tls13_sig_data_client, transcript_hash);
! 1814: }
! 1815: }
! 1816:
1.1 misho 1817: if (!hashsig.len)
1818: { /* fallback if none given */
1819: hashsig = hashsig_def;
1820: }
1.1.1.2 ! misho 1821: type = key->get_type(key);
1.1 misho 1822: reader = bio_reader_create(hashsig);
1823: while (reader->remaining(reader) >= 2)
1824: {
1.1.1.2 ! misho 1825: if (reader->read_uint16(reader, &scheme))
1.1 misho 1826: {
1.1.1.2 ! misho 1827: params = params_for_scheme(scheme, TRUE);
! 1828: if (params &&
! 1829: type == key_type_from_signature_scheme(params->scheme) &&
! 1830: key->sign(key, params->scheme, params->params, data, &sig))
1.1 misho 1831: {
1832: done = TRUE;
1833: break;
1834: }
1835: }
1836: }
1837: reader->destroy(reader);
1838: if (!done)
1839: {
1840: DBG1(DBG_TLS, "none of the proposed hash/sig algorithms supported");
1841: return FALSE;
1842: }
1.1.1.2 ! misho 1843: DBG2(DBG_TLS, "created signature with %N", tls_signature_scheme_names,
! 1844: scheme);
! 1845: writer->write_uint16(writer, scheme);
1.1 misho 1846: writer->write_data16(writer, sig);
1847: free(sig.ptr);
1848: }
1849: else
1850: {
1851: chunk_t sig, hash;
1852: bool done;
1853:
1854: switch (key->get_type(key))
1855: {
1856: case KEY_RSA:
1857: if (!hash_data(this, data, &hash))
1858: {
1859: return FALSE;
1860: }
1861: done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash,
1862: &sig);
1863: free(hash.ptr);
1864: if (!done)
1865: {
1866: return FALSE;
1867: }
1868: DBG2(DBG_TLS, "created signature with MD5+SHA1/RSA");
1869: break;
1870: case KEY_ECDSA:
1871: if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data, &sig))
1872: {
1873: return FALSE;
1874: }
1875: DBG2(DBG_TLS, "created signature with SHA1/ECDSA");
1876: break;
1.1.1.2 ! misho 1877: case KEY_ED25519:
! 1878: if (!key->sign(key, SIGN_ED25519, NULL, data, &sig))
! 1879: {
! 1880: return FALSE;
! 1881: }
! 1882: DBG2(DBG_TLS, "created signature with Ed25519");
! 1883: break;
! 1884: case KEY_ED448:
! 1885: if (!key->sign(key, SIGN_ED448, NULL, data, &sig))
! 1886: {
! 1887: return FALSE;
! 1888: }
! 1889: DBG2(DBG_TLS, "created signature with Ed448");
! 1890: break;
1.1 misho 1891: default:
1892: return FALSE;
1893: }
1894: writer->write_data16(writer, sig);
1895: free(sig.ptr);
1896: }
1897: return TRUE;
1898: }
1899:
1900: METHOD(tls_crypto_t, verify, bool,
1901: private_tls_crypto_t *this, public_key_t *key, bio_reader_t *reader,
1902: chunk_t data)
1903: {
1.1.1.2 ! misho 1904: if (this->tls->get_version_max(this->tls) >= TLS_1_2)
1.1 misho 1905: {
1.1.1.2 ! misho 1906: signature_params_t *params;
! 1907: uint16_t scheme;
1.1 misho 1908: chunk_t sig;
1909:
1.1.1.2 ! misho 1910: if (!reader->read_uint16(reader, &scheme) ||
1.1 misho 1911: !reader->read_data16(reader, &sig))
1912: {
1913: DBG1(DBG_TLS, "received invalid signature");
1914: return FALSE;
1915: }
1.1.1.2 ! misho 1916: params = params_for_scheme(scheme, FALSE);
! 1917: if (!params)
1.1 misho 1918: {
1.1.1.2 ! misho 1919: DBG1(DBG_TLS, "signature algorithms %N not supported",
! 1920: tls_signature_scheme_names, scheme);
1.1 misho 1921: return FALSE;
1922: }
1.1.1.2 ! misho 1923: if (this->tls->get_version_max(this->tls) >= TLS_1_3)
1.1 misho 1924: {
1.1.1.2 ! misho 1925: chunk_t transcript_hash;
! 1926:
! 1927: if (!hash_data(this, data, &transcript_hash))
! 1928: {
! 1929: DBG1(DBG_TLS, "Unable to create transcript hash");
! 1930: return FALSE;
! 1931: }
! 1932:
! 1933: if (this->tls->is_server(this->tls))
! 1934: {
! 1935: data = chunk_cata("cm", tls13_sig_data_client, transcript_hash);
! 1936: }
! 1937: else
! 1938: {
! 1939: data = chunk_cata("cm", tls13_sig_data_server, transcript_hash);
! 1940: }
! 1941: }
! 1942: if (!key->verify(key, params->scheme, params->params, data, sig))
! 1943: {
! 1944: DBG1(DBG_TLS, "signature verification with %N failed",
! 1945: tls_signature_scheme_names, scheme);
1.1 misho 1946: return FALSE;
1947: }
1.1.1.2 ! misho 1948: DBG2(DBG_TLS, "verified signature with %N",
! 1949: tls_signature_scheme_names, scheme);
1.1 misho 1950: }
1951: else
1952: {
1953: chunk_t sig, hash;
1954: bool done;
1955:
1956: if (!reader->read_data16(reader, &sig))
1957: {
1958: DBG1(DBG_TLS, "received invalid signature");
1959: return FALSE;
1960: }
1961: switch (key->get_type(key))
1962: {
1963: case KEY_RSA:
1964: if (!hash_data(this, data, &hash))
1965: {
1966: return FALSE;
1967: }
1968: done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash,
1969: sig);
1970: free(hash.ptr);
1971: if (!done)
1972: {
1973: return FALSE;
1974: }
1975: DBG2(DBG_TLS, "verified signature data with MD5+SHA1/RSA");
1976: break;
1977: case KEY_ECDSA:
1978: if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data,
1979: sig))
1980: {
1981: return FALSE;
1982: }
1983: DBG2(DBG_TLS, "verified signature with SHA1/ECDSA");
1984: break;
1.1.1.2 ! misho 1985: case KEY_ED25519:
! 1986: if (!key->verify(key, SIGN_ED25519, NULL, data, sig))
! 1987: {
! 1988: return FALSE;
! 1989: }
! 1990: DBG2(DBG_TLS, "verified signature with Ed25519");
! 1991: break;
! 1992: case KEY_ED448:
! 1993: if (!key->verify(key, SIGN_ED448, NULL, data, sig))
! 1994: {
! 1995: return FALSE;
! 1996: }
! 1997: DBG2(DBG_TLS, "verified signature with Ed448");
! 1998: break;
1.1 misho 1999: default:
2000: return FALSE;
2001: }
2002: }
2003: return TRUE;
2004: }
2005:
2006: METHOD(tls_crypto_t, sign_handshake, bool,
2007: private_tls_crypto_t *this, private_key_t *key, bio_writer_t *writer,
2008: chunk_t hashsig)
2009: {
2010: return sign(this, key, writer, this->handshake, hashsig);
2011: }
2012:
2013: METHOD(tls_crypto_t, verify_handshake, bool,
2014: private_tls_crypto_t *this, public_key_t *key, bio_reader_t *reader)
2015: {
2016: return verify(this, key, reader, this->handshake);
2017: }
2018:
1.1.1.2 ! misho 2019: METHOD(tls_crypto_t, calculate_finished_legacy, bool,
1.1 misho 2020: private_tls_crypto_t *this, char *label, char out[12])
2021: {
2022: chunk_t seed;
2023:
2024: if (!this->prf)
2025: {
2026: return FALSE;
2027: }
2028: if (!hash_data(this, this->handshake, &seed))
2029: {
2030: return FALSE;
2031: }
2032: if (!this->prf->get_bytes(this->prf, label, seed, 12, out))
2033: {
2034: free(seed.ptr);
2035: return FALSE;
2036: }
2037: free(seed.ptr);
2038: return TRUE;
2039: }
2040:
1.1.1.2 ! misho 2041: METHOD(tls_crypto_t, calculate_finished, bool,
! 2042: private_tls_crypto_t *this, bool server, chunk_t *out)
! 2043: {
! 2044: chunk_t finished_key, finished_hash;
! 2045:
! 2046: if (!this->hkdf)
! 2047: {
! 2048: return FALSE;
! 2049: }
! 2050: if (!hash_data(this, this->handshake, &finished_hash))
! 2051: {
! 2052: DBG1(DBG_TLS, "creating hash of handshake failed");
! 2053: return FALSE;
! 2054: }
! 2055: if (!this->hkdf->derive_finished(this->hkdf, server, &finished_key))
! 2056: {
! 2057: DBG1(DBG_TLS, "generating finished key failed");
! 2058: chunk_clear(&finished_hash);
! 2059: return FALSE;
! 2060: }
! 2061: if (!this->hkdf->allocate_bytes(this->hkdf, finished_key, finished_hash, out))
! 2062: {
! 2063: DBG1(DBG_TLS, "generating finished HMAC failed");
! 2064: chunk_clear(&finished_key);
! 2065: chunk_clear(&finished_hash);
! 2066: return FALSE;
! 2067: }
! 2068: chunk_clear(&finished_key);
! 2069: chunk_clear(&finished_hash);
! 2070: return TRUE;
! 2071: }
! 2072:
1.1 misho 2073: /**
2074: * Derive master secret from premaster, optionally save session
2075: */
2076: static bool derive_master(private_tls_crypto_t *this, chunk_t premaster,
2077: chunk_t session, identification_t *id,
2078: chunk_t client_random, chunk_t server_random)
2079: {
2080: char master[48];
2081: chunk_t seed;
2082:
2083: /* derive master secret */
2084: seed = chunk_cata("cc", client_random, server_random);
2085:
2086: if (!this->prf->set_key(this->prf, premaster) ||
2087: !this->prf->get_bytes(this->prf, "master secret", seed,
2088: sizeof(master), master) ||
2089: !this->prf->set_key(this->prf, chunk_from_thing(master)))
2090: {
2091: return FALSE;
2092: }
2093:
2094: if (this->cache && session.len)
2095: {
2096: this->cache->create(this->cache, session, id, chunk_from_thing(master),
2097: this->suite);
2098: }
2099: memwipe(master, sizeof(master));
2100: return TRUE;
2101: }
2102:
2103: /**
2104: * Expand key material from master secret
2105: */
2106: static bool expand_keys(private_tls_crypto_t *this,
2107: chunk_t client_random, chunk_t server_random)
2108: {
2109: chunk_t seed, block;
2110: chunk_t cw_mac, cw, cw_iv;
2111: chunk_t sw_mac, sw, sw_iv;
2112: int mklen, eklen, ivlen;
2113:
2114: if (!this->aead_in || !this->aead_out)
2115: {
2116: return FALSE;
2117: }
2118:
2119: /* derive key block for key expansion */
2120: mklen = this->aead_in->get_mac_key_size(this->aead_in);
2121: eklen = this->aead_in->get_encr_key_size(this->aead_in);
2122: ivlen = this->aead_in->get_iv_size(this->aead_in);
2123: seed = chunk_cata("cc", server_random, client_random);
2124: block = chunk_alloca((mklen + eklen + ivlen) * 2);
2125: if (!this->prf->get_bytes(this->prf, "key expansion", seed,
2126: block.len, block.ptr))
2127: {
2128: return FALSE;
2129: }
2130:
2131: /* client/server write signer keys */
2132: cw_mac = chunk_create(block.ptr, mklen);
2133: block = chunk_skip(block, mklen);
2134: sw_mac = chunk_create(block.ptr, mklen);
2135: block = chunk_skip(block, mklen);
2136:
2137: /* client/server write encryption keys */
2138: cw = chunk_create(block.ptr, eklen);
2139: block = chunk_skip(block, eklen);
2140: sw = chunk_create(block.ptr, eklen);
2141: block = chunk_skip(block, eklen);
2142:
2143: /* client/server write IV; TLS 1.0 implicit IVs or AEAD salt, if any */
2144: cw_iv = chunk_create(block.ptr, ivlen);
2145: block = chunk_skip(block, ivlen);
2146: sw_iv = chunk_create(block.ptr, ivlen);
2147: block = chunk_skip(block, ivlen);
2148:
2149: if (this->tls->is_server(this->tls))
2150: {
2151: if (!this->aead_in->set_keys(this->aead_in, cw_mac, cw, cw_iv) ||
2152: !this->aead_out->set_keys(this->aead_out, sw_mac, sw, sw_iv))
2153: {
2154: return FALSE;
2155: }
2156: }
2157: else
2158: {
2159: if (!this->aead_out->set_keys(this->aead_out, cw_mac, cw, cw_iv) ||
2160: !this->aead_in->set_keys(this->aead_in, sw_mac, sw, sw_iv))
2161: {
2162: return FALSE;
2163: }
2164: }
2165:
2166: /* EAP-MSK */
2167: if (this->msk_label)
2168: {
2169: seed = chunk_cata("cc", client_random, server_random);
2170: this->msk = chunk_alloc(64);
2171: if (!this->prf->get_bytes(this->prf, this->msk_label, seed,
2172: this->msk.len, this->msk.ptr))
2173: {
2174: return FALSE;
2175: }
2176: }
2177: return TRUE;
2178: }
2179:
2180: METHOD(tls_crypto_t, derive_secrets, bool,
2181: private_tls_crypto_t *this, chunk_t premaster, chunk_t session,
2182: identification_t *id, chunk_t client_random, chunk_t server_random)
2183: {
2184: return derive_master(this, premaster, session, id,
2185: client_random, server_random) &&
2186: expand_keys(this, client_random, server_random);
2187: }
2188:
1.1.1.2 ! misho 2189: /**
! 2190: * Derive and configure the client/server key/IV on an AEAD using a given label.
! 2191: */
! 2192: static bool derive_labeled_key(private_tls_crypto_t *this, bool server,
! 2193: tls_hkdf_label_t label, tls_aead_t *aead)
! 2194: {
! 2195: chunk_t key = chunk_empty, iv = chunk_empty;
! 2196: bool success = FALSE;
! 2197:
! 2198: if (!this->hkdf->generate_secret(this->hkdf, label, this->handshake,
! 2199: NULL) ||
! 2200: !this->hkdf->derive_key(this->hkdf, server,
! 2201: aead->get_encr_key_size(aead), &key) ||
! 2202: !this->hkdf->derive_iv(this->hkdf, server,
! 2203: aead->get_iv_size(aead), &iv))
! 2204: {
! 2205: DBG1(DBG_TLS, "deriving key material failed");
! 2206: goto out;
! 2207: }
! 2208:
! 2209: if (!aead->set_keys(aead, chunk_empty, key, iv))
! 2210: {
! 2211: DBG1(DBG_TLS, "setting AEAD key material failed");
! 2212: goto out;
! 2213: }
! 2214: success = TRUE;
! 2215:
! 2216: out:
! 2217: chunk_clear(&key);
! 2218: chunk_clear(&iv);
! 2219: return success;
! 2220: }
! 2221:
! 2222: /**
! 2223: * Derive and configure the keys/IVs using the given labels.
! 2224: */
! 2225: static bool derive_labeled_keys(private_tls_crypto_t *this,
! 2226: tls_hkdf_label_t client_label,
! 2227: tls_hkdf_label_t server_label)
! 2228: {
! 2229: tls_aead_t *aead_c, *aead_s;
! 2230: suite_algs_t *algs;
! 2231:
! 2232: algs = find_suite(this->suite);
! 2233: destroy_aeads(this);
! 2234: if (!create_aead(this, algs))
! 2235: {
! 2236: return FALSE;
! 2237: }
! 2238: aead_c = this->aead_out;
! 2239: aead_s = this->aead_in;
! 2240: if (this->tls->is_server(this->tls))
! 2241: {
! 2242: aead_c = this->aead_in;
! 2243: aead_s = this->aead_out;
! 2244: }
! 2245: return derive_labeled_key(this, FALSE, client_label, aead_c) &&
! 2246: derive_labeled_key(this, TRUE, server_label, aead_s);
! 2247: }
! 2248:
! 2249: METHOD(tls_crypto_t, derive_handshake_keys, bool,
! 2250: private_tls_crypto_t *this, chunk_t shared_secret)
! 2251: {
! 2252: this->hkdf->set_shared_secret(this->hkdf, shared_secret);
! 2253: return derive_labeled_keys(this, TLS_HKDF_C_HS_TRAFFIC,
! 2254: TLS_HKDF_S_HS_TRAFFIC);
! 2255: }
! 2256:
! 2257: METHOD(tls_crypto_t, derive_app_keys, bool,
! 2258: private_tls_crypto_t *this)
! 2259: {
! 2260: if (!derive_labeled_keys(this, TLS_HKDF_C_AP_TRAFFIC,
! 2261: TLS_HKDF_S_AP_TRAFFIC))
! 2262: {
! 2263: return FALSE;
! 2264: }
! 2265:
! 2266: /* EAP-MSK */
! 2267: if (this->msk_label)
! 2268: {
! 2269: /* because the length is encoded when expanding key material, we
! 2270: * request the same number of bytes as FreeRADIUS (the first 64 for
! 2271: * the MSK, the next for the EMSK, which we just ignore) */
! 2272: if (!this->hkdf->export(this->hkdf, this->msk_label, chunk_empty,
! 2273: this->handshake, 128, &this->msk))
! 2274: {
! 2275: return FALSE;
! 2276: }
! 2277: this->msk.len = 64;
! 2278: }
! 2279: return TRUE;
! 2280: }
! 2281:
! 2282: METHOD(tls_crypto_t, update_app_keys, bool,
! 2283: private_tls_crypto_t *this, bool inbound)
! 2284: {
! 2285: suite_algs_t *algs;
! 2286: tls_hkdf_label_t label = TLS_HKDF_UPD_C_TRAFFIC;
! 2287:
! 2288: algs = find_suite(this->suite);
! 2289: destroy_aeads(this);
! 2290: if (!create_aead(this, algs))
! 2291: {
! 2292: return FALSE;
! 2293: }
! 2294: if (this->tls->is_server(this->tls) != inbound)
! 2295: {
! 2296: label = TLS_HKDF_UPD_S_TRAFFIC;
! 2297: }
! 2298: return derive_labeled_key(this, label == TLS_HKDF_UPD_S_TRAFFIC, label,
! 2299: inbound ? this->aead_in : this->aead_out);
! 2300: }
! 2301:
1.1 misho 2302: METHOD(tls_crypto_t, resume_session, tls_cipher_suite_t,
2303: private_tls_crypto_t *this, chunk_t session, identification_t *id,
2304: chunk_t client_random, chunk_t server_random)
2305: {
2306: chunk_t master;
2307:
2308: if (this->cache && session.len)
2309: {
2310: this->suite = this->cache->lookup(this->cache, session, id, &master);
2311: if (this->suite)
2312: {
2313: this->suite = select_cipher_suite(this, &this->suite, 1, KEY_ANY);
2314: if (this->suite)
2315: {
2316: if (!this->prf->set_key(this->prf, master) ||
2317: !expand_keys(this, client_random, server_random))
2318: {
2319: this->suite = 0;
2320: }
2321: }
2322: chunk_clear(&master);
2323: }
2324: return this->suite;
2325: }
2326: return 0;
2327: }
2328:
2329: METHOD(tls_crypto_t, get_session, chunk_t,
2330: private_tls_crypto_t *this, identification_t *server)
2331: {
2332: if (this->cache)
2333: {
2334: return this->cache->check(this->cache, server);
2335: }
2336: return chunk_empty;
2337: }
2338:
2339: METHOD(tls_crypto_t, change_cipher, void,
2340: private_tls_crypto_t *this, bool inbound)
2341: {
2342: if (this->protection)
2343: {
2344: if (inbound)
2345: {
2346: this->protection->set_cipher(this->protection, TRUE, this->aead_in);
1.1.1.2 ! misho 2347: this->aead_in = NULL;
1.1 misho 2348: }
2349: else
2350: {
2351: this->protection->set_cipher(this->protection, FALSE, this->aead_out);
1.1.1.2 ! misho 2352: this->aead_out = NULL;
1.1 misho 2353: }
2354: }
2355: }
2356:
2357: METHOD(tls_crypto_t, get_eap_msk, chunk_t,
2358: private_tls_crypto_t *this)
2359: {
2360: return this->msk;
2361: }
2362:
2363: METHOD(tls_crypto_t, destroy, void,
2364: private_tls_crypto_t *this)
2365: {
2366: destroy_aeads(this);
2367: free(this->handshake.ptr);
2368: free(this->msk.ptr);
2369: DESTROY_IF(this->prf);
1.1.1.2 ! misho 2370: DESTROY_IF(this->hkdf);
1.1 misho 2371: free(this->suites);
2372: free(this);
2373: }
2374:
2375: /**
2376: * See header
2377: */
2378: tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
2379: {
2380: private_tls_crypto_t *this;
2381: enumerator_t *enumerator;
2382: credential_type_t type;
2383: int subtype;
2384:
2385: INIT(this,
2386: .public = {
2387: .get_cipher_suites = _get_cipher_suites,
2388: .select_cipher_suite = _select_cipher_suite,
2389: .get_dh_group = _get_dh_group,
2390: .get_signature_algorithms = _get_signature_algorithms,
2391: .create_ec_enumerator = _create_ec_enumerator,
2392: .set_protection = _set_protection,
2393: .append_handshake = _append_handshake,
1.1.1.2 ! misho 2394: .hash_handshake = _hash_handshake,
1.1 misho 2395: .sign = _sign,
2396: .verify = _verify,
2397: .sign_handshake = _sign_handshake,
2398: .verify_handshake = _verify_handshake,
1.1.1.2 ! misho 2399: .calculate_finished_legacy = _calculate_finished_legacy,
1.1 misho 2400: .calculate_finished = _calculate_finished,
2401: .derive_secrets = _derive_secrets,
1.1.1.2 ! misho 2402: .derive_handshake_keys = _derive_handshake_keys,
! 2403: .derive_app_keys = _derive_app_keys,
! 2404: .update_app_keys = _update_app_keys,
1.1 misho 2405: .resume_session = _resume_session,
2406: .get_session = _get_session,
2407: .change_cipher = _change_cipher,
2408: .get_eap_msk = _get_eap_msk,
2409: .destroy = _destroy,
2410: },
2411: .tls = tls,
2412: .cache = cache,
2413: );
2414:
1.1.1.2 ! misho 2415: /* FIXME: EDDSA keys are currently treated like ECDSA keys. A cleaner
! 2416: * separation would be welcome. */
1.1 misho 2417: enumerator = lib->creds->create_builder_enumerator(lib->creds);
2418: while (enumerator->enumerate(enumerator, &type, &subtype))
2419: {
2420: if (type == CRED_PUBLIC_KEY)
2421: {
2422: switch (subtype)
2423: {
2424: case KEY_RSA:
2425: this->rsa = TRUE;
2426: break;
2427: case KEY_ECDSA:
1.1.1.2 ! misho 2428: case KEY_ED25519:
! 2429: case KEY_ED448:
1.1 misho 2430: this->ecdsa = TRUE;
2431: break;
2432: default:
2433: break;
2434: }
2435: }
2436: }
2437: enumerator->destroy(enumerator);
2438:
2439: switch (tls->get_purpose(tls))
2440: {
2441: case TLS_PURPOSE_EAP_TLS:
2442: /* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */
2443: this->msk_label = "client EAP encryption";
2444: break;
2445: case TLS_PURPOSE_EAP_PEAP:
2446: this->msk_label = "client EAP encryption";
2447: break;
2448: case TLS_PURPOSE_EAP_TTLS:
2449: /* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */
2450: this->msk_label = "ttls keying material";
2451: break;
2452: default:
2453: break;
2454: }
2455: return &this->public;
2456: }
2457:
2458: /**
2459: * See header.
2460: */
1.1.1.2 ! misho 2461: int tls_crypto_get_supported_suites(bool null, tls_version_t version,
! 2462: tls_cipher_suite_t **out)
1.1 misho 2463: {
2464: suite_algs_t suites[countof(suite_algs)];
1.1.1.2 ! misho 2465: int count = 0, i;
1.1 misho 2466:
2467: /* initialize copy of suite list */
1.1.1.2 ! misho 2468: for (i = 0; i < countof(suite_algs); i++)
1.1 misho 2469: {
1.1.1.2 ! misho 2470: if (suite_algs[i].min_version <= version &&
! 2471: suite_algs[i].max_version >= version)
! 2472: {
! 2473: suites[count++] = suite_algs[i];
! 2474: }
1.1 misho 2475: }
2476:
2477: filter_unsupported_suites(suites, &count);
2478:
2479: if (!null)
2480: {
2481: filter_null_suites(suites, &count);
2482: }
2483:
2484: if (out)
2485: {
2486: *out = calloc(count, sizeof(tls_cipher_suite_t));
2487: for (i = 0; i < count; i++)
2488: {
2489: (*out)[i] = suites[i].suite;
2490: }
2491: }
2492: return count;
2493: }
1.1.1.2 ! misho 2494:
! 2495: /**
! 2496: * See header.
! 2497: */
! 2498: int tls_crypto_get_supported_groups(diffie_hellman_group_t **out)
! 2499: {
! 2500: enumerator_t *enumerator;
! 2501: diffie_hellman_group_t groups[countof(curves)];
! 2502: diffie_hellman_group_t group;
! 2503: tls_named_group_t curve;
! 2504: int count = 0, i;
! 2505:
! 2506: enumerator = enumerator_create_filter(
! 2507: lib->crypto->create_dh_enumerator(lib->crypto),
! 2508: group_filter, NULL, NULL);
! 2509:
! 2510: while (enumerator->enumerate(enumerator, &group, &curve))
! 2511: {
! 2512: groups[count++] = group;
! 2513: }
! 2514: enumerator->destroy(enumerator);
! 2515:
! 2516: if (out)
! 2517: {
! 2518: *out = calloc(count, sizeof(diffie_hellman_group_t));
! 2519: for (i = 0; i < count; i++)
! 2520: {
! 2521: (*out)[i] = groups[i];
! 2522: }
! 2523: }
! 2524: return count;
! 2525: }
! 2526:
! 2527: /**
! 2528: * See header.
! 2529: */
! 2530: int tls_crypto_get_supported_signatures(tls_version_t version,
! 2531: tls_signature_scheme_t **out)
! 2532: {
! 2533: scheme_algs_t sigs[countof(schemes)];
! 2534: int count = 0, i;
! 2535:
! 2536: /* initialize copy of signature scheme list */
! 2537: for (i = 0; i < countof(schemes); i++)
! 2538: {
! 2539: /* only RSA_PSS_RSAE schemes supported for signing and verifying */
! 2540: if (schemes[i].sig == TLS_SIG_RSA_PSS_PSS_SHA256 ||
! 2541: schemes[i].sig == TLS_SIG_RSA_PSS_PSS_SHA384 ||
! 2542: schemes[i].sig == TLS_SIG_RSA_PSS_PSS_SHA512)
! 2543: {
! 2544: continue;
! 2545: }
! 2546: if (schemes[i].min_version <= version &&
! 2547: schemes[i].max_version >= version &&
! 2548: lib->plugins->has_feature(lib->plugins,
! 2549: PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i].params.scheme)))
! 2550: {
! 2551: sigs[count++] = schemes[i];
! 2552: }
! 2553: }
! 2554:
! 2555: if (out)
! 2556: {
! 2557: *out = calloc(count, sizeof(tls_signature_scheme_t));
! 2558: for (i = 0; i < count; i++)
! 2559: {
! 2560: (*out)[i] = sigs[i].sig;
! 2561: }
! 2562: }
! 2563: return count;
! 2564: }
! 2565:
! 2566: /**
! 2567: * See header.
! 2568: */
! 2569: tls_named_group_t tls_ec_group_to_curve(diffie_hellman_group_t group)
! 2570: {
! 2571: int i;
! 2572:
! 2573: for (i = 0; i < countof(curves); i++)
! 2574: {
! 2575: if (curves[i].group == group)
! 2576: {
! 2577: return curves[i].curve;
! 2578: }
! 2579: }
! 2580: return 0;
! 2581: }
! 2582:
! 2583: /**
! 2584: * See header.
! 2585: */
! 2586: key_type_t tls_signature_scheme_to_key_type(tls_signature_scheme_t sig)
! 2587: {
! 2588: int i;
! 2589:
! 2590: for (i = 0; i < countof(schemes); i++)
! 2591: {
! 2592: if (schemes[i].sig == sig)
! 2593: {
! 2594: return key_type_from_signature_scheme(schemes[i].params.scheme);
! 2595: }
! 2596: }
! 2597: return 0;
! 2598: }
! 2599:
! 2600: /**
! 2601: * Hashtable hash function
! 2602: */
! 2603: static u_int hash_key_type(key_type_t *type)
! 2604: {
! 2605: return chunk_hash(chunk_from_thing(*type));
! 2606: }
! 2607:
! 2608: /**
! 2609: * Hashtable equals function
! 2610: */
! 2611: static bool equals_key_type(key_type_t *key1, key_type_t *key2)
! 2612: {
! 2613: return *key1 == *key2;
! 2614: }
! 2615:
! 2616: CALLBACK(filter_key_types, bool,
! 2617: void *data, enumerator_t *orig, va_list args)
! 2618: {
! 2619: key_type_t *key_type, *out;
! 2620:
! 2621: VA_ARGS_VGET(args, out);
! 2622:
! 2623: if (orig->enumerate(orig, NULL, &key_type))
! 2624: {
! 2625: *out = *key_type;
! 2626: return TRUE;
! 2627: }
! 2628: return FALSE;
! 2629: }
! 2630:
! 2631: CALLBACK(destroy_key_types, void,
! 2632: hashtable_t *ht)
! 2633: {
! 2634: ht->destroy_function(ht, (void*)free);
! 2635: }
! 2636:
! 2637: /**
! 2638: * Create an enumerator over supported key types within a specific TLS range
! 2639: */
! 2640: static enumerator_t *get_supported_key_types(tls_version_t min_version,
! 2641: tls_version_t max_version)
! 2642: {
! 2643: hashtable_t *ht;
! 2644: key_type_t *type, lookup;
! 2645: int i;
! 2646:
! 2647: ht = hashtable_create((hashtable_hash_t)hash_key_type,
! 2648: (hashtable_equals_t)equals_key_type, 4);
! 2649: for (i = 0; i < countof(schemes); i++)
! 2650: {
! 2651: if (schemes[i].min_version <= max_version &&
! 2652: schemes[i].max_version >= min_version)
! 2653: {
! 2654: lookup = key_type_from_signature_scheme(schemes[i].params.scheme);
! 2655: if (!ht->get(ht, &lookup))
! 2656: {
! 2657: type = malloc_thing(key_type_t);
! 2658: *type = lookup;
! 2659: ht->put(ht, type, type);
! 2660: }
! 2661: }
! 2662: }
! 2663: return enumerator_create_filter(ht->create_enumerator(ht),
! 2664: filter_key_types, ht, destroy_key_types);
! 2665: }
! 2666:
! 2667: /**
! 2668: * Create an array of an intersection of server and peer supported key types
! 2669: */
! 2670: static array_t *create_common_key_types(enumerator_t *enumerator, chunk_t hashsig)
! 2671: {
! 2672: array_t *key_types;
! 2673: key_type_t v, lookup;
! 2674: uint16_t sig_scheme;
! 2675:
! 2676: key_types = array_create(sizeof(key_type_t), 8);
! 2677: while (enumerator->enumerate(enumerator, &v))
! 2678: {
! 2679: bio_reader_t *reader;
! 2680:
! 2681: reader = bio_reader_create(hashsig);
! 2682: while (reader->remaining(reader) &&
! 2683: reader->read_uint16(reader, &sig_scheme))
! 2684: {
! 2685: lookup = tls_signature_scheme_to_key_type(sig_scheme);
! 2686: if (v == lookup)
! 2687: {
! 2688: array_insert(key_types, ARRAY_TAIL, &lookup);
! 2689: break;
! 2690: }
! 2691: }
! 2692: reader->destroy(reader);
! 2693: }
! 2694: return key_types;
! 2695: }
! 2696:
! 2697: typedef struct {
! 2698: enumerator_t public;
! 2699: array_t *key_types;
! 2700: identification_t *peer;
! 2701: private_key_t *key;
! 2702: auth_cfg_t *auth;
! 2703: } private_key_enumerator_t;
! 2704:
! 2705: METHOD(enumerator_t, private_key_enumerate, bool,
! 2706: private_key_enumerator_t *this, va_list args)
! 2707: {
! 2708: key_type_t type;
! 2709: auth_cfg_t **auth_out;
! 2710: private_key_t **key_out;
! 2711:
! 2712: VA_ARGS_VGET(args, key_out, auth_out);
! 2713:
! 2714: DESTROY_IF(this->key);
! 2715: DESTROY_IF(this->auth);
! 2716: this->auth = auth_cfg_create();
! 2717:
! 2718: while (array_remove(this->key_types, ARRAY_HEAD, &type))
! 2719: {
! 2720: this->key = lib->credmgr->get_private(lib->credmgr, type, this->peer,
! 2721: this->auth);
! 2722: if (this->key)
! 2723: {
! 2724: *key_out = this->key;
! 2725: if (auth_out)
! 2726: {
! 2727: *auth_out = this->auth;
! 2728: }
! 2729: return TRUE;
! 2730: }
! 2731: }
! 2732: return FALSE;
! 2733: }
! 2734:
! 2735: METHOD(enumerator_t, private_key_destroy, void,
! 2736: private_key_enumerator_t *this)
! 2737: {
! 2738: DESTROY_IF(this->key);
! 2739: DESTROY_IF(this->auth);
! 2740: array_destroy(this->key_types);
! 2741: free(this);
! 2742: }
! 2743:
! 2744: /**
! 2745: * See header.
! 2746: */
! 2747: enumerator_t *tls_create_private_key_enumerator(tls_version_t min_version,
! 2748: tls_version_t max_version,
! 2749: chunk_t hashsig,
! 2750: identification_t *peer)
! 2751: {
! 2752: private_key_enumerator_t *enumerator;
! 2753: enumerator_t *key_types;
! 2754:
! 2755: key_types = get_supported_key_types(min_version, max_version);
! 2756:
! 2757: INIT(enumerator,
! 2758: .public = {
! 2759: .enumerate = enumerator_enumerate_default,
! 2760: .venumerate = _private_key_enumerate,
! 2761: .destroy = _private_key_destroy,
! 2762: },
! 2763: .key_types = create_common_key_types(key_types, hashsig),
! 2764: .peer = peer,
! 2765: );
! 2766: key_types->destroy(key_types);
! 2767:
! 2768: if (!array_count(enumerator->key_types))
! 2769: {
! 2770: private_key_destroy(enumerator);
! 2771: return NULL;
! 2772: }
! 2773: return &enumerator->public;
! 2774: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tls_crypto.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtls