From: Martin Willi <martin@revosec.ch>
Date: Sat, 24 Dec 2011 11:35:28 +0000 (+0100)
Subject: In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash function
X-Git-Tag: 4.6.2~74
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ed57dfca3fd1723047293d6e77882b4345d403b5;p=thirdparty%2Fstrongswan.git

In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash function
---

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index b9a5d6627c..98c5049730 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -437,7 +437,7 @@ typedef struct {
 static suite_algs_t suite_algs[] = {
 	{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 		KEY_ECDSA, ECP_256_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
 	},
 	{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
@@ -447,7 +447,7 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
 		KEY_ECDSA, ECP_384_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
 	},
 	{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
@@ -457,7 +457,7 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 		KEY_RSA, ECP_256_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
 	},
 	{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
@@ -467,7 +467,7 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 		KEY_RSA, ECP_384_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
 	},
 	{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
@@ -477,7 +477,7 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
 		KEY_RSA, MODP_2048_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256,PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
 	},
 	{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
@@ -487,7 +487,7 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
 		KEY_RSA, MODP_3072_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
 	},
 	{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
@@ -497,7 +497,7 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
 		KEY_RSA, MODP_2048_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16
 	},
 	{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
@@ -507,7 +507,7 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
 		KEY_RSA, MODP_3072_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32
 	},
 	{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
@@ -517,12 +517,12 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
 		KEY_RSA, MODP_2048_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_3DES, 0
 	},
 	{ TLS_RSA_WITH_AES_128_CBC_SHA,
 		KEY_RSA, MODP_NONE,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
 	},
 	{ TLS_RSA_WITH_AES_128_CBC_SHA256,
@@ -532,7 +532,7 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_RSA_WITH_AES_256_CBC_SHA,
 		KEY_RSA, MODP_NONE,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
 	},
 	{ TLS_RSA_WITH_AES_256_CBC_SHA256,
@@ -542,7 +542,7 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
 		KEY_RSA, MODP_NONE,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16
 	},
 	{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
@@ -552,7 +552,7 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
 		KEY_RSA, MODP_NONE,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32
 	},
 	{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
@@ -562,32 +562,32 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
 		KEY_ECDSA, ECP_256_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_3DES, 0
 	},
 	{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
 		KEY_RSA, ECP_256_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_3DES, 0
 	},
 	{ TLS_RSA_WITH_3DES_EDE_CBC_SHA,
 		KEY_RSA, MODP_NONE,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_3DES, 0
 	},
 	{ TLS_ECDHE_ECDSA_WITH_NULL_SHA,
 		KEY_ECDSA, ECP_256_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_NULL, 0
 	},
 	{ TLS_ECDHE_RSA_WITH_NULL_SHA,
 		KEY_ECDSA, ECP_256_BIT,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_NULL, 0
 	},
 	{ TLS_RSA_WITH_NULL_SHA,
 		KEY_RSA, MODP_NONE,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_SHA1_160, ENCR_NULL, 0
 	},
 	{ TLS_RSA_WITH_NULL_SHA256,
@@ -597,7 +597,7 @@ static suite_algs_t suite_algs[] = {
 	},
 	{ TLS_RSA_WITH_NULL_MD5,
 		KEY_RSA, MODP_NONE,
-		HASH_MD5, PRF_HMAC_MD5,
+		HASH_SHA256, PRF_HMAC_SHA2_256,
 		AUTH_HMAC_MD5_128, ENCR_NULL, 0
 	},
 };