diff --git a/ssl/ssl_h.h b/ssl/ssl_h.h index 2799c48..c166df5 100644 --- a/ssl/ssl_h.h +++ b/ssl/ssl_h.h @@ -121,6 +121,8 @@ typedef struct decoder_ { #define SSLV3_VERSION 0x300 #define TLSV1_VERSION 0x301 +#define TLSV11_VERSION 0x302 +#define TLSV12_VERSION 0x303 /*State defines*/ #define SSL_ST_SENT_NOTHING 0 diff --git a/ssl/ssl_rec.c b/ssl/ssl_rec.c index b727a82..d598b4f 100644 --- a/ssl/ssl_rec.c +++ b/ssl/ssl_rec.c @@ -68,19 +68,28 @@ struct ssl_rec_decoder_ { }; -static char *digests[]={ +char *digests[]={ "MD5", "SHA1" + "SHA224", + "SHA256", + "SHA384", + "SHA512", + NULL }; -static char *ciphers[]={ +char *ciphers[]={ "DES", - "DES3", + "3DES", "RC4", "RC2", "IDEA", "AES128", - "AES256" + "AES256", + "CAMELLIA128", + "CAMELLIA256", + "SEED", + NULL }; @@ -192,6 +201,19 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) ERETURN(r); } else{ + /* TLS 1.1 and beyond: remove explicit IV, only used with + * non-stream ciphers. */ + if (ssl->version>=0x0302 && ssl->cs->block > 1) { + UINT4 blk = ssl->cs->block; + if (blk <= *outl) { + *outl-=blk; + memmove(out, out+blk, *outl); + } + else { + DBG((0,"Block size greater than Plaintext!")); + ERETURN(SSL_BAD_MAC); + } + } if(r=tls_check_mac(d,ct,version,out,*outl,mac)) ERETURN(r); } @@ -231,7 +253,7 @@ static int tls_check_mac(d,ct,ver,data,datalen,mac) HMAC_CTX hm; const EVP_MD *md; UINT4 l; - UCHAR buf[20]; + UCHAR buf[128]; md=EVP_get_digestbyname(digests[d->cs->dig-0x40]); HMAC_Init(&hm,d->mac_key->data,d->mac_key->len,md); diff --git a/ssl/sslciphers.h b/ssl/sslciphers.h index ef51248..95e2939 100644 --- a/ssl/sslciphers.h +++ b/ssl/sslciphers.h @@ -73,10 +73,17 @@ typedef struct SSL_CipherSuite_ { #define ENC_IDEA 0x34 #define ENC_AES128 0x35 #define ENC_AES256 0x36 -#define ENC_NULL 0x37 +#define ENC_CAMELLIA128 0x37 +#define ENC_CAMELLIA256 0x38 +#define ENC_SEED 0x39 +#define ENC_NULL 0x3a #define DIG_MD5 0x40 #define DIG_SHA 0x41 +#define DIG_SHA224 0x42 /* Not sure why EKR didn't follow RFC for */ +#define DIG_SHA256 0x43 /* these values, but whatever, just adding on */ +#define DIG_SHA384 0x44 +#define DIG_SHA512 0x45 int ssl_find_cipher PROTO_LIST((int num,SSL_CipherSuite **cs)); diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index 475191d..373042c 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -61,11 +61,14 @@ static char *RCSSTRING="$Id: ssldecode.c,v 1.9 2002/08/17 01:33:17 ekr Exp $"; #define PRF(ssl,secret,usage,rnd1,rnd2,out) (ssl->version==SSLV3_VERSION)? \ ssl3_prf(ssl,secret,usage,rnd1,rnd2,out): \ - tls_prf(ssl,secret,usage,rnd1,rnd2,out) + ((ssl->version == TLSV12_VERSION) ? \ + tls12_prf(ssl,secret,usage,rnd1,rnd2,out): \ + tls_prf(ssl,secret,usage,rnd1,rnd2,out)) static char *ssl_password; +extern char *digests; extern UINT4 SSL_print_flags; struct ssl_decode_ctx_ { @@ -98,6 +101,8 @@ struct ssl_decoder_ { #ifdef OPENSSL static int tls_P_hash PROTO_LIST((ssl_obj *ssl,Data *secret,Data *seed, const EVP_MD *md,Data *out)); +static int tls12_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage, + Data *rnd1,Data *rnd2,Data *out)); static int tls_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage, Data *rnd1,Data *rnd2,Data *out)); static int ssl3_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage, @@ -432,10 +437,9 @@ int ssl_restore_session(ssl,d) switch(ssl->version){ case SSLV3_VERSION: - if(r=ssl_generate_keying_material(ssl,d)) - ABORT(r); - break; case TLSV1_VERSION: + case TLSV11_VERSION: + case TLSV12_VERSION: if(r=ssl_generate_keying_material(ssl,d)) ABORT(r); break; @@ -535,10 +539,9 @@ int ssl_process_client_key_exchange(ssl,d,msg,len) switch(ssl->version){ case SSLV3_VERSION: - if(r=ssl_generate_keying_material(ssl,d)) - ABORT(r); - break; case TLSV1_VERSION: + case TLSV11_VERSION: + case TLSV12_VERSION: if(r=ssl_generate_keying_material(ssl,d)) ABORT(r); break; @@ -572,7 +575,7 @@ static int tls_P_hash(ssl,secret,seed,md,out) int left=out->len; int tocpy; UCHAR *A; - UCHAR _A[20],tmp[20]; + UCHAR _A[128],tmp[128]; unsigned int A_l,tmp_l; HMAC_CTX hm; @@ -665,6 +668,53 @@ static int tls_prf(ssl,secret,usage,rnd1,rnd2,out) } +static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out) + ssl_obj *ssl; + Data *secret; + char *usage; + Data *rnd1; + Data *rnd2; + Data *out; + + { + const EVP_MD *md; + int r,_status; + Data *sha_out=0; + Data *seed; + UCHAR *ptr; + int i, dgi; + + if(r=r_data_alloc(&sha_out,MAX(out->len,64))) /* assume max SHA512 */ + ABORT(r); + if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)) + ABORT(r); + ptr=seed->data; + memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage); + memcpy(ptr,rnd1->data,rnd1->len); ptr+=rnd1->len; + memcpy(ptr,rnd2->data,rnd2->len); ptr+=rnd2->len; + + /* Earlier versions of openssl didn't have SHA256 of course... */ + dgi = MAX(DIG_SHA256, ssl->cs->dig)-0x40; + if ((md=EVP_get_digestbyname(digests[dgi])) == NULL) { + DBG((0,"Cannot get EVP for digest %s, openssl library current?", + digests[dgi])); + ERETURN(SSL_BAD_MAC); + } + if(r=tls_P_hash(ssl,secret,seed,md,sha_out)) + ABORT(r); + + for(i=0;ilen;i++) + out->data[i]=sha_out->data[i]; + + CRDUMPD("PRF out",out); + _status=0; + abort: + r_data_destroy(&sha_out); + r_data_destroy(&seed); + return(_status); + + } + static int ssl3_generate_export_iv(ssl,r1,r2,out) ssl_obj *ssl; Data *r1;