wpa_supplicant_node: tlsv1_common.c Source File

00001 /*
00002  * TLSv1 common routines
00003  * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
00004  *
00005  * This program is free software; you can redistribute it and/or modify
00006  * it under the terms of the GNU General Public License version 2 as
00007  * published by the Free Software Foundation.
00008  *
00009  * Alternatively, this software may be distributed under the terms of BSD
00010  * license.
00011  *
00012  * See README and COPYING for more details.
00013  */
00014 
00015 #include "includes.h"
00016 
00017 #include "common.h"
00018 #include "x509v3.h"
00019 #include "tlsv1_common.h"
00020 
00021 
00022 /*
00023  * TODO:
00024  * RFC 2246 Section 9: Mandatory to implement TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
00025  * Add support for commonly used cipher suites; don't bother with exportable
00026  * suites.
00027  */ 
00028 
00029 static const struct tls_cipher_suite tls_cipher_suites[] = {
00030         { TLS_NULL_WITH_NULL_NULL, TLS_KEY_X_NULL, TLS_CIPHER_NULL,
00031           TLS_HASH_NULL },
00032         { TLS_RSA_WITH_RC4_128_MD5, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128,
00033           TLS_HASH_MD5 },
00034         { TLS_RSA_WITH_RC4_128_SHA, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128,
00035           TLS_HASH_SHA },
00036         { TLS_RSA_WITH_DES_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_DES_CBC,
00037           TLS_HASH_SHA },
00038         { TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_RSA,
00039           TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
00040         { TLS_DH_anon_WITH_RC4_128_MD5, TLS_KEY_X_DH_anon,
00041           TLS_CIPHER_RC4_128, TLS_HASH_MD5 },
00042         { TLS_DH_anon_WITH_DES_CBC_SHA, TLS_KEY_X_DH_anon,
00043           TLS_CIPHER_DES_CBC, TLS_HASH_SHA },
00044         { TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_DH_anon,
00045           TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
00046         { TLS_RSA_WITH_AES_128_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_128_CBC,
00047           TLS_HASH_SHA },
00048         { TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_KEY_X_DH_anon,
00049           TLS_CIPHER_AES_128_CBC, TLS_HASH_SHA },
00050         { TLS_RSA_WITH_AES_256_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_256_CBC,
00051           TLS_HASH_SHA },
00052         { TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_KEY_X_DH_anon,
00053           TLS_CIPHER_AES_256_CBC, TLS_HASH_SHA }
00054 };
00055 
00056 #define NUM_ELEMS(a) (sizeof(a) / sizeof((a)[0]))
00057 #define NUM_TLS_CIPHER_SUITES NUM_ELEMS(tls_cipher_suites)
00058 
00059 
00060 static const struct tls_cipher_data tls_ciphers[] = {
00061         { TLS_CIPHER_NULL,         TLS_CIPHER_STREAM,  0,  0,  0,
00062           CRYPTO_CIPHER_NULL },
00063         { TLS_CIPHER_IDEA_CBC,     TLS_CIPHER_BLOCK,  16, 16,  8,
00064           CRYPTO_CIPHER_NULL },
00065         { TLS_CIPHER_RC2_CBC_40,   TLS_CIPHER_BLOCK,   5, 16,  0,
00066           CRYPTO_CIPHER_ALG_RC2 },
00067         { TLS_CIPHER_RC4_40,       TLS_CIPHER_STREAM,  5, 16,  0,
00068           CRYPTO_CIPHER_ALG_RC4 },
00069         { TLS_CIPHER_RC4_128,      TLS_CIPHER_STREAM, 16, 16,  0,
00070           CRYPTO_CIPHER_ALG_RC4 },
00071         { TLS_CIPHER_DES40_CBC,    TLS_CIPHER_BLOCK,   5,  8,  8,
00072           CRYPTO_CIPHER_ALG_DES },
00073         { TLS_CIPHER_DES_CBC,      TLS_CIPHER_BLOCK,   8,  8,  8,
00074           CRYPTO_CIPHER_ALG_DES },
00075         { TLS_CIPHER_3DES_EDE_CBC, TLS_CIPHER_BLOCK,  24, 24,  8,
00076           CRYPTO_CIPHER_ALG_3DES },
00077         { TLS_CIPHER_AES_128_CBC,  TLS_CIPHER_BLOCK,  16, 16, 16,
00078           CRYPTO_CIPHER_ALG_AES },
00079         { TLS_CIPHER_AES_256_CBC,  TLS_CIPHER_BLOCK,  32, 32, 16,
00080           CRYPTO_CIPHER_ALG_AES }
00081 };
00082 
00083 #define NUM_TLS_CIPHER_DATA NUM_ELEMS(tls_ciphers)
00084 
00085 
00091 const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite)
00092 {
00093         size_t i;
00094         for (i = 0; i < NUM_TLS_CIPHER_SUITES; i++)
00095                 if (tls_cipher_suites[i].suite == suite)
00096                         return &tls_cipher_suites[i];
00097         return NULL;
00098 }
00099 
00100 
00101 const struct tls_cipher_data * tls_get_cipher_data(tls_cipher cipher)
00102 {
00103         size_t i;
00104         for (i = 0; i < NUM_TLS_CIPHER_DATA; i++)
00105                 if (tls_ciphers[i].cipher == cipher)
00106                         return &tls_ciphers[i];
00107         return NULL;
00108 }
00109 
00110 
00111 int tls_server_key_exchange_allowed(tls_cipher cipher)
00112 {
00113         const struct tls_cipher_suite *suite;
00114 
00115         /* RFC 2246, Section 7.4.3 */
00116         suite = tls_get_cipher_suite(cipher);
00117         if (suite == NULL)
00118                 return 0;
00119 
00120         switch (suite->key_exchange) {
00121         case TLS_KEY_X_DHE_DSS:
00122         case TLS_KEY_X_DHE_DSS_EXPORT:
00123         case TLS_KEY_X_DHE_RSA:
00124         case TLS_KEY_X_DHE_RSA_EXPORT:
00125         case TLS_KEY_X_DH_anon_EXPORT:
00126         case TLS_KEY_X_DH_anon:
00127                 return 1;
00128         case TLS_KEY_X_RSA_EXPORT:
00129                 return 1 /* FIX: public key len > 512 bits */;
00130         default:
00131                 return 0;
00132         }
00133 }
00134 
00135 
00147 int tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk)
00148 {
00149         struct x509_certificate *cert;
00150 
00151         wpa_hexdump(MSG_MSGDUMP, "TLSv1: Parse ASN.1 DER certificate",
00152                     buf, len);
00153 
00154         *pk = crypto_public_key_from_cert(buf, len);
00155         if (*pk)
00156                 return 0;
00157 
00158         cert = x509_certificate_parse(buf, len);
00159         if (cert == NULL) {
00160                 wpa_printf(MSG_DEBUG, "TLSv1: Failed to parse X.509 "
00161                            "certificate");
00162                 return -1;
00163         }
00164 
00165         /* TODO
00166          * verify key usage (must allow encryption)
00167          *
00168          * All certificate profiles, key and cryptographic formats are
00169          * defined by the IETF PKIX working group [PKIX]. When a key
00170          * usage extension is present, the digitalSignature bit must be
00171          * set for the key to be eligible for signing, as described
00172          * above, and the keyEncipherment bit must be present to allow
00173          * encryption, as described above. The keyAgreement bit must be
00174          * set on Diffie-Hellman certificates. (PKIX: RFC 3280)
00175          */
00176 
00177         *pk = crypto_public_key_import(cert->public_key, cert->public_key_len);
00178         x509_certificate_free(cert);
00179 
00180         if (*pk == NULL) {
00181                 wpa_printf(MSG_ERROR, "TLSv1: Failed to import "
00182                            "server public key");
00183                 return -1;
00184         }
00185 
00186         return 0;
00187 }
00188 
00189 
00190 int tls_verify_hash_init(struct tls_verify_hash *verify)
00191 {
00192         tls_verify_hash_free(verify);
00193         verify->md5_client = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
00194         verify->md5_server = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
00195         verify->md5_cert = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
00196         verify->sha1_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
00197         verify->sha1_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
00198         verify->sha1_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
00199         if (verify->md5_client == NULL || verify->md5_server == NULL ||
00200             verify->md5_cert == NULL || verify->sha1_client == NULL ||
00201             verify->sha1_server == NULL || verify->sha1_cert == NULL) {
00202                 tls_verify_hash_free(verify);
00203                 return -1;
00204         }
00205         return 0;
00206 }
00207 
00208 
00209 void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
00210                          size_t len)
00211 {
00212         if (verify->md5_client && verify->sha1_client) {
00213                 crypto_hash_update(verify->md5_client, buf, len);
00214                 crypto_hash_update(verify->sha1_client, buf, len);
00215         }
00216         if (verify->md5_server && verify->sha1_server) {
00217                 crypto_hash_update(verify->md5_server, buf, len);
00218                 crypto_hash_update(verify->sha1_server, buf, len);
00219         }
00220         if (verify->md5_cert && verify->sha1_cert) {
00221                 crypto_hash_update(verify->md5_cert, buf, len);
00222                 crypto_hash_update(verify->sha1_cert, buf, len);
00223         }
00224 }
00225 
00226 
00227 void tls_verify_hash_free(struct tls_verify_hash *verify)
00228 {
00229         crypto_hash_finish(verify->md5_client, NULL, NULL);
00230         crypto_hash_finish(verify->md5_server, NULL, NULL);
00231         crypto_hash_finish(verify->md5_cert, NULL, NULL);
00232         crypto_hash_finish(verify->sha1_client, NULL, NULL);
00233         crypto_hash_finish(verify->sha1_server, NULL, NULL);
00234         crypto_hash_finish(verify->sha1_cert, NULL, NULL);
00235         verify->md5_client = NULL;
00236         verify->md5_server = NULL;
00237         verify->md5_cert = NULL;
00238         verify->sha1_client = NULL;
00239         verify->sha1_server = NULL;
00240         verify->sha1_cert = NULL;
00241 }