]>
Commit | Line | Data |
---|---|---|
536dbc00 MW |
1 | /* |
2 | * Copyright (C) 2010 Martin Willi | |
3 | * Copyright (C) 2010 revosec AG | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License as published by the | |
7 | * Free Software Foundation; either version 2 of the License, or (at your | |
8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13 | * for more details. | |
14 | */ | |
15 | ||
16 | #include "tls_crypto.h" | |
17 | ||
0f82a470 | 18 | #include <debug.h> |
18010de2 | 19 | |
4657b3a4 AS |
20 | ENUM_BEGIN(tls_cipher_suite_names, TLS_NULL_WITH_NULL_NULL, |
21 | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, | |
22 | "TLS_NULL_WITH_NULL_NULL", | |
23 | "TLS_RSA_WITH_NULL_MD5", | |
24 | "TLS_RSA_WITH_NULL_SHA", | |
25 | "TLS_RSA_EXPORT_WITH_RC4_40_MD5", | |
26 | "TLS_RSA_WITH_RC4_128_MD5", | |
27 | "TLS_RSA_WITH_RC4_128_SHA", | |
28 | "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", | |
29 | "TLS_RSA_WITH_IDEA_CBC_SHA", | |
30 | "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", | |
31 | "TLS_RSA_WITH_DES_CBC_SHA", | |
32 | "TLS_RSA_WITH_3DES_EDE_CBC_SHA", | |
33 | "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", | |
34 | "TLS_DH_DSS_WITH_DES_CBC_SHA", | |
35 | "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", | |
36 | "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", | |
37 | "TLS_DH_RSA_WITH_DES_CBC_SHA", | |
38 | "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", | |
39 | "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", | |
37d2d7e1 | 40 | "TLS_DHE_DSS_WITH_DES_CBC_SHA", |
4657b3a4 AS |
41 | "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", |
42 | "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", | |
43 | "TLS_DHE_RSA_WITH_DES_CBC_SHA", | |
44 | "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", | |
45 | "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", | |
46 | "TLS_DH_anon_WITH_RC4_128_MD5", | |
47 | "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", | |
48 | "TLS_DH_anon_WITH_DES_CBC_SHA", | |
49 | "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"); | |
50 | ENUM_NEXT(tls_cipher_suite_names, TLS_KRB5_WITH_DES_CBC_SHA, | |
51 | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, | |
52 | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, | |
53 | "TLS_KRB5_WITH_DES_CBC_SHA", | |
54 | "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", | |
55 | "TLS_KRB5_WITH_RC4_128_SHA", | |
56 | "TLS_KRB5_WITH_IDEA_CBC_SHA", | |
57 | "TLS_KRB5_WITH_DES_CBC_MD5", | |
58 | "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", | |
59 | "TLS_KRB5_WITH_RC4_128_MD5", | |
60 | "TLS_KRB5_WITH_IDEA_CBC_MD5", | |
61 | "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", | |
37d2d7e1 | 62 | "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", |
4657b3a4 AS |
63 | "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", |
64 | "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", | |
65 | "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", | |
66 | "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", | |
67 | "TLS_PSK_WITH_NULL_SHA", | |
68 | "TLS_DHE_PSK_WITH_NULL_SHA", | |
69 | "TLS_RSA_PSK_WITH_NULL_SHA", | |
70 | "TLS_RSA_WITH_AES_128_CBC_SHA", | |
71 | "TLS_DH_DSS_WITH_AES_128_CBC_SHA", | |
72 | "TLS_DH_RSA_WITH_AES_128_CBC_SHA", | |
73 | "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", | |
74 | "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", | |
75 | "TLS_DH_anon_WITH_AES_128_CBC_SHA", | |
76 | "TLS_RSA_WITH_AES_256_CBC_SHA", | |
77 | "TLS_DH_DSS_WITH_AES_256_CBC_SHA", | |
78 | "TLS_DH_RSA_WITH_AES_256_CBC_SHA", | |
79 | "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", | |
80 | "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", | |
81 | "TLS_DH_anon_WITH_AES_256_CBC_SHA", | |
82 | "TLS_RSA_WITH_NULL_SHA256", | |
83 | "TLS_RSA_WITH_AES_128_CBC_SHA256 ", | |
84 | "TLS_RSA_WITH_AES_256_CBC_SHA256", | |
85 | "TLS_DH_DSS_WITH_AES_128_CBC_SHA256", | |
86 | "TLS_DH_RSA_WITH_AES_128_CBC_SHA256", | |
87 | "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", | |
88 | "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", | |
89 | "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", | |
90 | "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", | |
91 | "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", | |
37d2d7e1 | 92 | "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", |
4657b3a4 AS |
93 | "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"); |
94 | ENUM_NEXT(tls_cipher_suite_names, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, | |
95 | TLS_DH_anon_WITH_AES_256_CBC_SHA256, | |
96 | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, | |
97 | "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", | |
98 | "TLS_DH_DSS_WITH_AES_256_CBC_SHA256", | |
99 | "TLS_DH_RSA_WITH_AES_256_CBC_SHA256", | |
100 | "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", | |
101 | "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", | |
102 | "TLS_DH_anon_WITH_AES_128_CBC_SHA256", | |
103 | "TLS_DH_anon_WITH_AES_256_CBC_SHA256"); | |
104 | ENUM_NEXT(tls_cipher_suite_names, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, | |
37d2d7e1 | 105 | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256, |
4657b3a4 AS |
106 | TLS_DH_anon_WITH_AES_256_CBC_SHA256, |
107 | "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", | |
108 | "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", | |
109 | "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", | |
110 | "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", | |
111 | "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", | |
112 | "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", | |
113 | "TLS_PSK_WITH_RC4_128_SHA", | |
114 | "TLS_PSK_WITH_3DES_EDE_CBC_SHA2", | |
115 | "TLS_PSK_WITH_AES_128_CBC_SHA", | |
116 | "TLS_PSK_WITH_AES_256_CBC_SHA", | |
117 | "TLS_DHE_PSK_WITH_RC4_128_SHA", | |
118 | "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", | |
119 | "TLS_DHE_PSK_WITH_AES_128_CBC_SHA", | |
120 | "TLS_DHE_PSK_WITH_AES_256_CBC_SHA2", | |
121 | "TLS_RSA_PSK_WITH_RC4_128_SHA", | |
122 | "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", | |
123 | "TLS_RSA_PSK_WITH_AES_128_CBC_SHA", | |
124 | "TLS_RSA_PSK_WITH_AES_256_CBC_SHA", | |
125 | "TLS_RSA_WITH_SEED_CBC_SHA", | |
126 | "TLS_DH_DSS_WITH_SEED_CBC_SHA", | |
127 | "TLS_DH_RSA_WITH_SEED_CBC_SHA", | |
128 | "TLS_DHE_DSS_WITH_SEED_CBC_SHA", | |
129 | "TLS_DHE_RSA_WITH_SEED_CBC_SHA", | |
130 | "TLS_DH_anon_WITH_SEED_CBC_SHA", | |
131 | "TLS_RSA_WITH_AES_128_GCM_SHA256", | |
132 | "TLS_RSA_WITH_AES_256_GCM_SHA384", | |
133 | "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", | |
134 | "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", | |
135 | "TLS_DH_RSA_WITH_AES_128_GCM_SHA256", | |
136 | "TLS_DH_RSA_WITH_AES_256_GCM_SHA384", | |
137 | "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", | |
138 | "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", | |
139 | "TLS_DH_DSS_WITH_AES_128_GCM_SHA256", | |
140 | "TLS_DH_DSS_WITH_AES_256_GCM_SHA384", | |
141 | "TLS_DH_anon_WITH_AES_128_GCM_SHA256", | |
142 | "TLS_DH_anon_WITH_AES_256_GCM_SHA384", | |
143 | "TLS_PSK_WITH_AES_128_GCM_SHA256", | |
144 | "TLS_PSK_WITH_AES_256_GCM_SHA384", | |
145 | "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", | |
146 | "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", | |
147 | "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", | |
148 | "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", | |
149 | "TLS_PSK_WITH_AES_128_CBC_SHA256", | |
150 | "TLS_PSK_WITH_AES_256_CBC_SHA384", | |
151 | "TLS_PSK_WITH_NULL_SHA256", | |
152 | "TLS_PSK_WITH_NULL_SHA384", | |
153 | "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", | |
154 | "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", | |
155 | "TLS_DHE_PSK_WITH_NULL_SHA256", | |
156 | "TLS_DHE_PSK_WITH_NULL_SHA384", | |
157 | "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", | |
158 | "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", | |
159 | "TLS_RSA_PSK_WITH_NULL_SHA256", | |
160 | "TLS_RSA_PSK_WITH_NULL_SHA384", | |
161 | "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", | |
162 | "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", | |
163 | "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", | |
164 | "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", | |
165 | "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", | |
166 | "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", | |
167 | "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", | |
168 | "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", | |
169 | "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", | |
170 | "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", | |
171 | "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", | |
172 | "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"); | |
173 | ENUM_NEXT(tls_cipher_suite_names, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, | |
37d2d7e1 | 174 | TLS_EMPTY_RENEGOTIATION_INFO_SCSV, |
4657b3a4 AS |
175 | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256, |
176 | "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"); | |
177 | ENUM_NEXT(tls_cipher_suite_names, TLS_ECDH_ECDSA_WITH_NULL_SHA, | |
37d2d7e1 | 178 | TLS_ECDHE_PSK_WITH_NULL_SHA384, |
4657b3a4 AS |
179 | TLS_EMPTY_RENEGOTIATION_INFO_SCSV, |
180 | "TLS_ECDH_ECDSA_WITH_NULL_SHA", | |
181 | "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", | |
182 | "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", | |
183 | "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", | |
184 | "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", | |
185 | "TLS_ECDHE_ECDSA_WITH_NULL_SHA", | |
186 | "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", | |
187 | "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", | |
188 | "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", | |
189 | "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", | |
190 | "TLS_ECDH_RSA_WITH_NULL_SHA", | |
191 | "TLS_ECDH_RSA_WITH_RC4_128_SHA", | |
192 | "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", | |
193 | "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", | |
194 | "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", | |
195 | "TLS_ECDHE_RSA_WITH_NULL_SHA", | |
196 | "TLS_ECDHE_RSA_WITH_RC4_128_SHA", | |
197 | "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", | |
198 | "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", | |
199 | "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", | |
200 | "TLS_ECDH_anon_WITH_NULL_SHA", | |
201 | "TLS_ECDH_anon_WITH_RC4_128_SHA", | |
202 | "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", | |
203 | "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", | |
204 | "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", | |
205 | "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", | |
206 | "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", | |
207 | "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", | |
208 | "TLS_SRP_SHA_WITH_AES_128_CBC_SHA", | |
209 | "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", | |
210 | "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", | |
211 | "TLS_SRP_SHA_WITH_AES_256_CBC_SHA", | |
212 | "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", | |
213 | "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", | |
214 | "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", | |
215 | "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", | |
216 | "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", | |
217 | "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", | |
218 | "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", | |
219 | "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", | |
220 | "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", | |
221 | "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", | |
222 | "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", | |
223 | "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", | |
224 | "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", | |
225 | "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", | |
226 | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", | |
227 | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", | |
228 | "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", | |
229 | "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", | |
230 | "TLS_ECDHE_PSK_WITH_RC4_128_SHA", | |
231 | "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", | |
232 | "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", | |
233 | "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", | |
234 | "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", | |
235 | "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", | |
236 | "TLS_ECDHE_PSK_WITH_NULL_SHA", | |
237 | "TLS_ECDHE_PSK_WITH_NULL_SHA256", | |
238 | "TLS_ECDHE_PSK_WITH_NULL_SHA384"); | |
239 | ENUM_END(tls_cipher_suite_names, TLS_ECDHE_PSK_WITH_NULL_SHA384); | |
240 | ||
536dbc00 MW |
241 | typedef struct private_tls_crypto_t private_tls_crypto_t; |
242 | ||
243 | /** | |
244 | * Private data of an tls_crypto_t object. | |
245 | */ | |
246 | struct private_tls_crypto_t { | |
247 | ||
248 | /** | |
249 | * Public tls_crypto_t interface. | |
250 | */ | |
251 | tls_crypto_t public; | |
18010de2 | 252 | |
dc9f34be MW |
253 | /** |
254 | * Protection layer | |
255 | */ | |
256 | tls_protection_t *protection; | |
257 | ||
18010de2 MW |
258 | /** |
259 | * List of supported/acceptable cipher suites | |
260 | */ | |
261 | tls_cipher_suite_t *suites; | |
262 | ||
263 | /** | |
264 | * Number of supported suites | |
265 | */ | |
266 | int suite_count; | |
267 | ||
268 | /** | |
269 | * Selected cipher suite | |
270 | */ | |
271 | tls_cipher_suite_t suite; | |
272 | ||
273 | /** | |
274 | * TLS context | |
275 | */ | |
276 | tls_t *tls; | |
277 | ||
84d67ead MW |
278 | /** |
279 | * All handshake data concatentated | |
280 | */ | |
281 | chunk_t handshake; | |
282 | ||
18010de2 MW |
283 | /** |
284 | * Connection state TLS PRF | |
285 | */ | |
286 | tls_prf_t *prf; | |
84543e6e MW |
287 | |
288 | /** | |
289 | * Signer instance for inbound traffic | |
290 | */ | |
291 | signer_t *signer_in; | |
292 | ||
293 | /** | |
294 | * Signer instance for outbound traffic | |
295 | */ | |
296 | signer_t *signer_out; | |
297 | ||
298 | /** | |
299 | * Crypter instance for inbound traffic | |
300 | */ | |
301 | crypter_t *crypter_in; | |
302 | ||
303 | /** | |
304 | * Crypter instance for outbound traffic | |
305 | */ | |
306 | crypter_t *crypter_out; | |
307 | ||
308 | /** | |
309 | * IV for input decryption, if < TLSv1.2 | |
310 | */ | |
311 | chunk_t iv_in; | |
312 | ||
313 | /** | |
314 | * IV for output decryption, if < TLSv1.2 | |
315 | */ | |
316 | chunk_t iv_out; | |
51313a39 MW |
317 | |
318 | /** | |
a6444fcd | 319 | * EAP-[T]TLS MSK |
51313a39 MW |
320 | */ |
321 | chunk_t msk; | |
a6444fcd AS |
322 | |
323 | /** | |
324 | * ASCII string constant used as seed for EAP-[T]TLS MSK PRF | |
325 | */ | |
326 | char *msk_label; | |
536dbc00 MW |
327 | }; |
328 | ||
84543e6e MW |
329 | typedef struct { |
330 | tls_cipher_suite_t suite; | |
331 | hash_algorithm_t hash; | |
332 | pseudo_random_function_t prf; | |
333 | integrity_algorithm_t mac; | |
334 | encryption_algorithm_t encr; | |
335 | size_t encr_size; | |
336 | } suite_algs_t; | |
337 | ||
338 | /** | |
339 | * Mapping suites to a set of algorithms | |
340 | */ | |
341 | static suite_algs_t suite_algs[] = { | |
342 | { TLS_RSA_WITH_NULL_MD5, | |
6e413d9c MW |
343 | HASH_MD5, PRF_HMAC_MD5, |
344 | AUTH_HMAC_MD5_128, ENCR_NULL, 0 | |
84543e6e MW |
345 | }, |
346 | { TLS_RSA_WITH_NULL_SHA, | |
6e413d9c MW |
347 | HASH_SHA1, PRF_HMAC_SHA1, |
348 | AUTH_HMAC_SHA1_160, ENCR_NULL, 0 | |
84543e6e MW |
349 | }, |
350 | { TLS_RSA_WITH_NULL_SHA256, | |
6e413d9c MW |
351 | HASH_SHA256, PRF_HMAC_SHA2_256, |
352 | AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0 | |
353 | }, | |
354 | { TLS_RSA_WITH_3DES_EDE_CBC_SHA, | |
355 | HASH_SHA1, PRF_HMAC_SHA1, | |
356 | AUTH_HMAC_SHA1_160, ENCR_3DES, 0 | |
84543e6e MW |
357 | }, |
358 | { TLS_RSA_WITH_AES_128_CBC_SHA, | |
6e413d9c MW |
359 | HASH_SHA1, PRF_HMAC_SHA1, |
360 | AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16 | |
361 | }, | |
362 | { TLS_RSA_WITH_AES_128_CBC_SHA256, | |
363 | HASH_SHA256, PRF_HMAC_SHA2_256, | |
364 | AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16 | |
84543e6e MW |
365 | }, |
366 | { TLS_RSA_WITH_AES_256_CBC_SHA, | |
6e413d9c MW |
367 | HASH_SHA1, PRF_HMAC_SHA1, |
368 | AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32 | |
84543e6e | 369 | }, |
6e413d9c MW |
370 | { TLS_RSA_WITH_AES_256_CBC_SHA256, |
371 | HASH_SHA256, PRF_HMAC_SHA2_256, | |
372 | AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32 | |
84543e6e | 373 | }, |
6e413d9c MW |
374 | { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, |
375 | HASH_SHA1, PRF_HMAC_SHA1, | |
376 | AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16 | |
377 | }, | |
378 | { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, | |
379 | HASH_SHA256, PRF_HMAC_SHA2_256, | |
380 | AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16 | |
381 | }, | |
382 | { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, | |
383 | HASH_SHA1, PRF_HMAC_SHA1, | |
384 | AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32 | |
385 | }, | |
386 | { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, | |
387 | HASH_SHA256, PRF_HMAC_SHA2_256, | |
388 | AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32 | |
84543e6e MW |
389 | }, |
390 | }; | |
391 | ||
392 | /** | |
393 | * Look up algoritms by a suite | |
394 | */ | |
395 | static suite_algs_t *find_suite(tls_cipher_suite_t suite) | |
396 | { | |
397 | int i; | |
398 | ||
399 | for (i = 0; i < countof(suite_algs); i++) | |
400 | { | |
401 | if (suite_algs[i].suite == suite) | |
402 | { | |
403 | return &suite_algs[i]; | |
404 | } | |
405 | } | |
406 | return NULL; | |
407 | } | |
408 | ||
18010de2 | 409 | /** |
a2bfc45b | 410 | * Filter a suite list using a transform enumerator |
18010de2 | 411 | */ |
a2bfc45b MW |
412 | static void filter_suite(private_tls_crypto_t *this, |
413 | suite_algs_t suites[], int *count, int offset, | |
414 | enumerator_t*(*create_enumerator)(crypto_factory_t*)) | |
536dbc00 | 415 | { |
a2bfc45b MW |
416 | suite_algs_t current; |
417 | int i, remaining = 0; | |
418 | enumerator_t *enumerator; | |
536dbc00 | 419 | |
a2bfc45b MW |
420 | memset(¤t, 0, sizeof(current)); |
421 | for (i = 0; i < *count; i++) | |
536dbc00 | 422 | { |
a2bfc45b MW |
423 | enumerator = create_enumerator(lib->crypto); |
424 | while (enumerator->enumerate(enumerator, ((char*)¤t) + offset)) | |
536dbc00 | 425 | { |
a2bfc45b MW |
426 | if ((suites[i].encr == ENCR_NULL || |
427 | !current.encr || current.encr == suites[i].encr) && | |
428 | (!current.mac || current.mac == suites[i].mac) && | |
429 | (!current.prf || current.prf == suites[i].prf) && | |
430 | (!current.hash || current.hash == suites[i].hash)) | |
536dbc00 | 431 | { |
a2bfc45b MW |
432 | suites[remaining] = suites[i]; |
433 | remaining++; | |
434 | break; | |
536dbc00 MW |
435 | } |
436 | } | |
a2bfc45b | 437 | enumerator->destroy(enumerator); |
536dbc00 | 438 | } |
a2bfc45b MW |
439 | *count = remaining; |
440 | } | |
441 | ||
96b2fbcc MW |
442 | /** |
443 | * Purge NULL encryption cipher suites from list | |
444 | */ | |
445 | static void filter_null_suites(private_tls_crypto_t *this, | |
446 | suite_algs_t suites[], int *count) | |
447 | { | |
448 | int i, remaining = 0; | |
449 | ||
450 | for (i = 0; i < *count; i++) | |
451 | { | |
452 | if (suites[i].encr != ENCR_NULL) | |
453 | { | |
454 | suites[remaining] = suites[i]; | |
455 | remaining++; | |
456 | } | |
457 | } | |
458 | *count = remaining; | |
459 | } | |
460 | ||
a2bfc45b MW |
461 | /** |
462 | * Initialize the cipher suite list | |
463 | */ | |
96b2fbcc MW |
464 | static void build_cipher_suite_list(private_tls_crypto_t *this, |
465 | bool require_encryption) | |
a2bfc45b MW |
466 | { |
467 | suite_algs_t suites[countof(suite_algs)]; | |
468 | int count = countof(suite_algs), i; | |
536dbc00 | 469 | |
a2bfc45b | 470 | /* copy all suites */ |
536dbc00 MW |
471 | for (i = 0; i < count; i++) |
472 | { | |
a2bfc45b | 473 | suites[i] = suite_algs[i]; |
18010de2 | 474 | } |
96b2fbcc MW |
475 | if (require_encryption) |
476 | { | |
477 | filter_null_suites(this, suites, &count); | |
478 | } | |
a2bfc45b MW |
479 | /* filter suite list by each algorithm */ |
480 | filter_suite(this, suites, &count, offsetof(suite_algs_t, encr), | |
481 | lib->crypto->create_crypter_enumerator); | |
482 | filter_suite(this, suites, &count, offsetof(suite_algs_t, mac), | |
483 | lib->crypto->create_signer_enumerator); | |
484 | filter_suite(this, suites, &count, offsetof(suite_algs_t, prf), | |
485 | lib->crypto->create_prf_enumerator); | |
486 | filter_suite(this, suites, &count, offsetof(suite_algs_t, hash), | |
487 | lib->crypto->create_hasher_enumerator); | |
488 | ||
56a1167b AS |
489 | free(this->suites); |
490 | this->suite_count = count; | |
491 | this->suites = malloc(sizeof(tls_cipher_suite_t) * count); | |
492 | ||
a2bfc45b MW |
493 | DBG2(DBG_CFG, "%d supported TLS cipher suites:", count); |
494 | for (i = 0; i < count; i++) | |
495 | { | |
56a1167b AS |
496 | DBG2(DBG_CFG, " %N", tls_cipher_suite_names, suites[i].suite); |
497 | this->suites[i] = suites[i].suite; | |
a2bfc45b | 498 | } |
18010de2 MW |
499 | } |
500 | ||
501 | METHOD(tls_crypto_t, get_cipher_suites, int, | |
502 | private_tls_crypto_t *this, tls_cipher_suite_t **suites) | |
503 | { | |
504 | *suites = this->suites; | |
505 | return this->suite_count; | |
506 | } | |
507 | ||
84543e6e MW |
508 | /** |
509 | * Create crypto primitives | |
510 | */ | |
511 | static bool create_ciphers(private_tls_crypto_t *this, tls_cipher_suite_t suite) | |
512 | { | |
513 | suite_algs_t *algs; | |
514 | ||
515 | algs = find_suite(suite); | |
516 | if (!algs) | |
517 | { | |
518 | DBG1(DBG_IKE, "selected TLS suite not supported"); | |
519 | return FALSE; | |
520 | } | |
521 | ||
522 | DESTROY_IF(this->prf); | |
523 | if (this->tls->get_version(this->tls) < TLS_1_2) | |
524 | { | |
525 | this->prf = tls_prf_create_10(); | |
526 | } | |
527 | else | |
528 | { | |
529 | this->prf = tls_prf_create_12(algs->prf); | |
530 | } | |
531 | if (!this->prf) | |
532 | { | |
533 | DBG1(DBG_IKE, "selected TLS PRF not supported"); | |
534 | return FALSE; | |
535 | } | |
536 | ||
537 | DESTROY_IF(this->signer_in); | |
538 | DESTROY_IF(this->signer_out); | |
539 | this->signer_in = lib->crypto->create_signer(lib->crypto, algs->mac); | |
540 | this->signer_out = lib->crypto->create_signer(lib->crypto, algs->mac); | |
541 | if (!this->signer_in || !this->signer_out) | |
542 | { | |
543 | DBG1(DBG_IKE, "selected TLS MAC %N not supported", | |
544 | integrity_algorithm_names, algs->mac); | |
545 | return FALSE; | |
546 | } | |
547 | ||
548 | DESTROY_IF(this->crypter_in); | |
549 | DESTROY_IF(this->crypter_out); | |
550 | if (algs->encr == ENCR_NULL) | |
551 | { | |
552 | this->crypter_in = this->crypter_out = NULL; | |
553 | } | |
554 | else | |
555 | { | |
556 | this->crypter_in = lib->crypto->create_crypter(lib->crypto, | |
557 | algs->encr, algs->encr_size); | |
558 | this->crypter_out = lib->crypto->create_crypter(lib->crypto, | |
559 | algs->encr, algs->encr_size); | |
560 | if (!this->crypter_in || !this->crypter_out) | |
561 | { | |
562 | DBG1(DBG_IKE, "selected TLS crypter %N not supported", | |
563 | encryption_algorithm_names, algs->encr); | |
564 | return FALSE; | |
565 | } | |
566 | } | |
567 | return TRUE; | |
568 | } | |
569 | ||
18010de2 MW |
570 | METHOD(tls_crypto_t, select_cipher_suite, tls_cipher_suite_t, |
571 | private_tls_crypto_t *this, tls_cipher_suite_t *suites, int count) | |
572 | { | |
573 | int i, j; | |
574 | ||
575 | for (i = 0; i < this->suite_count; i++) | |
576 | { | |
577 | for (j = 0; j < count; j++) | |
578 | { | |
579 | if (this->suites[i] == suites[j]) | |
580 | { | |
84543e6e MW |
581 | if (create_ciphers(this, this->suites[i])) |
582 | { | |
583 | this->suite = this->suites[i]; | |
584 | return this->suite; | |
585 | } | |
18010de2 MW |
586 | } |
587 | } | |
588 | } | |
589 | return 0; | |
590 | } | |
591 | ||
dc9f34be MW |
592 | METHOD(tls_crypto_t, set_protection, void, |
593 | private_tls_crypto_t *this, tls_protection_t *protection) | |
594 | { | |
595 | this->protection = protection; | |
596 | } | |
597 | ||
84d67ead MW |
598 | METHOD(tls_crypto_t, append_handshake, void, |
599 | private_tls_crypto_t *this, tls_handshake_type_t type, chunk_t data) | |
600 | { | |
601 | u_int32_t header; | |
602 | ||
603 | /* reconstruct handshake header */ | |
604 | header = htonl(data.len | (type << 24)); | |
605 | this->handshake = chunk_cat("mcc", this->handshake, | |
606 | chunk_from_thing(header), data); | |
607 | } | |
608 | ||
609 | /** | |
610 | * Create a hash of the stored handshake data | |
611 | */ | |
612 | static bool hash_handshake(private_tls_crypto_t *this, chunk_t *hash) | |
613 | { | |
614 | if (this->tls->get_version(this->tls) >= TLS_1_2) | |
615 | { | |
616 | hasher_t *hasher; | |
617 | suite_algs_t *alg; | |
618 | ||
619 | alg = find_suite(this->suite); | |
620 | if (!alg) | |
621 | { | |
622 | return FALSE; | |
623 | } | |
624 | hasher = lib->crypto->create_hasher(lib->crypto, alg->hash); | |
625 | if (!hasher) | |
626 | { | |
627 | DBG1(DBG_IKE, "%N not supported", hash_algorithm_names, alg->hash); | |
628 | return FALSE; | |
629 | } | |
630 | hasher->allocate_hash(hasher, this->handshake, hash); | |
631 | hasher->destroy(hasher); | |
632 | } | |
633 | else | |
634 | { | |
635 | hasher_t *md5, *sha1; | |
636 | char buf[HASH_SIZE_MD5 + HASH_SIZE_SHA1]; | |
637 | ||
638 | md5 = lib->crypto->create_hasher(lib->crypto, HASH_MD5); | |
639 | if (!md5) | |
640 | { | |
641 | DBG1(DBG_IKE, "%N not supported", hash_algorithm_names, HASH_MD5); | |
642 | return FALSE; | |
643 | } | |
644 | md5->get_hash(md5, this->handshake, buf); | |
645 | md5->destroy(md5); | |
646 | sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); | |
647 | if (!sha1) | |
648 | { | |
649 | DBG1(DBG_IKE, "%N not supported", hash_algorithm_names, HASH_SHA1); | |
650 | return FALSE; | |
651 | } | |
652 | sha1->get_hash(sha1, this->handshake, buf + HASH_SIZE_MD5); | |
653 | sha1->destroy(sha1); | |
654 | ||
655 | *hash = chunk_clone(chunk_from_thing(buf)); | |
656 | } | |
657 | return TRUE; | |
658 | } | |
659 | ||
660 | METHOD(tls_crypto_t, sign_handshake, bool, | |
400df4ca | 661 | private_tls_crypto_t *this, private_key_t *key, tls_writer_t *writer) |
84d67ead | 662 | { |
400df4ca MW |
663 | chunk_t sig, hash; |
664 | ||
84d67ead MW |
665 | if (this->tls->get_version(this->tls) >= TLS_1_2) |
666 | { | |
400df4ca MW |
667 | /* TODO: use supported algorithms instead of fixed SHA1/RSA */ |
668 | if (!key->sign(key, SIGN_RSA_EMSA_PKCS1_SHA1, this->handshake, &sig)) | |
669 | { | |
670 | return FALSE; | |
671 | } | |
672 | writer->write_uint8(writer, 2); | |
673 | writer->write_uint8(writer, 1); | |
674 | writer->write_data16(writer, sig); | |
675 | free(sig.ptr); | |
676 | } | |
677 | else | |
678 | { | |
679 | if (!hash_handshake(this, &hash)) | |
680 | { | |
681 | return FALSE; | |
682 | } | |
683 | if (!key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, &sig)) | |
684 | { | |
685 | free(hash.ptr); | |
686 | return FALSE; | |
687 | } | |
688 | writer->write_data16(writer, sig); | |
689 | free(hash.ptr); | |
690 | free(sig.ptr); | |
691 | } | |
692 | return TRUE; | |
693 | } | |
694 | ||
695 | METHOD(tls_crypto_t, verify_handshake, bool, | |
696 | private_tls_crypto_t *this, public_key_t *key, tls_reader_t *reader) | |
697 | { | |
698 | if (this->tls->get_version(this->tls) >= TLS_1_2) | |
699 | { | |
700 | u_int8_t hash, alg; | |
701 | chunk_t sig; | |
84d67ead | 702 | |
400df4ca MW |
703 | if (!reader->read_uint8(reader, &hash) || |
704 | !reader->read_uint8(reader, &alg) || | |
705 | !reader->read_data16(reader, &sig)) | |
706 | { | |
707 | DBG1(DBG_IKE, "received invalid Certificate Verify"); | |
708 | return FALSE; | |
709 | } | |
710 | /* TODO: map received hash/sig alg to signature scheme */ | |
711 | if (hash != 2 || alg != 1 || | |
712 | !key->verify(key, SIGN_RSA_EMSA_PKCS1_SHA1, this->handshake, sig)) | |
84d67ead MW |
713 | { |
714 | return FALSE; | |
715 | } | |
84d67ead MW |
716 | } |
717 | else | |
718 | { | |
400df4ca | 719 | chunk_t sig, hash; |
84d67ead | 720 | |
400df4ca MW |
721 | if (!reader->read_data16(reader, &sig)) |
722 | { | |
723 | DBG1(DBG_IKE, "received invalid Certificate Verify"); | |
724 | return FALSE; | |
725 | } | |
84d67ead MW |
726 | if (!hash_handshake(this, &hash)) |
727 | { | |
728 | return FALSE; | |
729 | } | |
400df4ca | 730 | if (!key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, sig)) |
84d67ead MW |
731 | { |
732 | free(hash.ptr); | |
733 | return FALSE; | |
734 | } | |
735 | free(hash.ptr); | |
84d67ead MW |
736 | } |
737 | return TRUE; | |
738 | } | |
739 | ||
740 | METHOD(tls_crypto_t, calculate_finished, bool, | |
741 | private_tls_crypto_t *this, char *label, char out[12]) | |
742 | { | |
743 | chunk_t seed; | |
744 | ||
745 | if (!this->prf) | |
746 | { | |
747 | return FALSE; | |
748 | } | |
749 | if (!hash_handshake(this, &seed)) | |
750 | { | |
751 | return FALSE; | |
752 | } | |
753 | this->prf->get_bytes(this->prf, label, seed, 12, out); | |
754 | free(seed.ptr); | |
755 | return TRUE; | |
756 | } | |
757 | ||
758 | METHOD(tls_crypto_t, derive_secrets, void, | |
18010de2 MW |
759 | private_tls_crypto_t *this, chunk_t premaster, |
760 | chunk_t client_random, chunk_t server_random) | |
761 | { | |
84543e6e MW |
762 | char master[48]; |
763 | chunk_t seed, block, client_write, server_write; | |
764 | int mks, eks = 0, ivs = 0; | |
765 | ||
766 | /* derive master secret */ | |
767 | seed = chunk_cata("cc", client_random, server_random); | |
768 | this->prf->set_key(this->prf, premaster); | |
769 | this->prf->get_bytes(this->prf, "master secret", seed, | |
770 | sizeof(master), master); | |
771 | ||
772 | this->prf->set_key(this->prf, chunk_from_thing(master)); | |
773 | memset(master, 0, sizeof(master)); | |
774 | ||
775 | /* derive key block for key expansion */ | |
776 | mks = this->signer_out->get_key_size(this->signer_out); | |
777 | if (this->crypter_out) | |
18010de2 | 778 | { |
84543e6e | 779 | eks = this->crypter_out->get_key_size(this->crypter_out); |
f139b578 | 780 | if (this->tls->get_version(this->tls) < TLS_1_1) |
18010de2 | 781 | { |
3102d866 | 782 | ivs = this->crypter_out->get_iv_size(this->crypter_out); |
84543e6e MW |
783 | } |
784 | } | |
785 | seed = chunk_cata("cc", server_random, client_random); | |
786 | block = chunk_alloca((mks + eks + ivs) * 2); | |
787 | this->prf->get_bytes(this->prf, "key expansion", seed, block.len, block.ptr); | |
788 | ||
789 | /* signer keys */ | |
790 | client_write = chunk_create(block.ptr, mks); | |
791 | block = chunk_skip(block, mks); | |
792 | server_write = chunk_create(block.ptr, mks); | |
793 | block = chunk_skip(block, mks); | |
794 | if (this->tls->is_server(this->tls)) | |
795 | { | |
796 | this->signer_in->set_key(this->signer_in, client_write); | |
797 | this->signer_out->set_key(this->signer_out, server_write); | |
798 | } | |
799 | else | |
800 | { | |
801 | this->signer_out->set_key(this->signer_out, client_write); | |
802 | this->signer_in->set_key(this->signer_in, server_write); | |
803 | } | |
804 | ||
805 | /* crypter keys, and IVs if < TLSv1.2 */ | |
806 | if (this->crypter_out && this->crypter_in) | |
807 | { | |
808 | client_write = chunk_create(block.ptr, eks); | |
809 | block = chunk_skip(block, eks); | |
810 | server_write = chunk_create(block.ptr, eks); | |
811 | block = chunk_skip(block, eks); | |
812 | ||
813 | if (this->tls->is_server(this->tls)) | |
814 | { | |
815 | this->crypter_in->set_key(this->crypter_in, client_write); | |
816 | this->crypter_out->set_key(this->crypter_out, server_write); | |
18010de2 MW |
817 | } |
818 | else | |
819 | { | |
84543e6e MW |
820 | this->crypter_out->set_key(this->crypter_out, client_write); |
821 | this->crypter_in->set_key(this->crypter_in, server_write); | |
822 | } | |
823 | if (ivs) | |
824 | { | |
825 | client_write = chunk_create(block.ptr, ivs); | |
826 | block = chunk_skip(block, ivs); | |
827 | server_write = chunk_create(block.ptr, ivs); | |
828 | block = chunk_skip(block, ivs); | |
829 | ||
830 | if (this->tls->is_server(this->tls)) | |
18010de2 | 831 | { |
84543e6e MW |
832 | this->iv_in = chunk_clone(client_write); |
833 | this->iv_out = chunk_clone(server_write); | |
834 | } | |
835 | else | |
836 | { | |
837 | this->iv_out = chunk_clone(client_write); | |
838 | this->iv_in = chunk_clone(server_write); | |
18010de2 | 839 | } |
536dbc00 MW |
840 | } |
841 | } | |
84543e6e | 842 | } |
18010de2 | 843 | |
84543e6e MW |
844 | METHOD(tls_crypto_t, change_cipher, void, |
845 | private_tls_crypto_t *this, bool inbound) | |
846 | { | |
dc9f34be | 847 | if (this->protection) |
84543e6e | 848 | { |
dc9f34be MW |
849 | if (inbound) |
850 | { | |
851 | this->protection->set_cipher(this->protection, TRUE, | |
852 | this->signer_in, this->crypter_in, this->iv_in); | |
853 | } | |
854 | else | |
855 | { | |
856 | this->protection->set_cipher(this->protection, FALSE, | |
857 | this->signer_out, this->crypter_out, this->iv_out); | |
858 | } | |
18010de2 | 859 | } |
536dbc00 MW |
860 | } |
861 | ||
84d67ead MW |
862 | METHOD(tls_crypto_t, derive_eap_msk, void, |
863 | private_tls_crypto_t *this, chunk_t client_random, chunk_t server_random) | |
18010de2 | 864 | { |
84d67ead MW |
865 | chunk_t seed; |
866 | ||
867 | seed = chunk_cata("cc", client_random, server_random); | |
868 | free(this->msk.ptr); | |
869 | this->msk = chunk_alloc(64); | |
a6444fcd | 870 | this->prf->get_bytes(this->prf, this->msk_label, seed, |
84d67ead | 871 | this->msk.len, this->msk.ptr); |
18010de2 | 872 | } |
536dbc00 | 873 | |
51313a39 MW |
874 | METHOD(tls_crypto_t, get_eap_msk, chunk_t, |
875 | private_tls_crypto_t *this) | |
876 | { | |
877 | return this->msk; | |
878 | } | |
879 | ||
536dbc00 MW |
880 | METHOD(tls_crypto_t, destroy, void, |
881 | private_tls_crypto_t *this) | |
882 | { | |
84543e6e MW |
883 | DESTROY_IF(this->signer_in); |
884 | DESTROY_IF(this->signer_out); | |
885 | DESTROY_IF(this->crypter_in); | |
886 | DESTROY_IF(this->crypter_out); | |
887 | free(this->iv_in.ptr); | |
888 | free(this->iv_out.ptr); | |
84d67ead | 889 | free(this->handshake.ptr); |
51313a39 | 890 | free(this->msk.ptr); |
18010de2 | 891 | DESTROY_IF(this->prf); |
84543e6e | 892 | free(this->suites); |
536dbc00 MW |
893 | free(this); |
894 | } | |
895 | ||
896 | /** | |
897 | * See header | |
898 | */ | |
96b2fbcc | 899 | tls_crypto_t *tls_crypto_create(tls_t *tls) |
536dbc00 MW |
900 | { |
901 | private_tls_crypto_t *this; | |
902 | ||
903 | INIT(this, | |
904 | .public = { | |
905 | .get_cipher_suites = _get_cipher_suites, | |
18010de2 | 906 | .select_cipher_suite = _select_cipher_suite, |
dc9f34be | 907 | .set_protection = _set_protection, |
84d67ead MW |
908 | .append_handshake = _append_handshake, |
909 | .sign_handshake = _sign_handshake, | |
400df4ca | 910 | .verify_handshake = _verify_handshake, |
84d67ead MW |
911 | .calculate_finished = _calculate_finished, |
912 | .derive_secrets = _derive_secrets, | |
84543e6e | 913 | .change_cipher = _change_cipher, |
84d67ead | 914 | .derive_eap_msk = _derive_eap_msk, |
51313a39 | 915 | .get_eap_msk = _get_eap_msk, |
536dbc00 MW |
916 | .destroy = _destroy, |
917 | }, | |
18010de2 | 918 | .tls = tls, |
536dbc00 MW |
919 | ); |
920 | ||
96b2fbcc MW |
921 | switch (tls->get_purpose(tls)) |
922 | { | |
923 | case TLS_PURPOSE_EAP_TLS: | |
924 | /* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */ | |
925 | this->msk_label = "client EAP encryption"; | |
926 | build_cipher_suite_list(this, FALSE); | |
927 | break; | |
928 | case TLS_PURPOSE_EAP_TTLS: | |
929 | /* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */ | |
930 | this->msk_label = "ttls keying material"; | |
931 | build_cipher_suite_list(this, TRUE); | |
932 | break; | |
933 | } | |
536dbc00 MW |
934 | return &this->public; |
935 | } |