Commit db3a7238 authored by Ken Thomases's avatar Ken Thomases Committed by Alexandre Julliard

secur32: Add support for the cipher suites using pre-shared keys (PSK) added by the 10.9 SDK.

parent 46ff5d34
......@@ -142,6 +142,45 @@ enum {
};
#endif
#if MAC_OS_X_VERSION_MAX_ALLOWED < 1090
/* Defined in <Security/CipherSuite.h> in the 10.9 SDK or later. */
enum {
TLS_PSK_WITH_RC4_128_SHA = 0x008A,
TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
TLS_PSK_WITH_NULL_SHA = 0x002C,
TLS_DHE_PSK_WITH_NULL_SHA = 0x002D,
TLS_RSA_PSK_WITH_NULL_SHA = 0x002E,
TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
};
#endif
struct mac_session {
SSLContextRef context;
......@@ -163,6 +202,7 @@ enum {
schan_kx_DH_RSA,
schan_kx_DHE_DSS_EXPORT,
schan_kx_DHE_DSS,
schan_kx_DHE_PSK,
schan_kx_DHE_RSA_EXPORT,
schan_kx_DHE_RSA,
schan_kx_ECDH_anon,
......@@ -172,7 +212,9 @@ enum {
schan_kx_ECDHE_RSA,
schan_kx_FORTEZZA_DMS,
schan_kx_NULL,
schan_kx_PSK,
schan_kx_RSA_EXPORT,
schan_kx_RSA_PSK,
schan_kx_RSA,
};
......@@ -309,6 +351,23 @@ static const struct cipher_suite cipher_suites[] = {
CIPHER_SUITE(TLS, DH_anon, 3DES_EDE_CBC, SHA),
CIPHER_SUITE(TLS, DH_anon, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, DH_anon, AES_256_CBC, SHA256),
CIPHER_SUITE(TLS, PSK, RC4_128, SHA),
CIPHER_SUITE(TLS, PSK, 3DES_EDE_CBC, SHA),
CIPHER_SUITE(TLS, PSK, AES_128_CBC, SHA),
CIPHER_SUITE(TLS, PSK, AES_256_CBC, SHA),
CIPHER_SUITE(TLS, DHE_PSK, RC4_128, SHA),
CIPHER_SUITE(TLS, DHE_PSK, 3DES_EDE_CBC, SHA),
CIPHER_SUITE(TLS, DHE_PSK, AES_128_CBC, SHA),
CIPHER_SUITE(TLS, DHE_PSK, AES_256_CBC, SHA),
CIPHER_SUITE(TLS, RSA_PSK, RC4_128, SHA),
CIPHER_SUITE(TLS, RSA_PSK, 3DES_EDE_CBC, SHA),
CIPHER_SUITE(TLS, RSA_PSK, AES_128_CBC, SHA),
CIPHER_SUITE(TLS, RSA_PSK, AES_256_CBC, SHA),
CIPHER_SUITE(TLS, PSK, NULL, SHA),
CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA),
CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA),
CIPHER_SUITE(TLS, RSA, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, RSA, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, DHE_RSA, AES_128_GCM, SHA256),
......@@ -321,6 +380,26 @@ static const struct cipher_suite cipher_suites[] = {
CIPHER_SUITE(TLS, DH_DSS, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, DH_anon, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, DH_anon, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, PSK, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, PSK, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, DHE_PSK, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, DHE_PSK, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, RSA_PSK, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, RSA_PSK, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, PSK, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, PSK, AES_256_CBC, SHA384),
CIPHER_SUITE(TLS, PSK, NULL, SHA256),
CIPHER_SUITE(TLS, PSK, NULL, SHA384),
CIPHER_SUITE(TLS, DHE_PSK, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, DHE_PSK, AES_256_CBC, SHA384),
CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA256),
CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA384),
CIPHER_SUITE(TLS, RSA_PSK, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, RSA_PSK, AES_256_CBC, SHA384),
CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA256),
CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA384),
CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_256_CBC, SHA384),
CIPHER_SUITE(TLS, ECDH_ECDSA, AES_128_CBC, SHA256),
......@@ -492,6 +571,7 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c)
{
case schan_kx_DHE_DSS_EXPORT:
case schan_kx_DHE_DSS:
case schan_kx_DHE_PSK:
case schan_kx_DHE_RSA_EXPORT:
case schan_kx_DHE_RSA: return CALG_DH_EPHEM;
case schan_kx_ECDH_anon:
......@@ -501,7 +581,8 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c)
case schan_kx_ECDHE_RSA: return CALG_ECDH_EPHEM;
case schan_kx_NULL: return 0;
case schan_kx_RSA:
case schan_kx_RSA_EXPORT: return CALG_RSA_KEYX;
case schan_kx_RSA_EXPORT:
case schan_kx_RSA_PSK: return CALG_RSA_KEYX;
case schan_kx_DH_anon_EXPORT:
case schan_kx_DH_anon:
......@@ -510,6 +591,7 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c)
case schan_kx_DH_RSA_EXPORT:
case schan_kx_DH_RSA:
case schan_kx_FORTEZZA_DMS:
case schan_kx_PSK:
FIXME("Don't know CALG for key exchange algorithm %d for cipher suite %#x, returning 0\n", c->kx_alg, (unsigned)c->suite);
return 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment