[PATCH 2/2] secur32: Add support for the cipher suites using pre-shared keys (PSK) added by the 10.9 SDK.
Ken Thomases
ken at codeweavers.com
Wed Apr 19 16:37:26 CDT 2017
Signed-off-by: Ken Thomases <ken at codeweavers.com>
---
dlls/secur32/schannel_macosx.c | 84 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 83 insertions(+), 1 deletion(-)
diff --git a/dlls/secur32/schannel_macosx.c b/dlls/secur32/schannel_macosx.c
index 2ed12d6..2c5896a 100644
--- a/dlls/secur32/schannel_macosx.c
+++ b/dlls/secur32/schannel_macosx.c
@@ -142,6 +142,45 @@ enum {
};
#endif
+#if MAC_OS_X_VERSION_MAX_ALLOWED < 1090
+/* Defined in <Security/CipherSuite.h> in the 10.9 SDK or later. */
+enum {
+ TLS_PSK_WITH_RC4_128_SHA = 0x008A,
+ TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
+ TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
+ TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
+ TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
+ TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
+ TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
+ TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
+ TLS_PSK_WITH_NULL_SHA = 0x002C,
+ TLS_DHE_PSK_WITH_NULL_SHA = 0x002D,
+ TLS_RSA_PSK_WITH_NULL_SHA = 0x002E,
+ TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
+ TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
+ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
+ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
+ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
+ TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
+ TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
+ TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
+ TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
+ TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
+ TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
+ TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
+ TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
+};
+#endif
+
struct mac_session {
SSLContextRef context;
@@ -163,6 +202,7 @@ enum {
schan_kx_DH_RSA,
schan_kx_DHE_DSS_EXPORT,
schan_kx_DHE_DSS,
+ schan_kx_DHE_PSK,
schan_kx_DHE_RSA_EXPORT,
schan_kx_DHE_RSA,
schan_kx_ECDH_anon,
@@ -172,7 +212,9 @@ enum {
schan_kx_ECDHE_RSA,
schan_kx_FORTEZZA_DMS,
schan_kx_NULL,
+ schan_kx_PSK,
schan_kx_RSA_EXPORT,
+ schan_kx_RSA_PSK,
schan_kx_RSA,
};
@@ -309,6 +351,23 @@ static const struct cipher_suite cipher_suites[] = {
CIPHER_SUITE(TLS, DH_anon, 3DES_EDE_CBC, SHA),
CIPHER_SUITE(TLS, DH_anon, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, DH_anon, AES_256_CBC, SHA256),
+
+ CIPHER_SUITE(TLS, PSK, RC4_128, SHA),
+ CIPHER_SUITE(TLS, PSK, 3DES_EDE_CBC, SHA),
+ CIPHER_SUITE(TLS, PSK, AES_128_CBC, SHA),
+ CIPHER_SUITE(TLS, PSK, AES_256_CBC, SHA),
+ CIPHER_SUITE(TLS, DHE_PSK, RC4_128, SHA),
+ CIPHER_SUITE(TLS, DHE_PSK, 3DES_EDE_CBC, SHA),
+ CIPHER_SUITE(TLS, DHE_PSK, AES_128_CBC, SHA),
+ CIPHER_SUITE(TLS, DHE_PSK, AES_256_CBC, SHA),
+ CIPHER_SUITE(TLS, RSA_PSK, RC4_128, SHA),
+ CIPHER_SUITE(TLS, RSA_PSK, 3DES_EDE_CBC, SHA),
+ CIPHER_SUITE(TLS, RSA_PSK, AES_128_CBC, SHA),
+ CIPHER_SUITE(TLS, RSA_PSK, AES_256_CBC, SHA),
+ CIPHER_SUITE(TLS, PSK, NULL, SHA),
+ CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA),
+ CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA),
+
CIPHER_SUITE(TLS, RSA, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, RSA, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, DHE_RSA, AES_128_GCM, SHA256),
@@ -321,6 +380,26 @@ static const struct cipher_suite cipher_suites[] = {
CIPHER_SUITE(TLS, DH_DSS, AES_256_GCM, SHA384),
CIPHER_SUITE(TLS, DH_anon, AES_128_GCM, SHA256),
CIPHER_SUITE(TLS, DH_anon, AES_256_GCM, SHA384),
+
+ CIPHER_SUITE(TLS, PSK, AES_128_GCM, SHA256),
+ CIPHER_SUITE(TLS, PSK, AES_256_GCM, SHA384),
+ CIPHER_SUITE(TLS, DHE_PSK, AES_128_GCM, SHA256),
+ CIPHER_SUITE(TLS, DHE_PSK, AES_256_GCM, SHA384),
+ CIPHER_SUITE(TLS, RSA_PSK, AES_128_GCM, SHA256),
+ CIPHER_SUITE(TLS, RSA_PSK, AES_256_GCM, SHA384),
+ CIPHER_SUITE(TLS, PSK, AES_128_CBC, SHA256),
+ CIPHER_SUITE(TLS, PSK, AES_256_CBC, SHA384),
+ CIPHER_SUITE(TLS, PSK, NULL, SHA256),
+ CIPHER_SUITE(TLS, PSK, NULL, SHA384),
+ CIPHER_SUITE(TLS, DHE_PSK, AES_128_CBC, SHA256),
+ CIPHER_SUITE(TLS, DHE_PSK, AES_256_CBC, SHA384),
+ CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA256),
+ CIPHER_SUITE(TLS, DHE_PSK, NULL, SHA384),
+ CIPHER_SUITE(TLS, RSA_PSK, AES_128_CBC, SHA256),
+ CIPHER_SUITE(TLS, RSA_PSK, AES_256_CBC, SHA384),
+ CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA256),
+ CIPHER_SUITE(TLS, RSA_PSK, NULL, SHA384),
+
CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_128_CBC, SHA256),
CIPHER_SUITE(TLS, ECDHE_ECDSA, AES_256_CBC, SHA384),
CIPHER_SUITE(TLS, ECDH_ECDSA, AES_128_CBC, SHA256),
@@ -492,6 +571,7 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c)
{
case schan_kx_DHE_DSS_EXPORT:
case schan_kx_DHE_DSS:
+ case schan_kx_DHE_PSK:
case schan_kx_DHE_RSA_EXPORT:
case schan_kx_DHE_RSA: return CALG_DH_EPHEM;
case schan_kx_ECDH_anon:
@@ -501,7 +581,8 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c)
case schan_kx_ECDHE_RSA: return CALG_ECDH_EPHEM;
case schan_kx_NULL: return 0;
case schan_kx_RSA:
- case schan_kx_RSA_EXPORT: return CALG_RSA_KEYX;
+ case schan_kx_RSA_EXPORT:
+ case schan_kx_RSA_PSK: return CALG_RSA_KEYX;
case schan_kx_DH_anon_EXPORT:
case schan_kx_DH_anon:
@@ -510,6 +591,7 @@ static ALG_ID schan_get_kx_algid(const struct cipher_suite* c)
case schan_kx_DH_RSA_EXPORT:
case schan_kx_DH_RSA:
case schan_kx_FORTEZZA_DMS:
+ case schan_kx_PSK:
FIXME("Don't know CALG for key exchange algorithm %d for cipher suite %#x, returning 0\n", c->kx_alg, (unsigned)c->suite);
return 0;
--
2.10.2
More information about the wine-patches
mailing list