Blame - src/tls/tlsv1_common.c - android_external_wpa_supplicant_8

blob: 2f9dd0fa887d1cc8b64cdf330eaeb7297d9fdd53 [file] [log] [blame]

Dmitry Shmidt	8d520ff	2011-05-09 14:06:53 -0700	[diff] [blame^]	1	/*
				2	* TLSv1 common routines
				3	* Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
				4	*
				5	* This program is free software; you can redistribute it and/or modify
				6	* it under the terms of the GNU General Public License version 2 as
				7	* published by the Free Software Foundation.
				8	*
				9	* Alternatively, this software may be distributed under the terms of BSD
				10	* license.
				11	*
				12	* See README and COPYING for more details.
				13	*/
				14
				15	#include "includes.h"
				16
				17	#include "common.h"
				18	#include "x509v3.h"
				19	#include "tlsv1_common.h"
				20
				21
				22	/*
				23	* TODO:
				24	* RFC 2246 Section 9: Mandatory to implement TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
				25	* Add support for commonly used cipher suites; don't bother with exportable
				26	* suites.
				27	*/
				28
				29	static const struct tls_cipher_suite tls_cipher_suites[] = {
				30	{ TLS_NULL_WITH_NULL_NULL, TLS_KEY_X_NULL, TLS_CIPHER_NULL,
				31	TLS_HASH_NULL },
				32	{ TLS_RSA_WITH_RC4_128_MD5, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128,
				33	TLS_HASH_MD5 },
				34	{ TLS_RSA_WITH_RC4_128_SHA, TLS_KEY_X_RSA, TLS_CIPHER_RC4_128,
				35	TLS_HASH_SHA },
				36	{ TLS_RSA_WITH_DES_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_DES_CBC,
				37	TLS_HASH_SHA },
				38	{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_RSA,
				39	TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
				40	{ TLS_DH_anon_WITH_RC4_128_MD5, TLS_KEY_X_DH_anon,
				41	TLS_CIPHER_RC4_128, TLS_HASH_MD5 },
				42	{ TLS_DH_anon_WITH_DES_CBC_SHA, TLS_KEY_X_DH_anon,
				43	TLS_CIPHER_DES_CBC, TLS_HASH_SHA },
				44	{ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_KEY_X_DH_anon,
				45	TLS_CIPHER_3DES_EDE_CBC, TLS_HASH_SHA },
				46	{ TLS_RSA_WITH_AES_128_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_128_CBC,
				47	TLS_HASH_SHA },
				48	{ TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_KEY_X_DH_anon,
				49	TLS_CIPHER_AES_128_CBC, TLS_HASH_SHA },
				50	{ TLS_RSA_WITH_AES_256_CBC_SHA, TLS_KEY_X_RSA, TLS_CIPHER_AES_256_CBC,
				51	TLS_HASH_SHA },
				52	{ TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_KEY_X_DH_anon,
				53	TLS_CIPHER_AES_256_CBC, TLS_HASH_SHA }
				54	};
				55
				56	#define NUM_ELEMS(a) (sizeof(a) / sizeof((a)[0]))
				57	#define NUM_TLS_CIPHER_SUITES NUM_ELEMS(tls_cipher_suites)
				58
				59
				60	static const struct tls_cipher_data tls_ciphers[] = {
				61	{ TLS_CIPHER_NULL, TLS_CIPHER_STREAM, 0, 0, 0,
				62	CRYPTO_CIPHER_NULL },
				63	{ TLS_CIPHER_IDEA_CBC, TLS_CIPHER_BLOCK, 16, 16, 8,
				64	CRYPTO_CIPHER_NULL },
				65	{ TLS_CIPHER_RC2_CBC_40, TLS_CIPHER_BLOCK, 5, 16, 0,
				66	CRYPTO_CIPHER_ALG_RC2 },
				67	{ TLS_CIPHER_RC4_40, TLS_CIPHER_STREAM, 5, 16, 0,
				68	CRYPTO_CIPHER_ALG_RC4 },
				69	{ TLS_CIPHER_RC4_128, TLS_CIPHER_STREAM, 16, 16, 0,
				70	CRYPTO_CIPHER_ALG_RC4 },
				71	{ TLS_CIPHER_DES40_CBC, TLS_CIPHER_BLOCK, 5, 8, 8,
				72	CRYPTO_CIPHER_ALG_DES },
				73	{ TLS_CIPHER_DES_CBC, TLS_CIPHER_BLOCK, 8, 8, 8,
				74	CRYPTO_CIPHER_ALG_DES },
				75	{ TLS_CIPHER_3DES_EDE_CBC, TLS_CIPHER_BLOCK, 24, 24, 8,
				76	CRYPTO_CIPHER_ALG_3DES },
				77	{ TLS_CIPHER_AES_128_CBC, TLS_CIPHER_BLOCK, 16, 16, 16,
				78	CRYPTO_CIPHER_ALG_AES },
				79	{ TLS_CIPHER_AES_256_CBC, TLS_CIPHER_BLOCK, 32, 32, 16,
				80	CRYPTO_CIPHER_ALG_AES }
				81	};
				82
				83	#define NUM_TLS_CIPHER_DATA NUM_ELEMS(tls_ciphers)
				84
				85
				86	/**
				87	* tls_get_cipher_suite - Get TLS cipher suite
				88	* @suite: Cipher suite identifier
				89	* Returns: Pointer to the cipher data or %NULL if not found
				90	*/
				91	const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite)
				92	{
				93	size_t i;
				94	for (i = 0; i < NUM_TLS_CIPHER_SUITES; i++)
				95	if (tls_cipher_suites[i].suite == suite)
				96	return &tls_cipher_suites[i];
				97	return NULL;
				98	}
				99
				100
				101	const struct tls_cipher_data * tls_get_cipher_data(tls_cipher cipher)
				102	{
				103	size_t i;
				104	for (i = 0; i < NUM_TLS_CIPHER_DATA; i++)
				105	if (tls_ciphers[i].cipher == cipher)
				106	return &tls_ciphers[i];
				107	return NULL;
				108	}
				109
				110
				111	int tls_server_key_exchange_allowed(tls_cipher cipher)
				112	{
				113	const struct tls_cipher_suite *suite;
				114
				115	/* RFC 2246, Section 7.4.3 */
				116	suite = tls_get_cipher_suite(cipher);
				117	if (suite == NULL)
				118	return 0;
				119
				120	switch (suite->key_exchange) {
				121	case TLS_KEY_X_DHE_DSS:
				122	case TLS_KEY_X_DHE_DSS_EXPORT:
				123	case TLS_KEY_X_DHE_RSA:
				124	case TLS_KEY_X_DHE_RSA_EXPORT:
				125	case TLS_KEY_X_DH_anon_EXPORT:
				126	case TLS_KEY_X_DH_anon:
				127	return 1;
				128	case TLS_KEY_X_RSA_EXPORT:
				129	return 1 /* FIX: public key len > 512 bits */;
				130	default:
				131	return 0;
				132	}
				133	}
				134
				135
				136	/**
				137	* tls_parse_cert - Parse DER encoded X.509 certificate and get public key
				138	* @buf: ASN.1 DER encoded certificate
				139	* @len: Length of the buffer
				140	* @pk: Buffer for returning the allocated public key
				141	* Returns: 0 on success, -1 on failure
				142	*
				143	* This functions parses an ASN.1 DER encoded X.509 certificate and retrieves
				144	* the public key from it. The caller is responsible for freeing the public key
				145	* by calling crypto_public_key_free().
				146	*/
				147	int tls_parse_cert(const u8 buf, size_t len, struct crypto_public_key *pk)
				148	{
				149	struct x509_certificate *cert;
				150
				151	wpa_hexdump(MSG_MSGDUMP, "TLSv1: Parse ASN.1 DER certificate",
				152	buf, len);
				153
				154	*pk = crypto_public_key_from_cert(buf, len);
				155	if (*pk)
				156	return 0;
				157
				158	cert = x509_certificate_parse(buf, len);
				159	if (cert == NULL) {
				160	wpa_printf(MSG_DEBUG, "TLSv1: Failed to parse X.509 "
				161	"certificate");
				162	return -1;
				163	}
				164
				165	/* TODO
				166	* verify key usage (must allow encryption)
				167	*
				168	* All certificate profiles, key and cryptographic formats are
				169	* defined by the IETF PKIX working group [PKIX]. When a key
				170	* usage extension is present, the digitalSignature bit must be
				171	* set for the key to be eligible for signing, as described
				172	* above, and the keyEncipherment bit must be present to allow
				173	* encryption, as described above. The keyAgreement bit must be
				174	* set on Diffie-Hellman certificates. (PKIX: RFC 3280)
				175	*/
				176
				177	*pk = crypto_public_key_import(cert->public_key, cert->public_key_len);
				178	x509_certificate_free(cert);
				179
				180	if (*pk == NULL) {
				181	wpa_printf(MSG_ERROR, "TLSv1: Failed to import "
				182	"server public key");
				183	return -1;
				184	}
				185
				186	return 0;
				187	}
				188
				189
				190	int tls_verify_hash_init(struct tls_verify_hash *verify)
				191	{
				192	tls_verify_hash_free(verify);
				193	verify->md5_client = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
				194	verify->md5_server = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
				195	verify->md5_cert = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
				196	verify->sha1_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
				197	verify->sha1_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
				198	verify->sha1_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
				199	if (verify->md5_client == NULL \|\| verify->md5_server == NULL \|\|
				200	verify->md5_cert == NULL \|\| verify->sha1_client == NULL \|\|
				201	verify->sha1_server == NULL \|\| verify->sha1_cert == NULL) {
				202	tls_verify_hash_free(verify);
				203	return -1;
				204	}
				205	return 0;
				206	}
				207
				208
				209	void tls_verify_hash_add(struct tls_verify_hash verify, const u8 buf,
				210	size_t len)
				211	{
				212	if (verify->md5_client && verify->sha1_client) {
				213	crypto_hash_update(verify->md5_client, buf, len);
				214	crypto_hash_update(verify->sha1_client, buf, len);
				215	}
				216	if (verify->md5_server && verify->sha1_server) {
				217	crypto_hash_update(verify->md5_server, buf, len);
				218	crypto_hash_update(verify->sha1_server, buf, len);
				219	}
				220	if (verify->md5_cert && verify->sha1_cert) {
				221	crypto_hash_update(verify->md5_cert, buf, len);
				222	crypto_hash_update(verify->sha1_cert, buf, len);
				223	}
				224	}
				225
				226
				227	void tls_verify_hash_free(struct tls_verify_hash *verify)
				228	{
				229	crypto_hash_finish(verify->md5_client, NULL, NULL);
				230	crypto_hash_finish(verify->md5_server, NULL, NULL);
				231	crypto_hash_finish(verify->md5_cert, NULL, NULL);
				232	crypto_hash_finish(verify->sha1_client, NULL, NULL);
				233	crypto_hash_finish(verify->sha1_server, NULL, NULL);
				234	crypto_hash_finish(verify->sha1_cert, NULL, NULL);
				235	verify->md5_client = NULL;
				236	verify->md5_server = NULL;
				237	verify->md5_cert = NULL;
				238	verify->sha1_client = NULL;
				239	verify->sha1_server = NULL;
				240	verify->sha1_cert = NULL;
				241	}