libsec: send sigature_algoritms extension for TLS1.2, order ciphers
TLS1.2 requires the client to send the list of supported signature and hash algorithm pairs. some servers will simply reject the client hello otherwise. note that we do not implement any dh/ecdh param signature verification. order the cipher list to strogest first. aes128 is actually more secure than aes256.
This commit is contained in:
parent
455b42743d
commit
33a4a56c1c
1 changed files with 39 additions and 6 deletions
|
@ -141,6 +141,7 @@ typedef struct Msg{
|
||||||
Bytes *dh_g;
|
Bytes *dh_g;
|
||||||
Bytes *dh_Ys;
|
Bytes *dh_Ys;
|
||||||
Bytes *dh_signature;
|
Bytes *dh_signature;
|
||||||
|
int sigalg;
|
||||||
int curve;
|
int curve;
|
||||||
} serverKeyExchange;
|
} serverKeyExchange;
|
||||||
struct {
|
struct {
|
||||||
|
@ -283,16 +284,16 @@ enum {
|
||||||
};
|
};
|
||||||
|
|
||||||
static Algs cipherAlgs[] = {
|
static Algs cipherAlgs[] = {
|
||||||
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
|
|
||||||
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
|
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
|
||||||
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
|
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
|
||||||
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
|
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
|
||||||
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
|
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
|
||||||
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
|
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
|
||||||
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_RSA_WITH_AES_256_CBC_SHA},
|
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
|
||||||
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_RSA_WITH_AES_128_CBC_SHA},
|
|
||||||
{"aes_128_cbc", "sha256", 2*(16+16+SHA2_256dlen), TLS_RSA_WITH_AES_128_CBC_SHA256},
|
{"aes_128_cbc", "sha256", 2*(16+16+SHA2_256dlen), TLS_RSA_WITH_AES_128_CBC_SHA256},
|
||||||
{"aes_256_cbc", "sha256", 2*(32+16+SHA2_256dlen), TLS_RSA_WITH_AES_256_CBC_SHA256},
|
{"aes_256_cbc", "sha256", 2*(32+16+SHA2_256dlen), TLS_RSA_WITH_AES_256_CBC_SHA256},
|
||||||
|
{"aes_128_cbc", "sha1", 2*(16+16+SHA1dlen), TLS_RSA_WITH_AES_128_CBC_SHA},
|
||||||
|
{"aes_256_cbc", "sha1", 2*(32+16+SHA1dlen), TLS_RSA_WITH_AES_256_CBC_SHA},
|
||||||
{"3des_ede_cbc","sha1", 2*(4*8+SHA1dlen), TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA},
|
{"3des_ede_cbc","sha1", 2*(4*8+SHA1dlen), TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA},
|
||||||
{"3des_ede_cbc","sha1", 2*(4*8+SHA1dlen), TLS_RSA_WITH_3DES_EDE_CBC_SHA},
|
{"3des_ede_cbc","sha1", 2*(4*8+SHA1dlen), TLS_RSA_WITH_3DES_EDE_CBC_SHA},
|
||||||
{"rc4_128", "sha1", 2*(16+SHA1dlen), TLS_RSA_WITH_RC4_128_SHA},
|
{"rc4_128", "sha1", 2*(16+SHA1dlen), TLS_RSA_WITH_RC4_128_SHA},
|
||||||
|
@ -317,6 +318,18 @@ static uchar pointformats[] = {
|
||||||
CompressionNull /* support of uncompressed point format is mandatory */
|
CompressionNull /* support of uncompressed point format is mandatory */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// signature algorithms
|
||||||
|
static int sigalgs[] = {
|
||||||
|
0x0601, /* SHA512 RSA */
|
||||||
|
0x0501, /* SHA384 RSA */
|
||||||
|
0x0401, /* SHA256 RSA */
|
||||||
|
0x0201, /* SHA1 RSA */
|
||||||
|
0x0603, /* SHA512 ECDSA */
|
||||||
|
0x0503, /* SHA384 ECDSA */
|
||||||
|
0x0403, /* SHA256 ECDSA */
|
||||||
|
0x0203, /* SHA1 ECDSA */
|
||||||
|
};
|
||||||
|
|
||||||
static TlsConnection *tlsServer2(int ctl, int hand, uchar *cert, int certlen, int (*trace)(char*fmt, ...), PEMChain *chain);
|
static TlsConnection *tlsServer2(int ctl, int hand, uchar *cert, int certlen, int (*trace)(char*fmt, ...), PEMChain *chain);
|
||||||
static TlsConnection *tlsClient2(int ctl, int hand, uchar *csid, int ncsid, uchar *cert, int certlen, uchar *ext, int extlen, int (*trace)(char*fmt, ...));
|
static TlsConnection *tlsClient2(int ctl, int hand, uchar *csid, int ncsid, uchar *cert, int certlen, uchar *ext, int extlen, int (*trace)(char*fmt, ...));
|
||||||
static void msgClear(Msg *m);
|
static void msgClear(Msg *m);
|
||||||
|
@ -489,6 +502,23 @@ tlsClientExtensions(TLSconn *conn, int *plen)
|
||||||
for(i=0; i < n; i++) /* Elliptic curves point formats */
|
for(i=0; i < n; i++) /* Elliptic curves point formats */
|
||||||
*p++ = pointformats[i];
|
*p++ = pointformats[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// signature algorithms
|
||||||
|
if(ProtocolVersion >= TLS12Version){
|
||||||
|
n = nelem(sigalgs);
|
||||||
|
|
||||||
|
m = p - b;
|
||||||
|
b = erealloc(b, m + 2+2+2+n*2);
|
||||||
|
p = b + m;
|
||||||
|
|
||||||
|
put16(p, 0x000d), p += 2;
|
||||||
|
put16(p, n*2 + 2), p += 2;
|
||||||
|
put16(p, n*2), p += 2;
|
||||||
|
for(i=0; i < n; i++){
|
||||||
|
put16(p, sigalgs[i]);
|
||||||
|
p += 2;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
*plen = p - b;
|
*plen = p - b;
|
||||||
return b;
|
return b;
|
||||||
|
@ -1703,8 +1733,9 @@ msgRecv(TlsConnection *c, Msg *m)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if(n >= 2){
|
if(n >= 2){
|
||||||
|
m->u.serverKeyExchange.sigalg = 0;
|
||||||
if(c->version >= TLS12Version){
|
if(c->version >= TLS12Version){
|
||||||
/* signature hash algorithm */
|
m->u.serverKeyExchange.sigalg = get16(p);
|
||||||
p += 2, n -= 2;
|
p += 2, n -= 2;
|
||||||
if(n < 2)
|
if(n < 2)
|
||||||
goto Short;
|
goto Short;
|
||||||
|
@ -1916,6 +1947,8 @@ msgPrint(char *buf, int n, Msg *m)
|
||||||
bs = bytesPrint(bs, be, "\tdh_g: ", m->u.serverKeyExchange.dh_g, "\n");
|
bs = bytesPrint(bs, be, "\tdh_g: ", m->u.serverKeyExchange.dh_g, "\n");
|
||||||
}
|
}
|
||||||
bs = bytesPrint(bs, be, "\tdh_Ys: ", m->u.serverKeyExchange.dh_Ys, "\n");
|
bs = bytesPrint(bs, be, "\tdh_Ys: ", m->u.serverKeyExchange.dh_Ys, "\n");
|
||||||
|
if(m->u.serverKeyExchange.sigalg != 0)
|
||||||
|
bs = seprint(bs, be, "\tsigalg: %.4x\n", m->u.serverKeyExchange.sigalg);
|
||||||
bs = bytesPrint(bs, be, "\tdh_signature: ", m->u.serverKeyExchange.dh_signature, "\n");
|
bs = bytesPrint(bs, be, "\tdh_signature: ", m->u.serverKeyExchange.dh_signature, "\n");
|
||||||
break;
|
break;
|
||||||
case HClientKeyExchange:
|
case HClientKeyExchange:
|
||||||
|
|
Loading…
Reference in a new issue