Home | History | Annotate | Download | only in tls
      1 /*
      2  * TLSv1 common routines
      3  * Copyright (c) 2006-2007, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This program is free software; you can redistribute it and/or modify
      6  * it under the terms of the GNU General Public License version 2 as
      7  * published by the Free Software Foundation.
      8  *
      9  * Alternatively, this software may be distributed under the terms of BSD
     10  * license.
     11  *
     12  * See README and COPYING for more details.
     13  */
     14 
     15 #include "includes.h"
     16 
     17 #include "common.h"
     18 #include "x509v3.h"
     19 #include "tlsv1_common.h"
     20 
     21 
     22 /*
     23  * TODO:
     24  * RFC 2246 Section 9: Mandatory to implement TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
     25  * Add support for commonly used cipher suites; don't bother with exportable
     26  * suites.
     27  */
     28 
     29 static const struct tls_cipher_suite tls_cipher_suites[] = {
     30 	{ TLS_NULL_WITH_NULL_NULL, TLS_KEY_X_NULL, TLS_CIPHER_NULL,
     31 	  TLS_HASH_NULL },
     32 	{ TLS_RSA_WITH_RC4_128_MD5, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128,
     33 	  TLS_HASH_MD5 },
     34 	{ TLS_RSA_WITH_RC4_128_SHA, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128,
     35 	  TLS_HASH_SHA },
     36 	{ TLS_RSA_WITH_DES_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_DES_CBC,
     37 	  TLS_HASH_SHA },
     38 	{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_RSA,
     39 	  TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
     40  	{ TLS_DH_anon_WITH_RC4_128_MD5, TLS_KEY_X_DH_anon,
     41 	  TLS_CIPHER_RC4_128, TLS_HASH_MD5 },
     42  	{ TLS_DH_anon_WITH_DES_CBC_SHA, TLS_KEY_X_DH_anon,
     43 	  TLS_CIPHER_DES_CBC, TLS_HASH_SHA },
     44  	{ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_DH_anon,
     45 	  TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
     46 	{ TLS_RSA_WITH_AES_128_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_128_CBC,
     47 	  TLS_HASH_SHA },
     48 	{ TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_KEY_X_DH_anon,
     49 	  TLS_CIPHER_AES_128_CBC, TLS_HASH_SHA },
     50 	{ TLS_RSA_WITH_AES_256_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_256_CBC,
     51 	  TLS_HASH_SHA },
     52 	{ TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_KEY_X_DH_anon,
     53 	  TLS_CIPHER_AES_256_CBC, TLS_HASH_SHA }
     54 };
     55 
     56 #define NUM_ELEMS(a) (sizeof(a) / sizeof((a)[0]))
     57 #define NUM_TLS_CIPHER_SUITES NUM_ELEMS(tls_cipher_suites)
     58 
     59 
     60 static const struct tls_cipher_data tls_ciphers[] = {
     61 	{ TLS_CIPHER_NULL,         TLS_CIPHER_STREAM,  0,  0,  0,
     62 	  CRYPTO_CIPHER_NULL },
     63 	{ TLS_CIPHER_IDEA_CBC,     TLS_CIPHER_BLOCK,  16, 16,  8,
     64 	  CRYPTO_CIPHER_NULL },
     65 	{ TLS_CIPHER_RC2_CBC_40,   TLS_CIPHER_BLOCK,   5, 16,  0,
     66 	  CRYPTO_CIPHER_ALG_RC2 },
     67 	{ TLS_CIPHER_RC4_40,       TLS_CIPHER_STREAM,  5, 16,  0,
     68 	  CRYPTO_CIPHER_ALG_RC4 },
     69 	{ TLS_CIPHER_RC4_128,      TLS_CIPHER_STREAM, 16, 16,  0,
     70 	  CRYPTO_CIPHER_ALG_RC4 },
     71 	{ TLS_CIPHER_DES40_CBC,    TLS_CIPHER_BLOCK,   5,  8,  8,
     72 	  CRYPTO_CIPHER_ALG_DES },
     73 	{ TLS_CIPHER_DES_CBC,      TLS_CIPHER_BLOCK,   8,  8,  8,
     74 	  CRYPTO_CIPHER_ALG_DES },
     75 	{ TLS_CIPHER_3DES_EDE_CBC, TLS_CIPHER_BLOCK,  24, 24,  8,
     76 	  CRYPTO_CIPHER_ALG_3DES },
     77 	{ TLS_CIPHER_AES_128_CBC,  TLS_CIPHER_BLOCK,  16, 16, 16,
     78 	  CRYPTO_CIPHER_ALG_AES },
     79 	{ TLS_CIPHER_AES_256_CBC,  TLS_CIPHER_BLOCK,  32, 32, 16,
     80 	  CRYPTO_CIPHER_ALG_AES }
     81 };
     82 
     83 #define NUM_TLS_CIPHER_DATA NUM_ELEMS(tls_ciphers)
     84 
     85 
     86 /**
     87  * tls_get_cipher_suite - Get TLS cipher suite
     88  * @suite: Cipher suite identifier
     89  * Returns: Pointer to the cipher data or %NULL if not found
     90  */
     91 const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite)
     92 {
     93 	size_t i;
     94 	for (i = 0; i < NUM_TLS_CIPHER_SUITES; i++)
     95 		if (tls_cipher_suites[i].suite == suite)
     96 			return &tls_cipher_suites[i];
     97 	return NULL;
     98 }
     99 
    100 
    101 const struct tls_cipher_data * tls_get_cipher_data(tls_cipher cipher)
    102 {
    103 	size_t i;
    104 	for (i = 0; i < NUM_TLS_CIPHER_DATA; i++)
    105 		if (tls_ciphers[i].cipher == cipher)
    106 			return &tls_ciphers[i];
    107 	return NULL;
    108 }
    109 
    110 
    111 int tls_server_key_exchange_allowed(tls_cipher cipher)
    112 {
    113 	const struct tls_cipher_suite *suite;
    114 
    115 	/* RFC 2246, Section 7.4.3 */
    116 	suite = tls_get_cipher_suite(cipher);
    117 	if (suite == NULL)
    118 		return 0;
    119 
    120 	switch (suite->key_exchange) {
    121 	case TLS_KEY_X_DHE_DSS:
    122 	case TLS_KEY_X_DHE_DSS_EXPORT:
    123 	case TLS_KEY_X_DHE_RSA:
    124 	case TLS_KEY_X_DHE_RSA_EXPORT:
    125 	case TLS_KEY_X_DH_anon_EXPORT:
    126 	case TLS_KEY_X_DH_anon:
    127 		return 1;
    128 	case TLS_KEY_X_RSA_EXPORT:
    129 		return 1 /* FIX: public key len > 512 bits */;
    130 	default:
    131 		return 0;
    132 	}
    133 }
    134 
    135 
    136 /**
    137  * tls_parse_cert - Parse DER encoded X.509 certificate and get public key
    138  * @buf: ASN.1 DER encoded certificate
    139  * @len: Length of the buffer
    140  * @pk: Buffer for returning the allocated public key
    141  * Returns: 0 on success, -1 on failure
    142  *
    143  * This functions parses an ASN.1 DER encoded X.509 certificate and retrieves
    144  * the public key from it. The caller is responsible for freeing the public key
    145  * by calling crypto_public_key_free().
    146  */
    147 int tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk)
    148 {
    149 	struct x509_certificate *cert;
    150 
    151 	wpa_hexdump(MSG_MSGDUMP, "TLSv1: Parse ASN.1 DER certificate",
    152 		    buf, len);
    153 
    154 	*pk = crypto_public_key_from_cert(buf, len);
    155 	if (*pk)
    156 		return 0;
    157 
    158 	cert = x509_certificate_parse(buf, len);
    159 	if (cert == NULL) {
    160 		wpa_printf(MSG_DEBUG, "TLSv1: Failed to parse X.509 "
    161 			   "certificate");
    162 		return -1;
    163 	}
    164 
    165 	/* TODO
    166 	 * verify key usage (must allow encryption)
    167 	 *
    168 	 * All certificate profiles, key and cryptographic formats are
    169 	 * defined by the IETF PKIX working group [PKIX]. When a key
    170 	 * usage extension is present, the digitalSignature bit must be
    171 	 * set for the key to be eligible for signing, as described
    172 	 * above, and the keyEncipherment bit must be present to allow
    173 	 * encryption, as described above. The keyAgreement bit must be
    174 	 * set on Diffie-Hellman certificates. (PKIX: RFC 3280)
    175 	 */
    176 
    177 	*pk = crypto_public_key_import(cert->public_key, cert->public_key_len);
    178 	x509_certificate_free(cert);
    179 
    180 	if (*pk == NULL) {
    181 		wpa_printf(MSG_ERROR, "TLSv1: Failed to import "
    182 			   "server public key");
    183 		return -1;
    184 	}
    185 
    186 	return 0;
    187 }
    188 
    189 
    190 int tls_verify_hash_init(struct tls_verify_hash *verify)
    191 {
    192 	tls_verify_hash_free(verify);
    193 	verify->md5_client = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
    194 	verify->md5_server = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
    195 	verify->md5_cert = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
    196 	verify->sha1_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
    197 	verify->sha1_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
    198 	verify->sha1_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
    199 	if (verify->md5_client == NULL || verify->md5_server == NULL ||
    200 	    verify->md5_cert == NULL || verify->sha1_client == NULL ||
    201 	    verify->sha1_server == NULL || verify->sha1_cert == NULL) {
    202 		tls_verify_hash_free(verify);
    203 		return -1;
    204 	}
    205 	return 0;
    206 }
    207 
    208 
    209 void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
    210 			 size_t len)
    211 {
    212 	if (verify->md5_client && verify->sha1_client) {
    213 		crypto_hash_update(verify->md5_client, buf, len);
    214 		crypto_hash_update(verify->sha1_client, buf, len);
    215 	}
    216 	if (verify->md5_server && verify->sha1_server) {
    217 		crypto_hash_update(verify->md5_server, buf, len);
    218 		crypto_hash_update(verify->sha1_server, buf, len);
    219 	}
    220 	if (verify->md5_cert && verify->sha1_cert) {
    221 		crypto_hash_update(verify->md5_cert, buf, len);
    222 		crypto_hash_update(verify->sha1_cert, buf, len);
    223 	}
    224 }
    225 
    226 
    227 void tls_verify_hash_free(struct tls_verify_hash *verify)
    228 {
    229 	crypto_hash_finish(verify->md5_client, NULL, NULL);
    230 	crypto_hash_finish(verify->md5_server, NULL, NULL);
    231 	crypto_hash_finish(verify->md5_cert, NULL, NULL);
    232 	crypto_hash_finish(verify->sha1_client, NULL, NULL);
    233 	crypto_hash_finish(verify->sha1_server, NULL, NULL);
    234 	crypto_hash_finish(verify->sha1_cert, NULL, NULL);
    235 	verify->md5_client = NULL;
    236 	verify->md5_server = NULL;
    237 	verify->md5_cert = NULL;
    238 	verify->sha1_client = NULL;
    239 	verify->sha1_server = NULL;
    240 	verify->sha1_cert = NULL;
    241 }
    242