From db3a723887dfd9be47b06eb723727d7fbe2a9902 Mon Sep 17 00:00:00 2001 From: Ken Thomases Date: Wed, 19 Apr 2017 16:37:26 -0500 Subject: [PATCH] secur32: Add support for the cipher suites using pre-shared keys (PSK) added by the 10.9 SDK. Signed-off-by: Ken Thomases Signed-off-by: Alexandre Julliard --- dlls/secur32/schannel_macosx.c | 84 +++++++++++++++++++++++++++++++++- 1 file changed, 83 insertions(+), 1 deletion(-) diff --git a/dlls/secur32/schannel_macosx.c b/dlls/secur32/schannel_macosx.c index 2ed12d64592..2c5896a67ce 100644 --- a/dlls/secur32/schannel_macosx.c +++ b/dlls/secur32/schannel_macosx.c @@ -142,6 +142,45 @@ enum { }; #endif +#if MAC_OS_X_VERSION_MAX_ALLOWED < 1090 +/* Defined in in the 10.9 SDK or later. */ +enum { + TLS_PSK_WITH_RC4_128_SHA = 0x008A, + TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, + TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C, + TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D, + TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E, + TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091, + TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092, + TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095, + TLS_PSK_WITH_NULL_SHA = 0x002C, + TLS_DHE_PSK_WITH_NULL_SHA = 0x002D, + TLS_RSA_PSK_WITH_NULL_SHA = 0x002E, + TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, + TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB, + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC, + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD, + TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE, + TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF, + TLS_PSK_WITH_NULL_SHA256 = 0x00B0, + TLS_PSK_WITH_NULL_SHA384 = 0x00B1, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3, + TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4, + TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7, + TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8, + TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9, +}; +#endif + struct mac_session { SSLContextRef context; @@ -163,6 +202,7 @@ enum { schan_kx_DH_RSA, schan_kx_DHE_DSS_EXPORT, schan_kx_DHE_DSS, + schan_kx_DHE_PSK, schan_kx_DHE_RSA_EXPORT, schan_kx_DHE_RSA, schan_kx_ECDH_anon, @@ -172,7 +212,9 @@ enum { schan_kx_ECDHE_RSA, schan_kx_FORTEZZA_DMS, schan_kx_NULL, + schan_kx_PSK, schan_kx_RSA_EXPORT, + schan_kx_RSA_PSK, schan_kx_RSA, }; @@ -309,6 +351,23 @@ static const struct cipher_suite cipher_suites[] = { CIPHER_SUITE(TLS, DH_anon, 3DES_EDE_CBC, SHA), CIPHER_SUITE(TLS, DH_anon, AES_128_CBC, SHA256), CIPHER_SUITE(TLS, DH_anon, AES_256_CBC, SHA256), + + CIPHER_SUITE(TLS, PSK, RC4_128, SHA), + CIPHER_SUITE(TLS, PSK, 3DES_EDE_CBC, SHA), + CIPHER_SUITE(TLS, PSK, AES_128_CBC, SHA), + CIPHER_SUITE(TLS, PSK, AES_256_CBC, SHA), + CIPHER_SUITE(TLS, DHE_PSK, RC4_128, SHA), + CIPHER_SUITE(TLS, DHE_PSK, 3DES_EDE_CBC, SHA), + CIPHER_SUITE(TLS, DHE_PSK, AES_128_CBC, SHA), + CIPHER_SUITE(TLS, DHE_PSK, AES_256_CBC, SHA), + CIPHER_SUITE(TLS, RSA_PSK, RC4_128, SHA), + CIPHER_SUITE(TLS, RSA_PSK, 3DES_EDE_CBC, SHA), + CIPHER_SUITE(TLS, RSA_PSK, AES_128_CBC, SHA), + CIPHER_SUITE(TLS, RSA_PSK, AES_256_CBC, SHA), + CIPHER_SUITE(TLS, PSK, NULL, SHA), + CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA), + CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA), + CIPHER_SUITE(TLS, RSA, AES_128_GCM, SHA256), CIPHER_SUITE(TLS, RSA, AES_256_GCM, SHA384), CIPHER_SUITE(TLS, DHE_RSA, AES_128_GCM, SHA256), @@ -321,6 +380,26 @@ static const struct cipher_suite cipher_suites[] = { CIPHER_SUITE(TLS, DH_DSS, AES_256_GCM, SHA384), CIPHER_SUITE(TLS, DH_anon, AES_128_GCM, SHA256), CIPHER_SUITE(TLS, DH_anon, AES_256_GCM, SHA384), + + CIPHER_SUITE(TLS, PSK, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, PSK, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, DHE_PSK, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, DHE_PSK, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, RSA_PSK, AES_128_GCM, SHA256), + CIPHER_SUITE(TLS, RSA_PSK, AES_256_GCM, SHA384), + CIPHER_SUITE(TLS, PSK, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, PSK, AES_256_CBC, SHA384), + CIPHER_SUITE(TLS, PSK, NULL, SHA256), + CIPHER_SUITE(TLS, PSK, NULL, SHA384), + CIPHER_SUITE(TLS, DHE_PSK, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, DHE_PSK, AES_256_CBC, SHA384), + CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA256), + CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA384), + CIPHER_SUITE(TLS, RSA_PSK, AES_128_CBC, SHA256), + CIPHER_SUITE(TLS, RSA_PSK, AES_256_CBC, SHA384), + CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA256), + CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA384), + CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_128_CBC, SHA256), CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_256_CBC, SHA384), CIPHER_SUITE(TLS, ECDH_ECDSA, AES_128_CBC, SHA256), @@ -492,6 +571,7 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c) { case schan_kx_DHE_DSS_EXPORT: case schan_kx_DHE_DSS: + case schan_kx_DHE_PSK: case schan_kx_DHE_RSA_EXPORT: case schan_kx_DHE_RSA: return CALG_DH_EPHEM; case schan_kx_ECDH_anon: @@ -501,7 +581,8 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c) case schan_kx_ECDHE_RSA: return CALG_ECDH_EPHEM; case schan_kx_NULL: return 0; case schan_kx_RSA: - case schan_kx_RSA_EXPORT: return CALG_RSA_KEYX; + case schan_kx_RSA_EXPORT: + case schan_kx_RSA_PSK: return CALG_RSA_KEYX; case schan_kx_DH_anon_EXPORT: case schan_kx_DH_anon: @@ -510,6 +591,7 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c) case schan_kx_DH_RSA_EXPORT: case schan_kx_DH_RSA: case schan_kx_FORTEZZA_DMS: + case schan_kx_PSK: FIXME("Don't know CALG for key exchange algorithm %d for cipher suite %#x, returning 0\n", c->kx_alg, (unsigned)c->suite); return 0;