]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libtls/tls_crypto.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
handle TLS_PURPOSE_EAP_TNC
[thirdparty/strongswan.git] / src / libtls / tls_crypto.c
CommitLineData
536dbc00
MW		 1/*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16#include "tls_crypto.h"
17
0f82a470 18#include <debug.h>
18010de2 19
4657b3a4
AS		 20ENUM_BEGIN(tls_cipher_suite_names, TLS_NULL_WITH_NULL_NULL,
21 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
22 "TLS_NULL_WITH_NULL_NULL",
23 "TLS_RSA_WITH_NULL_MD5",
24 "TLS_RSA_WITH_NULL_SHA",
25 "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
26 "TLS_RSA_WITH_RC4_128_MD5",
27 "TLS_RSA_WITH_RC4_128_SHA",
28 "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
29 "TLS_RSA_WITH_IDEA_CBC_SHA",
30 "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
31 "TLS_RSA_WITH_DES_CBC_SHA",
32 "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
33 "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
34 "TLS_DH_DSS_WITH_DES_CBC_SHA",
35 "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
36 "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
37 "TLS_DH_RSA_WITH_DES_CBC_SHA",
38 "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
39 "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
37d2d7e1 40 "TLS_DHE_DSS_WITH_DES_CBC_SHA",
4657b3a4
AS		 41 "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
42 "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
43 "TLS_DHE_RSA_WITH_DES_CBC_SHA",
44 "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
45 "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
46 "TLS_DH_anon_WITH_RC4_128_MD5",
47 "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
48 "TLS_DH_anon_WITH_DES_CBC_SHA",
49 "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA");
50ENUM_NEXT(tls_cipher_suite_names, TLS_KRB5_WITH_DES_CBC_SHA,
51 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
52 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
53 "TLS_KRB5_WITH_DES_CBC_SHA",
54 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
55 "TLS_KRB5_WITH_RC4_128_SHA",
56 "TLS_KRB5_WITH_IDEA_CBC_SHA",
57 "TLS_KRB5_WITH_DES_CBC_MD5",
58 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
59 "TLS_KRB5_WITH_RC4_128_MD5",
60 "TLS_KRB5_WITH_IDEA_CBC_MD5",
61 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
37d2d7e1 62 "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
4657b3a4
AS		 63 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
64 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
65 "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
66 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
67 "TLS_PSK_WITH_NULL_SHA",
68 "TLS_DHE_PSK_WITH_NULL_SHA",
69 "TLS_RSA_PSK_WITH_NULL_SHA",
70 "TLS_RSA_WITH_AES_128_CBC_SHA",
71 "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
72 "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
73 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
74 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
75 "TLS_DH_anon_WITH_AES_128_CBC_SHA",
76 "TLS_RSA_WITH_AES_256_CBC_SHA",
77 "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
78 "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
79 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
80 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
81 "TLS_DH_anon_WITH_AES_256_CBC_SHA",
82 "TLS_RSA_WITH_NULL_SHA256",
83 "TLS_RSA_WITH_AES_128_CBC_SHA256 ",
84 "TLS_RSA_WITH_AES_256_CBC_SHA256",
85 "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
86 "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
87 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
88 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
89 "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
90 "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
91 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
37d2d7e1 92 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
4657b3a4
AS		 93 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA");
94ENUM_NEXT(tls_cipher_suite_names, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
95 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
96 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
97 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
98 "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
99 "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
100 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
101 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
102 "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
103 "TLS_DH_anon_WITH_AES_256_CBC_SHA256");
104ENUM_NEXT(tls_cipher_suite_names, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
37d2d7e1 105 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,
4657b3a4
AS		 106 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
107 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
108 "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
109 "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
110 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
111 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
112 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
113 "TLS_PSK_WITH_RC4_128_SHA",
114 "TLS_PSK_WITH_3DES_EDE_CBC_SHA2",
115 "TLS_PSK_WITH_AES_128_CBC_SHA",
116 "TLS_PSK_WITH_AES_256_CBC_SHA",
117 "TLS_DHE_PSK_WITH_RC4_128_SHA",
118 "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
119 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
120 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA2",
121 "TLS_RSA_PSK_WITH_RC4_128_SHA",
122 "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
123 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
124 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
125 "TLS_RSA_WITH_SEED_CBC_SHA",
126 "TLS_DH_DSS_WITH_SEED_CBC_SHA",
127 "TLS_DH_RSA_WITH_SEED_CBC_SHA",
128 "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
129 "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
130 "TLS_DH_anon_WITH_SEED_CBC_SHA",
131 "TLS_RSA_WITH_AES_128_GCM_SHA256",
132 "TLS_RSA_WITH_AES_256_GCM_SHA384",
133 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
134 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
135 "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
136 "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
137 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
138 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
139 "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
140 "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
141 "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
142 "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
143 "TLS_PSK_WITH_AES_128_GCM_SHA256",
144 "TLS_PSK_WITH_AES_256_GCM_SHA384",
145 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
146 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
147 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
148 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
149 "TLS_PSK_WITH_AES_128_CBC_SHA256",
150 "TLS_PSK_WITH_AES_256_CBC_SHA384",
151 "TLS_PSK_WITH_NULL_SHA256",
152 "TLS_PSK_WITH_NULL_SHA384",
153 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
154 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
155 "TLS_DHE_PSK_WITH_NULL_SHA256",
156 "TLS_DHE_PSK_WITH_NULL_SHA384",
157 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
158 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
159 "TLS_RSA_PSK_WITH_NULL_SHA256",
160 "TLS_RSA_PSK_WITH_NULL_SHA384",
161 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
162 "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
163 "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
164 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
165 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
166 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
167 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
168 "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
169 "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
170 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
171 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
172 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256");
173ENUM_NEXT(tls_cipher_suite_names, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
37d2d7e1 174 TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
4657b3a4
AS		 175 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,
176 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV");
177ENUM_NEXT(tls_cipher_suite_names, TLS_ECDH_ECDSA_WITH_NULL_SHA,
37d2d7e1 178 TLS_ECDHE_PSK_WITH_NULL_SHA384,
4657b3a4
AS		 179 TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
180 "TLS_ECDH_ECDSA_WITH_NULL_SHA",
181 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
182 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
183 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
184 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
185 "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
186 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
187 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
188 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
189 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
190 "TLS_ECDH_RSA_WITH_NULL_SHA",
191 "TLS_ECDH_RSA_WITH_RC4_128_SHA",
192 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
193 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
194 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
195 "TLS_ECDHE_RSA_WITH_NULL_SHA",
196 "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
197 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
198 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
199 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
200 "TLS_ECDH_anon_WITH_NULL_SHA",
201 "TLS_ECDH_anon_WITH_RC4_128_SHA",
202 "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
203 "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
204 "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
205 "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
206 "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
207 "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
208 "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
209 "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
210 "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
211 "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
212 "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
213 "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
214 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
215 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
216 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
217 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
218 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
219 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
220 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
221 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
222 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
223 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
224 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
225 "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
226 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
227 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
228 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
229 "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
230 "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
231 "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
232 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
233 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
234 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
235 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
236 "TLS_ECDHE_PSK_WITH_NULL_SHA",
237 "TLS_ECDHE_PSK_WITH_NULL_SHA256",
238 "TLS_ECDHE_PSK_WITH_NULL_SHA384");
239ENUM_END(tls_cipher_suite_names, TLS_ECDHE_PSK_WITH_NULL_SHA384);
240
9dd2ca92
MW		 241ENUM(tls_hash_algorithm_names, TLS_HASH_NONE, TLS_HASH_SHA512,
242 "NONE",
243 "MD5",
244 "SHA1",
245 "SHA224",
246 "SHA256",
247 "SHA384",
248 "SHA512",
249);
250
251ENUM(tls_signature_algorithm_names, TLS_SIG_RSA, TLS_SIG_ECDSA,
252 "RSA",
253 "DSA",
254 "ECDSA",
255);
256
99dcaea9
MW		 257ENUM_BEGIN(tls_client_certificate_type_names,
258 TLS_RSA_SIGN, TLS_DSS_EPHEMERAL_DH,
259 "RSA_SIGN",
260 "DSA_SIGN",
261 "RSA_FIXED_DH",
262 "DSS_FIXED_DH",
263 "RSA_EPHEMERAL_DH",
264 "DSS_EPHEMERAL_DH");
265ENUM_NEXT(tls_client_certificate_type_names,
266 TLS_FORTEZZA_DMS, TLS_FORTEZZA_DMS, TLS_DSS_EPHEMERAL_DH,
267 "FORTEZZA_DMS");
268ENUM_NEXT(tls_client_certificate_type_names,
269 TLS_ECDSA_SIGN, TLS_ECDSA_FIXED_ECDH, TLS_FORTEZZA_DMS,
270 "ECDSA_SIGN",
271 "RSA_FIXED_ECDH",
272 "ECDSA_FIXED_ECDH");
273ENUM_END(tls_client_certificate_type_names, TLS_ECDSA_FIXED_ECDH);
274
691ca54d
MW		 275ENUM(tls_ecc_curve_type_names, TLS_ECC_EXPLICIT_PRIME, TLS_ECC_NAMED_CURVE,
276 "EXPLICIT_PRIME",
277 "EXPLICIT_CHAR2",
278 "NAMED_CURVE",
279);
280
281ENUM(tls_named_curve_names, TLS_SECT163K1, TLS_SECP521R1,
282 "SECT163K1",
283 "SECT163R1",
284 "SECT163R2",
285 "SECT193R1",
286 "SECT193R2",
287 "SECT233K1",
288 "SECT233R1",
289 "SECT239K1",
290 "SECT283K1",
291 "SECT283R1",
292 "SECT409K1",
293 "SECT409R1",
294 "SECT571K1",
295 "SECT571R1",
296 "SECP160K1",
297 "SECP160R1",
298 "SECP160R2",
299 "SECP192K1",
300 "SECP192R1",
301 "SECP224K1",
302 "SECP224R1",
303 "SECP256K1",
304 "SECP256R1",
305 "SECP384R1",
306 "SECP521R1",
307);
308
ec7d4e70 309ENUM(tls_ansi_point_format_names, TLS_ANSI_COMPRESSED, TLS_ANSI_HYBRID_Y,
e6cce7ff
MW		 310 "compressed",
311 "compressed y",
312 "uncompressed",
313 "uncompressed y",
314 "hybrid",
315 "hybrid y",
316);
99dcaea9 317
02281c87
MW		 318ENUM(tls_ec_point_format_names,
319 TLS_EC_POINT_UNCOMPRESSED, TLS_EC_POINT_ANSIX962_COMPRESSED_CHAR2,
320 "uncompressed",
321 "ansiX962 compressed prime",
322 "ansiX962 compressed char2",
323);
324
536dbc00
MW		 325typedef struct private_tls_crypto_t private_tls_crypto_t;
326
327/**
328 * Private data of an tls_crypto_t object.
329 */
330struct private_tls_crypto_t {
331
332 /**
333 * Public tls_crypto_t interface.
334 */
335 tls_crypto_t public;
18010de2 336
dc9f34be
MW		 337 /**
338 * Protection layer
339 */
340 tls_protection_t *protection;
341
18010de2
MW		 342 /**
343 * List of supported/acceptable cipher suites
344 */
345 tls_cipher_suite_t *suites;
346
347 /**
348 * Number of supported suites
349 */
350 int suite_count;
351
352 /**
353 * Selected cipher suite
354 */
355 tls_cipher_suite_t suite;
356
4254257f
MW		 357 /**
358 * RSA supported?
359 */
360 bool rsa;
361
362 /**
363 * ECDSA supported?
364 */
365 bool ecdsa;
366
18010de2
MW		 367 /**
368 * TLS context
369 */
370 tls_t *tls;
371
84d67ead
MW		 372 /**
373 * All handshake data concatentated
374 */
375 chunk_t handshake;
376
18010de2
MW		 377 /**
378 * Connection state TLS PRF
379 */
380 tls_prf_t *prf;
84543e6e
MW		 381
382 /**
383 * Signer instance for inbound traffic
384 */
385 signer_t *signer_in;
386
387 /**
388 * Signer instance for outbound traffic
389 */
390 signer_t *signer_out;
391
392 /**
393 * Crypter instance for inbound traffic
394 */
395 crypter_t *crypter_in;
396
397 /**
398 * Crypter instance for outbound traffic
399 */
400 crypter_t *crypter_out;
401
402 /**
403 * IV for input decryption, if < TLSv1.2
404 */
405 chunk_t iv_in;
406
407 /**
408 * IV for output decryption, if < TLSv1.2
409 */
410 chunk_t iv_out;
51313a39
MW		 411
412 /**
a6444fcd 413 * EAP-[T]TLS MSK
51313a39
MW		 414 */
415 chunk_t msk;
a6444fcd
AS		 416
417 /**
418 * ASCII string constant used as seed for EAP-[T]TLS MSK PRF
419 */
420 char *msk_label;
536dbc00
MW		 421};
422
84543e6e
MW		 423typedef struct {
424 tls_cipher_suite_t suite;
4cdade5a
MW		 425 key_type_t key;
426 diffie_hellman_group_t dh;
84543e6e
MW		 427 hash_algorithm_t hash;
428 pseudo_random_function_t prf;
429 integrity_algorithm_t mac;
430 encryption_algorithm_t encr;
431 size_t encr_size;
432} suite_algs_t;
433
434/**
435 * Mapping suites to a set of algorithms
436 */
437static suite_algs_t suite_algs[] = {
2066918d
MW		 438 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
439 KEY_ECDSA, ECP_256_BIT,
440 HASH_SHA1, PRF_HMAC_SHA1,
441 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
442 },
443 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
444 KEY_ECDSA, ECP_256_BIT,
445 HASH_SHA256, PRF_HMAC_SHA2_256,
446 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
447 },
448 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
449 KEY_ECDSA, ECP_384_BIT,
450 HASH_SHA1, PRF_HMAC_SHA1,
451 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
452 },
453 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
454 KEY_ECDSA, ECP_384_BIT,
455 HASH_SHA384, PRF_HMAC_SHA2_384,
456 AUTH_HMAC_SHA2_384_384, ENCR_AES_CBC, 32
457 },
458 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
f9c0cf86 459 KEY_RSA, ECP_256_BIT,
2066918d
MW		 460 HASH_SHA1, PRF_HMAC_SHA1,
461 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
462 },
463 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
f9c0cf86 464 KEY_RSA, ECP_256_BIT,
2066918d
MW		 465 HASH_SHA256, PRF_HMAC_SHA2_256,
466 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
467 },
468 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
f9c0cf86 469 KEY_RSA, ECP_384_BIT,
2066918d
MW		 470 HASH_SHA1, PRF_HMAC_SHA1,
471 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
472 },
473 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
f9c0cf86 474 KEY_RSA, ECP_384_BIT,
2066918d
MW		 475 HASH_SHA384, PRF_HMAC_SHA2_384,
476 AUTH_HMAC_SHA2_384_384, ENCR_AES_CBC, 32
477 },
ef0a8e58 478 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
4cdade5a
MW		 479 KEY_RSA, MODP_2048_BIT,
480 HASH_SHA1, PRF_HMAC_SHA1,
ef0a8e58
MW		 481 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
482 },
483 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
4cdade5a
MW		 484 KEY_RSA, MODP_3072_BIT,
485 HASH_SHA256, PRF_HMAC_SHA2_256,
ef0a8e58
MW		 486 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
487 },
488 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
4cdade5a
MW		 489 KEY_RSA, MODP_3072_BIT,
490 HASH_SHA1, PRF_HMAC_SHA1,
ef0a8e58
MW		 491 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
492 },
493 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
4cdade5a
MW		 494 KEY_RSA, MODP_4096_BIT,
495 HASH_SHA256, PRF_HMAC_SHA2_256,
ef0a8e58
MW		 496 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32
497 },
498 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
4cdade5a
MW		 499 KEY_RSA, MODP_2048_BIT,
500 HASH_SHA1, PRF_HMAC_SHA1,
ef0a8e58
MW		 501 AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16
502 },
503 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
4cdade5a
MW		 504 KEY_RSA, MODP_3072_BIT,
505 HASH_SHA256, PRF_HMAC_SHA2_256,
ef0a8e58
MW		 506 AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16
507 },
508 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
4cdade5a
MW		 509 KEY_RSA, MODP_3072_BIT,
510 HASH_SHA1, PRF_HMAC_SHA1,
ef0a8e58
MW		 511 AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32
512 },
513 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
4cdade5a
MW		 514 KEY_RSA, MODP_4096_BIT,
515 HASH_SHA256, PRF_HMAC_SHA2_256,
ef0a8e58
MW		 516 AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32
517 },
518 { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
4cdade5a
MW		 519 KEY_RSA, MODP_2048_BIT,
520 HASH_SHA1, PRF_HMAC_SHA1,
ef0a8e58
MW		 521 AUTH_HMAC_SHA1_160, ENCR_3DES, 0
522 },
84543e6e 523 { TLS_RSA_WITH_AES_128_CBC_SHA,
4cdade5a
MW		 524 KEY_RSA, MODP_NONE,
525 HASH_SHA1, PRF_HMAC_SHA1,
6e413d9c
MW		 526 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
527 },
528 { TLS_RSA_WITH_AES_128_CBC_SHA256,
4cdade5a
MW		 529 KEY_RSA, MODP_NONE,
530 HASH_SHA256, PRF_HMAC_SHA2_256,
6e413d9c 531 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
84543e6e
MW		 532 },
533 { TLS_RSA_WITH_AES_256_CBC_SHA,
4cdade5a
MW		 534 KEY_RSA, MODP_NONE,
535 HASH_SHA1, PRF_HMAC_SHA1,
6e413d9c 536 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
84543e6e 537 },
6e413d9c 538 { TLS_RSA_WITH_AES_256_CBC_SHA256,
4cdade5a
MW		 539 KEY_RSA, MODP_NONE,
540 HASH_SHA256, PRF_HMAC_SHA2_256,
6e413d9c 541 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32
84543e6e 542 },
6e413d9c 543 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
4cdade5a
MW		 544 KEY_RSA, MODP_NONE,
545 HASH_SHA1, PRF_HMAC_SHA1,
6e413d9c
MW		 546 AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16
547 },
548 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
4cdade5a
MW		 549 KEY_RSA, MODP_NONE,
550 HASH_SHA256, PRF_HMAC_SHA2_256,
6e413d9c
MW		 551 AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16
552 },
553 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
4cdade5a
MW		 554 KEY_RSA, MODP_NONE,
555 HASH_SHA1, PRF_HMAC_SHA1,
6e413d9c
MW		 556 AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32
557 },
558 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
4cdade5a
MW		 559 KEY_RSA, MODP_NONE,
560 HASH_SHA256, PRF_HMAC_SHA2_256,
6e413d9c 561 AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32
84543e6e 562 },
2066918d
MW		 563 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
564 KEY_ECDSA, ECP_256_BIT,
565 HASH_SHA1, PRF_HMAC_SHA1,
566 AUTH_HMAC_SHA1_160, ENCR_3DES, 0
567 },
568 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
a03eebdf 569 KEY_RSA, ECP_256_BIT,
2066918d
MW		 570 HASH_SHA1, PRF_HMAC_SHA1,
571 AUTH_HMAC_SHA1_160, ENCR_3DES, 0
572 },
2bf0e74c 573 { TLS_RSA_WITH_3DES_EDE_CBC_SHA,
4cdade5a
MW		 574 KEY_RSA, MODP_NONE,
575 HASH_SHA1, PRF_HMAC_SHA1,
2bf0e74c
MW		 576 AUTH_HMAC_SHA1_160, ENCR_3DES, 0
577 },
2066918d
MW		 578 { TLS_ECDHE_ECDSA_WITH_NULL_SHA,
579 KEY_ECDSA, ECP_256_BIT,
580 HASH_SHA1, PRF_HMAC_SHA1,
581 AUTH_HMAC_SHA1_160, ENCR_NULL, 0
582 },
583 { TLS_ECDHE_RSA_WITH_NULL_SHA,
584 KEY_ECDSA, ECP_256_BIT,
585 HASH_SHA1, PRF_HMAC_SHA1,
586 AUTH_HMAC_SHA1_160, ENCR_NULL, 0
587 },
2bf0e74c 588 { TLS_RSA_WITH_NULL_SHA,
4cdade5a
MW		 589 KEY_RSA, MODP_NONE,
590 HASH_SHA1, PRF_HMAC_SHA1,
2bf0e74c
MW		 591 AUTH_HMAC_SHA1_160, ENCR_NULL, 0
592 },
593 { TLS_RSA_WITH_NULL_SHA256,
4cdade5a
MW		 594 KEY_RSA, MODP_NONE,
595 HASH_SHA256, PRF_HMAC_SHA2_256,
2bf0e74c
MW		 596 AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0
597 },
598 { TLS_RSA_WITH_NULL_MD5,
4cdade5a
MW		 599 KEY_RSA, MODP_NONE,
600 HASH_MD5, PRF_HMAC_MD5,
2bf0e74c
MW		 601 AUTH_HMAC_MD5_128, ENCR_NULL, 0
602 },
84543e6e
MW		 603};
604
605/**
606 * Look up algoritms by a suite
607 */
608static suite_algs_t *find_suite(tls_cipher_suite_t suite)
609{
610 int i;
611
612 for (i = 0; i < countof(suite_algs); i++)
613 {
614 if (suite_algs[i].suite == suite)
615 {
616 return &suite_algs[i];
617 }
618 }
619 return NULL;
620}
621
18010de2 622/**
a2bfc45b 623 * Filter a suite list using a transform enumerator
18010de2 624 */
a2bfc45b
MW		 625static void filter_suite(private_tls_crypto_t *this,
626 suite_algs_t suites[], int *count, int offset,
627 enumerator_t*(*create_enumerator)(crypto_factory_t*))
536dbc00 628{
a2bfc45b
MW		 629 suite_algs_t current;
630 int i, remaining = 0;
631 enumerator_t *enumerator;
536dbc00 632
a2bfc45b
MW		 633 memset(&current, 0, sizeof(current));
634 for (i = 0; i < *count; i++)
536dbc00 635 {
a2bfc45b
MW		 636 enumerator = create_enumerator(lib->crypto);
637 while (enumerator->enumerate(enumerator, ((char*)&current) + offset))
536dbc00 638 {
a2bfc45b
MW		 639 if ((suites[i].encr == ENCR_NULL ||
640 !current.encr || current.encr == suites[i].encr) &&
641 (!current.mac || current.mac == suites[i].mac) &&
642 (!current.prf || current.prf == suites[i].prf) &&
4e68c1cf
MW		 643 (!current.hash || current.hash == suites[i].hash) &&
644 (suites[i].dh == MODP_NONE ||
645 !current.dh || current.dh == suites[i].dh))
536dbc00 646 {
a2bfc45b
MW		 647 suites[remaining] = suites[i];
648 remaining++;
649 break;
536dbc00
MW		 650 }
651 }
a2bfc45b 652 enumerator->destroy(enumerator);
536dbc00 653 }
a2bfc45b
MW		 654 *count = remaining;
655}
656
96b2fbcc
MW		 657/**
658 * Purge NULL encryption cipher suites from list
659 */
660static void filter_null_suites(private_tls_crypto_t *this,
661 suite_algs_t suites[], int *count)
662{
663 int i, remaining = 0;
664
665 for (i = 0; i < *count; i++)
666 {
667 if (suites[i].encr != ENCR_NULL)
668 {
669 suites[remaining] = suites[i];
670 remaining++;
671 }
672 }
673 *count = remaining;
674}
675
4254257f
MW		 676/**
677 * Purge suites using a given key type
678 */
679static void filter_key_suites(private_tls_crypto_t *this,
680 suite_algs_t suites[], int *count, key_type_t key)
681{
682 int i, remaining = 0;
683
684 DBG2(DBG_TLS, "disabling %N suites, no backend found", key_type_names, key);
685 for (i = 0; i < *count; i++)
686 {
687 if (suites[i].key != key)
688 {
689 suites[remaining] = suites[i];
690 remaining++;
691 }
692 }
693 *count = remaining;
694}
695
24a5b935
MW		 696/**
697 * Filter suites by key exchange user config
698 */
699static void filter_key_exchange_config_suites(private_tls_crypto_t *this,
700 suite_algs_t suites[], int *count)
701{
702 enumerator_t *enumerator;
703 int i, remaining = 0;
704 char *token, *config;
705
706 config = lib->settings->get_str(lib->settings, "libtls.key_exchange", NULL);
707 if (config)
708 {
709 for (i = 0; i < *count; i++)
710 {
711 enumerator = enumerator_create_token(config, ",", " ");
712 while (enumerator->enumerate(enumerator, &token))
713 {
714 if (strcaseeq(token, "ecdhe-ecdsa") &&
715 diffie_hellman_group_is_ec(suites[i].dh) &&
716 suites[i].key == KEY_ECDSA)
717 {
718 suites[remaining++] = suites[i];
719 break;
720 }
721 if (strcaseeq(token, "ecdhe-rsa") &&
722 diffie_hellman_group_is_ec(suites[i].dh) &&
723 suites[i].key == KEY_RSA)
724 {
725 suites[remaining++] = suites[i];
726 break;
727 }
728 if (strcaseeq(token, "dhe-rsa") &&
729 !diffie_hellman_group_is_ec(suites[i].dh) &&
730 suites[i].dh != MODP_NONE &&
731 suites[i].key == KEY_RSA)
732 {
733 suites[remaining++] = suites[i];
734 break;
735 }
736 if (strcaseeq(token, "rsa") &&
737 suites[i].dh == MODP_NONE &&
738 suites[i].key == KEY_RSA)
739 {
740 suites[remaining++] = suites[i];
741 break;
742 }
743 }
744 enumerator->destroy(enumerator);
745 }
746 *count = remaining;
747 }
748}
749
750/**
751 * Filter suites by cipher user config
752 */
753static void filter_cipher_config_suites(private_tls_crypto_t *this,
754 suite_algs_t suites[], int *count)
755{
756 enumerator_t *enumerator;
757 int i, remaining = 0;
758 char *token, *config;
759
760 config = lib->settings->get_str(lib->settings, "libtls.cipher", NULL);
761 if (config)
762 {
763 for (i = 0; i < *count; i++)
764 {
765 enumerator = enumerator_create_token(config, ",", " ");
766 while (enumerator->enumerate(enumerator, &token))
767 {
768 if (strcaseeq(token, "aes128") &&
769 suites[i].encr == ENCR_AES_CBC &&
770 suites[i].encr_size == 16)
771 {
772 suites[remaining++] = suites[i];
773 break;
774 }
775 if (strcaseeq(token, "aes256") &&
776 suites[i].encr == ENCR_AES_CBC &&
777 suites[i].encr_size == 32)
778 {
779 suites[remaining++] = suites[i];
780 break;
781 }
782 if (strcaseeq(token, "camellia128") &&
783 suites[i].encr == ENCR_CAMELLIA_CBC &&
784 suites[i].encr_size == 16)
785 {
786 suites[remaining++] = suites[i];
787 break;
788 }
789 if (strcaseeq(token, "camellia256") &&
790 suites[i].encr == ENCR_CAMELLIA_CBC &&
791 suites[i].encr_size == 32)
792 {
793 suites[remaining++] = suites[i];
794 break;
795 }
796 if (strcaseeq(token, "3des") &&
797 suites[i].encr == ENCR_3DES)
798 {
799 suites[remaining++] = suites[i];
800 break;
801 }
802 if (strcaseeq(token, "null") &&
803 suites[i].encr == ENCR_NULL)
804 {
805 suites[remaining++] = suites[i];
806 break;
807 }
808 }
809 enumerator->destroy(enumerator);
810 }
811 *count = remaining;
812 }
813}
814
815/**
816 * Filter suites by mac user config
817 */
818static void filter_mac_config_suites(private_tls_crypto_t *this,
819 suite_algs_t suites[], int *count)
820{
821 enumerator_t *enumerator;
822 int i, remaining = 0;
823 char *token, *config;
824
825 config = lib->settings->get_str(lib->settings, "libtls.mac", NULL);
826 if (config)
827 {
828 for (i = 0; i < *count; i++)
829 {
830 enumerator = enumerator_create_token(config, ",", " ");
831 while (enumerator->enumerate(enumerator, &token))
832 {
833 if (strcaseeq(token, "md5") &&
834 suites[i].hash == HASH_MD5)
835 {
836 suites[remaining++] = suites[i];
837 break;
838 }
839 if (strcaseeq(token, "sha1") &&
840 suites[i].hash == HASH_SHA1)
841 {
842 suites[remaining++] = suites[i];
843 break;
844 }
845 if (strcaseeq(token, "sha256") &&
846 suites[i].hash == HASH_SHA256)
847 {
848 suites[remaining++] = suites[i];
849 break;
850 }
851 if (strcaseeq(token, "sha384") &&
852 suites[i].hash == HASH_SHA384)
853 {
854 suites[remaining++] = suites[i];
855 break;
856 }
857 }
858 enumerator->destroy(enumerator);
859 }
860 *count = remaining;
861 }
862}
863
adb913ad
MW		 864/**
865 * Filter for specific suites specified in strongswan.conf
866 */
867static void filter_specific_config_suites(private_tls_crypto_t *this,
868 suite_algs_t suites[], int *count)
869{
870 enumerator_t *enumerator;
871 int i, remaining = 0, suite;
872 char *token, *config;
873
874 config = lib->settings->get_str(lib->settings, "libtls.suites", NULL);
875 if (config)
876 {
877 for (i = 0; i < *count; i++)
878 {
879 enumerator = enumerator_create_token(config, ",", " ");
880 while (enumerator->enumerate(enumerator, &token))
881 {
882 suite = enum_from_name(tls_cipher_suite_names, token);
883 if (suite == suites[i].suite)
884 {
885 suites[remaining++] = suites[i];
886 break;
887 }
888 }
889 enumerator->destroy(enumerator);
890 }
891 *count = remaining;
892 }
893}
894
a2bfc45b
MW		 895/**
896 * Initialize the cipher suite list
897 */
96b2fbcc
MW		 898static void build_cipher_suite_list(private_tls_crypto_t *this,
899 bool require_encryption)
a2bfc45b
MW		 900{
901 suite_algs_t suites[countof(suite_algs)];
902 int count = countof(suite_algs), i;
536dbc00 903
a2bfc45b 904 /* copy all suites */
536dbc00
MW		 905 for (i = 0; i < count; i++)
906 {
a2bfc45b 907 suites[i] = suite_algs[i];
18010de2 908 }
96b2fbcc
MW		 909 if (require_encryption)
910 {
911 filter_null_suites(this, suites, &count);
912 }
4254257f
MW		 913 if (!this->rsa)
914 {
915 filter_key_suites(this, suites, &count, KEY_RSA);
916 }
917 if (!this->ecdsa)
918 {
919 filter_key_suites(this, suites, &count, KEY_ECDSA);
920 }
921
a2bfc45b
MW		 922 /* filter suite list by each algorithm */
923 filter_suite(this, suites, &count, offsetof(suite_algs_t, encr),
924 lib->crypto->create_crypter_enumerator);
925 filter_suite(this, suites, &count, offsetof(suite_algs_t, mac),
926 lib->crypto->create_signer_enumerator);
927 filter_suite(this, suites, &count, offsetof(suite_algs_t, prf),
928 lib->crypto->create_prf_enumerator);
929 filter_suite(this, suites, &count, offsetof(suite_algs_t, hash),
930 lib->crypto->create_hasher_enumerator);
4e68c1cf
MW		 931 filter_suite(this, suites, &count, offsetof(suite_algs_t, dh),
932 lib->crypto->create_dh_enumerator);
a2bfc45b 933
24a5b935
MW		 934 /* filter suites with strongswan.conf options */
935 filter_key_exchange_config_suites(this, suites, &count);
936 filter_cipher_config_suites(this, suites, &count);
937 filter_mac_config_suites(this, suites, &count);
adb913ad 938 filter_specific_config_suites(this, suites, &count);
24a5b935 939
56a1167b
AS		 940 free(this->suites);
941 this->suite_count = count;
942 this->suites = malloc(sizeof(tls_cipher_suite_t) * count);
943
3c19b346 944 DBG2(DBG_TLS, "%d supported TLS cipher suites:", count);
a2bfc45b
MW		 945 for (i = 0; i < count; i++)
946 {
3c19b346 947 DBG2(DBG_TLS, " %N", tls_cipher_suite_names, suites[i].suite);
56a1167b 948 this->suites[i] = suites[i].suite;
a2bfc45b 949 }
18010de2
MW		 950}
951
952METHOD(tls_crypto_t, get_cipher_suites, int,
953 private_tls_crypto_t *this, tls_cipher_suite_t **suites)
954{
955 *suites = this->suites;
956 return this->suite_count;
957}
958
84543e6e
MW		 959/**
960 * Create crypto primitives
961 */
4cdade5a 962static bool create_ciphers(private_tls_crypto_t *this, suite_algs_t *algs)
84543e6e 963{
84543e6e
MW		 964 DESTROY_IF(this->prf);
965 if (this->tls->get_version(this->tls) < TLS_1_2)
966 {
967 this->prf = tls_prf_create_10();
968 }
969 else
970 {
971 this->prf = tls_prf_create_12(algs->prf);
972 }
973 if (!this->prf)
974 {
3c19b346 975 DBG1(DBG_TLS, "selected TLS PRF not supported");
84543e6e
MW		 976 return FALSE;
977 }
978
979 DESTROY_IF(this->signer_in);
980 DESTROY_IF(this->signer_out);
981 this->signer_in = lib->crypto->create_signer(lib->crypto, algs->mac);
982 this->signer_out = lib->crypto->create_signer(lib->crypto, algs->mac);
983 if (!this->signer_in || !this->signer_out)
984 {
3c19b346 985 DBG1(DBG_TLS, "selected TLS MAC %N not supported",
84543e6e
MW		 986 integrity_algorithm_names, algs->mac);
987 return FALSE;
988 }
989
990 DESTROY_IF(this->crypter_in);
991 DESTROY_IF(this->crypter_out);
992 if (algs->encr == ENCR_NULL)
993 {
994 this->crypter_in = this->crypter_out = NULL;
995 }
996 else
997 {
998 this->crypter_in = lib->crypto->create_crypter(lib->crypto,
999 algs->encr, algs->encr_size);
1000 this->crypter_out = lib->crypto->create_crypter(lib->crypto,
1001 algs->encr, algs->encr_size);
1002 if (!this->crypter_in || !this->crypter_out)
1003 {
3c19b346 1004 DBG1(DBG_TLS, "selected TLS crypter %N not supported",
84543e6e
MW		 1005 encryption_algorithm_names, algs->encr);
1006 return FALSE;
1007 }
1008 }
1009 return TRUE;
1010}
1011
18010de2 1012METHOD(tls_crypto_t, select_cipher_suite, tls_cipher_suite_t,
4cdade5a
MW		 1013 private_tls_crypto_t *this, tls_cipher_suite_t *suites, int count,
1014 key_type_t key)
18010de2 1015{
4cdade5a 1016 suite_algs_t *algs;
18010de2
MW		 1017 int i, j;
1018
1019 for (i = 0; i < this->suite_count; i++)
1020 {
1021 for (j = 0; j < count; j++)
1022 {
1023 if (this->suites[i] == suites[j])
1024 {
4cdade5a
MW		 1025 algs = find_suite(this->suites[i]);
1026 if (algs)
84543e6e 1027 {
4cdade5a
MW		 1028 if (key == KEY_ANY || key == algs->key)
1029 {
1030 if (create_ciphers(this, algs))
1031 {
1032 this->suite = this->suites[i];
1033 return this->suite;
1034 }
1035 }
84543e6e 1036 }
18010de2
MW		 1037 }
1038 }
1039 }
1040 return 0;
1041}
1042
35d9c15d
MW		 1043METHOD(tls_crypto_t, get_dh_group, diffie_hellman_group_t,
1044 private_tls_crypto_t *this)
1045{
1046 suite_algs_t *algs;
1047
1048 algs = find_suite(this->suite);
1049 if (algs)
1050 {
1051 return algs->dh;
1052 }
1053 return MODP_NONE;
1054}
1055
d29a82a9
MW		 1056METHOD(tls_crypto_t, get_signature_algorithms, void,
1057 private_tls_crypto_t *this, tls_writer_t *writer)
1058{
1059 tls_writer_t *supported;
1060 enumerator_t *enumerator;
1061 hash_algorithm_t alg;
1062 tls_hash_algorithm_t hash;
1063
1064 supported = tls_writer_create(32);
1065 enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
1066 while (enumerator->enumerate(enumerator, &alg))
1067 {
1068 switch (alg)
1069 {
1070 case HASH_MD5:
1071 hash = TLS_HASH_MD5;
1072 break;
1073 case HASH_SHA1:
1074 hash = TLS_HASH_SHA1;
1075 break;
1076 case HASH_SHA224:
1077 hash = TLS_HASH_SHA224;
1078 break;
1079 case HASH_SHA256:
1080 hash = TLS_HASH_SHA256;
1081 break;
1082 case HASH_SHA384:
1083 hash = TLS_HASH_SHA384;
1084 break;
1085 case HASH_SHA512:
1086 hash = TLS_HASH_SHA512;
1087 break;
1088 default:
1089 continue;
1090 }
4254257f 1091 if (this->rsa)
d29a82a9 1092 {
4254257f
MW		 1093 supported->write_uint8(supported, hash);
1094 supported->write_uint8(supported, TLS_SIG_RSA);
1095 }
1096 if (this->ecdsa && alg != HASH_MD5 && alg != HASH_SHA224)
1097 { /* currently we have no signature scheme for MD5/SHA224 */
d29a82a9
MW		 1098 supported->write_uint8(supported, hash);
1099 supported->write_uint8(supported, TLS_SIG_ECDSA);
1100 }
1101 }
1102 enumerator->destroy(enumerator);
1103
1104 writer->write_data16(writer, supported->get_buf(supported));
1105 supported->destroy(supported);
1106}
1107
3f7bb88b
MW		 1108/**
1109 * Mapping groups to TLS named curves
1110 */
1111static struct {
1112 diffie_hellman_group_t group;
1113 tls_named_curve_t curve;
1114} curves[] = {
1115 { ECP_256_BIT, TLS_SECP256R1},
1116 { ECP_384_BIT, TLS_SECP384R1},
1117 { ECP_521_BIT, TLS_SECP521R1},
1118 { ECP_224_BIT, TLS_SECP224R1},
1119 { ECP_192_BIT, TLS_SECP192R1},
1120};
1121
1122/**
1123 * Filter EC groups, add TLS curve
1124 */
1125static bool group_filter(void *null,
1126 diffie_hellman_group_t *in, diffie_hellman_group_t *out,
1127 void* dummy1, tls_named_curve_t *curve)
1128{
1129 int i;
1130
1131 for (i = 0; i < countof(curves); i++)
1132 {
1133 if (curves[i].group == *in)
1134 {
1135 if (out)
1136 {
1137 *out = curves[i].group;
1138 }
1139 if (curve)
1140 {
1141 *curve = curves[i].curve;
1142 }
1143 return TRUE;
1144 }
1145 }
1146 return FALSE;
1147}
1148
1149METHOD(tls_crypto_t, create_ec_enumerator, enumerator_t*,
1150 private_tls_crypto_t *this)
37a59a8f 1151{
3f7bb88b
MW		 1152 return enumerator_create_filter(
1153 lib->crypto->create_dh_enumerator(lib->crypto),
1154 (void*)group_filter, NULL, NULL);
37a59a8f
MW		 1155}
1156
dc9f34be
MW		 1157METHOD(tls_crypto_t, set_protection, void,
1158 private_tls_crypto_t *this, tls_protection_t *protection)
1159{
1160 this->protection = protection;
1161}
1162
84d67ead
MW		 1163METHOD(tls_crypto_t, append_handshake, void,
1164 private_tls_crypto_t *this, tls_handshake_type_t type, chunk_t data)
1165{
1166 u_int32_t header;
1167
1168 /* reconstruct handshake header */
1169 header = htonl(data.len | (type << 24));
1170 this->handshake = chunk_cat("mcc", this->handshake,
1171 chunk_from_thing(header), data);
1172}
1173
1174/**
d29a82a9 1175 * Create a hash using the suites HASH algorithm
84d67ead 1176 */
d29a82a9 1177static bool hash_data(private_tls_crypto_t *this, chunk_t data, chunk_t *hash)
84d67ead
MW		 1178{
1179 if (this->tls->get_version(this->tls) >= TLS_1_2)
1180 {
1181 hasher_t *hasher;
1182 suite_algs_t *alg;
1183
1184 alg = find_suite(this->suite);
1185 if (!alg)
1186 {
1187 return FALSE;
1188 }
1189 hasher = lib->crypto->create_hasher(lib->crypto, alg->hash);
1190 if (!hasher)
1191 {
3c19b346 1192 DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, alg->hash);
84d67ead
MW		 1193 return FALSE;
1194 }
d29a82a9 1195 hasher->allocate_hash(hasher, data, hash);
84d67ead
MW		 1196 hasher->destroy(hasher);
1197 }
1198 else
1199 {
1200 hasher_t *md5, *sha1;
1201 char buf[HASH_SIZE_MD5 + HASH_SIZE_SHA1];
1202
1203 md5 = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
1204 if (!md5)
1205 {
3c19b346 1206 DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_MD5);
84d67ead
MW		 1207 return FALSE;
1208 }
d29a82a9 1209 md5->get_hash(md5, data, buf);
84d67ead
MW		 1210 md5->destroy(md5);
1211 sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
1212 if (!sha1)
1213 {
3c19b346 1214 DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_SHA1);
84d67ead
MW		 1215 return FALSE;
1216 }
d29a82a9 1217 sha1->get_hash(sha1, data, buf + HASH_SIZE_MD5);
84d67ead
MW		 1218 sha1->destroy(sha1);
1219
1220 *hash = chunk_clone(chunk_from_thing(buf));
1221 }
1222 return TRUE;
1223}
1224
dbb7c030
MW		 1225/**
1226 * Get the signature scheme from a TLS 1.2 hash/sig algorithm pair
1227 */
1228static signature_scheme_t hashsig_to_scheme(key_type_t type,
1229 tls_hash_algorithm_t hash, tls_signature_algorithm_t sig)
84d67ead 1230{
dbb7c030
MW		 1231 switch (sig)
1232 {
1233 case TLS_SIG_RSA:
1234 if (type != KEY_RSA)
1235 {
1236 return SIGN_UNKNOWN;
1237 }
1238 switch (hash)
1239 {
1240 case TLS_HASH_MD5:
1241 return SIGN_RSA_EMSA_PKCS1_MD5;
1242 case TLS_HASH_SHA1:
1243 return SIGN_RSA_EMSA_PKCS1_SHA1;
1244 case TLS_HASH_SHA224:
1245 return SIGN_RSA_EMSA_PKCS1_SHA224;
1246 case TLS_HASH_SHA256:
1247 return SIGN_RSA_EMSA_PKCS1_SHA256;
1248 case TLS_HASH_SHA384:
1249 return SIGN_RSA_EMSA_PKCS1_SHA384;
1250 case TLS_HASH_SHA512:
1251 return SIGN_RSA_EMSA_PKCS1_SHA512;
1252 default:
1253 return SIGN_UNKNOWN;
1254 }
1255 case TLS_SIG_ECDSA:
1256 if (type != KEY_ECDSA)
1257 {
1258 return SIGN_UNKNOWN;
1259 }
1260 switch (hash)
1261 {
1262 case TLS_HASH_SHA224:
1263 return SIGN_ECDSA_WITH_SHA1_DER;
1264 case TLS_HASH_SHA256:
1265 return SIGN_ECDSA_WITH_SHA256_DER;
1266 case TLS_HASH_SHA384:
1267 return SIGN_ECDSA_WITH_SHA384_DER;
1268 case TLS_HASH_SHA512:
1269 return SIGN_ECDSA_WITH_SHA512_DER;
1270 default:
1271 return SIGN_UNKNOWN;
1272 }
1273 default:
1274 return SIGN_UNKNOWN;
1275 }
1276}
400df4ca 1277
d29a82a9 1278METHOD(tls_crypto_t, sign, bool,
dbb7c030 1279 private_tls_crypto_t *this, private_key_t *key, tls_writer_t *writer,
d29a82a9 1280 chunk_t data, chunk_t hashsig)
dbb7c030 1281{
84d67ead
MW		 1282 if (this->tls->get_version(this->tls) >= TLS_1_2)
1283 {
dbb7c030
MW		 1284 signature_scheme_t scheme;
1285 tls_reader_t *reader;
1286 u_int8_t hash, alg;
1287 chunk_t sig;
1288 bool done = FALSE;
1289
d29a82a9
MW		 1290 if (!hashsig.len)
1291 { /* fallback if none given */
1292 hashsig = chunk_from_chars(
1293 TLS_HASH_SHA1, TLS_SIG_RSA, TLS_HASH_SHA1, TLS_SIG_ECDSA);
1294 }
dbb7c030
MW		 1295 reader = tls_reader_create(hashsig);
1296 while (reader->remaining(reader) >= 2)
400df4ca 1297 {
dbb7c030
MW		 1298 if (reader->read_uint8(reader, &hash) &&
1299 reader->read_uint8(reader, &alg))
1300 {
1301 scheme = hashsig_to_scheme(key->get_type(key), hash, alg);
1302 if (scheme != SIGN_UNKNOWN &&
d29a82a9 1303 key->sign(key, scheme, data, &sig))
dbb7c030
MW		 1304 {
1305 done = TRUE;
1306 break;
1307 }
1308 }
1309 }
1310 reader->destroy(reader);
1311 if (!done)
1312 {
1313 DBG1(DBG_TLS, "none of the proposed hash/sig algorithms supported");
400df4ca
MW		 1314 return FALSE;
1315 }
d29a82a9 1316 DBG2(DBG_TLS, "created signature with %N/%N",
dbb7c030
MW		 1317 tls_hash_algorithm_names, hash, tls_signature_algorithm_names, alg);
1318 writer->write_uint8(writer, hash);
1319 writer->write_uint8(writer, alg);
400df4ca
MW		 1320 writer->write_data16(writer, sig);
1321 free(sig.ptr);
1322 }
1323 else
1324 {
dbb7c030 1325 chunk_t sig, hash;
d29a82a9 1326 bool done;
dbb7c030
MW		 1327
1328 switch (key->get_type(key))
400df4ca 1329 {
dbb7c030 1330 case KEY_RSA:
d29a82a9 1331 if (!hash_data(this, data, &hash))
dbb7c030
MW		 1332 {
1333 return FALSE;
1334 }
d29a82a9
MW		 1335 done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, &sig);
1336 free(hash.ptr);
1337 if (!done)
dbb7c030 1338 {
dbb7c030
MW		 1339 return FALSE;
1340 }
d29a82a9 1341 DBG2(DBG_TLS, "created signature with MD5+SHA1/RSA");
dbb7c030
MW		 1342 break;
1343 case KEY_ECDSA:
d29a82a9 1344 if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, data, &sig))
dbb7c030
MW		 1345 {
1346 return FALSE;
1347 }
d29a82a9 1348 DBG2(DBG_TLS, "created signature with SHA1/ECDSA");
dbb7c030
MW		 1349 break;
1350 default:
1351 return FALSE;
400df4ca
MW		 1352 }
1353 writer->write_data16(writer, sig);
400df4ca
MW		 1354 free(sig.ptr);
1355 }
1356 return TRUE;
1357}
1358
d29a82a9
MW		 1359METHOD(tls_crypto_t, verify, bool,
1360 private_tls_crypto_t *this, public_key_t *key, tls_reader_t *reader,
1361 chunk_t data)
400df4ca
MW		 1362{
1363 if (this->tls->get_version(this->tls) >= TLS_1_2)
1364 {
dbb7c030 1365 signature_scheme_t scheme = SIGN_UNKNOWN;
400df4ca
MW		 1366 u_int8_t hash, alg;
1367 chunk_t sig;
84d67ead 1368
400df4ca
MW		 1369 if (!reader->read_uint8(reader, &hash) ||
1370 !reader->read_uint8(reader, &alg) ||
1371 !reader->read_data16(reader, &sig))
1372 {
d29a82a9 1373 DBG1(DBG_TLS, "received invalid signature");
400df4ca
MW		 1374 return FALSE;
1375 }
dbb7c030
MW		 1376 scheme = hashsig_to_scheme(key->get_type(key), hash, alg);
1377 if (scheme == SIGN_UNKNOWN)
84d67ead 1378 {
d29a82a9 1379 DBG1(DBG_TLS, "signature algorithms %N/%N not supported",
dbb7c030
MW		 1380 tls_hash_algorithm_names, hash,
1381 tls_signature_algorithm_names, alg);
84d67ead
MW		 1382 return FALSE;
1383 }
d29a82a9 1384 if (!key->verify(key, scheme, data, sig))
dbb7c030
MW		 1385 {
1386 return FALSE;
1387 }
d29a82a9 1388 DBG2(DBG_TLS, "verified signature with %N/%N",
dbb7c030 1389 tls_hash_algorithm_names, hash, tls_signature_algorithm_names, alg);
84d67ead
MW		 1390 }
1391 else
1392 {
400df4ca 1393 chunk_t sig, hash;
d29a82a9 1394 bool done;
84d67ead 1395
400df4ca
MW		 1396 if (!reader->read_data16(reader, &sig))
1397 {
d29a82a9 1398 DBG1(DBG_TLS, "received invalid signature");
400df4ca
MW		 1399 return FALSE;
1400 }
dbb7c030 1401 switch (key->get_type(key))
84d67ead 1402 {
dbb7c030 1403 case KEY_RSA:
d29a82a9 1404 if (!hash_data(this, data, &hash))
dbb7c030
MW		 1405 {
1406 return FALSE;
1407 }
d29a82a9
MW		 1408 done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, sig);
1409 free(hash.ptr);
1410 if (!done)
dbb7c030 1411 {
dbb7c030
MW		 1412 return FALSE;
1413 }
d29a82a9 1414 DBG2(DBG_TLS, "verified signature data with MD5+SHA1/RSA");
dbb7c030
MW		 1415 break;
1416 case KEY_ECDSA:
d29a82a9 1417 if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, data, sig))
dbb7c030 1418 {
dbb7c030
MW		 1419 return FALSE;
1420 }
d29a82a9 1421 DBG2(DBG_TLS, "verified signature with SHA1/ECDSA");
dbb7c030
MW		 1422 break;
1423 default:
1424 return FALSE;
84d67ead 1425 }
84d67ead
MW		 1426 }
1427 return TRUE;
1428}
1429
d29a82a9
MW		 1430METHOD(tls_crypto_t, sign_handshake, bool,
1431 private_tls_crypto_t *this, private_key_t *key, tls_writer_t *writer,
1432 chunk_t hashsig)
1433{
1434 return sign(this, key, writer, this->handshake, hashsig);
1435}
1436
1437METHOD(tls_crypto_t, verify_handshake, bool,
1438 private_tls_crypto_t *this, public_key_t *key, tls_reader_t *reader)
1439{
1440 return verify(this, key, reader, this->handshake);
1441}
1442
84d67ead
MW		 1443METHOD(tls_crypto_t, calculate_finished, bool,
1444 private_tls_crypto_t *this, char *label, char out[12])
1445{
1446 chunk_t seed;
1447
1448 if (!this->prf)
1449 {
1450 return FALSE;
1451 }
d29a82a9 1452 if (!hash_data(this, this->handshake, &seed))
84d67ead
MW		 1453 {
1454 return FALSE;
1455 }
1456 this->prf->get_bytes(this->prf, label, seed, 12, out);
1457 free(seed.ptr);
1458 return TRUE;
1459}
1460
1461METHOD(tls_crypto_t, derive_secrets, void,
18010de2
MW		 1462 private_tls_crypto_t *this, chunk_t premaster,
1463 chunk_t client_random, chunk_t server_random)
1464{
84543e6e
MW		 1465 char master[48];
1466 chunk_t seed, block, client_write, server_write;
1467 int mks, eks = 0, ivs = 0;
1468
1469 /* derive master secret */
1470 seed = chunk_cata("cc", client_random, server_random);
1471 this->prf->set_key(this->prf, premaster);
1472 this->prf->get_bytes(this->prf, "master secret", seed,
1473 sizeof(master), master);
1474
1475 this->prf->set_key(this->prf, chunk_from_thing(master));
1476 memset(master, 0, sizeof(master));
1477
1478 /* derive key block for key expansion */
1479 mks = this->signer_out->get_key_size(this->signer_out);
1480 if (this->crypter_out)
18010de2 1481 {
84543e6e 1482 eks = this->crypter_out->get_key_size(this->crypter_out);
f139b578 1483 if (this->tls->get_version(this->tls) < TLS_1_1)
18010de2 1484 {
3102d866 1485 ivs = this->crypter_out->get_iv_size(this->crypter_out);
84543e6e
MW		 1486 }
1487 }
1488 seed = chunk_cata("cc", server_random, client_random);
1489 block = chunk_alloca((mks + eks + ivs) * 2);
1490 this->prf->get_bytes(this->prf, "key expansion", seed, block.len, block.ptr);
1491
1492 /* signer keys */
1493 client_write = chunk_create(block.ptr, mks);
1494 block = chunk_skip(block, mks);
1495 server_write = chunk_create(block.ptr, mks);
1496 block = chunk_skip(block, mks);
1497 if (this->tls->is_server(this->tls))
1498 {
1499 this->signer_in->set_key(this->signer_in, client_write);
1500 this->signer_out->set_key(this->signer_out, server_write);
1501 }
1502 else
1503 {
1504 this->signer_out->set_key(this->signer_out, client_write);
1505 this->signer_in->set_key(this->signer_in, server_write);
1506 }
1507
1508 /* crypter keys, and IVs if < TLSv1.2 */
1509 if (this->crypter_out && this->crypter_in)
1510 {
1511 client_write = chunk_create(block.ptr, eks);
1512 block = chunk_skip(block, eks);
1513 server_write = chunk_create(block.ptr, eks);
1514 block = chunk_skip(block, eks);
1515
1516 if (this->tls->is_server(this->tls))
1517 {
1518 this->crypter_in->set_key(this->crypter_in, client_write);
1519 this->crypter_out->set_key(this->crypter_out, server_write);
18010de2
MW		 1520 }
1521 else
1522 {
84543e6e
MW		 1523 this->crypter_out->set_key(this->crypter_out, client_write);
1524 this->crypter_in->set_key(this->crypter_in, server_write);
1525 }
1526 if (ivs)
1527 {
1528 client_write = chunk_create(block.ptr, ivs);
1529 block = chunk_skip(block, ivs);
1530 server_write = chunk_create(block.ptr, ivs);
1531 block = chunk_skip(block, ivs);
1532
1533 if (this->tls->is_server(this->tls))
18010de2 1534 {
84543e6e
MW		 1535 this->iv_in = chunk_clone(client_write);
1536 this->iv_out = chunk_clone(server_write);
1537 }
1538 else
1539 {
1540 this->iv_out = chunk_clone(client_write);
1541 this->iv_in = chunk_clone(server_write);
18010de2 1542 }
536dbc00
MW		 1543 }
1544 }
84543e6e 1545}
18010de2 1546
84543e6e
MW		 1547METHOD(tls_crypto_t, change_cipher, void,
1548 private_tls_crypto_t *this, bool inbound)
1549{
dc9f34be 1550 if (this->protection)
84543e6e 1551 {
dc9f34be
MW		 1552 if (inbound)
1553 {
1554 this->protection->set_cipher(this->protection, TRUE,
1555 this->signer_in, this->crypter_in, this->iv_in);
1556 }
1557 else
1558 {
1559 this->protection->set_cipher(this->protection, FALSE,
1560 this->signer_out, this->crypter_out, this->iv_out);
1561 }
18010de2 1562 }
536dbc00
MW		 1563}
1564
84d67ead
MW		 1565METHOD(tls_crypto_t, derive_eap_msk, void,
1566 private_tls_crypto_t *this, chunk_t client_random, chunk_t server_random)
18010de2 1567{
bda7d9d9
MW		 1568 if (this->msk_label)
1569 {
1570 chunk_t seed;
84d67ead 1571
bda7d9d9
MW		 1572 seed = chunk_cata("cc", client_random, server_random);
1573 free(this->msk.ptr);
1574 this->msk = chunk_alloc(64);
1575 this->prf->get_bytes(this->prf, this->msk_label, seed,
1576 this->msk.len, this->msk.ptr);
1577 }
18010de2 1578}
536dbc00 1579
51313a39
MW		 1580METHOD(tls_crypto_t, get_eap_msk, chunk_t,
1581 private_tls_crypto_t *this)
1582{
1583 return this->msk;
1584}
1585
536dbc00
MW		 1586METHOD(tls_crypto_t, destroy, void,
1587 private_tls_crypto_t *this)
1588{
84543e6e
MW		 1589 DESTROY_IF(this->signer_in);
1590 DESTROY_IF(this->signer_out);
1591 DESTROY_IF(this->crypter_in);
1592 DESTROY_IF(this->crypter_out);
1593 free(this->iv_in.ptr);
1594 free(this->iv_out.ptr);
84d67ead 1595 free(this->handshake.ptr);
51313a39 1596 free(this->msk.ptr);
18010de2 1597 DESTROY_IF(this->prf);
84543e6e 1598 free(this->suites);
536dbc00
MW		 1599 free(this);
1600}
1601
1602/**
1603 * See header
1604 */
96b2fbcc 1605tls_crypto_t *tls_crypto_create(tls_t *tls)
536dbc00
MW		 1606{
1607 private_tls_crypto_t *this;
4254257f
MW		 1608 enumerator_t *enumerator;
1609 credential_type_t type;
1610 int subtype;
536dbc00
MW		 1611
1612 INIT(this,
1613 .public = {
1614 .get_cipher_suites = _get_cipher_suites,
18010de2 1615 .select_cipher_suite = _select_cipher_suite,
35d9c15d 1616 .get_dh_group = _get_dh_group,
d29a82a9 1617 .get_signature_algorithms = _get_signature_algorithms,
3f7bb88b 1618 .create_ec_enumerator = _create_ec_enumerator,
dc9f34be 1619 .set_protection = _set_protection,
84d67ead 1620 .append_handshake = _append_handshake,
d29a82a9
MW		 1621 .sign = _sign,
1622 .verify = _verify,
84d67ead 1623 .sign_handshake = _sign_handshake,
400df4ca 1624 .verify_handshake = _verify_handshake,
84d67ead
MW		 1625 .calculate_finished = _calculate_finished,
1626 .derive_secrets = _derive_secrets,
84543e6e 1627 .change_cipher = _change_cipher,
84d67ead 1628 .derive_eap_msk = _derive_eap_msk,
51313a39 1629 .get_eap_msk = _get_eap_msk,
536dbc00
MW		 1630 .destroy = _destroy,
1631 },
18010de2 1632 .tls = tls,
536dbc00
MW		 1633 );
1634
4254257f
MW		 1635 enumerator = lib->creds->create_builder_enumerator(lib->creds);
1636 while (enumerator->enumerate(enumerator, &type, &subtype))
1637 {
1638 if (type == CRED_PUBLIC_KEY)
1639 {
1640 switch (subtype)
1641 {
1642 case KEY_RSA:
1643 this->rsa = TRUE;
1644 break;
1645 case KEY_ECDSA:
1646 this->ecdsa = TRUE;
1647 break;
1648 default:
1649 break;
1650 }
1651 }
1652 }
1653 enumerator->destroy(enumerator);
1654
96b2fbcc
MW		 1655 switch (tls->get_purpose(tls))
1656 {
1657 case TLS_PURPOSE_EAP_TLS:
1658 /* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */
1659 this->msk_label = "client EAP encryption";
1660 build_cipher_suite_list(this, FALSE);
1661 break;
1662 case TLS_PURPOSE_EAP_TTLS:
1663 /* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */
1664 this->msk_label = "ttls keying material";
1665 build_cipher_suite_list(this, TRUE);
1666 break;
bda7d9d9 1667 case TLS_PURPOSE_GENERIC:
bda7d9d9
MW		 1668 build_cipher_suite_list(this, TRUE);
1669 break;
99b0f633
AS		 1670 default:
1671 break;
96b2fbcc 1672 }
536dbc00
MW		 1673 return &this->public;
1674}
Unnamed repository; edit this file 'description' to name the repository.