From 7494f5bc5e4945e4b7828a04f202f06660ab98f9 Mon Sep 17 00:00:00 2001 From: Ken Thomases Date: Thu, 7 Feb 2013 09:11:24 -0600 Subject: [PATCH] secur32: On Mac, add support for cipher suites defined in 10.8 SDK. --- dlls/secur32/schannel_macosx.c | 143 ++++++++++++++++++++++++++++++++- 1 file changed, 140 insertions(+), 3 deletions(-) diff --git a/dlls/secur32/schannel_macosx.c b/dlls/secur32/schannel_macosx.c index aaf2532f7e7..05b0a5ee184 100644 --- a/dlls/secur32/schannel_macosx.c +++ b/dlls/secur32/schannel_macosx.c @@ -76,6 +76,73 @@ enum { }; #endif +#if MAC_OS_X_VERSION_MAX_ALLOWED < 1080 +/* Defined in in the 10.8 SDK or later. */ +enum { + TLS_NULL_WITH_NULL_NULL = 0x0000, + TLS_RSA_WITH_NULL_MD5 = 0x0001, + TLS_RSA_WITH_NULL_SHA = 0x0002, + TLS_RSA_WITH_RC4_128_MD5 = 0x0004, + TLS_RSA_WITH_RC4_128_SHA = 0x0005, + TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, + TLS_RSA_WITH_NULL_SHA256 = 0x003B, + TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, + TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, + TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, + TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, + TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E, + TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, + TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068, + TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, + TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018, + TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B, + TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C, + TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D, + TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, + TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F, + TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0, + TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, + TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4, + TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5, + TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6, + TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C, + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D, + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030, + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031, + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032, + TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF, +}; + +/* Defined in in the 10.8 SDK or later. */ +enum { + kTLSProtocol11 = 7, /* TLS 1.1 */ + kTLSProtocol12 = 8, /* TLS 1.2 */ +}; +#endif + + struct mac_session { SSLContextRef context; struct schan_transport *transport; @@ -112,7 +179,9 @@ enum { enum { schan_enc_3DES_EDE_CBC, schan_enc_AES_128_CBC, + schan_enc_AES_128_GCM, schan_enc_AES_256_CBC, + schan_enc_AES_256_GCM, schan_enc_DES_CBC, schan_enc_DES40_CBC, schan_enc_FORTEZZA_CBC, @@ -128,6 +197,8 @@ enum { schan_mac_MD5, schan_mac_NULL, schan_mac_SHA, + schan_mac_SHA256, + schan_mac_SHA384, }; @@ -213,6 +284,60 @@ static const struct cipher_suite cipher_suites[] = { CIPHER_SUITE(TLS, ECDH_anon, AES_128_CBC, SHA), CIPHER_SUITE(TLS, ECDH_anon, AES_256_CBC, SHA), + CIPHER_SUITE(TLS, NULL, NULL, NULL), + CIPHER_SUITE(TLS, RSA, NULL, MD5), + CIPHER_SUITE(TLS, RSA, NULL, SHA), + CIPHER_SUITE(TLS, RSA, RC4_128, MD5), + CIPHER_SUITE(TLS, RSA, RC4_128, SHA), + CIPHER_SUITE(TLS, RSA, 3DES_EDE_CBC, SHA), + CIPHER_SUITE(TLS, RSA, NULL, SHA256), + CIPHER_SUITE(TLS, RSA, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, RSA, AES_256_CBC, SHA256), + CIPHER_SUITE(TLS, DH_DSS, 3DES_EDE_CBC, SHA), + CIPHER_SUITE(TLS, DH_RSA, 3DES_EDE_CBC, SHA), + CIPHER_SUITE(TLS, DHE_DSS, 3DES_EDE_CBC, SHA), + CIPHER_SUITE(TLS, DHE_RSA, 3DES_EDE_CBC, SHA), + CIPHER_SUITE(TLS, DH_DSS, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, DH_RSA, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, DHE_DSS, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, DHE_RSA, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, DH_DSS, AES_256_CBC, SHA256), + CIPHER_SUITE(TLS, DH_RSA, AES_256_CBC, SHA256), + CIPHER_SUITE(TLS, DHE_DSS, AES_256_CBC, SHA256), + CIPHER_SUITE(TLS, DHE_RSA, AES_256_CBC, SHA256), + CIPHER_SUITE(TLS, DH_anon, RC4_128, MD5), + CIPHER_SUITE(TLS, DH_anon, 3DES_EDE_CBC, SHA), + CIPHER_SUITE(TLS, DH_anon, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, DH_anon, AES_256_CBC, SHA256), + CIPHER_SUITE(TLS, RSA, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, RSA, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, DHE_RSA, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, DHE_RSA, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, DH_RSA, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, DH_RSA, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, DHE_DSS, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, DHE_DSS, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, DH_DSS, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, DH_DSS, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, DH_anon, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, DH_anon, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_256_CBC, SHA384), + CIPHER_SUITE(TLS, ECDH_ECDSA, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, ECDH_ECDSA, AES_256_CBC, SHA384), + CIPHER_SUITE(TLS, ECDHE_RSA, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, ECDHE_RSA, AES_256_CBC, SHA384), + CIPHER_SUITE(TLS, ECDH_RSA, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, ECDH_RSA, AES_256_CBC, SHA384), + CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, ECDH_ECDSA, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, ECDH_ECDSA, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, ECDHE_RSA, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, ECDHE_RSA, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, ECDH_RSA, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, ECDH_RSA, AES_256_GCM, SHA384), + CIPHER_SUITE(SSL, RSA, RC2_CBC, MD5), CIPHER_SUITE(SSL, RSA, IDEA_CBC, MD5), CIPHER_SUITE(SSL, RSA, DES_CBC, MD5), @@ -252,9 +377,11 @@ static DWORD schan_get_session_protocol(struct mac_session* s) switch (protocol) { - case kSSLProtocol2: return SP_PROT_SSL2_CLIENT; - case kSSLProtocol3: return SP_PROT_SSL3_CLIENT; - case kTLSProtocol1: return SP_PROT_TLS1_CLIENT; + case kSSLProtocol2: return SP_PROT_SSL2_CLIENT; + case kSSLProtocol3: return SP_PROT_SSL3_CLIENT; + case kTLSProtocol1: return SP_PROT_TLS1_CLIENT; + case kTLSProtocol11: return SP_PROT_TLS1_1_CLIENT; + case kTLSProtocol12: return SP_PROT_TLS1_2_CLIENT; default: FIXME("unknown protocol %d\n", protocol); return 0; @@ -278,6 +405,8 @@ static ALG_ID schan_get_cipher_algid(const struct cipher_suite* c) case schan_enc_RC4_128: return CALG_RC4; case schan_enc_RC4_40: return CALG_RC4; + case schan_enc_AES_128_GCM: + case schan_enc_AES_256_GCM: case schan_enc_FORTEZZA_CBC: case schan_enc_IDEA_CBC: FIXME("Don't know CALG for encryption algorithm %d, returning 0\n", c->enc_alg); @@ -297,7 +426,9 @@ static unsigned int schan_get_cipher_key_size(const struct cipher_suite* c) { case schan_enc_3DES_EDE_CBC: return 168; case schan_enc_AES_128_CBC: return 128; + case schan_enc_AES_128_GCM: return 128; case schan_enc_AES_256_CBC: return 256; + case schan_enc_AES_256_GCM: return 256; case schan_enc_DES_CBC: return 56; case schan_enc_DES40_CBC: return 40; case schan_enc_NULL: return 0; @@ -326,6 +457,8 @@ static ALG_ID schan_get_mac_algid(const struct cipher_suite* c) case schan_mac_MD5: return CALG_MD5; case schan_mac_NULL: return 0; case schan_mac_SHA: return CALG_SHA; + case schan_mac_SHA256: return CALG_SHA_256; + case schan_mac_SHA384: return CALG_SHA_384; default: FIXME("Unknown hashing algorithm %d for cipher suite %#x, returning 0\n", c->mac_alg, (unsigned)c->suite); @@ -342,6 +475,8 @@ static unsigned int schan_get_mac_key_size(const struct cipher_suite* c) case schan_mac_MD5: return 128; case schan_mac_NULL: return 0; case schan_mac_SHA: return 160; + case schan_mac_SHA256: return 256; + case schan_mac_SHA384: return 384; default: FIXME("Unknown hashing algorithm %d for cipher suite %#x, returning 0\n", c->mac_alg, (unsigned)c->suite); @@ -637,7 +772,9 @@ unsigned int schan_imp_get_session_cipher_block_size(schan_imp_session session) { case schan_enc_3DES_EDE_CBC: return 64; case schan_enc_AES_128_CBC: return 128; + case schan_enc_AES_128_GCM: return 128; case schan_enc_AES_256_CBC: return 128; + case schan_enc_AES_256_GCM: return 128; case schan_enc_DES_CBC: return 64; case schan_enc_DES40_CBC: return 64; case schan_enc_NULL: return 0;