]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libtls/tls_crypto.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers
[thirdparty/strongswan.git] / src / libtls / tls_crypto.c
CommitLineData
536dbc00
MW		 1/*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16#include "tls_crypto.h"
17
0f82a470 18#include <debug.h>
18010de2 19
4657b3a4
AS		 20ENUM_BEGIN(tls_cipher_suite_names, TLS_NULL_WITH_NULL_NULL,
21 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
22 "TLS_NULL_WITH_NULL_NULL",
23 "TLS_RSA_WITH_NULL_MD5",
24 "TLS_RSA_WITH_NULL_SHA",
25 "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
26 "TLS_RSA_WITH_RC4_128_MD5",
27 "TLS_RSA_WITH_RC4_128_SHA",
28 "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
29 "TLS_RSA_WITH_IDEA_CBC_SHA",
30 "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
31 "TLS_RSA_WITH_DES_CBC_SHA",
32 "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
33 "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
34 "TLS_DH_DSS_WITH_DES_CBC_SHA",
35 "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
36 "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
37 "TLS_DH_RSA_WITH_DES_CBC_SHA",
38 "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
39 "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
37d2d7e1 40 "TLS_DHE_DSS_WITH_DES_CBC_SHA",
4657b3a4
AS		 41 "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
42 "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
43 "TLS_DHE_RSA_WITH_DES_CBC_SHA",
44 "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
45 "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
46 "TLS_DH_anon_WITH_RC4_128_MD5",
47 "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
48 "TLS_DH_anon_WITH_DES_CBC_SHA",
49 "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA");
50ENUM_NEXT(tls_cipher_suite_names, TLS_KRB5_WITH_DES_CBC_SHA,
51 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
52 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
53 "TLS_KRB5_WITH_DES_CBC_SHA",
54 "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
55 "TLS_KRB5_WITH_RC4_128_SHA",
56 "TLS_KRB5_WITH_IDEA_CBC_SHA",
57 "TLS_KRB5_WITH_DES_CBC_MD5",
58 "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
59 "TLS_KRB5_WITH_RC4_128_MD5",
60 "TLS_KRB5_WITH_IDEA_CBC_MD5",
61 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
37d2d7e1 62 "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
4657b3a4
AS		 63 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
64 "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
65 "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
66 "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
67 "TLS_PSK_WITH_NULL_SHA",
68 "TLS_DHE_PSK_WITH_NULL_SHA",
69 "TLS_RSA_PSK_WITH_NULL_SHA",
70 "TLS_RSA_WITH_AES_128_CBC_SHA",
71 "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
72 "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
73 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
74 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
75 "TLS_DH_anon_WITH_AES_128_CBC_SHA",
76 "TLS_RSA_WITH_AES_256_CBC_SHA",
77 "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
78 "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
79 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
80 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
81 "TLS_DH_anon_WITH_AES_256_CBC_SHA",
82 "TLS_RSA_WITH_NULL_SHA256",
83 "TLS_RSA_WITH_AES_128_CBC_SHA256 ",
84 "TLS_RSA_WITH_AES_256_CBC_SHA256",
85 "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
86 "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
87 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
88 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
89 "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
90 "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
91 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
37d2d7e1 92 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
4657b3a4
AS		 93 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA");
94ENUM_NEXT(tls_cipher_suite_names, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
95 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
96 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
97 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
98 "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
99 "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
100 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
101 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
102 "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
103 "TLS_DH_anon_WITH_AES_256_CBC_SHA256");
104ENUM_NEXT(tls_cipher_suite_names, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
37d2d7e1 105 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,
4657b3a4
AS		 106 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
107 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
108 "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
109 "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
110 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
111 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
112 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
113 "TLS_PSK_WITH_RC4_128_SHA",
114 "TLS_PSK_WITH_3DES_EDE_CBC_SHA2",
115 "TLS_PSK_WITH_AES_128_CBC_SHA",
116 "TLS_PSK_WITH_AES_256_CBC_SHA",
117 "TLS_DHE_PSK_WITH_RC4_128_SHA",
118 "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
119 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
120 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA2",
121 "TLS_RSA_PSK_WITH_RC4_128_SHA",
122 "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
123 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
124 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
125 "TLS_RSA_WITH_SEED_CBC_SHA",
126 "TLS_DH_DSS_WITH_SEED_CBC_SHA",
127 "TLS_DH_RSA_WITH_SEED_CBC_SHA",
128 "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
129 "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
130 "TLS_DH_anon_WITH_SEED_CBC_SHA",
131 "TLS_RSA_WITH_AES_128_GCM_SHA256",
132 "TLS_RSA_WITH_AES_256_GCM_SHA384",
133 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
134 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
135 "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
136 "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
137 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
138 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
139 "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
140 "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
141 "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
142 "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
143 "TLS_PSK_WITH_AES_128_GCM_SHA256",
144 "TLS_PSK_WITH_AES_256_GCM_SHA384",
145 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
146 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
147 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
148 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
149 "TLS_PSK_WITH_AES_128_CBC_SHA256",
150 "TLS_PSK_WITH_AES_256_CBC_SHA384",
151 "TLS_PSK_WITH_NULL_SHA256",
152 "TLS_PSK_WITH_NULL_SHA384",
153 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
154 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
155 "TLS_DHE_PSK_WITH_NULL_SHA256",
156 "TLS_DHE_PSK_WITH_NULL_SHA384",
157 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
158 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
159 "TLS_RSA_PSK_WITH_NULL_SHA256",
160 "TLS_RSA_PSK_WITH_NULL_SHA384",
161 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
162 "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
163 "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
164 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
165 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
166 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
167 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
168 "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
169 "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
170 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
171 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
172 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256");
173ENUM_NEXT(tls_cipher_suite_names, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
37d2d7e1 174 TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
4657b3a4
AS		 175 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,
176 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV");
177ENUM_NEXT(tls_cipher_suite_names, TLS_ECDH_ECDSA_WITH_NULL_SHA,
37d2d7e1 178 TLS_ECDHE_PSK_WITH_NULL_SHA384,
4657b3a4
AS		 179 TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
180 "TLS_ECDH_ECDSA_WITH_NULL_SHA",
181 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
182 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
183 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
184 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
185 "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
186 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
187 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
188 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
189 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
190 "TLS_ECDH_RSA_WITH_NULL_SHA",
191 "TLS_ECDH_RSA_WITH_RC4_128_SHA",
192 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
193 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
194 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
195 "TLS_ECDHE_RSA_WITH_NULL_SHA",
196 "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
197 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
198 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
199 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
200 "TLS_ECDH_anon_WITH_NULL_SHA",
201 "TLS_ECDH_anon_WITH_RC4_128_SHA",
202 "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
203 "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
204 "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
205 "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
206 "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
207 "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
208 "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
209 "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
210 "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
211 "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
212 "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
213 "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
214 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
215 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
216 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
217 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
218 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
219 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
220 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
221 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
222 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
223 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
224 "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
225 "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
226 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
227 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
228 "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
229 "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
230 "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
231 "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
232 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
233 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
234 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
235 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
236 "TLS_ECDHE_PSK_WITH_NULL_SHA",
237 "TLS_ECDHE_PSK_WITH_NULL_SHA256",
238 "TLS_ECDHE_PSK_WITH_NULL_SHA384");
239ENUM_END(tls_cipher_suite_names, TLS_ECDHE_PSK_WITH_NULL_SHA384);
240
9dd2ca92
MW		 241ENUM(tls_hash_algorithm_names, TLS_HASH_NONE, TLS_HASH_SHA512,
242 "NONE",
243 "MD5",
244 "SHA1",
245 "SHA224",
246 "SHA256",
247 "SHA384",
248 "SHA512",
249);
250
251ENUM(tls_signature_algorithm_names, TLS_SIG_RSA, TLS_SIG_ECDSA,
252 "RSA",
253 "DSA",
254 "ECDSA",
255);
256
99dcaea9
MW		 257ENUM_BEGIN(tls_client_certificate_type_names,
258 TLS_RSA_SIGN, TLS_DSS_EPHEMERAL_DH,
259 "RSA_SIGN",
260 "DSA_SIGN",
261 "RSA_FIXED_DH",
262 "DSS_FIXED_DH",
263 "RSA_EPHEMERAL_DH",
264 "DSS_EPHEMERAL_DH");
265ENUM_NEXT(tls_client_certificate_type_names,
266 TLS_FORTEZZA_DMS, TLS_FORTEZZA_DMS, TLS_DSS_EPHEMERAL_DH,
267 "FORTEZZA_DMS");
268ENUM_NEXT(tls_client_certificate_type_names,
269 TLS_ECDSA_SIGN, TLS_ECDSA_FIXED_ECDH, TLS_FORTEZZA_DMS,
270 "ECDSA_SIGN",
271 "RSA_FIXED_ECDH",
272 "ECDSA_FIXED_ECDH");
273ENUM_END(tls_client_certificate_type_names, TLS_ECDSA_FIXED_ECDH);
274
691ca54d
MW		 275ENUM(tls_ecc_curve_type_names, TLS_ECC_EXPLICIT_PRIME, TLS_ECC_NAMED_CURVE,
276 "EXPLICIT_PRIME",
277 "EXPLICIT_CHAR2",
278 "NAMED_CURVE",
279);
280
281ENUM(tls_named_curve_names, TLS_SECT163K1, TLS_SECP521R1,
282 "SECT163K1",
283 "SECT163R1",
284 "SECT163R2",
285 "SECT193R1",
286 "SECT193R2",
287 "SECT233K1",
288 "SECT233R1",
289 "SECT239K1",
290 "SECT283K1",
291 "SECT283R1",
292 "SECT409K1",
293 "SECT409R1",
294 "SECT571K1",
295 "SECT571R1",
296 "SECP160K1",
297 "SECP160R1",
298 "SECP160R2",
299 "SECP192K1",
300 "SECP192R1",
301 "SECP224K1",
302 "SECP224R1",
303 "SECP256K1",
304 "SECP256R1",
305 "SECP384R1",
306 "SECP521R1",
307);
308
ec7d4e70 309ENUM(tls_ansi_point_format_names, TLS_ANSI_COMPRESSED, TLS_ANSI_HYBRID_Y,
e6cce7ff
MW		 310 "compressed",
311 "compressed y",
312 "uncompressed",
313 "uncompressed y",
314 "hybrid",
315 "hybrid y",
316);
99dcaea9 317
536dbc00
MW		 318typedef struct private_tls_crypto_t private_tls_crypto_t;
319
320/**
321 * Private data of an tls_crypto_t object.
322 */
323struct private_tls_crypto_t {
324
325 /**
326 * Public tls_crypto_t interface.
327 */
328 tls_crypto_t public;
18010de2 329
dc9f34be
MW		 330 /**
331 * Protection layer
332 */
333 tls_protection_t *protection;
334
18010de2
MW		 335 /**
336 * List of supported/acceptable cipher suites
337 */
338 tls_cipher_suite_t *suites;
339
340 /**
341 * Number of supported suites
342 */
343 int suite_count;
344
345 /**
346 * Selected cipher suite
347 */
348 tls_cipher_suite_t suite;
349
4254257f
MW		 350 /**
351 * RSA supported?
352 */
353 bool rsa;
354
355 /**
356 * ECDSA supported?
357 */
358 bool ecdsa;
359
18010de2
MW		 360 /**
361 * TLS context
362 */
363 tls_t *tls;
364
84d67ead
MW		 365 /**
366 * All handshake data concatentated
367 */
368 chunk_t handshake;
369
18010de2
MW		 370 /**
371 * Connection state TLS PRF
372 */
373 tls_prf_t *prf;
84543e6e
MW		 374
375 /**
376 * Signer instance for inbound traffic
377 */
378 signer_t *signer_in;
379
380 /**
381 * Signer instance for outbound traffic
382 */
383 signer_t *signer_out;
384
385 /**
386 * Crypter instance for inbound traffic
387 */
388 crypter_t *crypter_in;
389
390 /**
391 * Crypter instance for outbound traffic
392 */
393 crypter_t *crypter_out;
394
395 /**
396 * IV for input decryption, if < TLSv1.2
397 */
398 chunk_t iv_in;
399
400 /**
401 * IV for output decryption, if < TLSv1.2
402 */
403 chunk_t iv_out;
51313a39
MW		 404
405 /**
a6444fcd 406 * EAP-[T]TLS MSK
51313a39
MW		 407 */
408 chunk_t msk;
a6444fcd
AS		 409
410 /**
411 * ASCII string constant used as seed for EAP-[T]TLS MSK PRF
412 */
413 char *msk_label;
536dbc00
MW		 414};
415
84543e6e
MW		 416typedef struct {
417 tls_cipher_suite_t suite;
4cdade5a
MW		 418 key_type_t key;
419 diffie_hellman_group_t dh;
84543e6e
MW		 420 hash_algorithm_t hash;
421 pseudo_random_function_t prf;
422 integrity_algorithm_t mac;
423 encryption_algorithm_t encr;
424 size_t encr_size;
425} suite_algs_t;
426
427/**
428 * Mapping suites to a set of algorithms
429 */
430static suite_algs_t suite_algs[] = {
2066918d
MW		 431 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
432 KEY_ECDSA, ECP_256_BIT,
433 HASH_SHA1, PRF_HMAC_SHA1,
434 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
435 },
436 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
437 KEY_ECDSA, ECP_256_BIT,
438 HASH_SHA256, PRF_HMAC_SHA2_256,
439 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
440 },
441 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
442 KEY_ECDSA, ECP_384_BIT,
443 HASH_SHA1, PRF_HMAC_SHA1,
444 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
445 },
446 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
447 KEY_ECDSA, ECP_384_BIT,
448 HASH_SHA384, PRF_HMAC_SHA2_384,
449 AUTH_HMAC_SHA2_384_384, ENCR_AES_CBC, 32
450 },
451 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
f9c0cf86 452 KEY_RSA, ECP_256_BIT,
2066918d
MW		 453 HASH_SHA1, PRF_HMAC_SHA1,
454 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
455 },
456 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
f9c0cf86 457 KEY_RSA, ECP_256_BIT,
2066918d
MW		 458 HASH_SHA256, PRF_HMAC_SHA2_256,
459 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
460 },
461 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
f9c0cf86 462 KEY_RSA, ECP_384_BIT,
2066918d
MW		 463 HASH_SHA1, PRF_HMAC_SHA1,
464 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
465 },
466 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
f9c0cf86 467 KEY_RSA, ECP_384_BIT,
2066918d
MW		 468 HASH_SHA384, PRF_HMAC_SHA2_384,
469 AUTH_HMAC_SHA2_384_384, ENCR_AES_CBC, 32
470 },
ef0a8e58 471 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
4cdade5a
MW		 472 KEY_RSA, MODP_2048_BIT,
473 HASH_SHA1, PRF_HMAC_SHA1,
ef0a8e58
MW		 474 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
475 },
476 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
4cdade5a
MW		 477 KEY_RSA, MODP_3072_BIT,
478 HASH_SHA256, PRF_HMAC_SHA2_256,
ef0a8e58
MW		 479 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
480 },
481 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
4cdade5a
MW		 482 KEY_RSA, MODP_3072_BIT,
483 HASH_SHA1, PRF_HMAC_SHA1,
ef0a8e58
MW		 484 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
485 },
486 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
4cdade5a
MW		 487 KEY_RSA, MODP_4096_BIT,
488 HASH_SHA256, PRF_HMAC_SHA2_256,
ef0a8e58
MW		 489 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32
490 },
491 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
4cdade5a
MW		 492 KEY_RSA, MODP_2048_BIT,
493 HASH_SHA1, PRF_HMAC_SHA1,
ef0a8e58
MW		 494 AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16
495 },
496 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
4cdade5a
MW		 497 KEY_RSA, MODP_3072_BIT,
498 HASH_SHA256, PRF_HMAC_SHA2_256,
ef0a8e58
MW		 499 AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16
500 },
501 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
4cdade5a
MW		 502 KEY_RSA, MODP_3072_BIT,
503 HASH_SHA1, PRF_HMAC_SHA1,
ef0a8e58
MW		 504 AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32
505 },
506 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
4cdade5a
MW		 507 KEY_RSA, MODP_4096_BIT,
508 HASH_SHA256, PRF_HMAC_SHA2_256,
ef0a8e58
MW		 509 AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32
510 },
511 { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
4cdade5a
MW		 512 KEY_RSA, MODP_2048_BIT,
513 HASH_SHA1, PRF_HMAC_SHA1,
ef0a8e58
MW		 514 AUTH_HMAC_SHA1_160, ENCR_3DES, 0
515 },
84543e6e 516 { TLS_RSA_WITH_AES_128_CBC_SHA,
4cdade5a
MW		 517 KEY_RSA, MODP_NONE,
518 HASH_SHA1, PRF_HMAC_SHA1,
6e413d9c
MW		 519 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
520 },
521 { TLS_RSA_WITH_AES_128_CBC_SHA256,
4cdade5a
MW		 522 KEY_RSA, MODP_NONE,
523 HASH_SHA256, PRF_HMAC_SHA2_256,
6e413d9c 524 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
84543e6e
MW		 525 },
526 { TLS_RSA_WITH_AES_256_CBC_SHA,
4cdade5a
MW		 527 KEY_RSA, MODP_NONE,
528 HASH_SHA1, PRF_HMAC_SHA1,
6e413d9c 529 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
84543e6e 530 },
6e413d9c 531 { TLS_RSA_WITH_AES_256_CBC_SHA256,
4cdade5a
MW		 532 KEY_RSA, MODP_NONE,
533 HASH_SHA256, PRF_HMAC_SHA2_256,
6e413d9c 534 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32
84543e6e 535 },
6e413d9c 536 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
4cdade5a
MW		 537 KEY_RSA, MODP_NONE,
538 HASH_SHA1, PRF_HMAC_SHA1,
6e413d9c
MW		 539 AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16
540 },
541 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
4cdade5a
MW		 542 KEY_RSA, MODP_NONE,
543 HASH_SHA256, PRF_HMAC_SHA2_256,
6e413d9c
MW		 544 AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16
545 },
546 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
4cdade5a
MW		 547 KEY_RSA, MODP_NONE,
548 HASH_SHA1, PRF_HMAC_SHA1,
6e413d9c
MW		 549 AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32
550 },
551 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
4cdade5a
MW		 552 KEY_RSA, MODP_NONE,
553 HASH_SHA256, PRF_HMAC_SHA2_256,
6e413d9c 554 AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32
84543e6e 555 },
2066918d
MW		 556 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
557 KEY_ECDSA, ECP_256_BIT,
558 HASH_SHA1, PRF_HMAC_SHA1,
559 AUTH_HMAC_SHA1_160, ENCR_3DES, 0
560 },
561 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
a03eebdf 562 KEY_RSA, ECP_256_BIT,
2066918d
MW		 563 HASH_SHA1, PRF_HMAC_SHA1,
564 AUTH_HMAC_SHA1_160, ENCR_3DES, 0
565 },
2bf0e74c 566 { TLS_RSA_WITH_3DES_EDE_CBC_SHA,
4cdade5a
MW		 567 KEY_RSA, MODP_NONE,
568 HASH_SHA1, PRF_HMAC_SHA1,
2bf0e74c
MW		 569 AUTH_HMAC_SHA1_160, ENCR_3DES, 0
570 },
2066918d
MW		 571 { TLS_ECDHE_ECDSA_WITH_NULL_SHA,
572 KEY_ECDSA, ECP_256_BIT,
573 HASH_SHA1, PRF_HMAC_SHA1,
574 AUTH_HMAC_SHA1_160, ENCR_NULL, 0
575 },
576 { TLS_ECDHE_RSA_WITH_NULL_SHA,
577 KEY_ECDSA, ECP_256_BIT,
578 HASH_SHA1, PRF_HMAC_SHA1,
579 AUTH_HMAC_SHA1_160, ENCR_NULL, 0
580 },
2bf0e74c 581 { TLS_RSA_WITH_NULL_SHA,
4cdade5a
MW		 582 KEY_RSA, MODP_NONE,
583 HASH_SHA1, PRF_HMAC_SHA1,
2bf0e74c
MW		 584 AUTH_HMAC_SHA1_160, ENCR_NULL, 0
585 },
586 { TLS_RSA_WITH_NULL_SHA256,
4cdade5a
MW		 587 KEY_RSA, MODP_NONE,
588 HASH_SHA256, PRF_HMAC_SHA2_256,
2bf0e74c
MW		 589 AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0
590 },
591 { TLS_RSA_WITH_NULL_MD5,
4cdade5a
MW		 592 KEY_RSA, MODP_NONE,
593 HASH_MD5, PRF_HMAC_MD5,
2bf0e74c
MW		 594 AUTH_HMAC_MD5_128, ENCR_NULL, 0
595 },
84543e6e
MW		 596};
597
598/**
599 * Look up algoritms by a suite
600 */
601static suite_algs_t *find_suite(tls_cipher_suite_t suite)
602{
603 int i;
604
605 for (i = 0; i < countof(suite_algs); i++)
606 {
607 if (suite_algs[i].suite == suite)
608 {
609 return &suite_algs[i];
610 }
611 }
612 return NULL;
613}
614
18010de2 615/**
a2bfc45b 616 * Filter a suite list using a transform enumerator
18010de2 617 */
a2bfc45b
MW		 618static void filter_suite(private_tls_crypto_t *this,
619 suite_algs_t suites[], int *count, int offset,
620 enumerator_t*(*create_enumerator)(crypto_factory_t*))
536dbc00 621{
a2bfc45b
MW		 622 suite_algs_t current;
623 int i, remaining = 0;
624 enumerator_t *enumerator;
536dbc00 625
a2bfc45b
MW		 626 memset(&current, 0, sizeof(current));
627 for (i = 0; i < *count; i++)
536dbc00 628 {
a2bfc45b
MW		 629 enumerator = create_enumerator(lib->crypto);
630 while (enumerator->enumerate(enumerator, ((char*)&current) + offset))
536dbc00 631 {
a2bfc45b
MW		 632 if ((suites[i].encr == ENCR_NULL ||
633 !current.encr || current.encr == suites[i].encr) &&
634 (!current.mac || current.mac == suites[i].mac) &&
635 (!current.prf || current.prf == suites[i].prf) &&
4e68c1cf
MW		 636 (!current.hash || current.hash == suites[i].hash) &&
637 (suites[i].dh == MODP_NONE ||
638 !current.dh || current.dh == suites[i].dh))
536dbc00 639 {
a2bfc45b
MW		 640 suites[remaining] = suites[i];
641 remaining++;
642 break;
536dbc00
MW		 643 }
644 }
a2bfc45b 645 enumerator->destroy(enumerator);
536dbc00 646 }
a2bfc45b
MW		 647 *count = remaining;
648}
649
96b2fbcc
MW		 650/**
651 * Purge NULL encryption cipher suites from list
652 */
653static void filter_null_suites(private_tls_crypto_t *this,
654 suite_algs_t suites[], int *count)
655{
656 int i, remaining = 0;
657
658 for (i = 0; i < *count; i++)
659 {
660 if (suites[i].encr != ENCR_NULL)
661 {
662 suites[remaining] = suites[i];
663 remaining++;
664 }
665 }
666 *count = remaining;
667}
668
4254257f
MW		 669/**
670 * Purge suites using a given key type
671 */
672static void filter_key_suites(private_tls_crypto_t *this,
673 suite_algs_t suites[], int *count, key_type_t key)
674{
675 int i, remaining = 0;
676
677 DBG2(DBG_TLS, "disabling %N suites, no backend found", key_type_names, key);
678 for (i = 0; i < *count; i++)
679 {
680 if (suites[i].key != key)
681 {
682 suites[remaining] = suites[i];
683 remaining++;
684 }
685 }
686 *count = remaining;
687}
688
24a5b935
MW		 689/**
690 * Filter suites by key exchange user config
691 */
692static void filter_key_exchange_config_suites(private_tls_crypto_t *this,
693 suite_algs_t suites[], int *count)
694{
695 enumerator_t *enumerator;
696 int i, remaining = 0;
697 char *token, *config;
698
699 config = lib->settings->get_str(lib->settings, "libtls.key_exchange", NULL);
700 if (config)
701 {
702 for (i = 0; i < *count; i++)
703 {
704 enumerator = enumerator_create_token(config, ",", " ");
705 while (enumerator->enumerate(enumerator, &token))
706 {
707 if (strcaseeq(token, "ecdhe-ecdsa") &&
708 diffie_hellman_group_is_ec(suites[i].dh) &&
709 suites[i].key == KEY_ECDSA)
710 {
711 suites[remaining++] = suites[i];
712 break;
713 }
714 if (strcaseeq(token, "ecdhe-rsa") &&
715 diffie_hellman_group_is_ec(suites[i].dh) &&
716 suites[i].key == KEY_RSA)
717 {
718 suites[remaining++] = suites[i];
719 break;
720 }
721 if (strcaseeq(token, "dhe-rsa") &&
722 !diffie_hellman_group_is_ec(suites[i].dh) &&
723 suites[i].dh != MODP_NONE &&
724 suites[i].key == KEY_RSA)
725 {
726 suites[remaining++] = suites[i];
727 break;
728 }
729 if (strcaseeq(token, "rsa") &&
730 suites[i].dh == MODP_NONE &&
731 suites[i].key == KEY_RSA)
732 {
733 suites[remaining++] = suites[i];
734 break;
735 }
736 }
737 enumerator->destroy(enumerator);
738 }
739 *count = remaining;
740 }
741}
742
743/**
744 * Filter suites by cipher user config
745 */
746static void filter_cipher_config_suites(private_tls_crypto_t *this,
747 suite_algs_t suites[], int *count)
748{
749 enumerator_t *enumerator;
750 int i, remaining = 0;
751 char *token, *config;
752
753 config = lib->settings->get_str(lib->settings, "libtls.cipher", NULL);
754 if (config)
755 {
756 for (i = 0; i < *count; i++)
757 {
758 enumerator = enumerator_create_token(config, ",", " ");
759 while (enumerator->enumerate(enumerator, &token))
760 {
761 if (strcaseeq(token, "aes128") &&
762 suites[i].encr == ENCR_AES_CBC &&
763 suites[i].encr_size == 16)
764 {
765 suites[remaining++] = suites[i];
766 break;
767 }
768 if (strcaseeq(token, "aes256") &&
769 suites[i].encr == ENCR_AES_CBC &&
770 suites[i].encr_size == 32)
771 {
772 suites[remaining++] = suites[i];
773 break;
774 }
775 if (strcaseeq(token, "camellia128") &&
776 suites[i].encr == ENCR_CAMELLIA_CBC &&
777 suites[i].encr_size == 16)
778 {
779 suites[remaining++] = suites[i];
780 break;
781 }
782 if (strcaseeq(token, "camellia256") &&
783 suites[i].encr == ENCR_CAMELLIA_CBC &&
784 suites[i].encr_size == 32)
785 {
786 suites[remaining++] = suites[i];
787 break;
788 }
789 if (strcaseeq(token, "3des") &&
790 suites[i].encr == ENCR_3DES)
791 {
792 suites[remaining++] = suites[i];
793 break;
794 }
795 if (strcaseeq(token, "null") &&
796 suites[i].encr == ENCR_NULL)
797 {
798 suites[remaining++] = suites[i];
799 break;
800 }
801 }
802 enumerator->destroy(enumerator);
803 }
804 *count = remaining;
805 }
806}
807
808/**
809 * Filter suites by mac user config
810 */
811static void filter_mac_config_suites(private_tls_crypto_t *this,
812 suite_algs_t suites[], int *count)
813{
814 enumerator_t *enumerator;
815 int i, remaining = 0;
816 char *token, *config;
817
818 config = lib->settings->get_str(lib->settings, "libtls.mac", NULL);
819 if (config)
820 {
821 for (i = 0; i < *count; i++)
822 {
823 enumerator = enumerator_create_token(config, ",", " ");
824 while (enumerator->enumerate(enumerator, &token))
825 {
826 if (strcaseeq(token, "md5") &&
827 suites[i].hash == HASH_MD5)
828 {
829 suites[remaining++] = suites[i];
830 break;
831 }
832 if (strcaseeq(token, "sha1") &&
833 suites[i].hash == HASH_SHA1)
834 {
835 suites[remaining++] = suites[i];
836 break;
837 }
838 if (strcaseeq(token, "sha256") &&
839 suites[i].hash == HASH_SHA256)
840 {
841 suites[remaining++] = suites[i];
842 break;
843 }
844 if (strcaseeq(token, "sha384") &&
845 suites[i].hash == HASH_SHA384)
846 {
847 suites[remaining++] = suites[i];
848 break;
849 }
850 }
851 enumerator->destroy(enumerator);
852 }
853 *count = remaining;
854 }
855}
856
adb913ad
MW		 857/**
858 * Filter for specific suites specified in strongswan.conf
859 */
860static void filter_specific_config_suites(private_tls_crypto_t *this,
861 suite_algs_t suites[], int *count)
862{
863 enumerator_t *enumerator;
864 int i, remaining = 0, suite;
865 char *token, *config;
866
867 config = lib->settings->get_str(lib->settings, "libtls.suites", NULL);
868 if (config)
869 {
870 for (i = 0; i < *count; i++)
871 {
872 enumerator = enumerator_create_token(config, ",", " ");
873 while (enumerator->enumerate(enumerator, &token))
874 {
875 suite = enum_from_name(tls_cipher_suite_names, token);
876 if (suite == suites[i].suite)
877 {
878 suites[remaining++] = suites[i];
879 break;
880 }
881 }
882 enumerator->destroy(enumerator);
883 }
884 *count = remaining;
885 }
886}
887
a2bfc45b
MW		 888/**
889 * Initialize the cipher suite list
890 */
96b2fbcc
MW		 891static void build_cipher_suite_list(private_tls_crypto_t *this,
892 bool require_encryption)
a2bfc45b
MW		 893{
894 suite_algs_t suites[countof(suite_algs)];
895 int count = countof(suite_algs), i;
536dbc00 896
a2bfc45b 897 /* copy all suites */
536dbc00
MW		 898 for (i = 0; i < count; i++)
899 {
a2bfc45b 900 suites[i] = suite_algs[i];
18010de2 901 }
96b2fbcc
MW		 902 if (require_encryption)
903 {
904 filter_null_suites(this, suites, &count);
905 }
4254257f
MW		 906 if (!this->rsa)
907 {
908 filter_key_suites(this, suites, &count, KEY_RSA);
909 }
910 if (!this->ecdsa)
911 {
912 filter_key_suites(this, suites, &count, KEY_ECDSA);
913 }
914
a2bfc45b
MW		 915 /* filter suite list by each algorithm */
916 filter_suite(this, suites, &count, offsetof(suite_algs_t, encr),
917 lib->crypto->create_crypter_enumerator);
918 filter_suite(this, suites, &count, offsetof(suite_algs_t, mac),
919 lib->crypto->create_signer_enumerator);
920 filter_suite(this, suites, &count, offsetof(suite_algs_t, prf),
921 lib->crypto->create_prf_enumerator);
922 filter_suite(this, suites, &count, offsetof(suite_algs_t, hash),
923 lib->crypto->create_hasher_enumerator);
4e68c1cf
MW		 924 filter_suite(this, suites, &count, offsetof(suite_algs_t, dh),
925 lib->crypto->create_dh_enumerator);
a2bfc45b 926
24a5b935
MW		 927 /* filter suites with strongswan.conf options */
928 filter_key_exchange_config_suites(this, suites, &count);
929 filter_cipher_config_suites(this, suites, &count);
930 filter_mac_config_suites(this, suites, &count);
adb913ad 931 filter_specific_config_suites(this, suites, &count);
24a5b935 932
56a1167b
AS		 933 free(this->suites);
934 this->suite_count = count;
935 this->suites = malloc(sizeof(tls_cipher_suite_t) * count);
936
3c19b346 937 DBG2(DBG_TLS, "%d supported TLS cipher suites:", count);
a2bfc45b
MW		 938 for (i = 0; i < count; i++)
939 {
3c19b346 940 DBG2(DBG_TLS, " %N", tls_cipher_suite_names, suites[i].suite);
56a1167b 941 this->suites[i] = suites[i].suite;
a2bfc45b 942 }
18010de2
MW		 943}
944
945METHOD(tls_crypto_t, get_cipher_suites, int,
946 private_tls_crypto_t *this, tls_cipher_suite_t **suites)
947{
948 *suites = this->suites;
949 return this->suite_count;
950}
951
84543e6e
MW		 952/**
953 * Create crypto primitives
954 */
4cdade5a 955static bool create_ciphers(private_tls_crypto_t *this, suite_algs_t *algs)
84543e6e 956{
84543e6e
MW		 957 DESTROY_IF(this->prf);
958 if (this->tls->get_version(this->tls) < TLS_1_2)
959 {
960 this->prf = tls_prf_create_10();
961 }
962 else
963 {
964 this->prf = tls_prf_create_12(algs->prf);
965 }
966 if (!this->prf)
967 {
3c19b346 968 DBG1(DBG_TLS, "selected TLS PRF not supported");
84543e6e
MW		 969 return FALSE;
970 }
971
972 DESTROY_IF(this->signer_in);
973 DESTROY_IF(this->signer_out);
974 this->signer_in = lib->crypto->create_signer(lib->crypto, algs->mac);
975 this->signer_out = lib->crypto->create_signer(lib->crypto, algs->mac);
976 if (!this->signer_in || !this->signer_out)
977 {
3c19b346 978 DBG1(DBG_TLS, "selected TLS MAC %N not supported",
84543e6e
MW		 979 integrity_algorithm_names, algs->mac);
980 return FALSE;
981 }
982
983 DESTROY_IF(this->crypter_in);
984 DESTROY_IF(this->crypter_out);
985 if (algs->encr == ENCR_NULL)
986 {
987 this->crypter_in = this->crypter_out = NULL;
988 }
989 else
990 {
991 this->crypter_in = lib->crypto->create_crypter(lib->crypto,
992 algs->encr, algs->encr_size);
993 this->crypter_out = lib->crypto->create_crypter(lib->crypto,
994 algs->encr, algs->encr_size);
995 if (!this->crypter_in || !this->crypter_out)
996 {
3c19b346 997 DBG1(DBG_TLS, "selected TLS crypter %N not supported",
84543e6e
MW		 998 encryption_algorithm_names, algs->encr);
999 return FALSE;
1000 }
1001 }
1002 return TRUE;
1003}
1004
18010de2 1005METHOD(tls_crypto_t, select_cipher_suite, tls_cipher_suite_t,
4cdade5a
MW		 1006 private_tls_crypto_t *this, tls_cipher_suite_t *suites, int count,
1007 key_type_t key)
18010de2 1008{
4cdade5a 1009 suite_algs_t *algs;
18010de2
MW		 1010 int i, j;
1011
1012 for (i = 0; i < this->suite_count; i++)
1013 {
1014 for (j = 0; j < count; j++)
1015 {
1016 if (this->suites[i] == suites[j])
1017 {
4cdade5a
MW		 1018 algs = find_suite(this->suites[i]);
1019 if (algs)
84543e6e 1020 {
4cdade5a
MW		 1021 if (key == KEY_ANY || key == algs->key)
1022 {
1023 if (create_ciphers(this, algs))
1024 {
1025 this->suite = this->suites[i];
1026 return this->suite;
1027 }
1028 }
84543e6e 1029 }
18010de2
MW		 1030 }
1031 }
1032 }
1033 return 0;
1034}
1035
35d9c15d
MW		 1036METHOD(tls_crypto_t, get_dh_group, diffie_hellman_group_t,
1037 private_tls_crypto_t *this)
1038{
1039 suite_algs_t *algs;
1040
1041 algs = find_suite(this->suite);
1042 if (algs)
1043 {
1044 return algs->dh;
1045 }
1046 return MODP_NONE;
1047}
1048
d29a82a9
MW		 1049METHOD(tls_crypto_t, get_signature_algorithms, void,
1050 private_tls_crypto_t *this, tls_writer_t *writer)
1051{
1052 tls_writer_t *supported;
1053 enumerator_t *enumerator;
1054 hash_algorithm_t alg;
1055 tls_hash_algorithm_t hash;
1056
1057 supported = tls_writer_create(32);
1058 enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
1059 while (enumerator->enumerate(enumerator, &alg))
1060 {
1061 switch (alg)
1062 {
1063 case HASH_MD5:
1064 hash = TLS_HASH_MD5;
1065 break;
1066 case HASH_SHA1:
1067 hash = TLS_HASH_SHA1;
1068 break;
1069 case HASH_SHA224:
1070 hash = TLS_HASH_SHA224;
1071 break;
1072 case HASH_SHA256:
1073 hash = TLS_HASH_SHA256;
1074 break;
1075 case HASH_SHA384:
1076 hash = TLS_HASH_SHA384;
1077 break;
1078 case HASH_SHA512:
1079 hash = TLS_HASH_SHA512;
1080 break;
1081 default:
1082 continue;
1083 }
4254257f 1084 if (this->rsa)
d29a82a9 1085 {
4254257f
MW		 1086 supported->write_uint8(supported, hash);
1087 supported->write_uint8(supported, TLS_SIG_RSA);
1088 }
1089 if (this->ecdsa && alg != HASH_MD5 && alg != HASH_SHA224)
1090 { /* currently we have no signature scheme for MD5/SHA224 */
d29a82a9
MW		 1091 supported->write_uint8(supported, hash);
1092 supported->write_uint8(supported, TLS_SIG_ECDSA);
1093 }
1094 }
1095 enumerator->destroy(enumerator);
1096
1097 writer->write_data16(writer, supported->get_buf(supported));
1098 supported->destroy(supported);
1099}
1100
3f7bb88b
MW		 1101/**
1102 * Mapping groups to TLS named curves
1103 */
1104static struct {
1105 diffie_hellman_group_t group;
1106 tls_named_curve_t curve;
1107} curves[] = {
1108 { ECP_256_BIT, TLS_SECP256R1},
1109 { ECP_384_BIT, TLS_SECP384R1},
1110 { ECP_521_BIT, TLS_SECP521R1},
1111 { ECP_224_BIT, TLS_SECP224R1},
1112 { ECP_192_BIT, TLS_SECP192R1},
1113};
1114
1115/**
1116 * Filter EC groups, add TLS curve
1117 */
1118static bool group_filter(void *null,
1119 diffie_hellman_group_t *in, diffie_hellman_group_t *out,
1120 void* dummy1, tls_named_curve_t *curve)
1121{
1122 int i;
1123
1124 for (i = 0; i < countof(curves); i++)
1125 {
1126 if (curves[i].group == *in)
1127 {
1128 if (out)
1129 {
1130 *out = curves[i].group;
1131 }
1132 if (curve)
1133 {
1134 *curve = curves[i].curve;
1135 }
1136 return TRUE;
1137 }
1138 }
1139 return FALSE;
1140}
1141
1142METHOD(tls_crypto_t, create_ec_enumerator, enumerator_t*,
1143 private_tls_crypto_t *this)
37a59a8f 1144{
3f7bb88b
MW		 1145 return enumerator_create_filter(
1146 lib->crypto->create_dh_enumerator(lib->crypto),
1147 (void*)group_filter, NULL, NULL);
37a59a8f
MW		 1148}
1149
dc9f34be
MW		 1150METHOD(tls_crypto_t, set_protection, void,
1151 private_tls_crypto_t *this, tls_protection_t *protection)
1152{
1153 this->protection = protection;
1154}
1155
84d67ead
MW		 1156METHOD(tls_crypto_t, append_handshake, void,
1157 private_tls_crypto_t *this, tls_handshake_type_t type, chunk_t data)
1158{
1159 u_int32_t header;
1160
1161 /* reconstruct handshake header */
1162 header = htonl(data.len | (type << 24));
1163 this->handshake = chunk_cat("mcc", this->handshake,
1164 chunk_from_thing(header), data);
1165}
1166
1167/**
d29a82a9 1168 * Create a hash using the suites HASH algorithm
84d67ead 1169 */
d29a82a9 1170static bool hash_data(private_tls_crypto_t *this, chunk_t data, chunk_t *hash)
84d67ead
MW		 1171{
1172 if (this->tls->get_version(this->tls) >= TLS_1_2)
1173 {
1174 hasher_t *hasher;
1175 suite_algs_t *alg;
1176
1177 alg = find_suite(this->suite);
1178 if (!alg)
1179 {
1180 return FALSE;
1181 }
1182 hasher = lib->crypto->create_hasher(lib->crypto, alg->hash);
1183 if (!hasher)
1184 {
3c19b346 1185 DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, alg->hash);
84d67ead
MW		 1186 return FALSE;
1187 }
d29a82a9 1188 hasher->allocate_hash(hasher, data, hash);
84d67ead
MW		 1189 hasher->destroy(hasher);
1190 }
1191 else
1192 {
1193 hasher_t *md5, *sha1;
1194 char buf[HASH_SIZE_MD5 + HASH_SIZE_SHA1];
1195
1196 md5 = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
1197 if (!md5)
1198 {
3c19b346 1199 DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_MD5);
84d67ead
MW		 1200 return FALSE;
1201 }
d29a82a9 1202 md5->get_hash(md5, data, buf);
84d67ead
MW		 1203 md5->destroy(md5);
1204 sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
1205 if (!sha1)
1206 {
3c19b346 1207 DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_SHA1);
84d67ead
MW		 1208 return FALSE;
1209 }
d29a82a9 1210 sha1->get_hash(sha1, data, buf + HASH_SIZE_MD5);
84d67ead
MW		 1211 sha1->destroy(sha1);
1212
1213 *hash = chunk_clone(chunk_from_thing(buf));
1214 }
1215 return TRUE;
1216}
1217
dbb7c030
MW		 1218/**
1219 * Get the signature scheme from a TLS 1.2 hash/sig algorithm pair
1220 */
1221static signature_scheme_t hashsig_to_scheme(key_type_t type,
1222 tls_hash_algorithm_t hash, tls_signature_algorithm_t sig)
84d67ead 1223{
dbb7c030
MW		 1224 switch (sig)
1225 {
1226 case TLS_SIG_RSA:
1227 if (type != KEY_RSA)
1228 {
1229 return SIGN_UNKNOWN;
1230 }
1231 switch (hash)
1232 {
1233 case TLS_HASH_MD5:
1234 return SIGN_RSA_EMSA_PKCS1_MD5;
1235 case TLS_HASH_SHA1:
1236 return SIGN_RSA_EMSA_PKCS1_SHA1;
1237 case TLS_HASH_SHA224:
1238 return SIGN_RSA_EMSA_PKCS1_SHA224;
1239 case TLS_HASH_SHA256:
1240 return SIGN_RSA_EMSA_PKCS1_SHA256;
1241 case TLS_HASH_SHA384:
1242 return SIGN_RSA_EMSA_PKCS1_SHA384;
1243 case TLS_HASH_SHA512:
1244 return SIGN_RSA_EMSA_PKCS1_SHA512;
1245 default:
1246 return SIGN_UNKNOWN;
1247 }
1248 case TLS_SIG_ECDSA:
1249 if (type != KEY_ECDSA)
1250 {
1251 return SIGN_UNKNOWN;
1252 }
1253 switch (hash)
1254 {
1255 case TLS_HASH_SHA224:
1256 return SIGN_ECDSA_WITH_SHA1_DER;
1257 case TLS_HASH_SHA256:
1258 return SIGN_ECDSA_WITH_SHA256_DER;
1259 case TLS_HASH_SHA384:
1260 return SIGN_ECDSA_WITH_SHA384_DER;
1261 case TLS_HASH_SHA512:
1262 return SIGN_ECDSA_WITH_SHA512_DER;
1263 default:
1264 return SIGN_UNKNOWN;
1265 }
1266 default:
1267 return SIGN_UNKNOWN;
1268 }
1269}
400df4ca 1270
d29a82a9 1271METHOD(tls_crypto_t, sign, bool,
dbb7c030 1272 private_tls_crypto_t *this, private_key_t *key, tls_writer_t *writer,
d29a82a9 1273 chunk_t data, chunk_t hashsig)
dbb7c030 1274{
84d67ead
MW		 1275 if (this->tls->get_version(this->tls) >= TLS_1_2)
1276 {
dbb7c030
MW		 1277 signature_scheme_t scheme;
1278 tls_reader_t *reader;
1279 u_int8_t hash, alg;
1280 chunk_t sig;
1281 bool done = FALSE;
1282
d29a82a9
MW		 1283 if (!hashsig.len)
1284 { /* fallback if none given */
1285 hashsig = chunk_from_chars(
1286 TLS_HASH_SHA1, TLS_SIG_RSA, TLS_HASH_SHA1, TLS_SIG_ECDSA);
1287 }
dbb7c030
MW		 1288 reader = tls_reader_create(hashsig);
1289 while (reader->remaining(reader) >= 2)
400df4ca 1290 {
dbb7c030
MW		 1291 if (reader->read_uint8(reader, &hash) &&
1292 reader->read_uint8(reader, &alg))
1293 {
1294 scheme = hashsig_to_scheme(key->get_type(key), hash, alg);
1295 if (scheme != SIGN_UNKNOWN &&
d29a82a9 1296 key->sign(key, scheme, data, &sig))
dbb7c030
MW		 1297 {
1298 done = TRUE;
1299 break;
1300 }
1301 }
1302 }
1303 reader->destroy(reader);
1304 if (!done)
1305 {
1306 DBG1(DBG_TLS, "none of the proposed hash/sig algorithms supported");
400df4ca
MW		 1307 return FALSE;
1308 }
d29a82a9 1309 DBG2(DBG_TLS, "created signature with %N/%N",
dbb7c030
MW		 1310 tls_hash_algorithm_names, hash, tls_signature_algorithm_names, alg);
1311 writer->write_uint8(writer, hash);
1312 writer->write_uint8(writer, alg);
400df4ca
MW		 1313 writer->write_data16(writer, sig);
1314 free(sig.ptr);
1315 }
1316 else
1317 {
dbb7c030 1318 chunk_t sig, hash;
d29a82a9 1319 bool done;
dbb7c030
MW		 1320
1321 switch (key->get_type(key))
400df4ca 1322 {
dbb7c030 1323 case KEY_RSA:
d29a82a9 1324 if (!hash_data(this, data, &hash))
dbb7c030
MW		 1325 {
1326 return FALSE;
1327 }
d29a82a9
MW		 1328 done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, &sig);
1329 free(hash.ptr);
1330 if (!done)
dbb7c030 1331 {
dbb7c030
MW		 1332 return FALSE;
1333 }
d29a82a9 1334 DBG2(DBG_TLS, "created signature with MD5+SHA1/RSA");
dbb7c030
MW		 1335 break;
1336 case KEY_ECDSA:
d29a82a9 1337 if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, data, &sig))
dbb7c030
MW		 1338 {
1339 return FALSE;
1340 }
d29a82a9 1341 DBG2(DBG_TLS, "created signature with SHA1/ECDSA");
dbb7c030
MW		 1342 break;
1343 default:
1344 return FALSE;
400df4ca
MW		 1345 }
1346 writer->write_data16(writer, sig);
400df4ca
MW		 1347 free(sig.ptr);
1348 }
1349 return TRUE;
1350}
1351
d29a82a9
MW		 1352METHOD(tls_crypto_t, verify, bool,
1353 private_tls_crypto_t *this, public_key_t *key, tls_reader_t *reader,
1354 chunk_t data)
400df4ca
MW		 1355{
1356 if (this->tls->get_version(this->tls) >= TLS_1_2)
1357 {
dbb7c030 1358 signature_scheme_t scheme = SIGN_UNKNOWN;
400df4ca
MW		 1359 u_int8_t hash, alg;
1360 chunk_t sig;
84d67ead 1361
400df4ca
MW		 1362 if (!reader->read_uint8(reader, &hash) ||
1363 !reader->read_uint8(reader, &alg) ||
1364 !reader->read_data16(reader, &sig))
1365 {
d29a82a9 1366 DBG1(DBG_TLS, "received invalid signature");
400df4ca
MW		 1367 return FALSE;
1368 }
dbb7c030
MW		 1369 scheme = hashsig_to_scheme(key->get_type(key), hash, alg);
1370 if (scheme == SIGN_UNKNOWN)
84d67ead 1371 {
d29a82a9 1372 DBG1(DBG_TLS, "signature algorithms %N/%N not supported",
dbb7c030
MW		 1373 tls_hash_algorithm_names, hash,
1374 tls_signature_algorithm_names, alg);
84d67ead
MW		 1375 return FALSE;
1376 }
d29a82a9 1377 if (!key->verify(key, scheme, data, sig))
dbb7c030
MW		 1378 {
1379 return FALSE;
1380 }
d29a82a9 1381 DBG2(DBG_TLS, "verified signature with %N/%N",
dbb7c030 1382 tls_hash_algorithm_names, hash, tls_signature_algorithm_names, alg);
84d67ead
MW		 1383 }
1384 else
1385 {
400df4ca 1386 chunk_t sig, hash;
d29a82a9 1387 bool done;
84d67ead 1388
400df4ca
MW		 1389 if (!reader->read_data16(reader, &sig))
1390 {
d29a82a9 1391 DBG1(DBG_TLS, "received invalid signature");
400df4ca
MW		 1392 return FALSE;
1393 }
dbb7c030 1394 switch (key->get_type(key))
84d67ead 1395 {
dbb7c030 1396 case KEY_RSA:
d29a82a9 1397 if (!hash_data(this, data, &hash))
dbb7c030
MW		 1398 {
1399 return FALSE;
1400 }
d29a82a9
MW		 1401 done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, sig);
1402 free(hash.ptr);
1403 if (!done)
dbb7c030 1404 {
dbb7c030
MW		 1405 return FALSE;
1406 }
d29a82a9 1407 DBG2(DBG_TLS, "verified signature data with MD5+SHA1/RSA");
dbb7c030
MW		 1408 break;
1409 case KEY_ECDSA:
d29a82a9 1410 if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, data, sig))
dbb7c030 1411 {
dbb7c030
MW		 1412 return FALSE;
1413 }
d29a82a9 1414 DBG2(DBG_TLS, "verified signature with SHA1/ECDSA");
dbb7c030
MW		 1415 break;
1416 default:
1417 return FALSE;
84d67ead 1418 }
84d67ead
MW		 1419 }
1420 return TRUE;
1421}
1422
d29a82a9
MW		 1423METHOD(tls_crypto_t, sign_handshake, bool,
1424 private_tls_crypto_t *this, private_key_t *key, tls_writer_t *writer,
1425 chunk_t hashsig)
1426{
1427 return sign(this, key, writer, this->handshake, hashsig);
1428}
1429
1430METHOD(tls_crypto_t, verify_handshake, bool,
1431 private_tls_crypto_t *this, public_key_t *key, tls_reader_t *reader)
1432{
1433 return verify(this, key, reader, this->handshake);
1434}
1435
84d67ead
MW		 1436METHOD(tls_crypto_t, calculate_finished, bool,
1437 private_tls_crypto_t *this, char *label, char out[12])
1438{
1439 chunk_t seed;
1440
1441 if (!this->prf)
1442 {
1443 return FALSE;
1444 }
d29a82a9 1445 if (!hash_data(this, this->handshake, &seed))
84d67ead
MW		 1446 {
1447 return FALSE;
1448 }
1449 this->prf->get_bytes(this->prf, label, seed, 12, out);
1450 free(seed.ptr);
1451 return TRUE;
1452}
1453
1454METHOD(tls_crypto_t, derive_secrets, void,
18010de2
MW		 1455 private_tls_crypto_t *this, chunk_t premaster,
1456 chunk_t client_random, chunk_t server_random)
1457{
84543e6e
MW		 1458 char master[48];
1459 chunk_t seed, block, client_write, server_write;
1460 int mks, eks = 0, ivs = 0;
1461
1462 /* derive master secret */
1463 seed = chunk_cata("cc", client_random, server_random);
1464 this->prf->set_key(this->prf, premaster);
1465 this->prf->get_bytes(this->prf, "master secret", seed,
1466 sizeof(master), master);
1467
1468 this->prf->set_key(this->prf, chunk_from_thing(master));
1469 memset(master, 0, sizeof(master));
1470
1471 /* derive key block for key expansion */
1472 mks = this->signer_out->get_key_size(this->signer_out);
1473 if (this->crypter_out)
18010de2 1474 {
84543e6e 1475 eks = this->crypter_out->get_key_size(this->crypter_out);
f139b578 1476 if (this->tls->get_version(this->tls) < TLS_1_1)
18010de2 1477 {
3102d866 1478 ivs = this->crypter_out->get_iv_size(this->crypter_out);
84543e6e
MW		 1479 }
1480 }
1481 seed = chunk_cata("cc", server_random, client_random);
1482 block = chunk_alloca((mks + eks + ivs) * 2);
1483 this->prf->get_bytes(this->prf, "key expansion", seed, block.len, block.ptr);
1484
1485 /* signer keys */
1486 client_write = chunk_create(block.ptr, mks);
1487 block = chunk_skip(block, mks);
1488 server_write = chunk_create(block.ptr, mks);
1489 block = chunk_skip(block, mks);
1490 if (this->tls->is_server(this->tls))
1491 {
1492 this->signer_in->set_key(this->signer_in, client_write);
1493 this->signer_out->set_key(this->signer_out, server_write);
1494 }
1495 else
1496 {
1497 this->signer_out->set_key(this->signer_out, client_write);
1498 this->signer_in->set_key(this->signer_in, server_write);
1499 }
1500
1501 /* crypter keys, and IVs if < TLSv1.2 */
1502 if (this->crypter_out && this->crypter_in)
1503 {
1504 client_write = chunk_create(block.ptr, eks);
1505 block = chunk_skip(block, eks);
1506 server_write = chunk_create(block.ptr, eks);
1507 block = chunk_skip(block, eks);
1508
1509 if (this->tls->is_server(this->tls))
1510 {
1511 this->crypter_in->set_key(this->crypter_in, client_write);
1512 this->crypter_out->set_key(this->crypter_out, server_write);
18010de2
MW		 1513 }
1514 else
1515 {
84543e6e
MW		 1516 this->crypter_out->set_key(this->crypter_out, client_write);
1517 this->crypter_in->set_key(this->crypter_in, server_write);
1518 }
1519 if (ivs)
1520 {
1521 client_write = chunk_create(block.ptr, ivs);
1522 block = chunk_skip(block, ivs);
1523 server_write = chunk_create(block.ptr, ivs);
1524 block = chunk_skip(block, ivs);
1525
1526 if (this->tls->is_server(this->tls))
18010de2 1527 {
84543e6e
MW		 1528 this->iv_in = chunk_clone(client_write);
1529 this->iv_out = chunk_clone(server_write);
1530 }
1531 else
1532 {
1533 this->iv_out = chunk_clone(client_write);
1534 this->iv_in = chunk_clone(server_write);
18010de2 1535 }
536dbc00
MW		 1536 }
1537 }
84543e6e 1538}
18010de2 1539
84543e6e
MW		 1540METHOD(tls_crypto_t, change_cipher, void,
1541 private_tls_crypto_t *this, bool inbound)
1542{
dc9f34be 1543 if (this->protection)
84543e6e 1544 {
dc9f34be
MW		 1545 if (inbound)
1546 {
1547 this->protection->set_cipher(this->protection, TRUE,
1548 this->signer_in, this->crypter_in, this->iv_in);
1549 }
1550 else
1551 {
1552 this->protection->set_cipher(this->protection, FALSE,
1553 this->signer_out, this->crypter_out, this->iv_out);
1554 }
18010de2 1555 }
536dbc00
MW		 1556}
1557
84d67ead
MW		 1558METHOD(tls_crypto_t, derive_eap_msk, void,
1559 private_tls_crypto_t *this, chunk_t client_random, chunk_t server_random)
18010de2 1560{
bda7d9d9
MW		 1561 if (this->msk_label)
1562 {
1563 chunk_t seed;
84d67ead 1564
bda7d9d9
MW		 1565 seed = chunk_cata("cc", client_random, server_random);
1566 free(this->msk.ptr);
1567 this->msk = chunk_alloc(64);
1568 this->prf->get_bytes(this->prf, this->msk_label, seed,
1569 this->msk.len, this->msk.ptr);
1570 }
18010de2 1571}
536dbc00 1572
51313a39
MW		 1573METHOD(tls_crypto_t, get_eap_msk, chunk_t,
1574 private_tls_crypto_t *this)
1575{
1576 return this->msk;
1577}
1578
536dbc00
MW		 1579METHOD(tls_crypto_t, destroy, void,
1580 private_tls_crypto_t *this)
1581{
84543e6e
MW		 1582 DESTROY_IF(this->signer_in);
1583 DESTROY_IF(this->signer_out);
1584 DESTROY_IF(this->crypter_in);
1585 DESTROY_IF(this->crypter_out);
1586 free(this->iv_in.ptr);
1587 free(this->iv_out.ptr);
84d67ead 1588 free(this->handshake.ptr);
51313a39 1589 free(this->msk.ptr);
18010de2 1590 DESTROY_IF(this->prf);
84543e6e 1591 free(this->suites);
536dbc00
MW		 1592 free(this);
1593}
1594
1595/**
1596 * See header
1597 */
96b2fbcc 1598tls_crypto_t *tls_crypto_create(tls_t *tls)
536dbc00
MW		 1599{
1600 private_tls_crypto_t *this;
4254257f
MW		 1601 enumerator_t *enumerator;
1602 credential_type_t type;
1603 int subtype;
536dbc00
MW		 1604
1605 INIT(this,
1606 .public = {
1607 .get_cipher_suites = _get_cipher_suites,
18010de2 1608 .select_cipher_suite = _select_cipher_suite,
35d9c15d 1609 .get_dh_group = _get_dh_group,
d29a82a9 1610 .get_signature_algorithms = _get_signature_algorithms,
3f7bb88b 1611 .create_ec_enumerator = _create_ec_enumerator,
dc9f34be 1612 .set_protection = _set_protection,
84d67ead 1613 .append_handshake = _append_handshake,
d29a82a9
MW		 1614 .sign = _sign,
1615 .verify = _verify,
84d67ead 1616 .sign_handshake = _sign_handshake,
400df4ca 1617 .verify_handshake = _verify_handshake,
84d67ead
MW		 1618 .calculate_finished = _calculate_finished,
1619 .derive_secrets = _derive_secrets,
84543e6e 1620 .change_cipher = _change_cipher,
84d67ead 1621 .derive_eap_msk = _derive_eap_msk,
51313a39 1622 .get_eap_msk = _get_eap_msk,
536dbc00
MW		 1623 .destroy = _destroy,
1624 },
18010de2 1625 .tls = tls,
536dbc00
MW		 1626 );
1627
4254257f
MW		 1628 enumerator = lib->creds->create_builder_enumerator(lib->creds);
1629 while (enumerator->enumerate(enumerator, &type, &subtype))
1630 {
1631 if (type == CRED_PUBLIC_KEY)
1632 {
1633 switch (subtype)
1634 {
1635 case KEY_RSA:
1636 this->rsa = TRUE;
1637 break;
1638 case KEY_ECDSA:
1639 this->ecdsa = TRUE;
1640 break;
1641 default:
1642 break;
1643 }
1644 }
1645 }
1646 enumerator->destroy(enumerator);
1647
96b2fbcc
MW		 1648 switch (tls->get_purpose(tls))
1649 {
1650 case TLS_PURPOSE_EAP_TLS:
1651 /* MSK PRF ASCII constant label according to EAP-TLS RFC 5216 */
1652 this->msk_label = "client EAP encryption";
1653 build_cipher_suite_list(this, FALSE);
1654 break;
1655 case TLS_PURPOSE_EAP_TTLS:
1656 /* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */
1657 this->msk_label = "ttls keying material";
1658 build_cipher_suite_list(this, TRUE);
1659 break;
bda7d9d9 1660 case TLS_PURPOSE_GENERIC:
bda7d9d9
MW		 1661 build_cipher_suite_list(this, TRUE);
1662 break;
96b2fbcc 1663 }
536dbc00
MW		 1664 return &this->public;
1665}
Unnamed repository; edit this file 'description' to name the repository.