Ashley Mills / axTLS

Rough and ready port of axTLS

ssl/tls1_clnt.c@0:5a29fd060ac8, 2013-05-13 (annotated)

Committer:
ashleymills
Date:
Mon May 13 18:15:18 2013 +0000
Revision:
0:5a29fd060ac8
initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ashleymills 0:5a29fd060ac8 1 /*
ashleymills 0:5a29fd060ac8 2 * Copyright (c) 2007, Cameron Rich
ashleymills 0:5a29fd060ac8 3 *
ashleymills 0:5a29fd060ac8 4 * All rights reserved.
ashleymills 0:5a29fd060ac8 5 *
ashleymills 0:5a29fd060ac8 6 * Redistribution and use in source and binary forms, with or without
ashleymills 0:5a29fd060ac8 7 * modification, are permitted provided that the following conditions are met:
ashleymills 0:5a29fd060ac8 8 *
ashleymills 0:5a29fd060ac8 9 * * Redistributions of source code must retain the above copyright notice,
ashleymills 0:5a29fd060ac8 10 * this list of conditions and the following disclaimer.
ashleymills 0:5a29fd060ac8 11 * * Redistributions in binary form must reproduce the above copyright notice,
ashleymills 0:5a29fd060ac8 12 * this list of conditions and the following disclaimer in the documentation
ashleymills 0:5a29fd060ac8 13 * and/or other materials provided with the distribution.
ashleymills 0:5a29fd060ac8 14 * * Neither the name of the axTLS project nor the names of its contributors
ashleymills 0:5a29fd060ac8 15 * may be used to endorse or promote products derived from this software
ashleymills 0:5a29fd060ac8 16 * without specific prior written permission.
ashleymills 0:5a29fd060ac8 17 *
ashleymills 0:5a29fd060ac8 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
ashleymills 0:5a29fd060ac8 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
ashleymills 0:5a29fd060ac8 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
ashleymills 0:5a29fd060ac8 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
ashleymills 0:5a29fd060ac8 22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
ashleymills 0:5a29fd060ac8 23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
ashleymills 0:5a29fd060ac8 24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
ashleymills 0:5a29fd060ac8 25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
ashleymills 0:5a29fd060ac8 26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
ashleymills 0:5a29fd060ac8 27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
ashleymills 0:5a29fd060ac8 28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
ashleymills 0:5a29fd060ac8 29 */
ashleymills 0:5a29fd060ac8 30
ashleymills 0:5a29fd060ac8 31 #include <stdlib.h>
ashleymills 0:5a29fd060ac8 32 #include <string.h>
ashleymills 0:5a29fd060ac8 33 #include <time.h>
ashleymills 0:5a29fd060ac8 34 #include <stdio.h>
ashleymills 0:5a29fd060ac8 35 #include "os_port.h"
ashleymills 0:5a29fd060ac8 36 #include "ssl.h"
ashleymills 0:5a29fd060ac8 37
ashleymills 0:5a29fd060ac8 38 #ifdef CONFIG_SSL_ENABLE_CLIENT /* all commented out if no client */
ashleymills 0:5a29fd060ac8 39
ashleymills 0:5a29fd060ac8 40 static int send_client_hello(SSL *ssl);
ashleymills 0:5a29fd060ac8 41 static int process_server_hello(SSL *ssl);
ashleymills 0:5a29fd060ac8 42 static int process_server_hello_done(SSL *ssl);
ashleymills 0:5a29fd060ac8 43 static int send_client_key_xchg(SSL *ssl);
ashleymills 0:5a29fd060ac8 44 static int process_cert_req(SSL *ssl);
ashleymills 0:5a29fd060ac8 45 static int send_cert_verify(SSL *ssl);
ashleymills 0:5a29fd060ac8 46
ashleymills 0:5a29fd060ac8 47 /*
ashleymills 0:5a29fd060ac8 48 * Establish a new SSL connection to an SSL server.
ashleymills 0:5a29fd060ac8 49 */
ashleymills 0:5a29fd060ac8 50 EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
ashleymills 0:5a29fd060ac8 51 uint8_t *session_id, uint8_t sess_id_size)
ashleymills 0:5a29fd060ac8 52 {
ashleymills 0:5a29fd060ac8 53 SSL *ssl = ssl_new(ssl_ctx, client_fd);
ashleymills 0:5a29fd060ac8 54 ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
ashleymills 0:5a29fd060ac8 55
ashleymills 0:5a29fd060ac8 56 if (session_id && ssl_ctx->num_sessions)
ashleymills 0:5a29fd060ac8 57 {
ashleymills 0:5a29fd060ac8 58 if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
ashleymills 0:5a29fd060ac8 59 {
ashleymills 0:5a29fd060ac8 60 ssl_free(ssl);
ashleymills 0:5a29fd060ac8 61 return NULL;
ashleymills 0:5a29fd060ac8 62 }
ashleymills 0:5a29fd060ac8 63
ashleymills 0:5a29fd060ac8 64 memcpy(ssl->session_id, session_id, sess_id_size);
ashleymills 0:5a29fd060ac8 65 ssl->sess_id_size = sess_id_size;
ashleymills 0:5a29fd060ac8 66 SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */
ashleymills 0:5a29fd060ac8 67 }
ashleymills 0:5a29fd060ac8 68
ashleymills 0:5a29fd060ac8 69 SET_SSL_FLAG(SSL_IS_CLIENT);
ashleymills 0:5a29fd060ac8 70 do_client_connect(ssl);
ashleymills 0:5a29fd060ac8 71 return ssl;
ashleymills 0:5a29fd060ac8 72 }
ashleymills 0:5a29fd060ac8 73
ashleymills 0:5a29fd060ac8 74 /*
ashleymills 0:5a29fd060ac8 75 * Process the handshake record.
ashleymills 0:5a29fd060ac8 76 */
ashleymills 0:5a29fd060ac8 77 int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
ashleymills 0:5a29fd060ac8 78 {
ashleymills 0:5a29fd060ac8 79 int ret;
ashleymills 0:5a29fd060ac8 80
ashleymills 0:5a29fd060ac8 81 /* To get here the state must be valid */
ashleymills 0:5a29fd060ac8 82 switch (handshake_type)
ashleymills 0:5a29fd060ac8 83 {
ashleymills 0:5a29fd060ac8 84 case HS_SERVER_HELLO:
ashleymills 0:5a29fd060ac8 85 ret = process_server_hello(ssl);
ashleymills 0:5a29fd060ac8 86 break;
ashleymills 0:5a29fd060ac8 87
ashleymills 0:5a29fd060ac8 88 case HS_CERTIFICATE:
ashleymills 0:5a29fd060ac8 89 ret = process_certificate(ssl, &ssl->x509_ctx);
ashleymills 0:5a29fd060ac8 90 break;
ashleymills 0:5a29fd060ac8 91
ashleymills 0:5a29fd060ac8 92 case HS_SERVER_HELLO_DONE:
ashleymills 0:5a29fd060ac8 93 if ((ret = process_server_hello_done(ssl)) == SSL_OK)
ashleymills 0:5a29fd060ac8 94 {
ashleymills 0:5a29fd060ac8 95 if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ))
ashleymills 0:5a29fd060ac8 96 {
ashleymills 0:5a29fd060ac8 97 if ((ret = send_certificate(ssl)) == SSL_OK &&
ashleymills 0:5a29fd060ac8 98 (ret = send_client_key_xchg(ssl)) == SSL_OK)
ashleymills 0:5a29fd060ac8 99 {
ashleymills 0:5a29fd060ac8 100 send_cert_verify(ssl);
ashleymills 0:5a29fd060ac8 101 }
ashleymills 0:5a29fd060ac8 102 }
ashleymills 0:5a29fd060ac8 103 else
ashleymills 0:5a29fd060ac8 104 {
ashleymills 0:5a29fd060ac8 105 ret = send_client_key_xchg(ssl);
ashleymills 0:5a29fd060ac8 106 }
ashleymills 0:5a29fd060ac8 107
ashleymills 0:5a29fd060ac8 108 if (ret == SSL_OK &&
ashleymills 0:5a29fd060ac8 109 (ret = send_change_cipher_spec(ssl)) == SSL_OK)
ashleymills 0:5a29fd060ac8 110 {
ashleymills 0:5a29fd060ac8 111 ret = send_finished(ssl);
ashleymills 0:5a29fd060ac8 112 }
ashleymills 0:5a29fd060ac8 113 }
ashleymills 0:5a29fd060ac8 114 break;
ashleymills 0:5a29fd060ac8 115
ashleymills 0:5a29fd060ac8 116 case HS_CERT_REQ:
ashleymills 0:5a29fd060ac8 117 ret = process_cert_req(ssl);
ashleymills 0:5a29fd060ac8 118 break;
ashleymills 0:5a29fd060ac8 119
ashleymills 0:5a29fd060ac8 120 case HS_FINISHED:
ashleymills 0:5a29fd060ac8 121 ret = process_finished(ssl, buf, hs_len);
ashleymills 0:5a29fd060ac8 122 disposable_free(ssl); /* free up some memory */
ashleymills 0:5a29fd060ac8 123 /* note: client renegotiation is not allowed after this */
ashleymills 0:5a29fd060ac8 124 break;
ashleymills 0:5a29fd060ac8 125
ashleymills 0:5a29fd060ac8 126 case HS_HELLO_REQUEST:
ashleymills 0:5a29fd060ac8 127 disposable_new(ssl);
ashleymills 0:5a29fd060ac8 128 ret = do_client_connect(ssl);
ashleymills 0:5a29fd060ac8 129 break;
ashleymills 0:5a29fd060ac8 130
ashleymills 0:5a29fd060ac8 131 default:
ashleymills 0:5a29fd060ac8 132 ret = SSL_ERROR_INVALID_HANDSHAKE;
ashleymills 0:5a29fd060ac8 133 break;
ashleymills 0:5a29fd060ac8 134 }
ashleymills 0:5a29fd060ac8 135
ashleymills 0:5a29fd060ac8 136 return ret;
ashleymills 0:5a29fd060ac8 137 }
ashleymills 0:5a29fd060ac8 138
ashleymills 0:5a29fd060ac8 139 /*
ashleymills 0:5a29fd060ac8 140 * Do the handshaking from the beginning.
ashleymills 0:5a29fd060ac8 141 */
ashleymills 0:5a29fd060ac8 142 int do_client_connect(SSL *ssl)
ashleymills 0:5a29fd060ac8 143 {
ashleymills 0:5a29fd060ac8 144 int ret = SSL_OK;
ashleymills 0:5a29fd060ac8 145
ashleymills 0:5a29fd060ac8 146 send_client_hello(ssl); /* send the client hello */
ashleymills 0:5a29fd060ac8 147 ssl->bm_read_index = 0;
ashleymills 0:5a29fd060ac8 148 ssl->next_state = HS_SERVER_HELLO;
ashleymills 0:5a29fd060ac8 149 ssl->hs_status = SSL_NOT_OK; /* not connected */
ashleymills 0:5a29fd060ac8 150
ashleymills 0:5a29fd060ac8 151 /* sit in a loop until it all looks good */
ashleymills 0:5a29fd060ac8 152 if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS))
ashleymills 0:5a29fd060ac8 153 {
ashleymills 0:5a29fd060ac8 154 while (ssl->hs_status != SSL_OK)
ashleymills 0:5a29fd060ac8 155 {
ashleymills 0:5a29fd060ac8 156 ret = ssl_read(ssl, NULL);
ashleymills 0:5a29fd060ac8 157
ashleymills 0:5a29fd060ac8 158 if (ret < SSL_OK)
ashleymills 0:5a29fd060ac8 159 break;
ashleymills 0:5a29fd060ac8 160 }
ashleymills 0:5a29fd060ac8 161
ashleymills 0:5a29fd060ac8 162 ssl->hs_status = ret; /* connected? */
ashleymills 0:5a29fd060ac8 163 }
ashleymills 0:5a29fd060ac8 164
ashleymills 0:5a29fd060ac8 165 return ret;
ashleymills 0:5a29fd060ac8 166 }
ashleymills 0:5a29fd060ac8 167
ashleymills 0:5a29fd060ac8 168 /*
ashleymills 0:5a29fd060ac8 169 * Send the initial client hello.
ashleymills 0:5a29fd060ac8 170 */
ashleymills 0:5a29fd060ac8 171 static int send_client_hello(SSL *ssl)
ashleymills 0:5a29fd060ac8 172 {
ashleymills 0:5a29fd060ac8 173 uint8_t *buf = ssl->bm_data;
ashleymills 0:5a29fd060ac8 174 time_t tm = time(NULL);
ashleymills 0:5a29fd060ac8 175 uint8_t *tm_ptr = &buf[6]; /* time will go here */
ashleymills 0:5a29fd060ac8 176 int i, offset;
ashleymills 0:5a29fd060ac8 177
ashleymills 0:5a29fd060ac8 178 buf[0] = HS_CLIENT_HELLO;
ashleymills 0:5a29fd060ac8 179 buf[1] = 0;
ashleymills 0:5a29fd060ac8 180 buf[2] = 0;
ashleymills 0:5a29fd060ac8 181 /* byte 3 is calculated later */
ashleymills 0:5a29fd060ac8 182 buf[4] = 0x03;
ashleymills 0:5a29fd060ac8 183 buf[5] = ssl->version & 0x0f;
ashleymills 0:5a29fd060ac8 184
ashleymills 0:5a29fd060ac8 185 /* client random value - spec says that 1st 4 bytes are big endian time */
ashleymills 0:5a29fd060ac8 186 *tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24);
ashleymills 0:5a29fd060ac8 187 *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
ashleymills 0:5a29fd060ac8 188 *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
ashleymills 0:5a29fd060ac8 189 *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
ashleymills 0:5a29fd060ac8 190 get_random(SSL_RANDOM_SIZE-4, &buf[10]);
ashleymills 0:5a29fd060ac8 191 memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
ashleymills 0:5a29fd060ac8 192 offset = 6 + SSL_RANDOM_SIZE;
ashleymills 0:5a29fd060ac8 193
ashleymills 0:5a29fd060ac8 194 /* give session resumption a go */
ashleymills 0:5a29fd060ac8 195 if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME)) /* set initially by user */
ashleymills 0:5a29fd060ac8 196 {
ashleymills 0:5a29fd060ac8 197 buf[offset++] = ssl->sess_id_size;
ashleymills 0:5a29fd060ac8 198 memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size);
ashleymills 0:5a29fd060ac8 199 offset += ssl->sess_id_size;
ashleymills 0:5a29fd060ac8 200 CLR_SSL_FLAG(SSL_SESSION_RESUME); /* clear so we can set later */
ashleymills 0:5a29fd060ac8 201 }
ashleymills 0:5a29fd060ac8 202 else
ashleymills 0:5a29fd060ac8 203 {
ashleymills 0:5a29fd060ac8 204 /* no session id - because no session resumption just yet */
ashleymills 0:5a29fd060ac8 205 buf[offset++] = 0;
ashleymills 0:5a29fd060ac8 206 }
ashleymills 0:5a29fd060ac8 207
ashleymills 0:5a29fd060ac8 208 buf[offset++] = 0; /* number of ciphers */
ashleymills 0:5a29fd060ac8 209 buf[offset++] = NUM_PROTOCOLS*2;/* number of ciphers */
ashleymills 0:5a29fd060ac8 210
ashleymills 0:5a29fd060ac8 211 /* put all our supported protocols in our request */
ashleymills 0:5a29fd060ac8 212 for (i = 0; i < NUM_PROTOCOLS; i++)
ashleymills 0:5a29fd060ac8 213 {
ashleymills 0:5a29fd060ac8 214 buf[offset++] = 0; /* cipher we are using */
ashleymills 0:5a29fd060ac8 215 buf[offset++] = ssl_prot_prefs[i];
ashleymills 0:5a29fd060ac8 216 }
ashleymills 0:5a29fd060ac8 217
ashleymills 0:5a29fd060ac8 218 buf[offset++] = 1; /* no compression */
ashleymills 0:5a29fd060ac8 219 buf[offset++] = 0;
ashleymills 0:5a29fd060ac8 220 buf[3] = offset - 4; /* handshake size */
ashleymills 0:5a29fd060ac8 221
ashleymills 0:5a29fd060ac8 222 return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
ashleymills 0:5a29fd060ac8 223 }
ashleymills 0:5a29fd060ac8 224
ashleymills 0:5a29fd060ac8 225 /*
ashleymills 0:5a29fd060ac8 226 * Process the server hello.
ashleymills 0:5a29fd060ac8 227 */
ashleymills 0:5a29fd060ac8 228 static int process_server_hello(SSL *ssl)
ashleymills 0:5a29fd060ac8 229 {
ashleymills 0:5a29fd060ac8 230 uint8_t *buf = ssl->bm_data;
ashleymills 0:5a29fd060ac8 231 int pkt_size = ssl->bm_index;
ashleymills 0:5a29fd060ac8 232 int num_sessions = ssl->ssl_ctx->num_sessions;
ashleymills 0:5a29fd060ac8 233 uint8_t sess_id_size;
ashleymills 0:5a29fd060ac8 234 int offset, ret = SSL_OK;
ashleymills 0:5a29fd060ac8 235
ashleymills 0:5a29fd060ac8 236 /* check that we are talking to a TLSv1 server */
ashleymills 0:5a29fd060ac8 237 uint8_t version = (buf[4] << 4) + buf[5];
ashleymills 0:5a29fd060ac8 238 if (version > SSL_PROTOCOL_VERSION_MAX)
ashleymills 0:5a29fd060ac8 239 {
ashleymills 0:5a29fd060ac8 240 version = SSL_PROTOCOL_VERSION_MAX;
ashleymills 0:5a29fd060ac8 241 }
ashleymills 0:5a29fd060ac8 242 else if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
ashleymills 0:5a29fd060ac8 243 {
ashleymills 0:5a29fd060ac8 244 ret = SSL_ERROR_INVALID_VERSION;
ashleymills 0:5a29fd060ac8 245 ssl_display_error(ret);
ashleymills 0:5a29fd060ac8 246 goto error;
ashleymills 0:5a29fd060ac8 247 }
ashleymills 0:5a29fd060ac8 248
ashleymills 0:5a29fd060ac8 249 ssl->version = version;
ashleymills 0:5a29fd060ac8 250
ashleymills 0:5a29fd060ac8 251 /* get the server random value */
ashleymills 0:5a29fd060ac8 252 memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
ashleymills 0:5a29fd060ac8 253 offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
ashleymills 0:5a29fd060ac8 254 sess_id_size = buf[offset++];
ashleymills 0:5a29fd060ac8 255
ashleymills 0:5a29fd060ac8 256 if (sess_id_size > SSL_SESSION_ID_SIZE)
ashleymills 0:5a29fd060ac8 257 {
ashleymills 0:5a29fd060ac8 258 ret = SSL_ERROR_INVALID_SESSION;
ashleymills 0:5a29fd060ac8 259 goto error;
ashleymills 0:5a29fd060ac8 260 }
ashleymills 0:5a29fd060ac8 261
ashleymills 0:5a29fd060ac8 262 if (num_sessions)
ashleymills 0:5a29fd060ac8 263 {
ashleymills 0:5a29fd060ac8 264 ssl->session = ssl_session_update(num_sessions,
ashleymills 0:5a29fd060ac8 265 ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
ashleymills 0:5a29fd060ac8 266 memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
ashleymills 0:5a29fd060ac8 267
ashleymills 0:5a29fd060ac8 268 /* pad the rest with 0's */
ashleymills 0:5a29fd060ac8 269 if (sess_id_size < SSL_SESSION_ID_SIZE)
ashleymills 0:5a29fd060ac8 270 {
ashleymills 0:5a29fd060ac8 271 memset(&ssl->session->session_id[sess_id_size], 0,
ashleymills 0:5a29fd060ac8 272 SSL_SESSION_ID_SIZE-sess_id_size);
ashleymills 0:5a29fd060ac8 273 }
ashleymills 0:5a29fd060ac8 274 }
ashleymills 0:5a29fd060ac8 275
ashleymills 0:5a29fd060ac8 276 memcpy(ssl->session_id, &buf[offset], sess_id_size);
ashleymills 0:5a29fd060ac8 277 ssl->sess_id_size = sess_id_size;
ashleymills 0:5a29fd060ac8 278 offset += sess_id_size;
ashleymills 0:5a29fd060ac8 279
ashleymills 0:5a29fd060ac8 280 /* get the real cipher we are using */
ashleymills 0:5a29fd060ac8 281 ssl->cipher = buf[++offset];
ashleymills 0:5a29fd060ac8 282 ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ?
ashleymills 0:5a29fd060ac8 283 HS_FINISHED : HS_CERTIFICATE;
ashleymills 0:5a29fd060ac8 284
ashleymills 0:5a29fd060ac8 285 offset++; // skip the compr
ashleymills 0:5a29fd060ac8 286 PARANOIA_CHECK(pkt_size, offset);
ashleymills 0:5a29fd060ac8 287 ssl->dc->bm_proc_index = offset+1;
ashleymills 0:5a29fd060ac8 288
ashleymills 0:5a29fd060ac8 289 error:
ashleymills 0:5a29fd060ac8 290 return ret;
ashleymills 0:5a29fd060ac8 291 }
ashleymills 0:5a29fd060ac8 292
ashleymills 0:5a29fd060ac8 293 /**
ashleymills 0:5a29fd060ac8 294 * Process the server hello done message.
ashleymills 0:5a29fd060ac8 295 */
ashleymills 0:5a29fd060ac8 296 static int process_server_hello_done(SSL *ssl)
ashleymills 0:5a29fd060ac8 297 {
ashleymills 0:5a29fd060ac8 298 ssl->next_state = HS_FINISHED;
ashleymills 0:5a29fd060ac8 299 return SSL_OK;
ashleymills 0:5a29fd060ac8 300 }
ashleymills 0:5a29fd060ac8 301
ashleymills 0:5a29fd060ac8 302 /*
ashleymills 0:5a29fd060ac8 303 * Send a client key exchange message.
ashleymills 0:5a29fd060ac8 304 */
ashleymills 0:5a29fd060ac8 305 static int send_client_key_xchg(SSL *ssl)
ashleymills 0:5a29fd060ac8 306 {
ashleymills 0:5a29fd060ac8 307 uint8_t *buf = ssl->bm_data;
ashleymills 0:5a29fd060ac8 308 uint8_t premaster_secret[SSL_SECRET_SIZE];
ashleymills 0:5a29fd060ac8 309 int enc_secret_size = -1;
ashleymills 0:5a29fd060ac8 310
ashleymills 0:5a29fd060ac8 311 buf[0] = HS_CLIENT_KEY_XCHG;
ashleymills 0:5a29fd060ac8 312 buf[1] = 0;
ashleymills 0:5a29fd060ac8 313
ashleymills 0:5a29fd060ac8 314 premaster_secret[0] = 0x03; /* encode the version number */
ashleymills 0:5a29fd060ac8 315 premaster_secret[1] = SSL_PROTOCOL_MINOR_VERSION; /* must be TLS 1.1 */
ashleymills 0:5a29fd060ac8 316 get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
ashleymills 0:5a29fd060ac8 317 DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
ashleymills 0:5a29fd060ac8 318
ashleymills 0:5a29fd060ac8 319 /* rsa_ctx->bi_ctx is not thread-safe */
ashleymills 0:5a29fd060ac8 320 SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
ashleymills 0:5a29fd060ac8 321 enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret,
ashleymills 0:5a29fd060ac8 322 SSL_SECRET_SIZE, &buf[6], 0);
ashleymills 0:5a29fd060ac8 323 SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
ashleymills 0:5a29fd060ac8 324
ashleymills 0:5a29fd060ac8 325 buf[2] = (enc_secret_size + 2) >> 8;
ashleymills 0:5a29fd060ac8 326 buf[3] = (enc_secret_size + 2) & 0xff;
ashleymills 0:5a29fd060ac8 327 buf[4] = enc_secret_size >> 8;
ashleymills 0:5a29fd060ac8 328 buf[5] = enc_secret_size & 0xff;
ashleymills 0:5a29fd060ac8 329
ashleymills 0:5a29fd060ac8 330 generate_master_secret(ssl, premaster_secret);
ashleymills 0:5a29fd060ac8 331 return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, enc_secret_size+6);
ashleymills 0:5a29fd060ac8 332 }
ashleymills 0:5a29fd060ac8 333
ashleymills 0:5a29fd060ac8 334 /*
ashleymills 0:5a29fd060ac8 335 * Process the certificate request.
ashleymills 0:5a29fd060ac8 336 */
ashleymills 0:5a29fd060ac8 337 static int process_cert_req(SSL *ssl)
ashleymills 0:5a29fd060ac8 338 {
ashleymills 0:5a29fd060ac8 339 uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
ashleymills 0:5a29fd060ac8 340 int ret = SSL_OK;
ashleymills 0:5a29fd060ac8 341 int offset = (buf[2] << 4) + buf[3];
ashleymills 0:5a29fd060ac8 342 int pkt_size = ssl->bm_index;
ashleymills 0:5a29fd060ac8 343
ashleymills 0:5a29fd060ac8 344 /* don't do any processing - we will send back an RSA certificate anyway */
ashleymills 0:5a29fd060ac8 345 ssl->next_state = HS_SERVER_HELLO_DONE;
ashleymills 0:5a29fd060ac8 346 SET_SSL_FLAG(SSL_HAS_CERT_REQ);
ashleymills 0:5a29fd060ac8 347 ssl->dc->bm_proc_index += offset;
ashleymills 0:5a29fd060ac8 348 PARANOIA_CHECK(pkt_size, offset);
ashleymills 0:5a29fd060ac8 349 error:
ashleymills 0:5a29fd060ac8 350 return ret;
ashleymills 0:5a29fd060ac8 351 }
ashleymills 0:5a29fd060ac8 352
ashleymills 0:5a29fd060ac8 353 /*
ashleymills 0:5a29fd060ac8 354 * Send a certificate verify message.
ashleymills 0:5a29fd060ac8 355 */
ashleymills 0:5a29fd060ac8 356 static int send_cert_verify(SSL *ssl)
ashleymills 0:5a29fd060ac8 357 {
ashleymills 0:5a29fd060ac8 358 uint8_t *buf = ssl->bm_data;
ashleymills 0:5a29fd060ac8 359 uint8_t dgst[MD5_SIZE+SHA1_SIZE];
ashleymills 0:5a29fd060ac8 360 RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
ashleymills 0:5a29fd060ac8 361 int n = 0, ret;
ashleymills 0:5a29fd060ac8 362
ashleymills 0:5a29fd060ac8 363 DISPLAY_RSA(ssl, rsa_ctx);
ashleymills 0:5a29fd060ac8 364
ashleymills 0:5a29fd060ac8 365 buf[0] = HS_CERT_VERIFY;
ashleymills 0:5a29fd060ac8 366 buf[1] = 0;
ashleymills 0:5a29fd060ac8 367
ashleymills 0:5a29fd060ac8 368 finished_digest(ssl, NULL, dgst); /* calculate the digest */
ashleymills 0:5a29fd060ac8 369
ashleymills 0:5a29fd060ac8 370 /* rsa_ctx->bi_ctx is not thread-safe */
ashleymills 0:5a29fd060ac8 371 if (rsa_ctx)
ashleymills 0:5a29fd060ac8 372 {
ashleymills 0:5a29fd060ac8 373 SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
ashleymills 0:5a29fd060ac8 374 n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
ashleymills 0:5a29fd060ac8 375 SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
ashleymills 0:5a29fd060ac8 376
ashleymills 0:5a29fd060ac8 377 if (n == 0)
ashleymills 0:5a29fd060ac8 378 {
ashleymills 0:5a29fd060ac8 379 ret = SSL_ERROR_INVALID_KEY;
ashleymills 0:5a29fd060ac8 380 goto error;
ashleymills 0:5a29fd060ac8 381 }
ashleymills 0:5a29fd060ac8 382 }
ashleymills 0:5a29fd060ac8 383
ashleymills 0:5a29fd060ac8 384 buf[4] = n >> 8; /* add the RSA size (not officially documented) */
ashleymills 0:5a29fd060ac8 385 buf[5] = n & 0xff;
ashleymills 0:5a29fd060ac8 386 n += 2;
ashleymills 0:5a29fd060ac8 387 buf[2] = n >> 8;
ashleymills 0:5a29fd060ac8 388 buf[3] = n & 0xff;
ashleymills 0:5a29fd060ac8 389 ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n+4);
ashleymills 0:5a29fd060ac8 390
ashleymills 0:5a29fd060ac8 391 error:
ashleymills 0:5a29fd060ac8 392 return ret;
ashleymills 0:5a29fd060ac8 393 }
ashleymills 0:5a29fd060ac8 394
ashleymills 0:5a29fd060ac8 395 #endif /* CONFIG_SSL_ENABLE_CLIENT */