$search
00001 /* 00002 * TLSv1 common routines 00003 * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi> 00004 * 00005 * This program is free software; you can redistribute it and/or modify 00006 * it under the terms of the GNU General Public License version 2 as 00007 * published by the Free Software Foundation. 00008 * 00009 * Alternatively, this software may be distributed under the terms of BSD 00010 * license. 00011 * 00012 * See README and COPYING for more details. 00013 */ 00014 00015 #include "includes.h" 00016 00017 #include "common.h" 00018 #include "x509v3.h" 00019 #include "tlsv1_common.h" 00020 00021 00022 /* 00023 * TODO: 00024 * RFC 2246 Section 9: Mandatory to implement TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 00025 * Add support for commonly used cipher suites; don't bother with exportable 00026 * suites. 00027 */ 00028 00029 static const struct tls_cipher_suite tls_cipher_suites[] = { 00030 { TLS_NULL_WITH_NULL_NULL, TLS_KEY_X_NULL, TLS_CIPHER_NULL, 00031 TLS_HASH_NULL }, 00032 { TLS_RSA_WITH_RC4_128_MD5, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128, 00033 TLS_HASH_MD5 }, 00034 { TLS_RSA_WITH_RC4_128_SHA, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128, 00035 TLS_HASH_SHA }, 00036 { TLS_RSA_WITH_DES_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_DES_CBC, 00037 TLS_HASH_SHA }, 00038 { TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_RSA, 00039 TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA }, 00040 { TLS_DH_anon_WITH_RC4_128_MD5, TLS_KEY_X_DH_anon, 00041 TLS_CIPHER_RC4_128, TLS_HASH_MD5 }, 00042 { TLS_DH_anon_WITH_DES_CBC_SHA, TLS_KEY_X_DH_anon, 00043 TLS_CIPHER_DES_CBC, TLS_HASH_SHA }, 00044 { TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_DH_anon, 00045 TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA }, 00046 { TLS_RSA_WITH_AES_128_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_128_CBC, 00047 TLS_HASH_SHA }, 00048 { TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_KEY_X_DH_anon, 00049 TLS_CIPHER_AES_128_CBC, TLS_HASH_SHA }, 00050 { TLS_RSA_WITH_AES_256_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_256_CBC, 00051 TLS_HASH_SHA }, 00052 { TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_KEY_X_DH_anon, 00053 TLS_CIPHER_AES_256_CBC, TLS_HASH_SHA } 00054 }; 00055 00056 #define NUM_ELEMS(a) (sizeof(a) / sizeof((a)[0])) 00057 #define NUM_TLS_CIPHER_SUITES NUM_ELEMS(tls_cipher_suites) 00058 00059 00060 static const struct tls_cipher_data tls_ciphers[] = { 00061 { TLS_CIPHER_NULL, TLS_CIPHER_STREAM, 0, 0, 0, 00062 CRYPTO_CIPHER_NULL }, 00063 { TLS_CIPHER_IDEA_CBC, TLS_CIPHER_BLOCK, 16, 16, 8, 00064 CRYPTO_CIPHER_NULL }, 00065 { TLS_CIPHER_RC2_CBC_40, TLS_CIPHER_BLOCK, 5, 16, 0, 00066 CRYPTO_CIPHER_ALG_RC2 }, 00067 { TLS_CIPHER_RC4_40, TLS_CIPHER_STREAM, 5, 16, 0, 00068 CRYPTO_CIPHER_ALG_RC4 }, 00069 { TLS_CIPHER_RC4_128, TLS_CIPHER_STREAM, 16, 16, 0, 00070 CRYPTO_CIPHER_ALG_RC4 }, 00071 { TLS_CIPHER_DES40_CBC, TLS_CIPHER_BLOCK, 5, 8, 8, 00072 CRYPTO_CIPHER_ALG_DES }, 00073 { TLS_CIPHER_DES_CBC, TLS_CIPHER_BLOCK, 8, 8, 8, 00074 CRYPTO_CIPHER_ALG_DES }, 00075 { TLS_CIPHER_3DES_EDE_CBC, TLS_CIPHER_BLOCK, 24, 24, 8, 00076 CRYPTO_CIPHER_ALG_3DES }, 00077 { TLS_CIPHER_AES_128_CBC, TLS_CIPHER_BLOCK, 16, 16, 16, 00078 CRYPTO_CIPHER_ALG_AES }, 00079 { TLS_CIPHER_AES_256_CBC, TLS_CIPHER_BLOCK, 32, 32, 16, 00080 CRYPTO_CIPHER_ALG_AES } 00081 }; 00082 00083 #define NUM_TLS_CIPHER_DATA NUM_ELEMS(tls_ciphers) 00084 00085 00091 const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite) 00092 { 00093 size_t i; 00094 for (i = 0; i < NUM_TLS_CIPHER_SUITES; i++) 00095 if (tls_cipher_suites[i].suite == suite) 00096 return &tls_cipher_suites[i]; 00097 return NULL; 00098 } 00099 00100 00101 const struct tls_cipher_data * tls_get_cipher_data(tls_cipher cipher) 00102 { 00103 size_t i; 00104 for (i = 0; i < NUM_TLS_CIPHER_DATA; i++) 00105 if (tls_ciphers[i].cipher == cipher) 00106 return &tls_ciphers[i]; 00107 return NULL; 00108 } 00109 00110 00111 int tls_server_key_exchange_allowed(tls_cipher cipher) 00112 { 00113 const struct tls_cipher_suite *suite; 00114 00115 /* RFC 2246, Section 7.4.3 */ 00116 suite = tls_get_cipher_suite(cipher); 00117 if (suite == NULL) 00118 return 0; 00119 00120 switch (suite->key_exchange) { 00121 case TLS_KEY_X_DHE_DSS: 00122 case TLS_KEY_X_DHE_DSS_EXPORT: 00123 case TLS_KEY_X_DHE_RSA: 00124 case TLS_KEY_X_DHE_RSA_EXPORT: 00125 case TLS_KEY_X_DH_anon_EXPORT: 00126 case TLS_KEY_X_DH_anon: 00127 return 1; 00128 case TLS_KEY_X_RSA_EXPORT: 00129 return 1 /* FIX: public key len > 512 bits */; 00130 default: 00131 return 0; 00132 } 00133 } 00134 00135 00147 int tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk) 00148 { 00149 struct x509_certificate *cert; 00150 00151 wpa_hexdump(MSG_MSGDUMP, "TLSv1: Parse ASN.1 DER certificate", 00152 buf, len); 00153 00154 *pk = crypto_public_key_from_cert(buf, len); 00155 if (*pk) 00156 return 0; 00157 00158 cert = x509_certificate_parse(buf, len); 00159 if (cert == NULL) { 00160 wpa_printf(MSG_DEBUG, "TLSv1: Failed to parse X.509 " 00161 "certificate"); 00162 return -1; 00163 } 00164 00165 /* TODO 00166 * verify key usage (must allow encryption) 00167 * 00168 * All certificate profiles, key and cryptographic formats are 00169 * defined by the IETF PKIX working group [PKIX]. When a key 00170 * usage extension is present, the digitalSignature bit must be 00171 * set for the key to be eligible for signing, as described 00172 * above, and the keyEncipherment bit must be present to allow 00173 * encryption, as described above. The keyAgreement bit must be 00174 * set on Diffie-Hellman certificates. (PKIX: RFC 3280) 00175 */ 00176 00177 *pk = crypto_public_key_import(cert->public_key, cert->public_key_len); 00178 x509_certificate_free(cert); 00179 00180 if (*pk == NULL) { 00181 wpa_printf(MSG_ERROR, "TLSv1: Failed to import " 00182 "server public key"); 00183 return -1; 00184 } 00185 00186 return 0; 00187 } 00188 00189 00190 int tls_verify_hash_init(struct tls_verify_hash *verify) 00191 { 00192 tls_verify_hash_free(verify); 00193 verify->md5_client = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0); 00194 verify->md5_server = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0); 00195 verify->md5_cert = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0); 00196 verify->sha1_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0); 00197 verify->sha1_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0); 00198 verify->sha1_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0); 00199 if (verify->md5_client == NULL || verify->md5_server == NULL || 00200 verify->md5_cert == NULL || verify->sha1_client == NULL || 00201 verify->sha1_server == NULL || verify->sha1_cert == NULL) { 00202 tls_verify_hash_free(verify); 00203 return -1; 00204 } 00205 return 0; 00206 } 00207 00208 00209 void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf, 00210 size_t len) 00211 { 00212 if (verify->md5_client && verify->sha1_client) { 00213 crypto_hash_update(verify->md5_client, buf, len); 00214 crypto_hash_update(verify->sha1_client, buf, len); 00215 } 00216 if (verify->md5_server && verify->sha1_server) { 00217 crypto_hash_update(verify->md5_server, buf, len); 00218 crypto_hash_update(verify->sha1_server, buf, len); 00219 } 00220 if (verify->md5_cert && verify->sha1_cert) { 00221 crypto_hash_update(verify->md5_cert, buf, len); 00222 crypto_hash_update(verify->sha1_cert, buf, len); 00223 } 00224 } 00225 00226 00227 void tls_verify_hash_free(struct tls_verify_hash *verify) 00228 { 00229 crypto_hash_finish(verify->md5_client, NULL, NULL); 00230 crypto_hash_finish(verify->md5_server, NULL, NULL); 00231 crypto_hash_finish(verify->md5_cert, NULL, NULL); 00232 crypto_hash_finish(verify->sha1_client, NULL, NULL); 00233 crypto_hash_finish(verify->sha1_server, NULL, NULL); 00234 crypto_hash_finish(verify->sha1_cert, NULL, NULL); 00235 verify->md5_client = NULL; 00236 verify->md5_server = NULL; 00237 verify->md5_cert = NULL; 00238 verify->sha1_client = NULL; 00239 verify->sha1_server = NULL; 00240 verify->sha1_cert = NULL; 00241 }