Store a MODP group we use for each TLS suite

author Martin Willi <martin@revosec.ch>

Thu, 2 Sep 2010 17:24:56 +0000 (19:24 +0200)

committer Martin Willi <martin@revosec.ch>

Thu, 2 Sep 2010 17:33:08 +0000 (19:33 +0200)
author Martin Willi <martin@revosec.ch>
Thu, 2 Sep 2010 17:24:56 +0000 (19:24 +0200)
committer Martin Willi <martin@revosec.ch>
Thu, 2 Sep 2010 17:33:08 +0000 (19:33 +0200)
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c

index af0d6302f70d3161a295a92ea7b3f59d737c16e8..6360591cccacc15cd48b26b4f4554e7610c712d4 100644 (file)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -365,6 +365,7 @@ typedef struct {
         tls_cipher_suite_t suite;
         hash_algorithm_t hash;
         pseudo_random_function_t prf;
+       diffie_hellman_group_t dh;
         integrity_algorithm_t mac;
         encryption_algorithm_t encr;
         size_t encr_size;
@@ -375,51 +376,51 @@ typedef struct {
   */
  static suite_algs_t suite_algs[] = {
         { TLS_RSA_WITH_AES_128_CBC_SHA,
-               HASH_SHA1, PRF_HMAC_SHA1,
+               HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
                 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
         },
         { TLS_RSA_WITH_AES_128_CBC_SHA256,
-               HASH_SHA256, PRF_HMAC_SHA2_256,
+               HASH_SHA256, PRF_HMAC_SHA2_256, MODP_NONE,
                 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
         },
         { TLS_RSA_WITH_AES_256_CBC_SHA,
-               HASH_SHA1, PRF_HMAC_SHA1,
+               HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
                 AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
         },
         { TLS_RSA_WITH_AES_256_CBC_SHA256,
-               HASH_SHA256, PRF_HMAC_SHA2_256,
+               HASH_SHA256, PRF_HMAC_SHA2_256, MODP_NONE,
                 AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32
         },
         { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
-               HASH_SHA1, PRF_HMAC_SHA1,
+               HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
                 AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16
         },
         { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-               HASH_SHA256, PRF_HMAC_SHA2_256,
+               HASH_SHA256, PRF_HMAC_SHA2_256, MODP_NONE,
                 AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16
         },
         { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-               HASH_SHA1, PRF_HMAC_SHA1,
+               HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
                 AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32
         },
         { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-               HASH_SHA256, PRF_HMAC_SHA2_256,
+               HASH_SHA256, PRF_HMAC_SHA2_256, MODP_NONE,
                 AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32
         },
         { TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-               HASH_SHA1, PRF_HMAC_SHA1,
+               HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
                 AUTH_HMAC_SHA1_160, ENCR_3DES, 0
         },
         { TLS_RSA_WITH_NULL_SHA,
-               HASH_SHA1, PRF_HMAC_SHA1,
+               HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
                 AUTH_HMAC_SHA1_160, ENCR_NULL, 0
         },
         { TLS_RSA_WITH_NULL_SHA256,
-               HASH_SHA256, PRF_HMAC_SHA2_256,
+               HASH_SHA256, PRF_HMAC_SHA2_256, MODP_NONE,
                 AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0
         },
         { TLS_RSA_WITH_NULL_MD5,
-               HASH_MD5, PRF_HMAC_MD5,
+               HASH_MD5, PRF_HMAC_MD5, MODP_NONE,
                 AUTH_HMAC_MD5_128, ENCR_NULL, 0
         },
  };
@@ -624,6 +625,19 @@ METHOD(tls_crypto_t, select_cipher_suite, tls_cipher_suite_t,
         return 0;
  }
  
+METHOD(tls_crypto_t, get_dh_group, diffie_hellman_group_t,
+       private_tls_crypto_t *this)
+{
+       suite_algs_t *algs;
+
+       algs = find_suite(this->suite);
+       if (algs)
+       {
+               return algs->dh;
+       }
+       return MODP_NONE;
+}
+
  METHOD(tls_crypto_t, get_signature_algorithms, void,
         private_tls_crypto_t *this, tls_writer_t *writer)
  {
@@ -1129,6 +1143,7 @@ tls_crypto_t *tls_crypto_create(tls_t *tls)
                 .public = {
                         .get_cipher_suites = _get_cipher_suites,
                         .select_cipher_suite = _select_cipher_suite,
+                       .get_dh_group = _get_dh_group,
                         .get_signature_algorithms = _get_signature_algorithms,
                         .set_protection = _set_protection,
                         .append_handshake = _append_handshake,
diff --git a/src/libtls/tls_crypto.h b/src/libtls/tls_crypto.h

index 833928a8a459e8ef04c6ad00012309d33341ec1b..a4a4d446da935dbfb28267e939f1a621145cdfb4 100644 (file)
--- a/src/libtls/tls_crypto.h
+++ b/src/libtls/tls_crypto.h
@@ -328,6 +328,13 @@ struct tls_crypto_t {
         tls_cipher_suite_t (*select_cipher_suite)(tls_crypto_t *this,
                                                                                 tls_cipher_suite_t *suites, int count);
  
+       /**
+        * Get the Diffie-Hellman group to use, if any.
+        *
+        * @return                              Diffie Hellman group, ord MODP_NONE
+        */
+       diffie_hellman_group_t (*get_dh_group)(tls_crypto_t *this);
+
         /**
          * Write the list of supported hash/sig algorithms to writer.
          *
author	Martin Willi <martin@revosec.ch>
	Thu, 2 Sep 2010 17:24:56 +0000 (19:24 +0200)
committer	Martin Willi <martin@revosec.ch>
	Thu, 2 Sep 2010 17:33:08 +0000 (19:33 +0200)
src/libtls/tls_crypto.c		patch \| blob \| blame \| history
src/libtls/tls_crypto.h		patch \| blob \| blame \| history