From 68884e3c0964ae6da67919e5f2d86ec4c58fd96d Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Mon, 7 Jan 2013 18:20:04 +0100 Subject: [PATCH] Moved to advanced ciphersuite representation and more dynamic SSL code --- ChangeLog | 4 + include/polarssl/cipher.h | 13 +- include/polarssl/cipher_wrap.h | 11 +- include/polarssl/ssl.h | 20 +- include/polarssl/ssl_ciphersuites.h | 76 ++ library/CMakeLists.txt | 1 + library/Makefile | 2 +- library/cipher.c | 35 +- library/cipher_wrap.c | 61 +- library/ssl_ciphersuites.c | 408 +++++++++ library/ssl_cli.c | 38 +- library/ssl_srv.c | 40 +- library/ssl_tls.c | 1191 +++++++-------------------- programs/test/ssl_test.c | 7 +- programs/x509/cert_app.c | 4 +- 15 files changed, 947 insertions(+), 964 deletions(-) create mode 100644 include/polarssl/ssl_ciphersuites.h create mode 100644 library/ssl_ciphersuites.c diff --git a/ChangeLog b/ChangeLog index eaec163b6..59a43dcb4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ PolarSSL ChangeLog = Development Changes + * Introduced separate SSL Ciphersuites module that is based on + Cipher and MD information * Internals for SSL module adapted to have separate IV pointer that is dynamically set (Better support for hardware acceleration) @@ -47,6 +49,8 @@ Security = Version 1.2.4 released 2013-01-25 Changes + * More advanced SSL ciphersuite representation and moved to more dynamic + SSL core * Added ssl_handshake_step() to allow single stepping the handshake process Bugfix diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h index 8224128e3..2ffdf668f 100644 --- a/include/polarssl/cipher.h +++ b/include/polarssl/cipher.h @@ -5,7 +5,7 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker @@ -54,6 +54,7 @@ typedef enum { POLARSSL_CIPHER_ID_3DES, POLARSSL_CIPHER_ID_CAMELLIA, POLARSSL_CIPHER_ID_BLOWFISH, + POLARSSL_CIPHER_ID_ARC4, } cipher_id_t; typedef enum { @@ -68,6 +69,8 @@ typedef enum { POLARSSL_CIPHER_AES_128_CTR, POLARSSL_CIPHER_AES_192_CTR, POLARSSL_CIPHER_AES_256_CTR, + POLARSSL_CIPHER_AES_128_GCM, + POLARSSL_CIPHER_AES_256_GCM, POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_CIPHER_CAMELLIA_192_CBC, POLARSSL_CIPHER_CAMELLIA_256_CBC, @@ -83,6 +86,7 @@ typedef enum { POLARSSL_CIPHER_BLOWFISH_CBC, POLARSSL_CIPHER_BLOWFISH_CFB64, POLARSSL_CIPHER_BLOWFISH_CTR, + POLARSSL_CIPHER_ARC4_128, } cipher_type_t; typedef enum { @@ -92,6 +96,8 @@ typedef enum { POLARSSL_MODE_CFB, POLARSSL_MODE_OFB, POLARSSL_MODE_CTR, + POLARSSL_MODE_GCM, + POLARSSL_MODE_STREAM, } cipher_mode_t; typedef enum { @@ -351,10 +357,10 @@ static inline const char *cipher_get_name( const cipher_context_t *ctx ) */ static inline int cipher_get_key_size ( const cipher_context_t *ctx ) { - if( NULL == ctx ) + if( NULL == ctx || NULL == ctx->cipher_info ) return POLARSSL_KEY_LENGTH_NONE; - return ctx->key_length; + return ctx->cipher_info->key_length; } /** @@ -448,7 +454,6 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile */ int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen); - /** * \brief Checkup routine * diff --git a/include/polarssl/cipher_wrap.h b/include/polarssl/cipher_wrap.h index 4abbc4ef2..4dabb44ee 100644 --- a/include/polarssl/cipher_wrap.h +++ b/include/polarssl/cipher_wrap.h @@ -5,7 +5,7 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker @@ -54,6 +54,11 @@ extern const cipher_info_t aes_192_ctr_info; extern const cipher_info_t aes_256_ctr_info; #endif /* POLARSSL_CIPHER_MODE_CTR */ +#if defined(POLARSSL_GCM_C) +extern const cipher_info_t aes_128_gcm_info; +extern const cipher_info_t aes_256_gcm_info; +#endif /* POLARSSL_GCM_C */ + #endif /* defined(POLARSSL_AES_C) */ #if defined(POLARSSL_CAMELLIA_C) @@ -96,6 +101,10 @@ extern const cipher_info_t blowfish_ctr_info; #endif /* POLARSSL_CIPHER_MODE_CTR */ #endif /* defined(POLARSSL_BLOWFISH_C) */ +#if defined(POLARSSL_ARC4_C) +extern const cipher_info_t arc4_128_info; +#endif /* defined(POLARSSL_ARC4_C) */ + #if defined(POLARSSL_CIPHER_NULL_CIPHER) extern const cipher_info_t null_cipher_info; #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index c2ecbaf72..756441c8e 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -3,7 +3,7 @@ * * \brief SSL/TLS functions. * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker @@ -37,6 +37,7 @@ #include "sha4.h" #include "x509.h" #include "config.h" +#include "ssl_ciphersuites.h" #if defined(POLARSSL_DHM_C) #include "dhm.h" @@ -323,6 +324,8 @@ struct _ssl_transform /* * Session specific crypto layer */ + const ssl_ciphersuite_t *ciphersuite_info; + /*!< Chosen cipersuite_info */ unsigned int keylen; /*!< symmetric key length */ size_t minlen; /*!< min. ciphertext length */ size_t ivlen; /*!< IV length */ @@ -332,8 +335,12 @@ struct _ssl_transform unsigned char iv_enc[16]; /*!< IV (encryption) */ unsigned char iv_dec[16]; /*!< IV (decryption) */ - unsigned char mac_enc[32]; /*!< MAC (encryption) */ - unsigned char mac_dec[32]; /*!< MAC (decryption) */ + /* Needed only for SSL v3.0 secret */ + unsigned char mac_enc[32]; /*!< SSL v3.0 secret (enc) */ + unsigned char mac_dec[32]; /*!< SSL v3.0 secret (dec) */ + + md_context_t md_ctx_enc; /*!< MAC (encryption) */ + md_context_t md_ctx_dec; /*!< MAC (decryption) */ uint32_t ctx_enc[136]; /*!< encryption context */ uint32_t ctx_dec[136]; /*!< decryption context */ @@ -520,8 +527,6 @@ struct _ssl_context extern "C" { #endif -extern const int ssl_default_ciphersuites[]; - #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) #define SSL_CHANNEL_OUTBOUND 0 @@ -547,10 +552,7 @@ extern int (*ssl_hw_record_finish)(ssl_context *ssl); * \return a statically allocated array of ciphersuites, the last * entry is 0. */ -static inline const int *ssl_list_ciphersuites( void ) -{ - return ssl_default_ciphersuites; -} +const int *ssl_list_ciphersuites( void ); /** * \brief Return the name of the ciphersuite associated with the given diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h new file mode 100644 index 000000000..62a928e87 --- /dev/null +++ b/include/polarssl/ssl_ciphersuites.h @@ -0,0 +1,76 @@ +/** + * \file ssl_ciphersuites.h + * + * \brief SSL Ciphersuites for PolarSSL + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifndef POLARSSL_SSL_CIPHERSUITES_H +#define POLARSSL_SSL_CIPHERSUITES_H + +#include "cipher.h" +#include "md.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + POLARSSL_KEY_EXCHANGE_NONE = 0, + POLARSSL_KEY_EXCHANGE_RSA, + POLARSSL_KEY_EXCHANGE_DHE_RSA +} key_exchange_type_t; + +typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t; + +#define POLARSSL_CIPHERSUITE_WEAK 0x01 + +/** + * \brief This structure is used for storing ciphersuite information + */ +struct _ssl_ciphersuite_t +{ + int id; + const char * name; + + cipher_type_t cipher; + md_type_t mac; + key_exchange_type_t key_exchange; + + int min_major_ver; + int min_minor_ver; + int max_major_ver; + int max_minor_ver; + + unsigned char flags; +}; + +const int *ssl_ciphersuites_list( void ); + +const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name ); +const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id ); + +#ifdef __cplusplus +} +#endif + +#endif /* ssl_ciphersuites.h */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 25802d7b5..1ddd44e23 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -36,6 +36,7 @@ set(src sha2.c sha4.c ssl_cache.c + ssl_ciphersuites.c ssl_cli.c ssl_srv.c ssl_tls.c diff --git a/library/Makefile b/library/Makefile index 603f5d16e..2fcbce096 100644 --- a/library/Makefile +++ b/library/Makefile @@ -47,7 +47,7 @@ OBJS= aes.o arc4.o asn1parse.o \ pkcs11.o \ rsa.o sha1.o sha2.o \ sha4.o ssl_cache.o ssl_cli.o \ - ssl_srv.o \ + ssl_srv.o ssl_ciphersuites.o \ ssl_tls.o timing.o version.o \ x509parse.o x509write.o xtea.o diff --git a/library/cipher.c b/library/cipher.c index f20cc73b4..2a2d78299 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -5,7 +5,7 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker @@ -142,6 +142,13 @@ const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type ) return &aes_256_ctr_info; #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ +#if defined(POLARSSL_GCM_C) + case POLARSSL_CIPHER_AES_128_GCM: + return &aes_128_gcm_info; + case POLARSSL_CIPHER_AES_256_GCM: + return &aes_256_gcm_info; +#endif /* defined(POLARSSL_GCM_C) */ + #endif #if defined(POLARSSL_CAMELLIA_C) @@ -181,6 +188,11 @@ const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type ) return &des_ede3_cbc_info; #endif +#if defined(POLARSSL_ARC4_C) + case POLARSSL_CIPHER_ARC4_128: + return &arc4_128_info; +#endif + #if defined(POLARSSL_BLOWFISH_C) case POLARSSL_CIPHER_BLOWFISH_CBC: return &blowfish_cbc_info; @@ -374,19 +386,28 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile int ret; size_t copy_len = 0; - if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen || - input == output ) + *olen = 0; + + if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) { return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; } - *olen = 0; + if( input == output && + ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) ) + { + return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; + } #if defined(POLARSSL_CIPHER_NULL_CIPHER) if( ctx->cipher_info->mode == POLARSSL_MODE_NULL ) { - memcpy( output, input, ilen ); *olen = ilen; + + if( output == input ) + return( 0 ); + + memcpy( output, input, ilen ); return 0; } #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ @@ -465,6 +486,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile return 0; } +#if defined(POLARSSL_CIPHER_MODE_CFB) if( ctx->cipher_info->mode == POLARSSL_MODE_CFB ) { if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx, @@ -478,7 +500,9 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile return 0; } +#endif +#if defined(POLARSSL_CIPHER_MODE_CTR) if( ctx->cipher_info->mode == POLARSSL_MODE_CTR ) { if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx, @@ -492,6 +516,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile return 0; } +#endif return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; } diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 611112f0d..7ee217885 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -5,7 +5,7 @@ * * \author Adriaan de Jong * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker @@ -222,6 +222,28 @@ const cipher_info_t aes_256_ctr_info = { }; #endif /* POLARSSL_CIPHER_MODE_CTR */ +#if defined(POLARSSL_GCM_C) +const cipher_info_t aes_128_gcm_info = { + POLARSSL_CIPHER_AES_128_GCM, + POLARSSL_MODE_GCM, + 128, + "AES-128-GCM", + 16, + 16, + &aes_info +}; + +const cipher_info_t aes_256_gcm_info = { + POLARSSL_CIPHER_AES_256_GCM, + POLARSSL_MODE_GCM, + 256, + "AES-256-GCM", + 16, + 16, + &aes_info +}; +#endif /* POLARSSL_GCM_C */ + #endif #if defined(POLARSSL_CAMELLIA_C) @@ -440,7 +462,6 @@ static int des_crypt_ctr_wrap( void *ctx, size_t length, return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; } - static int des_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length ) { ((void) key_length); @@ -674,6 +695,40 @@ const cipher_info_t blowfish_ctr_info = { #endif /* POLARSSL_CIPHER_MODE_CTR */ #endif /* POLARSSL_BLOWFISH_C */ +#if defined(POLARSSL_ARC4_C) +static void * arc4_ctx_alloc( void ) +{ + return (void *) 1; +} + + +static void arc4_ctx_free( void *ctx ) +{ + ((void) ctx); +} + +const cipher_base_t arc4_base_info = { + POLARSSL_CIPHER_ID_ARC4, + NULL, + NULL, + NULL, + NULL, + NULL, + arc4_ctx_alloc, + arc4_ctx_free +}; + +const cipher_info_t arc4_128_info = { + POLARSSL_CIPHER_ARC4_128, + POLARSSL_MODE_STREAM, + 128, + "ARC4-128", + 0, + 1, + &arc4_base_info +}; +#endif /* POLARSSL_ARC4_C */ + #if defined(POLARSSL_CIPHER_NULL_CIPHER) static void * null_ctx_alloc( void ) { @@ -702,7 +757,7 @@ const cipher_info_t null_cipher_info = { POLARSSL_MODE_NULL, 0, "NULL", - 1, + 0, 1, &null_base_info }; diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c new file mode 100644 index 000000000..0218194f3 --- /dev/null +++ b/library/ssl_ciphersuites.c @@ -0,0 +1,408 @@ +/** + * \file ssl_ciphersuites.c + * + * \brief SSL ciphersuites for PolarSSL + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "polarssl/config.h" + +#if defined(POLARSSL_SSL_TLS_C) + +#include "polarssl/ssl_ciphersuites.h" +#include "polarssl/ssl.h" + +#include + +const int supported_ciphersuites[] = +{ +#if defined(POLARSSL_DHM_C) +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, +#endif + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, +#endif + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, +#endif /* POLARSSL_AES_C */ +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, +#if defined(POLARSSL_SHA2_C) + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, +#endif /* POLARSSL_CAMELLIA_C */ +#if defined(POLARSSL_DES_C) + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, +#endif +#endif /* POLARSSL_DHM_C */ + +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_AES_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) + TLS_RSA_WITH_AES_256_GCM_SHA384, +#endif + TLS_RSA_WITH_AES_256_CBC_SHA, +#endif /* POLARSSL_AES_C */ +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, +#endif /* POLARSSL_CAMELLIA_C */ +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_AES_128_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_AES_128_GCM_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_RSA_WITH_AES_128_CBC_SHA, +#endif /* POLARSSL_AES_C */ +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, +#endif /* POLARSSL_SHA2_C */ + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, +#endif /* POLARSSL_CAMELLIA_C */ +#if defined(POLARSSL_DES_C) + TLS_RSA_WITH_3DES_EDE_CBC_SHA, +#endif /* POLARSSL_DES_C */ +#if defined(POLARSSL_ARC4_C) + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, +#endif /* POLARSSL_ARC4_C */ +#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) +#if defined(POLARSSL_DES_C) +#if defined(POLARSSL_DHM_C) + TLS_DHE_RSA_WITH_DES_CBC_SHA, +#endif /* POLARSSL_DHM_C */ + TLS_RSA_WITH_DES_CBC_SHA, +#endif /* POLARSSL_DES_C */ +#if defined(POLARSSL_CIPHER_NULL_CIPHER) +#if defined(POLARSSL_SHA2_C) + TLS_RSA_WITH_NULL_SHA256, +#endif + TLS_RSA_WITH_NULL_SHA, + TLS_RSA_WITH_NULL_MD5, +#endif /* POLARSSL_CIPHER_NULL_CIPHER */ +#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */ + 0 +}; + +static const ssl_ciphersuite_t ciphersuite_definitions[] = +{ +#if defined(POLARSSL_ARC4_C) + { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5", + POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA", + POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_ARC4_C */ + +#if defined(POLARSSL_DHM_C) +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C) + { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */ + +#if defined(POLARSSL_SHA2_C) +#if defined(POLARSSL_GCM_C) + { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_GCM_C */ + + { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA2_C */ + + { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_AES_C */ + +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA2_C */ + + { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_CAMELLIA_C */ + +#if defined(POLARSSL_DES_C) + { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_DES_C */ +#endif /* POLARSSL_DHM_C */ + +#if defined(POLARSSL_AES_C) +#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C) + { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", + POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */ + +#if defined(POLARSSL_SHA2_C) +#if defined(POLARSSL_GCM_C) + { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", + POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_GCM_C */ + + { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", + POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", + POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA2_C */ + + { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", + POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", + POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_AES_C */ + +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA2_C) + { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_SHA2_C */ + + { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, + + { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_CAMELLIA_C */ + +#if defined(POLARSSL_DES_C) + { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA", + POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + 0 }, +#endif /* POLARSSL_DES_C */ + +#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) +#if defined(POLARSSL_CIPHER_NULL_CIPHER) + { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", + POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, + + { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", + POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, + + { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", + POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, +#endif /* POLARSSL_CIPHER_NULL_CIPHER */ + +#if defined(POLARSSL_DES_C) +#if defined(POLARSSL_DHM_C) + { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA", + POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, +#endif /* POLARSSL_DHM_C */ + + { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA", + POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_WEAK }, +#endif /* POLARSSL_DES_C */ + +#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */ + + { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 } +}; + +const int *ssl_list_ciphersuites( void ) +{ + return supported_ciphersuites; +}; + +const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name ) +{ + const ssl_ciphersuite_t *cur = ciphersuite_definitions; + + if( NULL == ciphersuite_name ) + return( NULL ); + + while( cur->id != 0 ) + { + if( 0 == strcasecmp( cur->name, ciphersuite_name ) ) + return( cur ); + + cur++; + } + + return( NULL ); +} + +const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite ) +{ + const ssl_ciphersuite_t *cur = ciphersuite_definitions; + + while( cur->id != 0 ) + { + if( cur->id == ciphersuite ) + return( cur ); + + cur++; + } + + return( NULL ); +} + +const char *ssl_get_ciphersuite_name( const int ciphersuite_id ) +{ + const ssl_ciphersuite_t *cur; + + cur = ssl_ciphersuite_from_id( ciphersuite_id ); + + if( cur == NULL ) + return( "unknown" ); + + return( cur->name ); +} + +int ssl_get_ciphersuite_id( const char *ciphersuite_name ) +{ + const ssl_ciphersuite_t *cur; + + cur = ssl_ciphersuite_from_string( ciphersuite_name ); + + if( cur == NULL ) + return( 0 ); + + return( cur->id ); +} + +#endif diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 545906a2a..c426fa875 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1,7 +1,7 @@ /* * SSLv3/TLSv1 client-side functions * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker @@ -473,6 +473,14 @@ static int ssl_parse_server_hello( ssl_context *ssl ) * Initialize update checksum functions */ ssl_optimize_checksum( ssl, i ); + ssl->transform_negotiate->ciphersuite_info = ssl_ciphersuite_from_id( i ); + + if( ssl->transform_negotiate->ciphersuite_info == NULL ) + { + SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found", + ssl->ciphersuites[i] ) ); + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n ); @@ -636,18 +644,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); - if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) + if( ssl->transform_negotiate->ciphersuite_info->key_exchange != + POLARSSL_KEY_EXCHANGE_DHE_RSA ) { SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); ssl->state++; @@ -1044,18 +1042,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); - if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) + if( ssl->transform_negotiate->ciphersuite_info->key_exchange == + POLARSSL_KEY_EXCHANGE_DHE_RSA ) { #if !defined(POLARSSL_DHM_C) SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 325440d9d..c5788ace4 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1,7 +1,7 @@ /* * SSLv3/TLSv1 server-side functions * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker @@ -658,6 +658,16 @@ static int ssl_parse_client_hello( ssl_context *ssl ) have_ciphersuite: ssl->session_negotiate->ciphersuite = ssl->ciphersuites[i]; + ssl->transform_negotiate->ciphersuite_info = + ssl_ciphersuite_from_id( ssl->ciphersuites[i] ); + + if( ssl->transform_negotiate->ciphersuite_info == NULL ) + { + SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found", + ssl->ciphersuites[i] ) ); + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } + ssl_optimize_checksum( ssl, ssl->session_negotiate->ciphersuite ); ext = buf + 44 + sess_len + ciph_len + comp_len; @@ -1011,18 +1021,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); - if( ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_DES_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 && - ssl->session_negotiate->ciphersuite != TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) + if( ssl->transform_negotiate->ciphersuite_info->key_exchange != + POLARSSL_KEY_EXCHANGE_DHE_RSA ) { SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) ); ssl->state++; @@ -1288,18 +1288,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } - if( ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_negotiate->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) + if( ssl->transform_negotiate->ciphersuite_info->key_exchange == + POLARSSL_KEY_EXCHANGE_DHE_RSA ) { #if !defined(POLARSSL_DHM_C) SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5e2d1ef04..08880beb2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1,7 +1,7 @@ /* * SSLv3/TLSv1 shared functions * - * Copyright (C) 2006-2012, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker @@ -302,13 +302,34 @@ int ssl_derive_keys( ssl_context *ssl ) unsigned char keyblk[256]; unsigned char *key1; unsigned char *key2; + unsigned char *mac_enc; + unsigned char *mac_dec; unsigned int iv_copy_len; + const cipher_info_t *cipher_info; + const md_info_t *md_info; + ssl_session *session = ssl->session_negotiate; ssl_transform *transform = ssl->transform_negotiate; ssl_handshake_params *handshake = ssl->handshake; SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); + cipher_info = cipher_info_from_type( transform->ciphersuite_info->cipher ); + if( cipher_info == NULL ) + { + SSL_DEBUG_MSG( 1, ( "cipher info for %d not found", + transform->ciphersuite_info->cipher ) ); + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } + + md_info = md_info_from_type( transform->ciphersuite_info->mac ); + if( md_info == NULL ) + { + SSL_DEBUG_MSG( 1, ( "md info for %d not found", + transform->ciphersuite_info->mac ) ); + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + } + /* * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions */ @@ -398,130 +419,38 @@ int ssl_derive_keys( ssl_context *ssl ) /* * Determine the appropriate key, IV and MAC length. */ - switch( session->ciphersuite ) + + if( cipher_info->mode == POLARSSL_MODE_GCM ) { -#if defined(POLARSSL_ARC4_C) - case TLS_RSA_WITH_RC4_128_MD5: - transform->keylen = 16; transform->minlen = 16; - transform->ivlen = 0; transform->maclen = 16; - break; + transform->keylen = cipher_info->key_length; + transform->keylen /= 8; + transform->minlen = 1; + transform->ivlen = 12; + transform->fixed_ivlen = 4; + transform->maclen = 0; + } + else + { + if( md_info->type != POLARSSL_MD_NONE ) + { + md_init_ctx( &transform->md_ctx_enc, md_info ); + md_init_ctx( &transform->md_ctx_dec, md_info ); - case TLS_RSA_WITH_RC4_128_SHA: - transform->keylen = 16; transform->minlen = 20; - transform->ivlen = 0; transform->maclen = 20; - break; -#endif + transform->maclen = md_get_size( md_info ); + } -#if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - transform->keylen = 24; transform->minlen = 24; - transform->ivlen = 8; transform->maclen = 20; - break; -#endif + transform->keylen = cipher_info->key_length; + transform->keylen /= 8; + transform->ivlen = cipher_info->iv_size; -#if defined(POLARSSL_AES_C) - case TLS_RSA_WITH_AES_128_CBC_SHA: - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - transform->keylen = 16; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 20; - break; - - case TLS_RSA_WITH_AES_256_CBC_SHA: - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - transform->keylen = 32; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 20; - break; - -#if defined(POLARSSL_SHA2_C) - case TLS_RSA_WITH_AES_128_CBC_SHA256: - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - transform->keylen = 16; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 32; - break; - - case TLS_RSA_WITH_AES_256_CBC_SHA256: - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: - transform->keylen = 32; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 32; - break; -#endif -#if defined(POLARSSL_GCM_C) - case TLS_RSA_WITH_AES_128_GCM_SHA256: - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: - transform->keylen = 16; transform->minlen = 1; - transform->ivlen = 12; transform->maclen = 0; - transform->fixed_ivlen = 4; - break; - - case TLS_RSA_WITH_AES_256_GCM_SHA384: - case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: - transform->keylen = 32; transform->minlen = 1; - transform->ivlen = 12; transform->maclen = 0; - transform->fixed_ivlen = 4; - break; -#endif -#endif - -#if defined(POLARSSL_CAMELLIA_C) - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: - transform->keylen = 16; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 20; - break; - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: - transform->keylen = 32; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 20; - break; - -#if defined(POLARSSL_SHA2_C) - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: - transform->keylen = 16; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 32; - break; - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: - transform->keylen = 32; transform->minlen = 32; - transform->ivlen = 16; transform->maclen = 32; - break; -#endif -#endif - -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - case TLS_RSA_WITH_NULL_MD5: - transform->keylen = 0; transform->minlen = 0; - transform->ivlen = 0; transform->maclen = 16; - break; - - case TLS_RSA_WITH_NULL_SHA: - transform->keylen = 0; transform->minlen = 0; - transform->ivlen = 0; transform->maclen = 20; - break; - - case TLS_RSA_WITH_NULL_SHA256: - transform->keylen = 0; transform->minlen = 0; - transform->ivlen = 0; transform->maclen = 32; - break; -#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ - -#if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_DES_CBC_SHA: - case TLS_DHE_RSA_WITH_DES_CBC_SHA: - transform->keylen = 8; transform->minlen = 8; - transform->ivlen = 8; transform->maclen = 20; - break; -#endif -#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */ - - default: - SSL_DEBUG_MSG( 1, ( "ciphersuite %s is not available", - ssl_get_ciphersuite_name( session->ciphersuite ) ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + transform->minlen = transform->keylen; + if( transform->minlen < transform->maclen ) + { + if( cipher_info->mode == POLARSSL_MODE_STREAM ) + transform->minlen = transform->maclen; + else + transform->minlen += transform->keylen; + } } SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d", @@ -536,9 +465,8 @@ int ssl_derive_keys( ssl_context *ssl ) key1 = keyblk + transform->maclen * 2; key2 = keyblk + transform->maclen * 2 + transform->keylen; - memcpy( transform->mac_enc, keyblk, transform->maclen ); - memcpy( transform->mac_dec, keyblk + transform->maclen, - transform->maclen ); + mac_enc = keyblk; + mac_dec = keyblk + transform->maclen; /* * This is not used in TLS v1.1. @@ -554,9 +482,8 @@ int ssl_derive_keys( ssl_context *ssl ) key1 = keyblk + transform->maclen * 2 + transform->keylen; key2 = keyblk + transform->maclen * 2; - memcpy( transform->mac_dec, keyblk, transform->maclen ); - memcpy( transform->mac_enc, keyblk + transform->maclen, - transform->maclen ); + mac_enc = keyblk + transform->maclen; + mac_dec = keyblk; /* * This is not used in TLS v1.1. @@ -568,6 +495,17 @@ int ssl_derive_keys( ssl_context *ssl ) iv_copy_len ); } + if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + memcpy( transform->mac_enc, mac_enc, transform->maclen ); + memcpy( transform->mac_dec, mac_dec, transform->maclen ); + } + else + { + md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen ); + md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen ); + } + #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) if( ssl_hw_record_init != NULL) { @@ -578,7 +516,7 @@ int ssl_derive_keys( ssl_context *ssl ) if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->keylen, transform->iv_enc, transform->iv_dec, iv_copy_len, - transform->mac_enc, transform->mac_dec, + mac_enc, mac_dec, transform->maclen ) ) != 0 ) { SSL_DEBUG_RET( 1, "ssl_hw_record_init", ret ); @@ -587,11 +525,10 @@ int ssl_derive_keys( ssl_context *ssl ) } #endif - switch( session->ciphersuite ) + switch( cipher_info->type ) { #if defined(POLARSSL_ARC4_C) - case TLS_RSA_WITH_RC4_128_MD5: - case TLS_RSA_WITH_RC4_128_SHA: + case POLARSSL_CIPHER_ARC4_128: arc4_setup( (arc4_context *) transform->ctx_enc, key1, transform->keylen ); arc4_setup( (arc4_context *) transform->ctx_dec, key2, @@ -600,79 +537,51 @@ int ssl_derive_keys( ssl_context *ssl ) #endif #if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - des3_set3key_enc( (des3_context *) transform->ctx_enc, key1 ); - des3_set3key_dec( (des3_context *) transform->ctx_dec, key2 ); - break; + case POLARSSL_CIPHER_DES_EDE3_CBC: + des3_set3key_enc( (des3_context *) transform->ctx_enc, key1 ); + des3_set3key_dec( (des3_context *) transform->ctx_dec, key2 ); + break; #endif #if defined(POLARSSL_AES_C) - case TLS_RSA_WITH_AES_128_CBC_SHA: - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - case TLS_RSA_WITH_AES_128_CBC_SHA256: - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 128 ); - aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 128 ); + case POLARSSL_CIPHER_AES_128_CBC: + case POLARSSL_CIPHER_AES_256_CBC: + aes_setkey_enc( (aes_context*) transform->ctx_enc, key1, + cipher_info->key_length ); + aes_setkey_dec( (aes_context*) transform->ctx_dec, key2, + cipher_info->key_length ); break; - - case TLS_RSA_WITH_AES_256_CBC_SHA: - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - case TLS_RSA_WITH_AES_256_CBC_SHA256: - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: - aes_setkey_enc( (aes_context *) transform->ctx_enc, key1, 256 ); - aes_setkey_dec( (aes_context *) transform->ctx_dec, key2, 256 ); - break; - -#if defined(POLARSSL_GCM_C) - case TLS_RSA_WITH_AES_128_GCM_SHA256: - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: - gcm_init( (gcm_context *) transform->ctx_enc, key1, 128 ); - gcm_init( (gcm_context *) transform->ctx_dec, key2, 128 ); - break; - - case TLS_RSA_WITH_AES_256_GCM_SHA384: - case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: - gcm_init( (gcm_context *) transform->ctx_enc, key1, 256 ); - gcm_init( (gcm_context *) transform->ctx_dec, key2, 256 ); - break; -#endif #endif #if defined(POLARSSL_CAMELLIA_C) - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: - camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 128 ); - camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 128 ); - break; - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: - camellia_setkey_enc( (camellia_context *) transform->ctx_enc, key1, 256 ); - camellia_setkey_dec( (camellia_context *) transform->ctx_dec, key2, 256 ); + case POLARSSL_CIPHER_CAMELLIA_128_CBC: + case POLARSSL_CIPHER_CAMELLIA_256_CBC: + camellia_setkey_enc( (camellia_context*) transform->ctx_enc, key1, + cipher_info->key_length ); + camellia_setkey_dec( (camellia_context*) transform->ctx_dec, key2, + cipher_info->key_length ); break; #endif -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - case TLS_RSA_WITH_NULL_MD5: - case TLS_RSA_WITH_NULL_SHA: - case TLS_RSA_WITH_NULL_SHA256: - break; -#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ - #if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_DES_CBC_SHA: - case TLS_DHE_RSA_WITH_DES_CBC_SHA: + case POLARSSL_CIPHER_DES_CBC: des_setkey_enc( (des_context *) transform->ctx_enc, key1 ); des_setkey_dec( (des_context *) transform->ctx_dec, key2 ); break; #endif -#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */ + +#if defined(POLARSSL_GCM_C) + case POLARSSL_CIPHER_AES_128_GCM: + case POLARSSL_CIPHER_AES_256_GCM: + gcm_init( (gcm_context *) transform->ctx_enc, key1, + cipher_info->key_length ); + gcm_init( (gcm_context *) transform->ctx_dec, key2, + cipher_info->key_length ); + break; +#endif + + case POLARSSL_CIPHER_NULL: + break; default: return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); @@ -799,91 +708,42 @@ void ssl_calc_verify_tls_sha384( ssl_context *ssl, unsigned char hash[48] ) /* * SSLv3.0 MAC functions */ -static void ssl_mac_md5( unsigned char *secret, - unsigned char *buf, size_t len, - unsigned char *ctr, int type ) +static void ssl_mac( md_context_t *md_ctx, unsigned char *secret, + unsigned char *buf, size_t len, + unsigned char *ctr, int type ) { unsigned char header[11]; unsigned char padding[48]; - md5_context md5; + int padlen = 0; + int md_size = md_get_size( md_ctx->md_info ); + int md_type = md_get_type( md_ctx->md_info ); + + if( md_type == POLARSSL_MD_MD5 ) + padlen = 48; + else if( md_type == POLARSSL_MD_SHA1 ) + padlen = 40; + else if( md_type == POLARSSL_MD_SHA256 ) + padlen = 32; memcpy( header, ctr, 8 ); header[ 8] = (unsigned char) type; header[ 9] = (unsigned char)( len >> 8 ); header[10] = (unsigned char)( len ); - memset( padding, 0x36, 48 ); - md5_starts( &md5 ); - md5_update( &md5, secret, 16 ); - md5_update( &md5, padding, 48 ); - md5_update( &md5, header, 11 ); - md5_update( &md5, buf, len ); - md5_finish( &md5, buf + len ); + memset( padding, 0x36, padlen ); + md_starts( md_ctx ); + md_update( md_ctx, secret, md_size ); + md_update( md_ctx, padding, padlen ); + md_update( md_ctx, header, 11 ); + md_update( md_ctx, buf, len ); + md_finish( md_ctx, buf + len ); - memset( padding, 0x5C, 48 ); - md5_starts( &md5 ); - md5_update( &md5, secret, 16 ); - md5_update( &md5, padding, 48 ); - md5_update( &md5, buf + len, 16 ); - md5_finish( &md5, buf + len ); -} - -static void ssl_mac_sha1( unsigned char *secret, - unsigned char *buf, size_t len, - unsigned char *ctr, int type ) -{ - unsigned char header[11]; - unsigned char padding[40]; - sha1_context sha1; - - memcpy( header, ctr, 8 ); - header[ 8] = (unsigned char) type; - header[ 9] = (unsigned char)( len >> 8 ); - header[10] = (unsigned char)( len ); - - memset( padding, 0x36, 40 ); - sha1_starts( &sha1 ); - sha1_update( &sha1, secret, 20 ); - sha1_update( &sha1, padding, 40 ); - sha1_update( &sha1, header, 11 ); - sha1_update( &sha1, buf, len ); - sha1_finish( &sha1, buf + len ); - - memset( padding, 0x5C, 40 ); - sha1_starts( &sha1 ); - sha1_update( &sha1, secret, 20 ); - sha1_update( &sha1, padding, 40 ); - sha1_update( &sha1, buf + len, 20 ); - sha1_finish( &sha1, buf + len ); -} - -static void ssl_mac_sha2( unsigned char *secret, - unsigned char *buf, size_t len, - unsigned char *ctr, int type ) -{ - unsigned char header[11]; - unsigned char padding[32]; - sha2_context sha2; - - memcpy( header, ctr, 8 ); - header[ 8] = (unsigned char) type; - header[ 9] = (unsigned char)( len >> 8 ); - header[10] = (unsigned char)( len ); - - memset( padding, 0x36, 32 ); - sha2_starts( &sha2, 0 ); - sha2_update( &sha2, secret, 32 ); - sha2_update( &sha2, padding, 32 ); - sha2_update( &sha2, header, 11 ); - sha2_update( &sha2, buf, len ); - sha2_finish( &sha2, buf + len ); - - memset( padding, 0x5C, 32 ); - sha2_starts( &sha2, 0 ); - sha2_update( &sha2, secret, 32 ); - sha2_update( &sha2, padding, 32 ); - sha2_update( &sha2, buf + len, 32 ); - sha2_finish( &sha2, buf + len ); + memset( padding, 0x5C, padlen ); + md_starts( md_ctx ); + md_update( md_ctx, secret, md_size ); + md_update( md_ctx, padding, padlen ); + md_update( md_ctx, buf + len, md_size ); + md_finish( md_ctx, buf + len ); } /* @@ -900,57 +760,19 @@ static int ssl_encrypt_buf( ssl_context *ssl ) */ if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) { - if( ssl->transform_out->maclen == 16 ) - ssl_mac_md5( ssl->transform_out->mac_enc, - ssl->out_msg, ssl->out_msglen, - ssl->out_ctr, ssl->out_msgtype ); - else if( ssl->transform_out->maclen == 20 ) - ssl_mac_sha1( ssl->transform_out->mac_enc, - ssl->out_msg, ssl->out_msglen, - ssl->out_ctr, ssl->out_msgtype ); - else if( ssl->transform_out->maclen == 32 ) - ssl_mac_sha2( ssl->transform_out->mac_enc, - ssl->out_msg, ssl->out_msglen, - ssl->out_ctr, ssl->out_msgtype ); - else if( ssl->transform_out->maclen != 0 ) - { - SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d", - ssl->transform_out->maclen ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } + ssl_mac( &ssl->transform_out->md_ctx_enc, + ssl->transform_out->mac_enc, + ssl->out_msg, ssl->out_msglen, + ssl->out_ctr, ssl->out_msgtype ); } else { - if( ssl->transform_out->maclen == 16 ) - { - md5_context md5; - md5_hmac_starts( &md5, ssl->transform_out->mac_enc, 16 ); - md5_hmac_update( &md5, ssl->out_ctr, 13 ); - md5_hmac_update( &md5, ssl->out_msg, ssl->out_msglen ); - md5_hmac_finish( &md5, ssl->out_msg + ssl->out_msglen ); - } - else if( ssl->transform_out->maclen == 20 ) - { - sha1_context sha1; - sha1_hmac_starts( &sha1, ssl->transform_out->mac_enc, 20 ); - sha1_hmac_update( &sha1, ssl->out_ctr, 13 ); - sha1_hmac_update( &sha1, ssl->out_msg, ssl->out_msglen ); - sha1_hmac_finish( &sha1, ssl->out_msg + ssl->out_msglen ); - } - else if( ssl->transform_out->maclen == 32 ) - { - sha2_context sha2; - sha2_hmac_starts( &sha2, ssl->transform_out->mac_enc, 32, 0 ); - sha2_hmac_update( &sha2, ssl->out_ctr, 13 ); - sha2_hmac_update( &sha2, ssl->out_msg, ssl->out_msglen ); - sha2_hmac_finish( &sha2, ssl->out_msg + ssl->out_msglen ); - } - else if( ssl->transform_out->maclen != 0 ) - { - SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d", - ssl->transform_out->maclen ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } + md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 13 ); + md_hmac_update( &ssl->transform_out->md_ctx_enc, + ssl->out_msg, ssl->out_msglen ); + md_hmac_finish( &ssl->transform_out->md_ctx_enc, + ssl->out_msg + ssl->out_msglen ); + md_hmac_reset( &ssl->transform_out->md_ctx_enc ); } SSL_DEBUG_BUF( 4, "computed mac", @@ -958,7 +780,15 @@ static int ssl_encrypt_buf( ssl_context *ssl ) ssl->out_msglen += ssl->transform_out->maclen; - if( ssl->transform_out->ivlen == 0 ) +#if defined(POLARSSL_CIPHER_NULL_CIPHER) + if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_NULL ) + { + padlen = 0; + } + else +#endif /* POLARSSL_CIPHER_NULL_CIPHER */ +#if defined(POLARSSL_ARC4_C) + if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 ) { padlen = 0; @@ -969,25 +799,15 @@ static int ssl_encrypt_buf( ssl_context *ssl ) SSL_DEBUG_BUF( 4, "before encrypt: output payload", ssl->out_msg, ssl->out_msglen ); -#if defined(POLARSSL_ARC4_C) - if( ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_MD5 || - ssl->session_out->ciphersuite == TLS_RSA_WITH_RC4_128_SHA ) - { - arc4_crypt( (arc4_context *) ssl->transform_out->ctx_enc, - ssl->out_msglen, ssl->out_msg, - ssl->out_msg ); - } else -#endif -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - if( ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_MD5 || - ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA || - ssl->session_out->ciphersuite == TLS_RSA_WITH_NULL_SHA256 ) - { - } else -#endif - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + arc4_crypt( (arc4_context *) ssl->transform_out->ctx_enc, + ssl->out_msglen, ssl->out_msg, + ssl->out_msg ); } - else if( ssl->transform_out->ivlen == 12 ) + else +#endif /* POLARSSL_ARC4_C */ +#if defined(POLARSSL_GCM_C) + if( ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_128_GCM || + ssl->transform_out->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM ) { size_t enc_msglen; unsigned char *enc_msg; @@ -1007,61 +827,51 @@ static int ssl_encrypt_buf( ssl_context *ssl ) SSL_DEBUG_BUF( 4, "additional data used for AEAD", add_data, 13 ); -#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C) - - if( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) - { - /* - * Generate IV - */ - ret = ssl->f_rng( ssl->p_rng, - ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, - ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); - if( ret != 0 ) - return( ret ); - - memcpy( ssl->out_iv, + /* + * Generate IV + */ + ret = ssl->f_rng( ssl->p_rng, ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, - ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); + ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); + if( ret != 0 ) + return( ret ); - /* - * Fix pointer positions and message length with added IV - */ - enc_msg = ssl->out_msg; - enc_msglen = ssl->out_msglen; - ssl->out_msglen += ssl->transform_out->ivlen - - ssl->transform_out->fixed_ivlen; + memcpy( ssl->out_iv, + ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, + ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); - SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " - "including %d bytes of padding", - ssl->out_msglen, 0 ) ); + /* + * Fix pointer positions and message length with added IV + */ + enc_msg = ssl->out_msg; + enc_msglen = ssl->out_msglen; + ssl->out_msglen += ssl->transform_out->ivlen - + ssl->transform_out->fixed_ivlen; - SSL_DEBUG_BUF( 4, "before encrypt: output payload", - ssl->out_iv, ssl->out_msglen ); + SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " + "including %d bytes of padding", + ssl->out_msglen, 0 ) ); - /* - * Adjust for tag - */ - ssl->out_msglen += 16; - - gcm_crypt_and_tag( (gcm_context *) ssl->transform_out->ctx_enc, - GCM_ENCRYPT, enc_msglen, - ssl->transform_out->iv_enc, ssl->transform_out->ivlen, - add_data, 13, - enc_msg, enc_msg, - 16, enc_msg + enc_msglen ); + SSL_DEBUG_BUF( 4, "before encrypt: output payload", + ssl->out_msg, ssl->out_msglen ); - SSL_DEBUG_BUF( 4, "after encrypt: tag", - enc_msg + enc_msglen, 16 ); + /* + * Adjust for tag + */ + ssl->out_msglen += 16; - } else -#endif - return( ret ); + gcm_crypt_and_tag( (gcm_context *) ssl->transform_out->ctx_enc, + GCM_ENCRYPT, enc_msglen, + ssl->transform_out->iv_enc, ssl->transform_out->ivlen, + add_data, 13, + enc_msg, enc_msg, + 16, enc_msg + enc_msglen ); + + SSL_DEBUG_BUF( 4, "after encrypt: tag", + enc_msg + enc_msglen, 16 ); } else +#endif /* POLARSSL_GCM_C */ { unsigned char *enc_msg; size_t enc_msglen; @@ -1111,60 +921,33 @@ static int ssl_encrypt_buf( ssl_context *ssl ) SSL_DEBUG_BUF( 4, "before encrypt: output payload", ssl->out_iv, ssl->out_msglen ); - switch( ssl->transform_out->ivlen ) + switch( ssl->transform_out->ciphersuite_info->cipher ) { -#if defined(POLARSSL_DES_C) - case 8: -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) - if( ssl->session_out->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ) - { - des_crypt_cbc( (des_context *) ssl->transform_out->ctx_enc, - DES_ENCRYPT, enc_msglen, - ssl->transform_out->iv_enc, enc_msg, enc_msg ); - } - else -#endif - des3_crypt_cbc( (des3_context *) ssl->transform_out->ctx_enc, - DES_ENCRYPT, enc_msglen, + case POLARSSL_CIPHER_DES_CBC: + des_crypt_cbc( (des_context *) ssl->transform_out->ctx_enc, + DES_ENCRYPT, enc_msglen, + ssl->transform_out->iv_enc, enc_msg, enc_msg ); + break; + + case POLARSSL_CIPHER_DES_EDE3_CBC: + des3_crypt_cbc( (des3_context *) ssl->transform_out->ctx_enc, + DES_ENCRYPT, enc_msglen, + ssl->transform_out->iv_enc, enc_msg, enc_msg ); + break; + + case POLARSSL_CIPHER_AES_128_CBC: + case POLARSSL_CIPHER_AES_256_CBC: + aes_crypt_cbc( (aes_context *) ssl->transform_out->ctx_enc, + AES_ENCRYPT, enc_msglen, + ssl->transform_out->iv_enc, enc_msg, enc_msg ); + break; + + case POLARSSL_CIPHER_CAMELLIA_128_CBC: + case POLARSSL_CIPHER_CAMELLIA_256_CBC: + camellia_crypt_cbc( (camellia_context *) ssl->transform_out->ctx_enc, + CAMELLIA_ENCRYPT, enc_msglen, ssl->transform_out->iv_enc, enc_msg, enc_msg ); break; -#endif - - case 16: -#if defined(POLARSSL_AES_C) - if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || - ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || - ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ) - { - aes_crypt_cbc( (aes_context *) ssl->transform_out->ctx_enc, - AES_ENCRYPT, enc_msglen, - ssl->transform_out->iv_enc, enc_msg, enc_msg); - break; - } -#endif - -#if defined(POLARSSL_CAMELLIA_C) - if ( ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 || - ssl->session_out->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ) - { - camellia_crypt_cbc( (camellia_context *) ssl->transform_out->ctx_enc, - CAMELLIA_ENCRYPT, enc_msglen, - ssl->transform_out->iv_enc, enc_msg, enc_msg ); - break; - } -#endif default: return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); @@ -1199,27 +982,27 @@ static int ssl_decrypt_buf( ssl_context *ssl ) return( POLARSSL_ERR_SSL_INVALID_MAC ); } - if( ssl->transform_in->ivlen == 0 ) +#if defined(POLARSSL_CIPHER_NULL_CIPHER) + if( ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_NULL ) { + padlen = 0; + } + else +#endif /* POLARSSL_CIPHER_NULL_CIPHER */ #if defined(POLARSSL_ARC4_C) - if( ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_MD5 || - ssl->session_in->ciphersuite == TLS_RSA_WITH_RC4_128_SHA ) - { - arc4_crypt( (arc4_context *) ssl->transform_in->ctx_dec, + if( ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_ARC4_128 ) + { + padlen = 0; + + arc4_crypt( (arc4_context *) ssl->transform_in->ctx_dec, ssl->in_msglen, ssl->in_msg, ssl->in_msg ); - } else -#endif -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - if( ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_MD5 || - ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA || - ssl->session_in->ciphersuite == TLS_RSA_WITH_NULL_SHA256 ) - { - } else -#endif - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); } - else if( ssl->transform_in->ivlen == 12 ) + else +#endif /* POLARSSL_ARC4_C */ +#if defined(POLARSSL_GCM_C) + if( ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_128_GCM || + ssl->transform_in->ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM ) { unsigned char *dec_msg; unsigned char *dec_msg_result; @@ -1227,57 +1010,51 @@ static int ssl_decrypt_buf( ssl_context *ssl ) unsigned char add_data[13]; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; -#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C) - if( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) + padlen = 0; + + dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen - + ssl->transform_in->fixed_ivlen ); + dec_msglen -= 16; + dec_msg = ssl->in_msg; + dec_msg_result = ssl->in_msg; + ssl->in_msglen = dec_msglen; + + memcpy( add_data, ssl->in_ctr, 8 ); + add_data[8] = ssl->in_msgtype; + add_data[9] = ssl->major_ver; + add_data[10] = ssl->minor_ver; + add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; + add_data[12] = ssl->in_msglen & 0xFF; + + SSL_DEBUG_BUF( 4, "additional data used for AEAD", + add_data, 13 ); + + memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen, + ssl->in_iv, + ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen ); + + SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec, + ssl->transform_in->ivlen ); + SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 ); + + ret = gcm_auth_decrypt( (gcm_context *) ssl->transform_in->ctx_dec, + dec_msglen, + ssl->transform_in->iv_dec, + ssl->transform_in->ivlen, + add_data, 13, + dec_msg + dec_msglen, 16, + dec_msg, dec_msg_result ); + + if( ret != 0 ) { - dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen - - ssl->transform_in->fixed_ivlen ); - dec_msglen -= 16; - dec_msg = ssl->in_msg; - dec_msg_result = ssl->in_msg; - ssl->in_msglen = dec_msglen; + SSL_DEBUG_MSG( 1, ( "AEAD decrypt failed on validation (ret = -0x%02x)", + -ret ) ); - memcpy( add_data, ssl->in_ctr, 8 ); - add_data[8] = ssl->in_msgtype; - add_data[9] = ssl->major_ver; - add_data[10] = ssl->minor_ver; - add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; - add_data[12] = ssl->in_msglen & 0xFF; - - SSL_DEBUG_BUF( 4, "additional data used for AEAD", - add_data, 13 ); - - memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen, - ssl->in_iv, - ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen ); - - SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec, - ssl->transform_in->ivlen ); - SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 ); - - ret = gcm_auth_decrypt( (gcm_context *) ssl->transform_in->ctx_dec, - dec_msglen, - ssl->transform_in->iv_dec, - ssl->transform_in->ivlen, - add_data, 13, - dec_msg + dec_msglen, 16, - dec_msg, dec_msg_result ); - - if( ret != 0 ) - { - SSL_DEBUG_MSG( 1, ( "AEAD decrypt failed on validation (ret = -0x%02x)", - -ret ) ); - - return( POLARSSL_ERR_SSL_INVALID_MAC ); - } - } else -#endif - return( ret ); + return( POLARSSL_ERR_SSL_INVALID_MAC ); + } } else +#endif /* POLARSSL_GCM_C */ { /* * Decrypt and check the padding @@ -1324,60 +1101,33 @@ static int ssl_decrypt_buf( ssl_context *ssl ) ssl->transform_in->iv_dec[i] = ssl->in_iv[i]; } - switch( ssl->transform_in->ivlen ) + switch( ssl->transform_in->ciphersuite_info->cipher ) { -#if defined(POLARSSL_DES_C) - case 8: -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) - if( ssl->session_in->ciphersuite == TLS_RSA_WITH_DES_CBC_SHA || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_DES_CBC_SHA ) - { - des_crypt_cbc( (des_context *) ssl->transform_in->ctx_dec, - DES_DECRYPT, dec_msglen, - ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); - } - else -#endif - des3_crypt_cbc( (des3_context *) ssl->transform_in->ctx_dec, - DES_DECRYPT, dec_msglen, - ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); + case POLARSSL_CIPHER_DES_CBC: + des_crypt_cbc( (des_context *) ssl->transform_in->ctx_dec, + DES_DECRYPT, dec_msglen, + ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); break; -#endif - case 16: -#if defined(POLARSSL_AES_C) - if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA || - ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA || - ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_256_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ) - { - aes_crypt_cbc( (aes_context *) ssl->transform_in->ctx_dec, - AES_DECRYPT, dec_msglen, - ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); - break; - } -#endif + case POLARSSL_CIPHER_DES_EDE3_CBC: + des3_crypt_cbc( (des3_context *) ssl->transform_in->ctx_dec, + DES_DECRYPT, dec_msglen, + ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); + break; -#if defined(POLARSSL_CAMELLIA_C) - if ( ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA || - ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA || - ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 || - ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ) - { - camellia_crypt_cbc( (camellia_context *) ssl->transform_in->ctx_dec, - CAMELLIA_DECRYPT, dec_msglen, - ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); - break; - } -#endif + case POLARSSL_CIPHER_AES_128_CBC: + case POLARSSL_CIPHER_AES_256_CBC: + aes_crypt_cbc( (aes_context *) ssl->transform_in->ctx_dec, + AES_DECRYPT, dec_msglen, + ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); + break; + + case POLARSSL_CIPHER_CAMELLIA_128_CBC: + case POLARSSL_CIPHER_CAMELLIA_256_CBC: + camellia_crypt_cbc( (camellia_context *) ssl->transform_in->ctx_dec, + CAMELLIA_DECRYPT, dec_msglen, + ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); + break; default: return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); @@ -1448,24 +1198,10 @@ static int ssl_decrypt_buf( ssl_context *ssl ) if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) { - if( ssl->transform_in->maclen == 16 ) - ssl_mac_md5( ssl->transform_in->mac_dec, - ssl->in_msg, ssl->in_msglen, - ssl->in_ctr, ssl->in_msgtype ); - else if( ssl->transform_in->maclen == 20 ) - ssl_mac_sha1( ssl->transform_in->mac_dec, - ssl->in_msg, ssl->in_msglen, - ssl->in_ctr, ssl->in_msgtype ); - else if( ssl->transform_in->maclen == 32 ) - ssl_mac_sha2( ssl->transform_in->mac_dec, - ssl->in_msg, ssl->in_msglen, - ssl->in_ctr, ssl->in_msgtype ); - else if( ssl->transform_in->maclen != 0 ) - { - SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d", - ssl->transform_in->maclen ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } + ssl_mac( &ssl->transform_in->md_ctx_dec, + ssl->transform_in->mac_dec, + ssl->in_msg, ssl->in_msglen, + ssl->in_ctr, ssl->in_msgtype ); } else { @@ -1488,45 +1224,15 @@ static int ssl_decrypt_buf( ssl_context *ssl ) extra_run &= correct * 0xFF; - if( ssl->transform_in->maclen == 16 ) - { - md5_context ctx; - md5_hmac_starts( &ctx, ssl->transform_in->mac_dec, 16 ); - md5_hmac_update( &ctx, ssl->in_ctr, 13 ); - md5_hmac_update( &ctx, ssl->in_msg, ssl->in_msglen ); - md5_hmac_finish( &ctx, ssl->in_msg + ssl->in_msglen ); + md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 13 ); + md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, + ssl->in_msglen ); + md_hmac_finish( &ssl->transform_in->md_ctx_dec, + ssl->in_msg + ssl->in_msglen ); + for( j = 0; j < extra_run; j++ ) + md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); - for( j = 0; j < extra_run; j++ ) - md5_process( &ctx, ssl->in_msg ); - } - else if( ssl->transform_in->maclen == 20 ) - { - sha1_context ctx; - sha1_hmac_starts( &ctx, ssl->transform_in->mac_dec, 20 ); - sha1_hmac_update( &ctx, ssl->in_ctr, 13 ); - sha1_hmac_update( &ctx, ssl->in_msg, ssl->in_msglen ); - sha1_hmac_finish( &ctx, ssl->in_msg + ssl->in_msglen ); - - for( j = 0; j < extra_run; j++ ) - sha1_process( &ctx, ssl->in_msg ); - } - else if( ssl->transform_in->maclen == 32 ) - { - sha2_context ctx; - sha2_hmac_starts( &ctx, ssl->transform_in->mac_dec, 32, 0 ); - sha2_hmac_update( &ctx, ssl->in_ctr, 13 ); - sha2_hmac_update( &ctx, ssl->in_msg, ssl->in_msglen ); - sha2_hmac_finish( &ctx, ssl->in_msg + ssl->in_msglen ); - - for( j = 0; j < extra_run; j++ ) - sha2_process( &ctx, ssl->in_msg ); - } - else if( ssl->transform_in->maclen != 0 ) - { - SSL_DEBUG_MSG( 1, ( "invalid MAC len: %d", - ssl->transform_in->maclen ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } + md_hmac_reset( &ssl->transform_in->md_ctx_dec ); } SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen ); @@ -1844,6 +1550,9 @@ int ssl_read_record( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> read record" ) ); + SSL_DEBUG_BUF( 4, "input record from network", + ssl->in_hdr, 5 + ssl->in_msglen ); + if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen ) { @@ -2971,7 +2680,7 @@ int ssl_init( ssl_context *ssl ) ssl->min_major_ver = SSL_MAJOR_VERSION_3; ssl->min_minor_ver = SSL_MINOR_VERSION_0; - ssl->ciphersuites = ssl_default_ciphersuites; + ssl->ciphersuites = ssl_list_ciphersuites(); #if defined(POLARSSL_DHM_C) if( ( ret = mpi_read_string( &ssl->dhm_P, 16, @@ -3291,218 +3000,6 @@ int ssl_get_verify_result( const ssl_context *ssl ) return( ssl->verify_result ); } -const char *ssl_get_ciphersuite_name( const int ciphersuite_id ) -{ - switch( ciphersuite_id ) - { -#if defined(POLARSSL_ARC4_C) - case TLS_RSA_WITH_RC4_128_MD5: - return( "TLS-RSA-WITH-RC4-128-MD5" ); - - case TLS_RSA_WITH_RC4_128_SHA: - return( "TLS-RSA-WITH-RC4-128-SHA" ); -#endif - -#if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - return( "TLS-RSA-WITH-3DES-EDE-CBC-SHA" ); - - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - return( "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA" ); -#endif - -#if defined(POLARSSL_AES_C) - case TLS_RSA_WITH_AES_128_CBC_SHA: - return( "TLS-RSA-WITH-AES-128-CBC-SHA" ); - - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA" ); - - case TLS_RSA_WITH_AES_256_CBC_SHA: - return( "TLS-RSA-WITH-AES-256-CBC-SHA" ); - - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA" ); - -#if defined(POLARSSL_SHA2_C) - case TLS_RSA_WITH_AES_128_CBC_SHA256: - return( "TLS-RSA-WITH-AES-128-CBC-SHA256" ); - - case TLS_RSA_WITH_AES_256_CBC_SHA256: - return( "TLS-RSA-WITH-AES-256-CBC-SHA256" ); - - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - return( "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256" ); - - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: - return( "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" ); -#endif - -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - case TLS_RSA_WITH_AES_128_GCM_SHA256: - return( "TLS-RSA-WITH-AES-128-GCM-SHA256" ); - - case TLS_RSA_WITH_AES_256_GCM_SHA384: - return( "TLS-RSA-WITH-AES-256-GCM-SHA384" ); -#endif - -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: - return( "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" ); - - case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: - return( "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" ); -#endif -#endif /* POLARSSL_AES_C */ - -#if defined(POLARSSL_CAMELLIA_C) - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: - return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" ); - - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: - return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA" ); - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: - return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA" ); - - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: - return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA" ); - -#if defined(POLARSSL_SHA2_C) - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: - return( "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256" ); - - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: - return( "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256" ); - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: - return( "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256" ); - - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: - return( "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256" ); -#endif -#endif - -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - case TLS_RSA_WITH_NULL_MD5: - return( "TLS-RSA-WITH-NULL-MD5" ); - case TLS_RSA_WITH_NULL_SHA: - return( "TLS-RSA-WITH-NULL-SHA" ); - case TLS_RSA_WITH_NULL_SHA256: - return( "TLS-RSA-WITH-NULL-SHA256" ); -#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ - -#if defined(POLARSSL_DES_C) - case TLS_RSA_WITH_DES_CBC_SHA: - return( "TLS-RSA-WITH-DES-CBC-SHA" ); - case TLS_DHE_RSA_WITH_DES_CBC_SHA: - return( "TLS-DHE-RSA-WITH-DES-CBC-SHA" ); -#endif -#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */ - - default: - break; - } - - return( "unknown" ); -} - -int ssl_get_ciphersuite_id( const char *ciphersuite_name ) -{ -#if defined(POLARSSL_ARC4_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-MD5")) - return( TLS_RSA_WITH_RC4_128_MD5 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-RC4-128-SHA")) - return( TLS_RSA_WITH_RC4_128_SHA ); -#endif - -#if defined(POLARSSL_DES_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-3DES-EDE-CBC-SHA")) - return( TLS_RSA_WITH_3DES_EDE_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA")) - return( TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ); -#endif - -#if defined(POLARSSL_AES_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA")) - return( TLS_RSA_WITH_AES_128_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA")) - return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA")) - return( TLS_RSA_WITH_AES_256_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA")) - return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA ); - -#if defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-CBC-SHA256")) - return( TLS_RSA_WITH_AES_128_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-CBC-SHA256")) - return( TLS_RSA_WITH_AES_256_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256")) - return( TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256")) - return( TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ); -#endif - -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-128-GCM-SHA256")) - return( TLS_RSA_WITH_AES_128_GCM_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-AES-256-GCM-SHA384")) - return( TLS_RSA_WITH_AES_256_GCM_SHA384 ); -#endif - -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256")) - return( TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384")) - return( TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ); -#endif -#endif - -#if defined(POLARSSL_CAMELLIA_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA")) - return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA")) - return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA")) - return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA")) - return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ); - -#if defined(POLARSSL_SHA2_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256")) - return( TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256")) - return( TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256")) - return( TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256")) - return( TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 ); -#endif -#endif - -#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) -#if defined(POLARSSL_CIPHER_NULL_CIPHER) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-MD5")) - return( TLS_RSA_WITH_NULL_MD5 ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA")) - return( TLS_RSA_WITH_NULL_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-NULL-SHA256")) - return( TLS_RSA_WITH_NULL_SHA256 ); -#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */ - -#if defined(POLARSSL_DES_C) - if (0 == strcasecmp(ciphersuite_name, "TLS-RSA-WITH-DES-CBC-SHA")) - return( TLS_RSA_WITH_DES_CBC_SHA ); - if (0 == strcasecmp(ciphersuite_name, "TLS-DHE-RSA-WITH-DES-CBC-SHA")) - return( TLS_DHE_RSA_WITH_DES_CBC_SHA ); -#endif -#endif /* defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) */ - - return( 0 ); -} - const char *ssl_get_ciphersuite( const ssl_context *ssl ) { if( ssl == NULL || ssl->session == NULL ) @@ -3541,80 +3038,6 @@ const x509_cert *ssl_get_peer_cert( const ssl_context *ssl ) return ssl->session->peer_cert; } -const int ssl_default_ciphersuites[] = -{ -#if defined(POLARSSL_DHM_C) -#if defined(POLARSSL_AES_C) -#if defined(POLARSSL_SHA2_C) - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, -#endif - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, -#if defined(POLARSSL_SHA2_C) - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, -#endif -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, -#endif - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, -#endif -#if defined(POLARSSL_CAMELLIA_C) -#if defined(POLARSSL_SHA2_C) - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, -#if defined(POLARSSL_SHA2_C) - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, -#endif -#if defined(POLARSSL_DES_C) - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, -#endif -#endif - -#if defined(POLARSSL_AES_C) -#if defined(POLARSSL_SHA2_C) - TLS_RSA_WITH_AES_256_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C) - TLS_RSA_WITH_AES_256_GCM_SHA384, -#endif /* POLARSSL_SHA2_C */ - TLS_RSA_WITH_AES_256_CBC_SHA, -#endif -#if defined(POLARSSL_CAMELLIA_C) -#if defined(POLARSSL_SHA2_C) - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, -#endif -#if defined(POLARSSL_AES_C) -#if defined(POLARSSL_SHA2_C) - TLS_RSA_WITH_AES_128_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ -#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C) - TLS_RSA_WITH_AES_128_GCM_SHA256, -#endif /* POLARSSL_SHA2_C */ - TLS_RSA_WITH_AES_128_CBC_SHA, -#endif -#if defined(POLARSSL_CAMELLIA_C) -#if defined(POLARSSL_SHA2_C) - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, -#endif /* POLARSSL_SHA2_C */ - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, -#endif -#if defined(POLARSSL_DES_C) - TLS_RSA_WITH_3DES_EDE_CBC_SHA, -#endif -#if defined(POLARSSL_ARC4_C) - TLS_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_RC4_128_MD5, -#endif - 0 -}; - /* * Perform a single step of the SSL handshake */ diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index 802fda0c2..e067652f5 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -1,7 +1,7 @@ /* * SSL/TLS stress testing program * - * Copyright (C) 2006-2011, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker @@ -272,9 +272,8 @@ static int ssl_test( struct options *opt ) ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd ); - if( opt->force_ciphersuite[0] == DFL_FORCE_CIPHER ) - ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites ); - else ssl_set_ciphersuites( &ssl, opt->force_ciphersuite ); + if( opt->force_ciphersuite[0] != DFL_FORCE_CIPHER ) + ssl_set_ciphersuites( &ssl, opt->force_ciphersuite ); if( opt->iomode == IOMODE_NONBLOCK ) net_set_nonblock( client_fd ); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 2fb0c854e..c9f74dda5 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -1,7 +1,7 @@ /* * Certificate reading application * - * Copyright (C) 2006-2011, Brainspark B.V. + * Copyright (C) 2006-2013, Brainspark B.V. * * This file is part of PolarSSL (http://www.polarssl.org) * Lead Maintainer: Paul Bakker @@ -284,8 +284,6 @@ int main( int argc, char *argv[] ) ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); - ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites ); - ssl_set_own_cert( &ssl, &clicert, &rsa ); ssl_set_hostname( &ssl, opt.server_name );