secur32: Add support for the cipher suites using pre-shared keys (PSK) added by the 10.9 SDK.

Signed-off-by: Ken Thomases <ken@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Ken Thomases 2017-04-19 16:37:26 -05:00 committed by Alexandre Julliard
parent 46ff5d34b9
commit db3a723887
1 changed files with 83 additions and 1 deletions

View File

@ -142,6 +142,45 @@ enum {
}; };
#endif #endif
#if MAC_OS_X_VERSION_MAX_ALLOWED < 1090
/* Defined in <Security/CipherSuite.h> in the 10.9 SDK or later. */
enum {
TLS_PSK_WITH_RC4_128_SHA = 0x008A,
TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
TLS_PSK_WITH_NULL_SHA = 0x002C,
TLS_DHE_PSK_WITH_NULL_SHA = 0x002D,
TLS_RSA_PSK_WITH_NULL_SHA = 0x002E,
TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
};
#endif
struct mac_session { struct mac_session {
SSLContextRef context; SSLContextRef context;
@ -163,6 +202,7 @@ enum {
schan_kx_DH_RSA, schan_kx_DH_RSA,
schan_kx_DHE_DSS_EXPORT, schan_kx_DHE_DSS_EXPORT,
schan_kx_DHE_DSS, schan_kx_DHE_DSS,
schan_kx_DHE_PSK,
schan_kx_DHE_RSA_EXPORT, schan_kx_DHE_RSA_EXPORT,
schan_kx_DHE_RSA, schan_kx_DHE_RSA,
schan_kx_ECDH_anon, schan_kx_ECDH_anon,
@ -172,7 +212,9 @@ enum {
schan_kx_ECDHE_RSA, schan_kx_ECDHE_RSA,
schan_kx_FORTEZZA_DMS, schan_kx_FORTEZZA_DMS,
schan_kx_NULL, schan_kx_NULL,
schan_kx_PSK,
schan_kx_RSA_EXPORT, schan_kx_RSA_EXPORT,
schan_kx_RSA_PSK,
schan_kx_RSA, schan_kx_RSA,
}; };
@ -309,6 +351,23 @@ static const struct cipher_suite cipher_suites[] = {
CIPHER_SUITE(TLS, DH_anon, 3DES_EDE_CBC, SHA), CIPHER_SUITE(TLS, DH_anon, 3DES_EDE_CBC, SHA),
CIPHER_SUITE(TLS, DH_anon, AES_128_CBC, SHA256), CIPHER_SUITE(TLS, DH_anon, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, DH_anon, AES_256_CBC, SHA256), CIPHER_SUITE(TLS, DH_anon, AES_256_CBC, SHA256),
CIPHER_SUITE(TLS, PSK, RC4_128, SHA),
CIPHER_SUITE(TLS, PSK, 3DES_EDE_CBC, SHA),
CIPHER_SUITE(TLS, PSK, AES_128_CBC, SHA),
CIPHER_SUITE(TLS, PSK, AES_256_CBC, SHA),
CIPHER_SUITE(TLS, DHE_PSK, RC4_128, SHA),
CIPHER_SUITE(TLS, DHE_PSK, 3DES_EDE_CBC, SHA),
CIPHER_SUITE(TLS, DHE_PSK, AES_128_CBC, SHA),
CIPHER_SUITE(TLS, DHE_PSK, AES_256_CBC, SHA),
CIPHER_SUITE(TLS, RSA_PSK, RC4_128, SHA),
CIPHER_SUITE(TLS, RSA_PSK, 3DES_EDE_CBC, SHA),
CIPHER_SUITE(TLS, RSA_PSK, AES_128_CBC, SHA),
CIPHER_SUITE(TLS, RSA_PSK, AES_256_CBC, SHA),
CIPHER_SUITE(TLS, PSK, NULL, SHA),
CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA),
CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA),
CIPHER_SUITE(TLS, RSA, AES_128_GCM, SHA256), CIPHER_SUITE(TLS, RSA, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, RSA, AES_256_GCM, SHA384), CIPHER_SUITE(TLS, RSA, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, DHE_RSA, AES_128_GCM, SHA256), CIPHER_SUITE(TLS, DHE_RSA, AES_128_GCM, SHA256),
@ -321,6 +380,26 @@ static const struct cipher_suite cipher_suites[] = {
CIPHER_SUITE(TLS, DH_DSS, AES_256_GCM, SHA384), CIPHER_SUITE(TLS, DH_DSS, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, DH_anon, AES_128_GCM, SHA256), CIPHER_SUITE(TLS, DH_anon, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, DH_anon, AES_256_GCM, SHA384), CIPHER_SUITE(TLS, DH_anon, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, PSK, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, PSK, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, DHE_PSK, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, DHE_PSK, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, RSA_PSK, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, RSA_PSK, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, PSK, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, PSK, AES_256_CBC, SHA384),
CIPHER_SUITE(TLS, PSK, NULL, SHA256),
CIPHER_SUITE(TLS, PSK, NULL, SHA384),
CIPHER_SUITE(TLS, DHE_PSK, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, DHE_PSK, AES_256_CBC, SHA384),
CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA256),
CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA384),
CIPHER_SUITE(TLS, RSA_PSK, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, RSA_PSK, AES_256_CBC, SHA384),
CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA256),
CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA384),
CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_128_CBC, SHA256), CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_256_CBC, SHA384), CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_256_CBC, SHA384),
CIPHER_SUITE(TLS, ECDH_ECDSA, AES_128_CBC, SHA256), CIPHER_SUITE(TLS, ECDH_ECDSA, AES_128_CBC, SHA256),
@ -492,6 +571,7 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c)
{ {
case schan_kx_DHE_DSS_EXPORT: case schan_kx_DHE_DSS_EXPORT:
case schan_kx_DHE_DSS: case schan_kx_DHE_DSS:
case schan_kx_DHE_PSK:
case schan_kx_DHE_RSA_EXPORT: case schan_kx_DHE_RSA_EXPORT:
case schan_kx_DHE_RSA: return CALG_DH_EPHEM; case schan_kx_DHE_RSA: return CALG_DH_EPHEM;
case schan_kx_ECDH_anon: case schan_kx_ECDH_anon:
@ -501,7 +581,8 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c)
case schan_kx_ECDHE_RSA: return CALG_ECDH_EPHEM; case schan_kx_ECDHE_RSA: return CALG_ECDH_EPHEM;
case schan_kx_NULL: return 0; case schan_kx_NULL: return 0;
case schan_kx_RSA: case schan_kx_RSA:
case schan_kx_RSA_EXPORT: return CALG_RSA_KEYX; case schan_kx_RSA_EXPORT:
case schan_kx_RSA_PSK: return CALG_RSA_KEYX;
case schan_kx_DH_anon_EXPORT: case schan_kx_DH_anon_EXPORT:
case schan_kx_DH_anon: case schan_kx_DH_anon:
@ -510,6 +591,7 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c)
case schan_kx_DH_RSA_EXPORT: case schan_kx_DH_RSA_EXPORT:
case schan_kx_DH_RSA: case schan_kx_DH_RSA:
case schan_kx_FORTEZZA_DMS: case schan_kx_FORTEZZA_DMS:
case schan_kx_PSK:
FIXME("Don't know CALG for key exchange algorithm %d for cipher suite %#x, returning 0\n", c->kx_alg, (unsigned)c->suite); FIXME("Don't know CALG for key exchange algorithm %d for cipher suite %#x, returning 0\n", c->kx_alg, (unsigned)c->suite);
return 0; return 0;