diff options
| author | erititan | 2018-06-19 08:33:36 +0000 |
|---|---|---|
| committer | erititan | 2018-06-19 08:33:36 +0000 |
| commit | e154710135521c776c5cfb8ab531839d97c6fce6 (patch) | |
| tree | 2774b914db5398a9032de7896c621573a69f06be | |
| parent | d094c3eee5af5572ff59e9164a147c44164326c4 (diff) | |
| download | titan.Libraries.TLS-e154710135521c776c5cfb8ab531839d97c6fce6.tar.gz titan.Libraries.TLS-e154710135521c776c5cfb8ab531839d97c6fce6.tar.xz titan.Libraries.TLS-e154710135521c776c5cfb8ab531839d97c6fce6.zip | |
R2A --> R3A
| -rw-r--r-- | TLS_CNL113839.tpd | 17 | ||||
| -rw-r--r-- | doc/TLS_CNL113839_1551.doc | bin | 78336 -> 84992 bytes | |||
| -rw-r--r-- | doc/TLS_CNL113839_PRI.doc | bin | 66048 -> 69632 bytes | |||
| -rw-r--r-- | src/TLS_Handler.ttcn | 10 | ||||
| -rw-r--r-- | src/TLS_HandlerFunction.cc | 84 |
5 files changed, 102 insertions, 9 deletions
diff --git a/TLS_CNL113839.tpd b/TLS_CNL113839.tpd index aa09b98..c9777f9 100644 --- a/TLS_CNL113839.tpd +++ b/TLS_CNL113839.tpd @@ -1,4 +1,19 @@ <?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright (c) 2018 Ericsson + + All rights reserved. This program and the accompanying materials + are made available under the terms of the Eclipse Public License v1.0 + which accompanies this distribution, and is available at + http://www.eclipse.org/legal/epl-v10.html + + + File: TLS_CNL113839.tpd + Description: tpd project file + Rev: R3A + Prodnr: CNL 113 839 + + --> <TITAN_Project_File_Information version="1.0"> <ProjectName>TLS_CNL113839</ProjectName> <Files> @@ -24,4 +39,4 @@ </ProjectProperties> </Configuration> </Configurations> -</TITAN_Project_File_Information>
\ No newline at end of file +</TITAN_Project_File_Information> diff --git a/doc/TLS_CNL113839_1551.doc b/doc/TLS_CNL113839_1551.doc Binary files differindex 51e1d7f..2727c7f 100644 --- a/doc/TLS_CNL113839_1551.doc +++ b/doc/TLS_CNL113839_1551.doc diff --git a/doc/TLS_CNL113839_PRI.doc b/doc/TLS_CNL113839_PRI.doc Binary files differindex 073ece4..9f278ff 100644 --- a/doc/TLS_CNL113839_PRI.doc +++ b/doc/TLS_CNL113839_PRI.doc diff --git a/src/TLS_Handler.ttcn b/src/TLS_Handler.ttcn index 6b69824..cc785cf 100644 --- a/src/TLS_Handler.ttcn +++ b/src/TLS_Handler.ttcn @@ -1,6 +1,6 @@ /////////////////////////////////////////////////////////////////////////////// // -// Copyright (c) 2000-2017 Ericsson Telecom AB +// Copyright (c) 2000-2018 Ericsson Telecom AB // // All rights reserved. This program and the accompanying materials // are made available under the terms of the Eclipse Public License v1.0 @@ -10,7 +10,7 @@ // // File: TLS_Handler.ttcn // Description: Type and function definition for TLS -// Rev: <RnXnn> +// Rev: R3A // Prodnr: CNL 113 839 // @@ -42,7 +42,11 @@ type record TLS_descriptor { charstring ssl_trustedCAlist_file optional, charstring ssl_cipher_list optional, charstring ssl_password optional, // private key file password - boolean ssl_verify_certificate optional + boolean ssl_verify_certificate optional, + charstring psk_hint optional, + charstring psk_identity optional, + charstring psk_key optional, + boolean psk_for_server optional } // Dispose the TLS/SSL object. diff --git a/src/TLS_HandlerFunction.cc b/src/TLS_HandlerFunction.cc index 0eaaec9..0d1b91d 100644 --- a/src/TLS_HandlerFunction.cc +++ b/src/TLS_HandlerFunction.cc @@ -1,6 +1,6 @@ /////////////////////////////////////////////////////////////////////////////// // -// Copyright (c) 2000-2017 Ericsson Telecom AB +// Copyright (c) 2000-2018 Ericsson Telecom AB // // All rights reserved. This program and the accompanying materials // are made available under the terms of the Eclipse Public License v1.0 @@ -10,7 +10,7 @@ // // File: TLS_HandlerFunction.cc // Description: external functions for TLS -// Rev: <RnXnn> +// Rev: R3A // Prodnr: CNL 113 839 // #include "TLS_Handler.hh" @@ -30,7 +30,9 @@ public: BIO* out_bio; // we use memory write bios CHARSTRING passwd; // stores the password of the private key INTEGER user_idx; // stores the user supplied idx value - bool handshake_started; + bool handshake_started; + CHARSTRING pskIdentity; + CHARSTRING pskKey; TLS_object(); ~TLS_object(); @@ -127,6 +129,48 @@ int ssl_password_cb(char *buf, int num, int /*rwflag*/,void *userdata) { return(strlen(pass)); } +unsigned int psk_server_cb(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len) +{ + int ret; + + int idx = *(int *)SSL_get_app_data(ssl); + TLS_object* obj=obj_list[idx]; + if (!identity)return 0; + if (strcmp(identity,obj->pskIdentity ) != 0) return 0; + if (strlen(obj->pskKey)>=(max_psk_len*2)) return 0; + + /* convert the PSK key to binary */ + ret = strlen(obj->pskKey)/2; + memcpy(psk,str2oct(obj->pskKey),ret); + + if (ret<=0) return 0; + return ret; +} + +unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, + unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len) +{ + int ret; + + int idx = *(int *)SSL_get_app_data(ssl); + TLS_object* obj=obj_list[idx]; + + if (!hint){ + TTCN_warning("NULL received PSK identity hint, continuing anyway"); + } + ret = snprintf(identity, max_identity_len, "%s", (const char *)(obj->pskIdentity)); + if (ret < 0 || (unsigned int)ret > max_identity_len) return 0; + if (strlen(obj->pskKey)>=(max_psk_len*2)) return 0; + + ret = strlen(obj->pskKey)/2; + /* convert the PSK key to binary */ + memcpy(psk,str2oct(obj->pskKey),ret); + + if (ret<=0) return 0; + return ret; +} + // How should we call the generic SSL/TLS method // it depends on the OpenSSL version #ifndef SSLv23_method @@ -206,16 +250,43 @@ int TLS_object::init(const TLS__Handler::TLS__descriptor& descr){ const char* cf=(const char*)descr.ssl__cipher__list()(); if (SSL_CTX_set_cipher_list(ctx, cf)!=1) { - TTCN_warning("ipher list restriction failed for %s", cf); + TTCN_warning("Cipher list restriction failed for %s", cf); log_error(); return -1; } } + +//PSK +#if OPENSSL_VERSION_NUMBER >= 0x1000000fL + if(descr.psk__hint().ispresent()){ + SSL_CTX_use_psk_identity_hint(ctx,(const char*)descr.psk__hint()() ); + } + if(descr.psk__identity().ispresent()){ + pskIdentity=descr.psk__identity()(); + } + else pskIdentity=""; + if(descr.psk__key().ispresent()){ + pskKey=descr.psk__key()(); + } + else pskKey=""; + if(descr.psk__for__server().ispresent() && descr.psk__for__server()()){ + SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); + } + else{ + SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); + } +#else + TTCN_warning("The used OpenSSL doesn't support the PSK"); +#endif // set other side verification mode // By default the verification is enabled if(descr.ssl__verify__certificate().ispresent() && !descr.ssl__verify__certificate()()){ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); +#if OPENSSL_VERSION_NUMBER >= 0x1000000fL + } else if(pskKey!="" && pskIdentity!="") { + SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); +#endif } else { SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); } @@ -335,7 +406,6 @@ int TLS_object::init(const TLS__Handler::TLS__descriptor& descr){ SSL_set_bio(ssl, in_bio,out_bio); - return 0; } @@ -396,6 +466,10 @@ TLS__op__result TLS__Handshake(INTEGER const& object__id, //printf("idx %d\r\n",idx); TLS__op__result ret_code=TLS__op__result::TLS__ERROR; TLS_object* obj=obj_list[idx]; + + //used in psk cb functions + SSL_set_app_data(obj->ssl,(const char*)&idx); + if(!(obj->handshake_started)){ if((bool)is__server) { SSL_set_accept_state(obj->ssl); |