From 6a62623c6472514692a982adb4c5eeafb82a72a1 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 25 May 2012 12:18:18 -0700 Subject: [PATCH] verify suite validity before server picks --- configure.ac | 2 +- cyassl/internal.h | 11 +- src/internal.c | 311 +++++++++++++++++++++++++++++++++++++++++++++- src/ssl.c | 8 +- 4 files changed, 319 insertions(+), 13 deletions(-) diff --git a/configure.ac b/configure.ac index 7a99cb230..0cfb4b52d 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[2.2.1],[http://www.yassl.com]) +AC_INIT([cyassl],[2.2.2],[http://www.yassl.com]) AC_CONFIG_AUX_DIR(config) diff --git a/cyassl/internal.h b/cyassl/internal.h index 4a37329e8..99baa3c0d 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -760,7 +760,7 @@ typedef struct CipherSpecs { /* Supported Ciphers from page 43 */ enum BulkCipherAlgorithm { - cipher_null, + cipher_null = 0, rc4, rc2, des, @@ -775,7 +775,7 @@ enum BulkCipherAlgorithm { /* Supported Message Authentication Codes from page 43 */ enum MACAlgorithm { - no_mac = 0, + no_mac = 10, md5_mac, sha_mac, sha224_mac, @@ -788,19 +788,20 @@ enum MACAlgorithm { /* Supported Key Exchange Protocols */ enum KeyExchangeAlgorithm { - no_kea = 0, + no_kea = 20, rsa_kea, diffie_hellman_kea, fortezza_kea, psk_kea, ntru_kea, - ecc_diffie_hellman_kea + ecc_diffie_hellman_kea, + ecc_static_diffie_hellman_kea /* for verify suite only */ }; /* Supported Authentication Schemes */ enum SignatureAlgorithm { - anonymous_sa_algo = 0, + anonymous_sa_algo = 30, rsa_sa_algo, dsa_sa_algo, ecc_dsa_sa_algo diff --git a/src/internal.c b/src/internal.c index 685e4df3f..446c069ab 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5457,10 +5457,309 @@ int SetCipherList(Suites* s, const char* list) } + + /* Does this cipher suite (first, second) have the requirement + an ephemeral key exchange will still require the key for signing + the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */ + static int CipherRequires(byte first, byte second, int requirement) + { + /* ECC extensions */ + if (first == ECC_BYTE) { + + switch (second) { + + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : + if (requirement == ecc_static_diffie_hellman_kea) + return 1; + break; + + case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == ecc_static_diffie_hellman_kea) + return 1; + break; + + case TLS_ECDHE_RSA_WITH_RC4_128_SHA : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_ECDH_RSA_WITH_RC4_128_SHA : + if (requirement == ecc_static_diffie_hellman_kea) + return 1; + break; + + case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == ecc_dsa_sa_algo) + return 1; + break; + + case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == ecc_static_diffie_hellman_kea) + return 1; + break; + + case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : + if (requirement == ecc_dsa_sa_algo) + return 1; + break; + + case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : + if (requirement == ecc_static_diffie_hellman_kea) + return 1; + break; + + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : + if (requirement == ecc_static_diffie_hellman_kea) + return 1; + break; + + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : + if (requirement == ecc_dsa_sa_algo) + return 1; + break; + + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : + if (requirement == ecc_static_diffie_hellman_kea) + return 1; + break; + + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : + if (requirement == ecc_dsa_sa_algo) + return 1; + break; + + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : + if (requirement == ecc_static_diffie_hellman_kea) + return 1; + break; + + default: + CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); + return 0; + } /* switch */ + } /* if */ + if (first != ECC_BYTE) { /* normal suites */ + switch (second) { + + case SSL_RSA_WITH_RC4_128_SHA : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_NTRU_RSA_WITH_RC4_128_SHA : + if (requirement == ntru_kea) + return 1; + break; + + case SSL_RSA_WITH_RC4_128_MD5 : + if (requirement == rsa_kea) + return 1; + break; + + case SSL_RSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : + if (requirement == ntru_kea) + return 1; + break; + + case TLS_RSA_WITH_AES_128_CBC_SHA : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_RSA_WITH_AES_128_CBC_SHA256 : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : + if (requirement == ntru_kea) + return 1; + break; + + case TLS_RSA_WITH_AES_256_CBC_SHA : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_RSA_WITH_AES_256_CBC_SHA256 : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : + if (requirement == ntru_kea) + return 1; + break; + + case TLS_PSK_WITH_AES_128_CBC_SHA : + if (requirement == psk_kea) + return 1; + break; + + case TLS_PSK_WITH_AES_256_CBC_SHA : + if (requirement == psk_kea) + return 1; + break; + + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : + if (requirement == rsa_kea) + return 1; + if (requirement == diffie_hellman_kea) + return 1; + break; + + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : + if (requirement == rsa_kea) + return 1; + if (requirement == diffie_hellman_kea) + return 1; + break; + + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : + if (requirement == rsa_kea) + return 1; + if (requirement == diffie_hellman_kea) + return 1; + break; + + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : + if (requirement == rsa_kea) + return 1; + if (requirement == diffie_hellman_kea) + return 1; + break; + + case TLS_RSA_WITH_HC_128_CBC_MD5 : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_RSA_WITH_HC_128_CBC_SHA : + if (requirement == rsa_kea) + return 1; + break; + + case TLS_RSA_WITH_RABBIT_CBC_SHA : + if (requirement == rsa_kea) + return 1; + break; + + default: + CYASSL_MSG("Unsupported cipher suite, CipherRequires"); + return 0; + } /* switch */ + } /* if ECC / Normal suites else */ + + return 0; + } + + + + + + /* Make sure cert/key are valid for this suite, true on success */ + static int VerifySuite(CYASSL* ssl, word16 idx) + { + int haveRSA = !ssl->options.haveECDSA; + int havePSK = 0; + byte first = ssl->suites.suites[idx]; + byte second = ssl->suites.suites[idx+1]; + + CYASSL_ENTER("VerifySuite"); + + #ifndef NO_PSK + havePSK = ssl->options.havePSK; + #endif + + if (ssl->options.haveNTRU) + haveRSA = 0; + + if (CipherRequires(first, second, rsa_kea)) { + CYASSL_MSG("Requires RSA"); + if (haveRSA == 0) { + CYASSL_MSG("Don't have RSA"); + return 0; + } + return 1; + } + + if (CipherRequires(first, second, diffie_hellman_kea)) { + CYASSL_MSG("Requires DHE"); + if (ssl->options.haveDH == 0) { + CYASSL_MSG("Don't have DHE"); + return 0; + } + return 1; + } + + if (CipherRequires(first, second, ecc_dsa_sa_algo)) { + CYASSL_MSG("Requires ECCDSA"); + if (ssl->options.haveECDSA == 0) { + CYASSL_MSG("Don't have ECCDSA"); + return 0; + } + return 1; + } + + if (CipherRequires(first, second, ecc_static_diffie_hellman_kea)) { + CYASSL_MSG("Requires static ECC"); + if (ssl->options.haveStaticECC == 0) { + CYASSL_MSG("Don't have static ECC"); + return 0; + } + return 1; + } + + if (CipherRequires(first, second, psk_kea)) { + CYASSL_MSG("Requires PSK"); + if (havePSK == 0) { + CYASSL_MSG("Don't have PSK"); + return 0; + } + return 1; + } + + if (CipherRequires(first, second, ntru_kea)) { + CYASSL_MSG("Requires NTRU"); + if (ssl->options.haveNTRU == 0) { + CYASSL_MSG("Don't have NTRU"); + return 0; + } + return 1; + } + + /* ECCDHE is always supported if ECC on */ + + return 1; + } + + static int MatchSuite(CYASSL* ssl, Suites* peerSuites) { word16 i, j; + CYASSL_ENTER("MatchSuite"); + /* & 0x1 equivalent % 2 */ if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1) return MATCH_SUITE_ERROR; @@ -5471,9 +5770,15 @@ int SetCipherList(Suites* s, const char* list) if (ssl->suites.suites[i] == peerSuites->suites[j] && ssl->suites.suites[i+1] == peerSuites->suites[j+1] ) { - ssl->options.cipherSuite0 = ssl->suites.suites[i]; - ssl->options.cipherSuite = ssl->suites.suites[i+1]; - return SetCipherSpecs(ssl); + if (VerifySuite(ssl, i)) { + CYASSL_MSG("Verified suite validity"); + ssl->options.cipherSuite0 = ssl->suites.suites[i]; + ssl->options.cipherSuite = ssl->suites.suites[i+1]; + return SetCipherSpecs(ssl); + } + else { + CYASSL_MSG("Coult not verify suite validity, continue"); + } } return MATCH_SUITE_ERROR; diff --git a/src/ssl.c b/src/ssl.c index f61ab880a..207e55cda 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7706,8 +7706,8 @@ long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, long options) } return 0; #else - (void*)ctx; - (void*)options; + (void)ctx; + (void)options; return NOT_COMPILED_IN; #endif } @@ -7719,8 +7719,8 @@ int CyaSSL_CTX_OCSP_set_override_url(CYASSL_CTX* ctx, const char* url) #ifdef HAVE_OCSP return CyaSSL_OCSP_set_override_url(&ctx->ocsp, url); #else - (void*)ctx; - (void*)url; + (void)ctx; + (void)url; return NOT_COMPILED_IN; #endif }