Store a MODP group we use for each TLS suite

2025-12-06 00:00:10 -05:00 · 2010-09-02 19:24:56 +02:00 · 2010-09-02 19:24:56 +02:00 · 35d9c15d5e
commit 35d9c15d5e
parent 08d8b9405b
2 changed files with 34 additions and 12 deletions
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@ -365,6 +365,7 @@ typedef struct {
 	tls_cipher_suite_t suite;
 	hash_algorithm_t hash;
 	pseudo_random_function_t prf;
+	diffie_hellman_group_t dh;
 	integrity_algorithm_t mac;
 	encryption_algorithm_t encr;
 	size_t encr_size;
@ -375,51 +376,51 @@ typedef struct {
 */
 static suite_algs_t suite_algs[] = {
 	{ TLS_RSA_WITH_AES_128_CBC_SHA,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
 	},
 	{ TLS_RSA_WITH_AES_128_CBC_SHA256,
-		HASH_SHA256, PRF_HMAC_SHA2_256,
+		HASH_SHA256, PRF_HMAC_SHA2_256, MODP_NONE,
 		AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 16
 	},
 	{ TLS_RSA_WITH_AES_256_CBC_SHA,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
 		AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 32
 	},
 	{ TLS_RSA_WITH_AES_256_CBC_SHA256,
-		HASH_SHA256, PRF_HMAC_SHA2_256,
+		HASH_SHA256, PRF_HMAC_SHA2_256, MODP_NONE,
 		AUTH_HMAC_SHA2_256_256, ENCR_AES_CBC, 32
 	},
 	{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
 		AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 16
 	},
 	{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-		HASH_SHA256, PRF_HMAC_SHA2_256,
+		HASH_SHA256, PRF_HMAC_SHA2_256, MODP_NONE,
 		AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 16
 	},
 	{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
 		AUTH_HMAC_SHA1_160, ENCR_CAMELLIA_CBC, 32
 	},
 	{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-		HASH_SHA256, PRF_HMAC_SHA2_256,
+		HASH_SHA256, PRF_HMAC_SHA2_256, MODP_NONE,
 		AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32
 	},
 	{ TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
 		AUTH_HMAC_SHA1_160, ENCR_3DES, 0
 	},
 	{ TLS_RSA_WITH_NULL_SHA,
-		HASH_SHA1, PRF_HMAC_SHA1,
+		HASH_SHA1, PRF_HMAC_SHA1, MODP_NONE,
 		AUTH_HMAC_SHA1_160, ENCR_NULL, 0
 	},
 	{ TLS_RSA_WITH_NULL_SHA256,
-		HASH_SHA256, PRF_HMAC_SHA2_256,
+		HASH_SHA256, PRF_HMAC_SHA2_256, MODP_NONE,
 		AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0
 	},
 	{ TLS_RSA_WITH_NULL_MD5,
-		HASH_MD5, PRF_HMAC_MD5,
+		HASH_MD5, PRF_HMAC_MD5, MODP_NONE,
 		AUTH_HMAC_MD5_128, ENCR_NULL, 0
 	},
 };
@ -624,6 +625,19 @@ METHOD(tls_crypto_t, select_cipher_suite, tls_cipher_suite_t,
 	return 0;
 }

+METHOD(tls_crypto_t, get_dh_group, diffie_hellman_group_t,
+	private_tls_crypto_t *this)
+{
+	suite_algs_t *algs;
+
+	algs = find_suite(this->suite);
+	if (algs)
+	{
+		return algs->dh;
+	}
+	return MODP_NONE;
+}
+
 METHOD(tls_crypto_t, get_signature_algorithms, void,
 	private_tls_crypto_t *this, tls_writer_t *writer)
 {
@ -1129,6 +1143,7 @@ tls_crypto_t *tls_crypto_create(tls_t *tls)
 		.public = {
 			.get_cipher_suites = _get_cipher_suites,
 			.select_cipher_suite = _select_cipher_suite,
+			.get_dh_group = _get_dh_group,
 			.get_signature_algorithms = _get_signature_algorithms,
 			.set_protection = _set_protection,
 			.append_handshake = _append_handshake,
--- a/src/libtls/tls_crypto.h
+++ b/src/libtls/tls_crypto.h
@ -328,6 +328,13 @@ struct tls_crypto_t {
 	tls_cipher_suite_t (*select_cipher_suite)(tls_crypto_t *this,
 										tls_cipher_suite_t *suites, int count);

+	/**
+	 * Get the Diffie-Hellman group to use, if any.
+	 *
+	 * @return				Diffie Hellman group, ord MODP_NONE
+	 */
+	diffie_hellman_group_t (*get_dh_group)(tls_crypto_t *this);
+
 	/**
 	 * Write the list of supported hash/sig algorithms to writer.
 	 *