Commit 41c83d3f authored by Paul Bakker's avatar Paul Bakker

Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS

Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
parent 00c1f437
PolarSSL ChangeLog
= Development
Features
* Elliptic Curve Cryptography module added
* Elliptic Curve Diffie Hellman module added
* Ephemeral Elliptic Curve Diffie Hellman support for SSL/TLS
(ECDHE-based ciphersuites)
Changes
* Introduced separate SSL Ciphersuites module that is based on
Cipher and MD information
......
......@@ -140,6 +140,7 @@
* TLS_RSA_WITH_NULL_MD5
* TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_SHA256
* TLS_ECDHE_RSA_WITH_NULL_SHA
*
* Uncomment this macro to enable the NULL cipher and ciphersuites
#define POLARSSL_CIPHER_NULL_CIPHER
......@@ -345,6 +346,8 @@
* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*
* PEM uses AES for decrypting encrypted keys.
*/
......@@ -358,9 +361,11 @@
* Module: library/arc4.c
* Caller: library/ssl_tls.c
*
* This module enables the following ciphersuites:
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_RSA_WITH_RC4_128_MD5
* TLS_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
*/
#define POLARSSL_ARC4_C
......@@ -505,6 +510,7 @@
* enabled as well):
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
*
* PEM uses DES/3DES for decrypting encrypted keys.
*/
......@@ -542,7 +548,16 @@
* Enable the elliptic curve Diffie-Hellman library.
*
* Module: library/ecdh.c
* Caller:
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
* This module enables the following ciphersuites (if other requisites are
* enabled as well):
* TLS_ECDHE_RSA_WITH_NULL_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*
* Requires: POLARSSL_ECP_C
*/
......
......@@ -29,6 +29,9 @@
#include "config.h"
#include "ssl.h"
#if defined(POLARSSL_ECP_C)
#include "ecp.h"
#endif
#if defined(POLARSSL_DEBUG_C)
......@@ -44,6 +47,9 @@
#define SSL_DEBUG_MPI( level, text, X ) \
debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X );
#define SSL_DEBUG_ECP( level, text, X ) \
debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X );
#define SSL_DEBUG_CRT( level, text, crt ) \
debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
......@@ -53,6 +59,7 @@
#define SSL_DEBUG_RET( level, text, ret ) do { } while( 0 )
#define SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 )
#define SSL_DEBUG_MPI( level, text, X ) do { } while( 0 )
#define SSL_DEBUG_ECP( level, text, X ) do { } while( 0 )
#define SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
#endif
......@@ -78,6 +85,12 @@ void debug_print_mpi( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mpi *X );
#if defined(POLARSSL_ECP_C)
void debug_print_ecp( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const ecp_point *X );
#endif
void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const x509_cert *crt );
......
......@@ -43,6 +43,10 @@
#include "dhm.h"
#endif
#if defined(POLARSSL_ECDH_C)
#include "ecdh.h"
#endif
#if defined(POLARSSL_ZLIB_SUPPORT)
#include "zlib.h"
#endif
......@@ -82,8 +86,8 @@
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM Read Public. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM Calculate Secret. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
......@@ -140,44 +144,6 @@
#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
/*
* Supported ciphersuites (Official IANA names)
*/
#define TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
#define TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
#define TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
#define TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */
#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */
#define TLS_RSA_WITH_RC4_128_MD5 0x04
#define TLS_RSA_WITH_RC4_128_SHA 0x05
#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x35
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
/*
......@@ -250,12 +216,15 @@
/*
* TLS extensions
*/
#define TLS_EXT_SERVERNAME 0
#define TLS_EXT_SERVERNAME_HOSTNAME 0
#define TLS_EXT_SERVERNAME 0
#define TLS_EXT_SERVERNAME_HOSTNAME 0
#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
#define TLS_EXT_SUPPORTED_POINT_FORMATS 11
#define TLS_EXT_SIG_ALG 13
#define TLS_EXT_SIG_ALG 13
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
/*
......@@ -368,6 +337,13 @@ struct _ssl_handshake_params
#if defined(POLARSSL_DHM_C)
dhm_context dhm_ctx; /*!< DHM key exchange */
#endif
#if defined(POLARSSL_ECDH_C)
ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#endif
#if defined(POLARSSL_ECP_C)
int ec_curve; /*!< Selected elliptic curve */
int ec_point_format; /*!< Client supported format */
#endif
/*
* Checksum contexts
......@@ -1114,7 +1090,7 @@ int ssl_write_change_cipher_spec( ssl_context *ssl );
int ssl_parse_finished( ssl_context *ssl );
int ssl_write_finished( ssl_context *ssl );
void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite );
void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
#ifdef __cplusplus
}
......
......@@ -34,15 +34,61 @@
extern "C" {
#endif
/*
* Supported ciphersuites (Official IANA names)
*/
#define TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
#define TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
#define TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
#define TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */
#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */
#define TLS_RSA_WITH_RC4_128_MD5 0x04
#define TLS_RSA_WITH_RC4_128_SHA 0x05
#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x35
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
#define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
#define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
typedef enum {
POLARSSL_KEY_EXCHANGE_NONE = 0,
POLARSSL_KEY_EXCHANGE_RSA,
POLARSSL_KEY_EXCHANGE_DHE_RSA
POLARSSL_KEY_EXCHANGE_DHE_RSA,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
} key_exchange_type_t;
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
#define POLARSSL_CIPHERSUITE_WEAK 0x01
#define POLARSSL_CIPHERSUITE_WEAK 0x01 /*<! Weak ciphersuite flag */
#define POLARSSL_CIPHERSUITE_EC 0x02 /*<! EC-based ciphersuite flag */
/**
* \brief This structure is used for storing ciphersuite information
......
......@@ -128,6 +128,28 @@ void debug_print_buf( const ssl_context *ssl, int level,
ssl->f_dbg( ssl->p_dbg, level, "\n" );
}
#if defined(POLARSSL_ECP_C)
void debug_print_ecp( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const ecp_point *X )
{
char str[512];
int maxlen = sizeof( str ) - 1;
snprintf( str, maxlen, "%s(X)", text );
str[maxlen] = '\0';
debug_print_mpi( ssl, level, file, line, str, &X->X );
snprintf( str, maxlen, "%s(Y)", text );
str[maxlen] = '\0';
debug_print_mpi( ssl, level, file, line, str, &X->Y );
snprintf( str, maxlen, "%s(Z)", text );
str[maxlen] = '\0';
debug_print_mpi( ssl, level, file, line, str, &X->Z );
}
#endif /* POLARSSL_ECP_C */
void debug_print_mpi( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mpi *X )
......
......@@ -212,8 +212,11 @@ int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
!= 0 )
return( ret );
*olen = mpi_size( &ctx->z );
return mpi_write_binary( &ctx->z, buf, blen );
if( mpi_size( &ctx->z ) > blen )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
*olen = ctx->grp.nbits / 8 + ( ( ctx->grp.nbits % 8 ) != 0 );
return mpi_write_binary( &ctx->z, buf, *olen );
}
......
......@@ -189,6 +189,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
#if defined(POLARSSL_ECP_C)
if( use_ret == -(POLARSSL_ERR_ECP_BAD_INPUT_DATA) )
snprintf( buf, buflen, "ECP - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_ECP_BUFFER_TOO_SMALL) )
snprintf( buf, buflen, "ECP - The buffer is too small to write to" );
if( use_ret == -(POLARSSL_ERR_ECP_GENERIC) )
snprintf( buf, buflen, "ECP - Generic ECP error" );
#endif /* POLARSSL_ECP_C */
......@@ -296,10 +298,10 @@ void error_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "SSL - Processing of the ServerHelloDone handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE) )
snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP) )
snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM Read Public" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS) )
snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM Calculate Secret" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP) )
snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS) )
snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY) )
snprintf( buf, buflen, "SSL - Processing of the CertificateVerify handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC) )
......
......@@ -34,107 +34,100 @@
#include <stdlib.h>
const int supported_ciphersuites[] =
/*
* Ordered from most preferred to least preferred in terms of security.
*/
static const int ciphersuite_preference[] =
{
#if defined(POLARSSL_DHM_C)
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_SHA2_C)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
#endif
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
#if defined(POLARSSL_SHA2_C)
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
#endif
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_SHA2_C)
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
#if defined(POLARSSL_SHA2_C)
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
#endif
#endif /* POLARSSL_DHM_C */
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_SHA2_C)
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
TLS_RSA_WITH_AES_256_GCM_SHA384,
#endif
TLS_RSA_WITH_AES_256_CBC_SHA,
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_SHA2_C)
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_SHA2_C)
TLS_RSA_WITH_AES_128_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
TLS_RSA_WITH_AES_128_GCM_SHA256,
#endif /* POLARSSL_SHA2_C */
TLS_RSA_WITH_AES_128_CBC_SHA,
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
#if defined(POLARSSL_SHA2_C)
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
#endif /* POLARSSL_SHA2_C */
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ARC4_C)
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_RC4_128_MD5,
#endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
#if defined(POLARSSL_DES_C)
#if defined(POLARSSL_DHM_C)
TLS_DHE_RSA_WITH_DES_CBC_SHA,
#endif /* POLARSSL_DHM_C */
TLS_RSA_WITH_DES_CBC_SHA,
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
#if defined(POLARSSL_SHA2_C)
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_NULL_SHA256,
#endif
TLS_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_NULL_MD5,
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
0
};
#define MAX_CIPHERSUITES 60
static int supported_ciphersuites[MAX_CIPHERSUITES];
static int supported_init = 0;
static const ssl_ciphersuite_t ciphersuite_definitions[] =
{
#if defined(POLARSSL_ECDH_C)
#if defined(POLARSSL_AES_C)
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif
#if defined(POLARSSL_DES_C)
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_ARC4_C)
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
{ TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
#endif
#endif
#if defined(POLARSSL_ARC4_C)
{ TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_ARC4_C */
......@@ -345,6 +338,27 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
const int *ssl_list_ciphersuites( void )
{
/*
* On initial call filter out all ciphersuites not supported by current
* build based on presence in the ciphersuite_definitions.
*/
if( supported_init == 0 )
{
const int *p = ciphersuite_preference;
int *q = supported_ciphersuites;
memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) );
while( *p != 0 )
{
if( ssl_ciphersuite_from_id( *p ) != NULL )
*(q++) = *p;
p++;
}
supported_init = 1;
}
return supported_ciphersuites;
};
......
......@@ -47,6 +47,10 @@ static int ssl_write_client_hello( ssl_context *ssl )
time_t t;
unsigned char sig_alg_list[20];
size_t sig_alg_len = 0;
#if defined(POLARSSL_ECDH_C)
unsigned char elliptic_curve_list[20];
size_t elliptic_curve_len = 0;
#endif
SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
......@@ -203,6 +207,26 @@ static int ssl_write_client_hello( ssl_context *ssl )
ext_len += 6 + sig_alg_len;
}
#if defined(POLARSSL_ECDH_C)
SSL_DEBUG_MSG( 3, ( "client hello, prepping for supported elliptic curves extension" ) );
elliptic_curve_list[elliptic_curve_len++] = 0x00;
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP521R1;
elliptic_curve_list[elliptic_curve_len++] = 0x00;
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP384R1;
elliptic_curve_list[elliptic_curve_len++] = 0x00;
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP256R1;
elliptic_curve_list[elliptic_curve_len++] = 0x00;
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP224R1;
elliptic_curve_list[elliptic_curve_len++] = 0x00;
elliptic_curve_list[elliptic_curve_len++] = POLARSSL_ECP_DP_SECP192R1;
ext_len += 6 + elliptic_curve_len;
SSL_DEBUG_MSG( 3, ( "client hello, prepping for supported point formats extension" ) );
ext_len += 7;
#endif
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
ext_len ) );
......@@ -302,6 +326,35 @@ static int ssl_write_client_hello( ssl_context *ssl )
p += sig_alg_len;
}
#if defined(POLARSSL_ECDH_C)
SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF );
memcpy( p, elliptic_curve_list, elliptic_curve_len );
p+= elliptic_curve_len;
SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
*p++ = 0x00;
*p++ = 3;
*p++ = 2;
*p++ = POLARSSL_ECP_PF_COMPRESSED;
*p++ = POLARSSL_ECP_PF_UNCOMPRESSED;
#endif
ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = SSL_HS_CLIENT_HELLO;
......@@ -472,8 +525,8 @@ static int ssl_parse_server_hello( ssl_context *ssl )
/*
* Initialize update checksum functions
*/
ssl_optimize_checksum( ssl, i );
ssl->transform_negotiate->ciphersuite_info = ssl_ciphersuite_from_id( i );
ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
if( ssl->transform_negotiate->ciphersuite_info == NULL )
{
......@@ -629,9 +682,17 @@ static int ssl_parse_server_hello( ssl_context *ssl )
return( 0 );
}
#if !defined(POLARSSL_DHM_C) && !defined(POLARSSL_ECDH_C)
static int ssl_parse_server_key_exchange( ssl_context *ssl )
{
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );