aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2011-12-31 03:26:57 +0000
committerlloyd <[email protected]>2011-12-31 03:26:57 +0000
commit52b9356cec6c5ad9a5d00a8ecbbad10a672787e8 (patch)
treedb360c3b39e550e24ad143c09ca087484d5cfd8d /src
parent074ea8fdee34a668c57b19b474468a7e4d581567 (diff)
Some basic infrastructure pieces for SRP (policy, etc)
Diffstat (limited to 'src')
-rw-r--r--src/tls/hello.cpp4
-rw-r--r--src/tls/tls_client.cpp9
-rw-r--r--src/tls/tls_client.h6
-rw-r--r--src/tls/tls_magic.h3
-rw-r--r--src/tls/tls_policy.cpp37
-rw-r--r--src/tls/tls_policy.h10
6 files changed, 46 insertions, 23 deletions
diff --git a/src/tls/hello.cpp b/src/tls/hello.cpp
index 08d8eee8e..49115fd62 100644
--- a/src/tls/hello.cpp
+++ b/src/tls/hello.cpp
@@ -74,7 +74,7 @@ Client_Hello::Client_Hello(Record_Writer& writer,
const std::string& srp_identifier) :
c_version(policy.pref_version()),
c_random(rng.random_vec(32)),
- suites(policy.ciphersuites()),
+ suites(policy.ciphersuites(srp_identifier != "")),
comp_methods(policy.compression()),
requested_hostname(hostname),
requested_srp_id(srp_identifier),
@@ -303,7 +303,7 @@ Server_Hello::Server_Hello(Record_Writer& writer,
have_dsa = true;
}
- suite = policy.choose_suite(c_hello.ciphersuites(), have_rsa, have_dsa);
+ suite = policy.choose_suite(c_hello.ciphersuites(), have_rsa, have_dsa, false);
if(suite == 0)
throw TLS_Exception(HANDSHAKE_FAILURE,
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 9942c2d44..1d9554ee8 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -13,8 +13,6 @@
#include <botan/dsa.h>
#include <botan/dh.h>
-#include <stdio.h>
-
namespace Botan {
/*
@@ -27,7 +25,8 @@ TLS_Client::TLS_Client(std::tr1::function<void (const byte[], size_t)> output_fn
const TLS_Policy& policy,
RandomNumberGenerator& rng,
const std::string& hostname,
- const std::string& srp_identifier) :
+ const std::string& srp_identifier,
+ const std::string& srp_password) :
TLS_Channel(output_fn, proc_fn, handshake_fn),
policy(policy),
rng(rng),
@@ -176,8 +175,8 @@ void TLS_Client::process_handshake_msg(Handshake_Type type,
// successful resumption
/*
- In this case, we offered the original session and the server
- must resume with it
+ * In this case, we offered the original session and the server
+ * must resume with it
*/
if(state->server_hello->version() != state->client_hello->version())
throw TLS_Exception(HANDSHAKE_FAILURE,
diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h
index 0f654a40f..eccddef6f 100644
--- a/src/tls/tls_client.h
+++ b/src/tls/tls_client.h
@@ -29,7 +29,8 @@ class BOTAN_DLL TLS_Client : public TLS_Channel
* @param policy specifies other connection policy information
* @param rng a random number generator
* @param servername the server's DNS name, if known
- * @param srp_username an identifier to use for SRP key exchange
+ * @param srp_username a SRP identifier to use for SRP key exchange
+ * @param srp_password a SRP password to use for SRP key exchange
*/
TLS_Client(std::tr1::function<void (const byte[], size_t)> socket_output_fn,
std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn,
@@ -38,7 +39,8 @@ class BOTAN_DLL TLS_Client : public TLS_Channel
const TLS_Policy& policy,
RandomNumberGenerator& rng,
const std::string& servername = "",
- const std::string& srp_username = "");
+ const std::string& srp_username = "",
+ const std::string& srp_password = "");
void add_client_cert(const X509_Certificate& cert,
Private_Key* cert_key);
diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h
index e20788ea3..a87739b5a 100644
--- a/src/tls/tls_magic.h
+++ b/src/tls/tls_magic.h
@@ -126,13 +126,10 @@ enum Ciphersuite_Code {
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A,
- TLS_SRP_SHA_WITH_3DES_EDE_SHA = 0xC01A,
TLS_SRP_SHA_RSA_WITH_3DES_EDE_SHA = 0xC01B,
TLS_SRP_SHA_DSS_WITH_3DES_EDE_SHA = 0xC01C,
- TLS_SRP_SHA_WITH_AES_128_SHA = 0xC01D,
TLS_SRP_SHA_RSA_WITH_AES_128_SHA = 0xC01E,
TLS_SRP_SHA_DSS_WITH_AES_128_SHA = 0xC01F,
- TLS_SRP_SHA_WITH_AES_256_SHA = 0xC020,
TLS_SRP_SHA_RSA_WITH_AES_256_SHA = 0xC021,
TLS_SRP_SHA_DSS_WITH_AES_256_SHA = 0xC022,
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index b73ff7850..596f5e53e 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -13,9 +13,10 @@ namespace Botan {
/*
* Return allowed ciphersuites
*/
-std::vector<u16bit> TLS_Policy::ciphersuites() const
+std::vector<u16bit> TLS_Policy::ciphersuites(bool have_srp) const
{
- return suite_list(allow_static_rsa(), allow_edh_rsa(), allow_edh_dsa());
+ return suite_list(allow_static_rsa(), allow_edh_rsa(), allow_edh_dsa(),
+ allow_srp() && have_srp);
}
/*
@@ -23,10 +24,28 @@ std::vector<u16bit> TLS_Policy::ciphersuites() const
*/
std::vector<u16bit> TLS_Policy::suite_list(bool use_rsa,
bool use_edh_rsa,
- bool use_edh_dsa) const
+ bool use_edh_dsa,
+ bool use_srp) const
{
std::vector<u16bit> suites;
+ if(use_srp)
+ {
+ if(use_edh_rsa)
+ {
+ suites.push_back(TLS_SRP_SHA_DSS_WITH_AES_256_SHA);
+ suites.push_back(TLS_SRP_SHA_DSS_WITH_AES_128_SHA);
+ suites.push_back(TLS_SRP_SHA_DSS_WITH_3DES_EDE_SHA);
+ }
+
+ if(use_edh_dsa)
+ {
+ suites.push_back(TLS_SRP_SHA_RSA_WITH_AES_256_SHA);
+ suites.push_back(TLS_SRP_SHA_RSA_WITH_AES_128_SHA);
+ suites.push_back(TLS_SRP_SHA_RSA_WITH_3DES_EDE_SHA);
+ }
+ }
+
if(use_edh_dsa)
{
suites.push_back(TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
@@ -75,14 +94,16 @@ std::vector<byte> TLS_Policy::compression() const
*/
u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& c_suites,
bool have_rsa,
- bool have_dsa) const
+ bool have_dsa,
+ bool have_srp) const
{
- bool use_static_rsa = allow_static_rsa() && have_rsa;
- bool use_edh_rsa = allow_edh_rsa() && have_rsa;
- bool use_edh_dsa = allow_edh_dsa() && have_dsa;
+ const bool use_static_rsa = allow_static_rsa() && have_rsa;
+ const bool use_edh_rsa = allow_edh_rsa() && have_rsa;
+ const bool use_edh_dsa = allow_edh_dsa() && have_dsa;
+ const bool use_srp = allow_srp() && have_srp;
std::vector<u16bit> s_suites = suite_list(use_static_rsa, use_edh_rsa,
- use_edh_dsa);
+ use_edh_dsa, use_srp);
for(size_t i = 0; i != s_suites.size(); ++i)
for(size_t j = 0; j != c_suites.size(); ++j)
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
index dd38f3574..48ff9185e 100644
--- a/src/tls/tls_policy.h
+++ b/src/tls/tls_policy.h
@@ -22,18 +22,21 @@ namespace Botan {
class BOTAN_DLL TLS_Policy
{
public:
- std::vector<u16bit> ciphersuites() const;
+ std::vector<u16bit> ciphersuites(bool have_srp) const;
virtual std::vector<byte> compression() const;
virtual u16bit choose_suite(const std::vector<u16bit>& client_suites,
bool rsa_ok,
- bool dsa_ok) const;
+ bool dsa_ok,
+ bool srp_ok) const;
virtual byte choose_compression(const std::vector<byte>& client) const;
virtual bool allow_static_rsa() const { return true; }
virtual bool allow_edh_rsa() const { return true; }
virtual bool allow_edh_dsa() const { return true; }
+ virtual bool allow_srp() const { return true; }
+
virtual bool require_client_auth() const { return false; }
virtual bool require_secure_renegotiation() const { return true; }
@@ -57,7 +60,8 @@ class BOTAN_DLL TLS_Policy
private:
virtual std::vector<u16bit> suite_list(bool use_rsa,
bool use_edh_rsa,
- bool use_edh_dsa) const;
+ bool use_edh_dsa,
+ bool use_srp) const;
};
}