diff options
-rw-r--r-- | src/tls/c_kex.cpp | 4 | ||||
-rw-r--r-- | src/tls/info.txt | 3 | ||||
-rw-r--r-- | src/tls/s_kex.cpp | 38 |
3 files changed, 42 insertions, 3 deletions
diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index 0a6339bd0..16c02e2b8 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -330,6 +330,10 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, append_tls_length_value(pre_master, zeros, 2); append_tls_length_value(pre_master, psk.bits_of(), 2); } + else if(kex_algo == "SRP_SHA") + { + throw Internal_Error("SRP_SHA server side not done"); + } else if(kex_algo == "DH" || kex_algo == "DHE_PSK" || kex_algo == "ECDH" || kex_algo == "ECDHE_PSK") { diff --git a/src/tls/info.txt b/src/tls/info.txt index ab329c342..229cf658f 100644 --- a/src/tls/info.txt +++ b/src/tls/info.txt @@ -1,6 +1,6 @@ define TLS -load_on request +load_on auto <comment> The TLS code is complex, new, and not yet reviewed, there may be @@ -85,6 +85,7 @@ prf_tls rng rsa seed +srp6 sha1 sha2_32 ssl3mac diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index a5c8ff8d7..24bc6ecaa 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -16,6 +16,7 @@ #include <botan/dh.h> #include <botan/ecdh.h> #include <botan/rsa.h> +#include <botan/srp6.h> #include <botan/oids.h> #include <memory> @@ -34,13 +35,13 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, const Private_Key* signing_key) : m_kex_key(0) { + const std::string hostname = state->client_hello->sni_hostname(); const std::string kex_algo = state->suite.kex_algo(); if(kex_algo == "PSK" || kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK") { std::string identity_hint = - creds.psk_identity_hint("tls-server", - state->client_hello->sni_hostname()); + creds.psk_identity_hint("tls-server", hostname); append_tls_length_value(m_params, identity_hint, 2); } @@ -88,6 +89,39 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, m_kex_key = ecdh.release(); } + else if(kex_algo == "SRP_SHA") + { + const std::string srp_identifier = state->client_hello->srp_identifier(); + + BigInt N, g, v; + MemoryVector<byte> salt; + + const bool found = creds.srp_verifier("tls-server", hostname, + srp_identifier, + N, g, v, salt, + policy.hide_unknown_users()); + + if(!found) + throw TLS_Exception(Alert::UNKNOWN_PSK_IDENTITY, + "Unknown SRP user " + srp_identifier); + +#if 0 + BigInt B = srp6_server_step1(v, srp6_group_identifier(N, g), + "SHA-1", rng); +#else + BigInt B = 0; +#endif + + append_tls_length_value(m_params, BigInt::encode(N), 2); + append_tls_length_value(m_params, BigInt::encode(g), 2); + append_tls_length_value(m_params, salt, 1); + append_tls_length_value(m_params, BigInt::encode(B), 2); + + /* + * To finish, client key exchange needs to know + * group_id, v, b, B + */ + } else if(kex_algo != "PSK") throw Internal_Error("Server_Key_Exchange: Unknown kex type " + kex_algo); |