/* This function needs to check if the ciphers required are actually * available */ const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { const SSL_CIPHER *cp; cp=ssl3_get_cipher_by_char(p); #ifndef OPENSSL_NO_SSL2 if (cp == NULL) cp=ssl2_get_cipher_by_char(p); #endif return(cp); }
/* This function needs to check if the ciphers required are actually * available */ SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { SSL_CIPHER c,*cp; unsigned long id; int n; n=ssl3_num_ciphers(); id=0x03000000|((unsigned long)p[0]<<16L)| ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; c.id=id; cp=ssl3_get_cipher_by_char(p); #ifndef OPENSSL_NO_SSL2 if (cp == NULL) cp=ssl2_get_cipher_by_char(p); #endif return(cp); }
int switch_to_telex_crypto(SSL *ssl, char *master_key, size_t master_key_len, uint16_t cipher_suite) { // SSL record sequence numbers should be 1; we just got done with // a round of hellos (unless we are using TELEX_LEAK_KEY). //if (is_server) { ssl->type = SSL_ST_ACCEPT; ssl->method = TLSv1_2_server_method(); /* } else { ssl->type = SSL_ST_CONNECT; ssl->method = TLSv1_client_method(); } */ memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence)); memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence)); //memcpy(ssl->s3->server_random, "La la la some moresecrets forus tokeepi guess this is just random", 32); //memcpy(ssl->s3->client_random, "aasdfkjaskljfwamefkamwemcaksd;lcajwlewlekecawmecmaseda;w23i23rjasf", 32); // ewust: I don't think this is a todo, as previous_{client,server}_finished // applies to session renegotiation (t1_reneg.c is the only use) // TODO(swolchok): previous_client_finished, previous_server_finished, // and tmp.finish_md are supposed to be MACs. Probably fine // as long as we swap them on the client and the server... ssl->s3->previous_client_finished_len = 12; memcpy(ssl->s3->previous_client_finished, "somefinishedbusiness,ya", 12); ssl->s3->previous_server_finished_len = 12; memcpy(ssl->s3->previous_server_finished, "jsadfkjwefjaewmfamsawe", 12); memcpy(ssl->s3->tmp.finish_md, "akjwemawmefmawe", 12); ssl->s3->tmp.finish_md_len = 12; // (was DHE-RSA-AES256-SHA) \x00\x39 ... // now we select our own ssl->s3->tmp.new_cipher = (SSL_CIPHER*)ssl3_get_cipher_by_char((const unsigned char *)&cipher_suite); ssl->session->cipher = ssl->s3->tmp.new_cipher; /* ssl->session->master_key_length = \ tls1_generate_master_secret(ssl, ssl->session->master_key, telex_secret, telex_secret_length); */ ssl->session->master_key_length = master_key_len; memcpy(ssl->session->master_key, master_key, master_key_len); // Woo! That felt good. //hexdump(ssl->session->master_key, ssl->session->master_key_length); //memset(telex_secret, 0, telex_secret_length); // Sore wa himitsu desu! if (!tls1_setup_key_block(ssl)) { fprintf(stderr, "Couldn't set up key block\n"); exit(-1); } // These guys reset ssl->s3->write_sequence and read_sequence respectively....(what else) if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { fprintf(stderr, "Couldn't change write cipher state\n"); return 0; } if (!tls1_change_cipher_state(ssl, SSL3_CHANGE_CIPHER_SERVER_READ)) { fprintf(stderr, "Couldn't change read cipher state\n"); return 0; } //tls1_final_finish_mac ? /* For TELEX_LEAK_KEY, we have to "consume" the client_finished message, (and "send" the server finished message). This will increase read/write_sequence, as well as change the working iv's for ssl->enc_{write,read}_ctx->iv */ //TODO(ewust): set working iv's here (and possibly remove the following) ssl->s3->read_sequence[7] = '\x01'; ssl->s3->write_sequence[7] = '\x01'; // IVs (in cbc mode) are simply the last 16-bytes of ciphertext over the wire. return 1; }