TLS_axTLS - This is a fork of the mbed port of axTLS

Users » feb11 » Code » TLS_axTLS

Francois Berder / TLS_axTLS

This is a fork of the mbed port of axTLS

Dependents: TLS_axTLS-Example HTTPSClientExample

Overview

This library is a fork from the mbed port of axTLS. It attempts to :

reduce the usage of dynamic memory
verify certificates with key size up to 2048 bits
provide a simple interface

Encryption

This library uses either RC4 or AES for encryption.

Memory usage

During the establishment of a connection, about 10KB of memory is allocated dynamically (it depends on certificates). Once the connection is established, the memory consumption is relatively low. This means that your program must not use too much static memory or allocate memory before you establish a TLS connection.

Certificates

Certificates are the major source of problem and will often be the reason why your program will crash. Due to memory constraint, there are some limitations on certificates :

Each certificate must not be bigger than 2KB
TLS client can only handle a chain of up to three certificates (excluding the root certificate). This means that the server must not send more than three certificates.

Also, this library can only load certificates following these specifications :

encoded in binary DER format (PKCS1)
The public key must use RSA only

Once the connection is established, you should free all loaded certificates by calling CertificateManager::clear(). This will free a few kilobytes (it depends on your certificates). In addition, to enable certificate verification during the connection, this library has a "precomputed mode". This mode uses much less memory than a normal certificate verification.

Normal mode

You need to copy the root certificate in binary-DER format on the mbed. Then in your code, let's say that your root certificate is saved on the mbed as "root.der", assuming that you include CertificateManager.h and that you created a LocalFileSystem, you can load this certificate as this ;

Load root certificate

CertificateManager::add("/local/root.der");
CertificateManager::load();

Do not forget that this mode takes quite a lot of memory ( the memory peak is high while verifying certificates) and will only work if the key size is not bigger than 1024 bits (otherwise it will crash while verifying certificates).

Precomputed mode

In this mode, you need to save the entire chain of certificates (in binary-DER format) including the root certificate on the mbed. In practice, this means that you must first retrieve all certificates that the server sends during a connection and then find the right root certificate. In your code, you must call CertificateManager::add for each certificate and in the right order : from the server certificate to the root certificate. Here is how you shoud load certificates in this mode :

Loadcertificates in precomputed mode

CertificateManager::add("/local/server1.der");
CertificateManager::add("/local/server2.der");
CertificateManager::add("/local/server3.der");
CertificateManager::add("/local/root.der");
CertificateManager::load(true);

Using this mode, you should be able to verify certificates with key size up to 2048 bits.

How do I find these certificates ?

I posted an entry in my notebook detailing how to get certificates from a server. You should be able to get all certificates you need except the root certificate. Here is a way how to get the root certificate on windows :

Open (double-click) the last certificate sent by the server
Go to details panel and click on the entry called Issuer. The first line gives you the name of this certificate and the second line indicates the company who created this certificate
Open firefox
Go to options, advanced panel and click on View Certificates
Go to Authorities panel
Choose the certificate whose name match the issuer of the last certificate sent by the server
Export this certificate to binary-DER format.

Connect to mbed.org !

Import program TLS_axTLS-Example

Establishing a connection to mbed.org using TLS

axTLS/ssl/tls1_clnt.c@0:85fceccc1a7c, 2013-09-12 (annotated)

Committer:: feb11
Date:: Thu Sep 12 15:18:04 2013 +0000
Revision:: 0:85fceccc1a7c

intial import

Who changed what in which revision?

User	Revision	Line number	New contents of line
feb11	0:85fceccc1a7c	1	/*
feb11	0:85fceccc1a7c	2	* Copyright (c) 2007, Cameron Rich
feb11	0:85fceccc1a7c	3	*
feb11	0:85fceccc1a7c	4	* All rights reserved.
feb11	0:85fceccc1a7c	5	*
feb11	0:85fceccc1a7c	6	* Redistribution and use in source and binary forms, with or without
feb11	0:85fceccc1a7c	7	* modification, are permitted provided that the following conditions are met:
feb11	0:85fceccc1a7c	8	*
feb11	0:85fceccc1a7c	9	* * Redistributions of source code must retain the above copyright notice,
feb11	0:85fceccc1a7c	10	* this list of conditions and the following disclaimer.
feb11	0:85fceccc1a7c	11	* * Redistributions in binary form must reproduce the above copyright notice,
feb11	0:85fceccc1a7c	12	* this list of conditions and the following disclaimer in the documentation
feb11	0:85fceccc1a7c	13	* and/or other materials provided with the distribution.
feb11	0:85fceccc1a7c	14	* * Neither the name of the axTLS project nor the names of its contributors
feb11	0:85fceccc1a7c	15	* may be used to endorse or promote products derived from this software
feb11	0:85fceccc1a7c	16	* without specific prior written permission.
feb11	0:85fceccc1a7c	17	*
feb11	0:85fceccc1a7c	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
feb11	0:85fceccc1a7c	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
feb11	0:85fceccc1a7c	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
feb11	0:85fceccc1a7c	21	* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
feb11	0:85fceccc1a7c	22	* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
feb11	0:85fceccc1a7c	23	* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
feb11	0:85fceccc1a7c	24	* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
feb11	0:85fceccc1a7c	25	* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
feb11	0:85fceccc1a7c	26	* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
feb11	0:85fceccc1a7c	27	* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
feb11	0:85fceccc1a7c	28	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
feb11	0:85fceccc1a7c	29	*/
feb11	0:85fceccc1a7c	30
feb11	0:85fceccc1a7c	31	#include <stdlib.h>
feb11	0:85fceccc1a7c	32	#include <string.h>
feb11	0:85fceccc1a7c	33	#include <time.h>
feb11	0:85fceccc1a7c	34	#include <stdio.h>
feb11	0:85fceccc1a7c	35	#include "os_port.h"
feb11	0:85fceccc1a7c	36	#include "ssl.h"
feb11	0:85fceccc1a7c	37
feb11	0:85fceccc1a7c	38	#ifdef CONFIG_SSL_ENABLE_CLIENT /* all commented out if no client */
feb11	0:85fceccc1a7c	39
feb11	0:85fceccc1a7c	40	static int send_client_hello(SSL *ssl);
feb11	0:85fceccc1a7c	41	static int process_server_hello(SSL *ssl);
feb11	0:85fceccc1a7c	42	static int process_server_hello_done(SSL *ssl);
feb11	0:85fceccc1a7c	43	static int send_client_key_xchg(SSL *ssl);
feb11	0:85fceccc1a7c	44	static int process_cert_req(SSL *ssl);
feb11	0:85fceccc1a7c	45	static int send_cert_verify(SSL *ssl);
feb11	0:85fceccc1a7c	46
feb11	0:85fceccc1a7c	47	/*
feb11	0:85fceccc1a7c	48	* Establish a new SSL connection to an SSL server.
feb11	0:85fceccc1a7c	49	*/
feb11	0:85fceccc1a7c	50	EXP_FUNC SSL * STDCALL ssl_client_new(SSL *ssl, int client_fd, const
feb11	0:85fceccc1a7c	51	uint8_t *session_id, uint8_t sess_id_size)
feb11	0:85fceccc1a7c	52	{
feb11	0:85fceccc1a7c	53	SSL_CTX *ssl_ctx = ssl->ssl_ctx;
feb11	0:85fceccc1a7c	54	ssl_new(ssl, client_fd);
feb11	0:85fceccc1a7c	55	ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
feb11	0:85fceccc1a7c	56
feb11	0:85fceccc1a7c	57	if (session_id && ssl_ctx->num_sessions)
feb11	0:85fceccc1a7c	58	{
feb11	0:85fceccc1a7c	59	if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
feb11	0:85fceccc1a7c	60	{
feb11	0:85fceccc1a7c	61	ssl_free(ssl);
feb11	0:85fceccc1a7c	62	return NULL;
feb11	0:85fceccc1a7c	63	}
feb11	0:85fceccc1a7c	64
feb11	0:85fceccc1a7c	65	memcpy(ssl->session_id, session_id, sess_id_size);
feb11	0:85fceccc1a7c	66	ssl->sess_id_size = sess_id_size;
feb11	0:85fceccc1a7c	67	SET_SSL_FLAG(SSL_SESSION_RESUME); /* just flag for later */
feb11	0:85fceccc1a7c	68	}
feb11	0:85fceccc1a7c	69
feb11	0:85fceccc1a7c	70	SET_SSL_FLAG(SSL_IS_CLIENT);
feb11	0:85fceccc1a7c	71	do_client_connect(ssl);
feb11	0:85fceccc1a7c	72	return ssl;
feb11	0:85fceccc1a7c	73	}
feb11	0:85fceccc1a7c	74
feb11	0:85fceccc1a7c	75	/*
feb11	0:85fceccc1a7c	76	* Process the handshake record.
feb11	0:85fceccc1a7c	77	*/
feb11	0:85fceccc1a7c	78	int do_clnt_handshake(SSL ssl, int handshake_type, uint8_t buf, int hs_len)
feb11	0:85fceccc1a7c	79	{
feb11	0:85fceccc1a7c	80	int ret;
feb11	0:85fceccc1a7c	81
feb11	0:85fceccc1a7c	82	/* To get here the state must be valid */
feb11	0:85fceccc1a7c	83	switch (handshake_type)
feb11	0:85fceccc1a7c	84	{
feb11	0:85fceccc1a7c	85	case HS_SERVER_HELLO:
feb11	0:85fceccc1a7c	86	ret = process_server_hello(ssl);
feb11	0:85fceccc1a7c	87	break;
feb11	0:85fceccc1a7c	88
feb11	0:85fceccc1a7c	89	case HS_CERTIFICATE:
feb11	0:85fceccc1a7c	90	ret = process_certificate(ssl, &ssl->x509_ctx);
feb11	0:85fceccc1a7c	91	break;
feb11	0:85fceccc1a7c	92
feb11	0:85fceccc1a7c	93	case HS_SERVER_HELLO_DONE:
feb11	0:85fceccc1a7c	94	if ((ret = process_server_hello_done(ssl)) == SSL_OK)
feb11	0:85fceccc1a7c	95	{
feb11	0:85fceccc1a7c	96	if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ))
feb11	0:85fceccc1a7c	97	{
feb11	0:85fceccc1a7c	98	if ((ret = send_certificate(ssl)) == SSL_OK &&
feb11	0:85fceccc1a7c	99	(ret = send_client_key_xchg(ssl)) == SSL_OK)
feb11	0:85fceccc1a7c	100	{
feb11	0:85fceccc1a7c	101	send_cert_verify(ssl);
feb11	0:85fceccc1a7c	102	}
feb11	0:85fceccc1a7c	103	}
feb11	0:85fceccc1a7c	104	else
feb11	0:85fceccc1a7c	105	{
feb11	0:85fceccc1a7c	106	ret = send_client_key_xchg(ssl);
feb11	0:85fceccc1a7c	107	}
feb11	0:85fceccc1a7c	108
feb11	0:85fceccc1a7c	109	if (ret == SSL_OK &&
feb11	0:85fceccc1a7c	110	(ret = send_change_cipher_spec(ssl)) == SSL_OK)
feb11	0:85fceccc1a7c	111	{
feb11	0:85fceccc1a7c	112	ret = send_finished(ssl);
feb11	0:85fceccc1a7c	113	}
feb11	0:85fceccc1a7c	114	}
feb11	0:85fceccc1a7c	115	break;
feb11	0:85fceccc1a7c	116
feb11	0:85fceccc1a7c	117	case HS_CERT_REQ:
feb11	0:85fceccc1a7c	118	ret = process_cert_req(ssl);
feb11	0:85fceccc1a7c	119	break;
feb11	0:85fceccc1a7c	120
feb11	0:85fceccc1a7c	121	case HS_FINISHED:
feb11	0:85fceccc1a7c	122	ret = process_finished(ssl, buf, hs_len);
feb11	0:85fceccc1a7c	123	disposable_free(ssl); /* free up some memory */
feb11	0:85fceccc1a7c	124	/* note: client renegotiation is not allowed after this */
feb11	0:85fceccc1a7c	125	break;
feb11	0:85fceccc1a7c	126
feb11	0:85fceccc1a7c	127	case HS_HELLO_REQUEST:
feb11	0:85fceccc1a7c	128	disposable_new(ssl);
feb11	0:85fceccc1a7c	129	ret = do_client_connect(ssl);
feb11	0:85fceccc1a7c	130	break;
feb11	0:85fceccc1a7c	131
feb11	0:85fceccc1a7c	132	default:
feb11	0:85fceccc1a7c	133	ret = SSL_ERROR_INVALID_HANDSHAKE;
feb11	0:85fceccc1a7c	134	break;
feb11	0:85fceccc1a7c	135	}
feb11	0:85fceccc1a7c	136
feb11	0:85fceccc1a7c	137	return ret;
feb11	0:85fceccc1a7c	138	}
feb11	0:85fceccc1a7c	139
feb11	0:85fceccc1a7c	140	/*
feb11	0:85fceccc1a7c	141	* Do the handshaking from the beginning.
feb11	0:85fceccc1a7c	142	*/
feb11	0:85fceccc1a7c	143	int do_client_connect(SSL *ssl)
feb11	0:85fceccc1a7c	144	{
feb11	0:85fceccc1a7c	145	int ret = SSL_OK;
feb11	0:85fceccc1a7c	146
feb11	0:85fceccc1a7c	147	send_client_hello(ssl); /* send the client hello */
feb11	0:85fceccc1a7c	148	ssl->bm_remaining_bytes = 0;
feb11	0:85fceccc1a7c	149	ssl->next_state = HS_SERVER_HELLO;
feb11	0:85fceccc1a7c	150	ssl->hs_status = SSL_NOT_OK; /* not connected */
feb11	0:85fceccc1a7c	151
feb11	0:85fceccc1a7c	152	/* sit in a loop until it all looks good */
feb11	0:85fceccc1a7c	153	if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS))
feb11	0:85fceccc1a7c	154	{
feb11	0:85fceccc1a7c	155	while (ssl->hs_status != SSL_OK)
feb11	0:85fceccc1a7c	156	{
feb11	0:85fceccc1a7c	157	ret = read_record(ssl);
feb11	0:85fceccc1a7c	158	if (ret < SSL_OK)
feb11	0:85fceccc1a7c	159	break;
feb11	0:85fceccc1a7c	160	ret = process_data(ssl, NULL, 0);
feb11	0:85fceccc1a7c	161	if (ret < SSL_OK)
feb11	0:85fceccc1a7c	162	break;
feb11	0:85fceccc1a7c	163	}
feb11	0:85fceccc1a7c	164	ssl->hs_status = ret; /* connected? */
feb11	0:85fceccc1a7c	165	}
feb11	0:85fceccc1a7c	166	return ret;
feb11	0:85fceccc1a7c	167	}
feb11	0:85fceccc1a7c	168
feb11	0:85fceccc1a7c	169	/*
feb11	0:85fceccc1a7c	170	* Send the initial client hello.
feb11	0:85fceccc1a7c	171	*/
feb11	0:85fceccc1a7c	172	static int send_client_hello(SSL *ssl)
feb11	0:85fceccc1a7c	173	{
feb11	0:85fceccc1a7c	174	uint8_t *buf = ssl->bm_data;
feb11	0:85fceccc1a7c	175	time_t tm = time(NULL);
feb11	0:85fceccc1a7c	176	uint8_t tm_ptr = &buf[6]; / time will go here */
feb11	0:85fceccc1a7c	177	int i, offset;
feb11	0:85fceccc1a7c	178
feb11	0:85fceccc1a7c	179	buf[0] = HS_CLIENT_HELLO;
feb11	0:85fceccc1a7c	180	buf[1] = 0;
feb11	0:85fceccc1a7c	181	buf[2] = 0;
feb11	0:85fceccc1a7c	182	/* byte 3 is calculated later */
feb11	0:85fceccc1a7c	183	buf[4] = 0x03;
feb11	0:85fceccc1a7c	184	buf[5] = ssl->version & 0x0f;
feb11	0:85fceccc1a7c	185
feb11	0:85fceccc1a7c	186	/* client random value - spec says that 1st 4 bytes are big endian time */
feb11	0:85fceccc1a7c	187	*tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24);
feb11	0:85fceccc1a7c	188	*tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
feb11	0:85fceccc1a7c	189	*tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
feb11	0:85fceccc1a7c	190	*tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
feb11	0:85fceccc1a7c	191	get_random(SSL_RANDOM_SIZE-4, &buf[10]);
feb11	0:85fceccc1a7c	192	memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
feb11	0:85fceccc1a7c	193	offset = 6 + SSL_RANDOM_SIZE;
feb11	0:85fceccc1a7c	194
feb11	0:85fceccc1a7c	195	/* give session resumption a go */
feb11	0:85fceccc1a7c	196	if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME)) /* set initially by user */
feb11	0:85fceccc1a7c	197	{
feb11	0:85fceccc1a7c	198	buf[offset++] = ssl->sess_id_size;
feb11	0:85fceccc1a7c	199	memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size);
feb11	0:85fceccc1a7c	200	offset += ssl->sess_id_size;
feb11	0:85fceccc1a7c	201	CLR_SSL_FLAG(SSL_SESSION_RESUME); /* clear so we can set later */
feb11	0:85fceccc1a7c	202	}
feb11	0:85fceccc1a7c	203	else
feb11	0:85fceccc1a7c	204	{
feb11	0:85fceccc1a7c	205	/* no session id - because no session resumption just yet */
feb11	0:85fceccc1a7c	206	buf[offset++] = 0;
feb11	0:85fceccc1a7c	207	}
feb11	0:85fceccc1a7c	208
feb11	0:85fceccc1a7c	209	buf[offset++] = 0; /* number of ciphers */
feb11	0:85fceccc1a7c	210	buf[offset++] = NUM_PROTOCOLS2;/ number of ciphers */
feb11	0:85fceccc1a7c	211
feb11	0:85fceccc1a7c	212	/* put all our supported protocols in our request */
feb11	0:85fceccc1a7c	213	for (i = 0; i < NUM_PROTOCOLS; i++)
feb11	0:85fceccc1a7c	214	{
feb11	0:85fceccc1a7c	215	buf[offset++] = 0; /* cipher we are using */
feb11	0:85fceccc1a7c	216	buf[offset++] = ssl_prot_prefs[i];
feb11	0:85fceccc1a7c	217	}
feb11	0:85fceccc1a7c	218
feb11	0:85fceccc1a7c	219	buf[offset++] = 1; /* no compression */
feb11	0:85fceccc1a7c	220	buf[offset++] = 0;
feb11	0:85fceccc1a7c	221	buf[3] = offset - 4; /* handshake size */
feb11	0:85fceccc1a7c	222
feb11	0:85fceccc1a7c	223	return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
feb11	0:85fceccc1a7c	224	}
feb11	0:85fceccc1a7c	225
feb11	0:85fceccc1a7c	226	/*
feb11	0:85fceccc1a7c	227	* Process the server hello.
feb11	0:85fceccc1a7c	228	*/
feb11	0:85fceccc1a7c	229	static int process_server_hello(SSL *ssl)
feb11	0:85fceccc1a7c	230	{
feb11	0:85fceccc1a7c	231	uint8_t *buf = ssl->bm_data;
feb11	0:85fceccc1a7c	232	int pkt_size = ssl->bm_index;
feb11	0:85fceccc1a7c	233	int num_sessions = ssl->ssl_ctx->num_sessions;
feb11	0:85fceccc1a7c	234	uint8_t sess_id_size;
feb11	0:85fceccc1a7c	235	int offset, ret = SSL_OK;
feb11	0:85fceccc1a7c	236
feb11	0:85fceccc1a7c	237	/* check that we are talking to a TLSv1 server */
feb11	0:85fceccc1a7c	238	uint8_t version = (buf[0] << 4) + buf[1];
feb11	0:85fceccc1a7c	239	if (version > SSL_PROTOCOL_VERSION_MAX)
feb11	0:85fceccc1a7c	240	{
feb11	0:85fceccc1a7c	241	version = SSL_PROTOCOL_VERSION_MAX;
feb11	0:85fceccc1a7c	242	}
feb11	0:85fceccc1a7c	243	else if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
feb11	0:85fceccc1a7c	244	{
feb11	0:85fceccc1a7c	245	ret = SSL_ERROR_INVALID_VERSION;
feb11	0:85fceccc1a7c	246	ssl_display_error(ret);
feb11	0:85fceccc1a7c	247	goto error;
feb11	0:85fceccc1a7c	248	}
feb11	0:85fceccc1a7c	249
feb11	0:85fceccc1a7c	250	ssl->version = version;
feb11	0:85fceccc1a7c	251
feb11	0:85fceccc1a7c	252	/* get the server random value */
feb11	0:85fceccc1a7c	253	memcpy(ssl->dc->server_random, &buf[2], SSL_RANDOM_SIZE);
feb11	0:85fceccc1a7c	254	offset = 2 + SSL_RANDOM_SIZE; /* skip of session id size */
feb11	0:85fceccc1a7c	255	sess_id_size = buf[offset++];
feb11	0:85fceccc1a7c	256
feb11	0:85fceccc1a7c	257	if (sess_id_size > SSL_SESSION_ID_SIZE)
feb11	0:85fceccc1a7c	258	{
feb11	0:85fceccc1a7c	259	ret = SSL_ERROR_INVALID_SESSION;
feb11	0:85fceccc1a7c	260	goto error;
feb11	0:85fceccc1a7c	261	}
feb11	0:85fceccc1a7c	262
feb11	0:85fceccc1a7c	263	if (num_sessions)
feb11	0:85fceccc1a7c	264	{
feb11	0:85fceccc1a7c	265	ssl->session = ssl_session_update(num_sessions,
feb11	0:85fceccc1a7c	266	ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
feb11	0:85fceccc1a7c	267	memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
feb11	0:85fceccc1a7c	268
feb11	0:85fceccc1a7c	269	/* pad the rest with 0's */
feb11	0:85fceccc1a7c	270	if (sess_id_size < SSL_SESSION_ID_SIZE)
feb11	0:85fceccc1a7c	271	{
feb11	0:85fceccc1a7c	272	memset(&ssl->session->session_id[sess_id_size], 0,
feb11	0:85fceccc1a7c	273	SSL_SESSION_ID_SIZE-sess_id_size);
feb11	0:85fceccc1a7c	274	}
feb11	0:85fceccc1a7c	275	}
feb11	0:85fceccc1a7c	276
feb11	0:85fceccc1a7c	277	memcpy(ssl->session_id, &buf[offset], sess_id_size);
feb11	0:85fceccc1a7c	278	ssl->sess_id_size = sess_id_size;
feb11	0:85fceccc1a7c	279	offset += sess_id_size;
feb11	0:85fceccc1a7c	280
feb11	0:85fceccc1a7c	281	/* get the real cipher we are using */
feb11	0:85fceccc1a7c	282	ssl->cipher = buf[++offset];
feb11	0:85fceccc1a7c	283	ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ?
feb11	0:85fceccc1a7c	284	HS_FINISHED : HS_CERTIFICATE;
feb11	0:85fceccc1a7c	285
feb11	0:85fceccc1a7c	286	offset++; // skip the compr
feb11	0:85fceccc1a7c	287	PARANOIA_CHECK(pkt_size, offset);
feb11	0:85fceccc1a7c	288	ssl->dc->bm_proc_index = offset+1;
feb11	0:85fceccc1a7c	289
feb11	0:85fceccc1a7c	290	error:
feb11	0:85fceccc1a7c	291	return ret;
feb11	0:85fceccc1a7c	292	}
feb11	0:85fceccc1a7c	293
feb11	0:85fceccc1a7c	294	/**
feb11	0:85fceccc1a7c	295	* Process the server hello done message.
feb11	0:85fceccc1a7c	296	*/
feb11	0:85fceccc1a7c	297	static int process_server_hello_done(SSL *ssl)
feb11	0:85fceccc1a7c	298	{
feb11	0:85fceccc1a7c	299	ssl->next_state = HS_FINISHED;
feb11	0:85fceccc1a7c	300	return SSL_OK;
feb11	0:85fceccc1a7c	301	}
feb11	0:85fceccc1a7c	302
feb11	0:85fceccc1a7c	303	/*
feb11	0:85fceccc1a7c	304	* Send a client key exchange message.
feb11	0:85fceccc1a7c	305	*/
feb11	0:85fceccc1a7c	306	static int send_client_key_xchg(SSL *ssl)
feb11	0:85fceccc1a7c	307	{
feb11	0:85fceccc1a7c	308	uint8_t *buf = ssl->bm_data;
feb11	0:85fceccc1a7c	309	uint8_t premaster_secret[SSL_SECRET_SIZE];
feb11	0:85fceccc1a7c	310	int enc_secret_size = -1;
feb11	0:85fceccc1a7c	311
feb11	0:85fceccc1a7c	312	buf[0] = HS_CLIENT_KEY_XCHG;
feb11	0:85fceccc1a7c	313	buf[1] = 0;
feb11	0:85fceccc1a7c	314
feb11	0:85fceccc1a7c	315	premaster_secret[0] = 0x03; /* encode the version number */
feb11	0:85fceccc1a7c	316	premaster_secret[1] = SSL_PROTOCOL_MINOR_VERSION; /* must be TLS 1.1 */
feb11	0:85fceccc1a7c	317	get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
feb11	0:85fceccc1a7c	318	DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
feb11	0:85fceccc1a7c	319
feb11	0:85fceccc1a7c	320	/* rsa_ctx->bi_ctx is not thread-safe */
feb11	0:85fceccc1a7c	321	SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
feb11	0:85fceccc1a7c	322	enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret,
feb11	0:85fceccc1a7c	323	SSL_SECRET_SIZE, &buf[6], 0);
feb11	0:85fceccc1a7c	324	SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
feb11	0:85fceccc1a7c	325
feb11	0:85fceccc1a7c	326	buf[2] = (enc_secret_size + 2) >> 8;
feb11	0:85fceccc1a7c	327	buf[3] = (enc_secret_size + 2) & 0xff;
feb11	0:85fceccc1a7c	328	buf[4] = enc_secret_size >> 8;
feb11	0:85fceccc1a7c	329	buf[5] = enc_secret_size & 0xff;
feb11	0:85fceccc1a7c	330
feb11	0:85fceccc1a7c	331	generate_master_secret(ssl, premaster_secret);
feb11	0:85fceccc1a7c	332
feb11	0:85fceccc1a7c	333	return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, enc_secret_size+6);
feb11	0:85fceccc1a7c	334	}
feb11	0:85fceccc1a7c	335
feb11	0:85fceccc1a7c	336	/*
feb11	0:85fceccc1a7c	337	* Process the certificate request.
feb11	0:85fceccc1a7c	338	*/
feb11	0:85fceccc1a7c	339	static int process_cert_req(SSL *ssl)
feb11	0:85fceccc1a7c	340	{
feb11	0:85fceccc1a7c	341	uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
feb11	0:85fceccc1a7c	342	int ret = SSL_OK;
feb11	0:85fceccc1a7c	343	int offset = (buf[2] << 4) + buf[3];
feb11	0:85fceccc1a7c	344	int pkt_size = ssl->bm_index;
feb11	0:85fceccc1a7c	345
feb11	0:85fceccc1a7c	346	/* don't do any processing - we will send back an RSA certificate anyway */
feb11	0:85fceccc1a7c	347	ssl->next_state = HS_SERVER_HELLO_DONE;
feb11	0:85fceccc1a7c	348	SET_SSL_FLAG(SSL_HAS_CERT_REQ);
feb11	0:85fceccc1a7c	349	ssl->dc->bm_proc_index += offset;
feb11	0:85fceccc1a7c	350	PARANOIA_CHECK(pkt_size, offset);
feb11	0:85fceccc1a7c	351	error:
feb11	0:85fceccc1a7c	352	return ret;
feb11	0:85fceccc1a7c	353	}
feb11	0:85fceccc1a7c	354
feb11	0:85fceccc1a7c	355	/*
feb11	0:85fceccc1a7c	356	* Send a certificate verify message.
feb11	0:85fceccc1a7c	357	*/
feb11	0:85fceccc1a7c	358	static int send_cert_verify(SSL *ssl)
feb11	0:85fceccc1a7c	359	{
feb11	0:85fceccc1a7c	360	uint8_t *buf = ssl->bm_data;
feb11	0:85fceccc1a7c	361	uint8_t dgst[MD5_SIZE+SHA1_SIZE];
feb11	0:85fceccc1a7c	362	RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
feb11	0:85fceccc1a7c	363	int n = 0, ret;
feb11	0:85fceccc1a7c	364
feb11	0:85fceccc1a7c	365	DISPLAY_RSA(ssl, rsa_ctx);
feb11	0:85fceccc1a7c	366
feb11	0:85fceccc1a7c	367	buf[0] = HS_CERT_VERIFY;
feb11	0:85fceccc1a7c	368	buf[1] = 0;
feb11	0:85fceccc1a7c	369
feb11	0:85fceccc1a7c	370	finished_digest(ssl, NULL, dgst); /* calculate the digest */
feb11	0:85fceccc1a7c	371
feb11	0:85fceccc1a7c	372	/* rsa_ctx->bi_ctx is not thread-safe */
feb11	0:85fceccc1a7c	373	if (rsa_ctx)
feb11	0:85fceccc1a7c	374	{
feb11	0:85fceccc1a7c	375	SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
feb11	0:85fceccc1a7c	376	n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
feb11	0:85fceccc1a7c	377	SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
feb11	0:85fceccc1a7c	378
feb11	0:85fceccc1a7c	379	if (n == 0)
feb11	0:85fceccc1a7c	380	{
feb11	0:85fceccc1a7c	381	ret = SSL_ERROR_INVALID_KEY;
feb11	0:85fceccc1a7c	382	goto error;
feb11	0:85fceccc1a7c	383	}
feb11	0:85fceccc1a7c	384	}
feb11	0:85fceccc1a7c	385
feb11	0:85fceccc1a7c	386	buf[4] = n >> 8; /* add the RSA size (not officially documented) */
feb11	0:85fceccc1a7c	387	buf[5] = n & 0xff;
feb11	0:85fceccc1a7c	388	n += 2;
feb11	0:85fceccc1a7c	389	buf[2] = n >> 8;
feb11	0:85fceccc1a7c	390	buf[3] = n & 0xff;
feb11	0:85fceccc1a7c	391	ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n+4);
feb11	0:85fceccc1a7c	392
feb11	0:85fceccc1a7c	393	error:
feb11	0:85fceccc1a7c	394	return ret;
feb11	0:85fceccc1a7c	395	}
feb11	0:85fceccc1a7c	396
feb11	0:85fceccc1a7c	397	#endif /* CONFIG_SSL_ENABLE_CLIENT */
feb11	0:85fceccc1a7c	398
feb11	0:85fceccc1a7c	399

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	12 Sep 2013
Imports:	114
Forks:	0
Commits:	1
Dependents:	2
Dependencies:	0
Followers:	8

The code in this repository is Apache licensed.