Rahul Dahiya
/
STM32F7 Ethernet
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
mbed-os/features/mbedtls/src/ssl_cli.c@0:fb8047b156bb, 2020-01-15 (annotated)
- Committer:
- rahul_dahiya
- Date:
- Wed Jan 15 15:57:15 2020 +0530
- Revision:
- 0:fb8047b156bb
STM32F7 LWIP
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| rahul_dahiya |
0:fb8047b156bb | 1 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2 | * SSLv3/TLSv1 client-side functions |
| rahul_dahiya |
0:fb8047b156bb | 3 | * |
| rahul_dahiya |
0:fb8047b156bb | 4 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
| rahul_dahiya |
0:fb8047b156bb | 5 | * SPDX-License-Identifier: Apache-2.0 |
| rahul_dahiya |
0:fb8047b156bb | 6 | * |
| rahul_dahiya |
0:fb8047b156bb | 7 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| rahul_dahiya |
0:fb8047b156bb | 8 | * not use this file except in compliance with the License. |
| rahul_dahiya |
0:fb8047b156bb | 9 | * You may obtain a copy of the License at |
| rahul_dahiya |
0:fb8047b156bb | 10 | * |
| rahul_dahiya |
0:fb8047b156bb | 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
| rahul_dahiya |
0:fb8047b156bb | 12 | * |
| rahul_dahiya |
0:fb8047b156bb | 13 | * Unless required by applicable law or agreed to in writing, software |
| rahul_dahiya |
0:fb8047b156bb | 14 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| rahul_dahiya |
0:fb8047b156bb | 15 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| rahul_dahiya |
0:fb8047b156bb | 16 | * See the License for the specific language governing permissions and |
| rahul_dahiya |
0:fb8047b156bb | 17 | * limitations under the License. |
| rahul_dahiya |
0:fb8047b156bb | 18 | * |
| rahul_dahiya |
0:fb8047b156bb | 19 | * This file is part of mbed TLS (https://tls.mbed.org) |
| rahul_dahiya |
0:fb8047b156bb | 20 | */ |
| rahul_dahiya |
0:fb8047b156bb | 21 | |
| rahul_dahiya |
0:fb8047b156bb | 22 | #if !defined(MBEDTLS_CONFIG_FILE) |
| rahul_dahiya |
0:fb8047b156bb | 23 | #include "mbedtls/config.h" |
| rahul_dahiya |
0:fb8047b156bb | 24 | #else |
| rahul_dahiya |
0:fb8047b156bb | 25 | #include MBEDTLS_CONFIG_FILE |
| rahul_dahiya |
0:fb8047b156bb | 26 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 27 | |
| rahul_dahiya |
0:fb8047b156bb | 28 | #if defined(MBEDTLS_SSL_CLI_C) |
| rahul_dahiya |
0:fb8047b156bb | 29 | |
| rahul_dahiya |
0:fb8047b156bb | 30 | #if defined(MBEDTLS_PLATFORM_C) |
| rahul_dahiya |
0:fb8047b156bb | 31 | #include "mbedtls/platform.h" |
| rahul_dahiya |
0:fb8047b156bb | 32 | #else |
| rahul_dahiya |
0:fb8047b156bb | 33 | #include <stdlib.h> |
| rahul_dahiya |
0:fb8047b156bb | 34 | #define mbedtls_calloc calloc |
| rahul_dahiya |
0:fb8047b156bb | 35 | #define mbedtls_free free |
| rahul_dahiya |
0:fb8047b156bb | 36 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 37 | |
| rahul_dahiya |
0:fb8047b156bb | 38 | #include "mbedtls/debug.h" |
| rahul_dahiya |
0:fb8047b156bb | 39 | #include "mbedtls/ssl.h" |
| rahul_dahiya |
0:fb8047b156bb | 40 | #include "mbedtls/ssl_internal.h" |
| rahul_dahiya |
0:fb8047b156bb | 41 | |
| rahul_dahiya |
0:fb8047b156bb | 42 | #include <string.h> |
| rahul_dahiya |
0:fb8047b156bb | 43 | |
| rahul_dahiya |
0:fb8047b156bb | 44 | #include <stdint.h> |
| rahul_dahiya |
0:fb8047b156bb | 45 | |
| rahul_dahiya |
0:fb8047b156bb | 46 | #if defined(MBEDTLS_HAVE_TIME) |
| rahul_dahiya |
0:fb8047b156bb | 47 | #include "mbedtls/platform_time.h" |
| rahul_dahiya |
0:fb8047b156bb | 48 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 49 | |
| rahul_dahiya |
0:fb8047b156bb | 50 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| rahul_dahiya |
0:fb8047b156bb | 51 | /* Implementation that should never be optimized out by the compiler */ |
| rahul_dahiya |
0:fb8047b156bb | 52 | static void mbedtls_zeroize( void *v, size_t n ) { |
| rahul_dahiya |
0:fb8047b156bb | 53 | volatile unsigned char *p = v; while( n-- ) *p++ = 0; |
| rahul_dahiya |
0:fb8047b156bb | 54 | } |
| rahul_dahiya |
0:fb8047b156bb | 55 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 56 | |
| rahul_dahiya |
0:fb8047b156bb | 57 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| rahul_dahiya |
0:fb8047b156bb | 58 | static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 59 | unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 60 | size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 61 | { |
| rahul_dahiya |
0:fb8047b156bb | 62 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 63 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 64 | size_t hostname_len; |
| rahul_dahiya |
0:fb8047b156bb | 65 | |
| rahul_dahiya |
0:fb8047b156bb | 66 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 67 | |
| rahul_dahiya |
0:fb8047b156bb | 68 | if( ssl->hostname == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 69 | return; |
| rahul_dahiya |
0:fb8047b156bb | 70 | |
| rahul_dahiya |
0:fb8047b156bb | 71 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s", |
| rahul_dahiya |
0:fb8047b156bb | 72 | ssl->hostname ) ); |
| rahul_dahiya |
0:fb8047b156bb | 73 | |
| rahul_dahiya |
0:fb8047b156bb | 74 | hostname_len = strlen( ssl->hostname ); |
| rahul_dahiya |
0:fb8047b156bb | 75 | |
| rahul_dahiya |
0:fb8047b156bb | 76 | if( end < p || (size_t)( end - p ) < hostname_len + 9 ) |
| rahul_dahiya |
0:fb8047b156bb | 77 | { |
| rahul_dahiya |
0:fb8047b156bb | 78 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 79 | return; |
| rahul_dahiya |
0:fb8047b156bb | 80 | } |
| rahul_dahiya |
0:fb8047b156bb | 81 | |
| rahul_dahiya |
0:fb8047b156bb | 82 | /* |
| rahul_dahiya |
0:fb8047b156bb | 83 | * struct { |
| rahul_dahiya |
0:fb8047b156bb | 84 | * NameType name_type; |
| rahul_dahiya |
0:fb8047b156bb | 85 | * select (name_type) { |
| rahul_dahiya |
0:fb8047b156bb | 86 | * case host_name: HostName; |
| rahul_dahiya |
0:fb8047b156bb | 87 | * } name; |
| rahul_dahiya |
0:fb8047b156bb | 88 | * } ServerName; |
| rahul_dahiya |
0:fb8047b156bb | 89 | * |
| rahul_dahiya |
0:fb8047b156bb | 90 | * enum { |
| rahul_dahiya |
0:fb8047b156bb | 91 | * host_name(0), (255) |
| rahul_dahiya |
0:fb8047b156bb | 92 | * } NameType; |
| rahul_dahiya |
0:fb8047b156bb | 93 | * |
| rahul_dahiya |
0:fb8047b156bb | 94 | * opaque HostName<1..2^16-1>; |
| rahul_dahiya |
0:fb8047b156bb | 95 | * |
| rahul_dahiya |
0:fb8047b156bb | 96 | * struct { |
| rahul_dahiya |
0:fb8047b156bb | 97 | * ServerName server_name_list<1..2^16-1> |
| rahul_dahiya |
0:fb8047b156bb | 98 | * } ServerNameList; |
| rahul_dahiya |
0:fb8047b156bb | 99 | */ |
| rahul_dahiya |
0:fb8047b156bb | 100 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 101 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 102 | |
| rahul_dahiya |
0:fb8047b156bb | 103 | *p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 104 | *p++ = (unsigned char)( ( (hostname_len + 5) ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 105 | |
| rahul_dahiya |
0:fb8047b156bb | 106 | *p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 107 | *p++ = (unsigned char)( ( (hostname_len + 3) ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 108 | |
| rahul_dahiya |
0:fb8047b156bb | 109 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 110 | *p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 111 | *p++ = (unsigned char)( ( hostname_len ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 112 | |
| rahul_dahiya |
0:fb8047b156bb | 113 | memcpy( p, ssl->hostname, hostname_len ); |
| rahul_dahiya |
0:fb8047b156bb | 114 | |
| rahul_dahiya |
0:fb8047b156bb | 115 | *olen = hostname_len + 9; |
| rahul_dahiya |
0:fb8047b156bb | 116 | } |
| rahul_dahiya |
0:fb8047b156bb | 117 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
| rahul_dahiya |
0:fb8047b156bb | 118 | |
| rahul_dahiya |
0:fb8047b156bb | 119 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 120 | static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 121 | unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 122 | size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 123 | { |
| rahul_dahiya |
0:fb8047b156bb | 124 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 125 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 126 | |
| rahul_dahiya |
0:fb8047b156bb | 127 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 128 | |
| rahul_dahiya |
0:fb8047b156bb | 129 | if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
| rahul_dahiya |
0:fb8047b156bb | 130 | return; |
| rahul_dahiya |
0:fb8047b156bb | 131 | |
| rahul_dahiya |
0:fb8047b156bb | 132 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 133 | |
| rahul_dahiya |
0:fb8047b156bb | 134 | if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len ) |
| rahul_dahiya |
0:fb8047b156bb | 135 | { |
| rahul_dahiya |
0:fb8047b156bb | 136 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 137 | return; |
| rahul_dahiya |
0:fb8047b156bb | 138 | } |
| rahul_dahiya |
0:fb8047b156bb | 139 | |
| rahul_dahiya |
0:fb8047b156bb | 140 | /* |
| rahul_dahiya |
0:fb8047b156bb | 141 | * Secure renegotiation |
| rahul_dahiya |
0:fb8047b156bb | 142 | */ |
| rahul_dahiya |
0:fb8047b156bb | 143 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 144 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 145 | |
| rahul_dahiya |
0:fb8047b156bb | 146 | *p++ = 0x00; |
| rahul_dahiya |
0:fb8047b156bb | 147 | *p++ = ( ssl->verify_data_len + 1 ) & 0xFF; |
| rahul_dahiya |
0:fb8047b156bb | 148 | *p++ = ssl->verify_data_len & 0xFF; |
| rahul_dahiya |
0:fb8047b156bb | 149 | |
| rahul_dahiya |
0:fb8047b156bb | 150 | memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); |
| rahul_dahiya |
0:fb8047b156bb | 151 | |
| rahul_dahiya |
0:fb8047b156bb | 152 | *olen = 5 + ssl->verify_data_len; |
| rahul_dahiya |
0:fb8047b156bb | 153 | } |
| rahul_dahiya |
0:fb8047b156bb | 154 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
| rahul_dahiya |
0:fb8047b156bb | 155 | |
| rahul_dahiya |
0:fb8047b156bb | 156 | /* |
| rahul_dahiya |
0:fb8047b156bb | 157 | * Only if we handle at least one key exchange that needs signatures. |
| rahul_dahiya |
0:fb8047b156bb | 158 | */ |
| rahul_dahiya |
0:fb8047b156bb | 159 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ |
| rahul_dahiya |
0:fb8047b156bb | 160 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 161 | static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 162 | unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 163 | size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 164 | { |
| rahul_dahiya |
0:fb8047b156bb | 165 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 166 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 167 | size_t sig_alg_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 168 | const int *md; |
| rahul_dahiya |
0:fb8047b156bb | 169 | #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) |
| rahul_dahiya |
0:fb8047b156bb | 170 | unsigned char *sig_alg_list = buf + 6; |
| rahul_dahiya |
0:fb8047b156bb | 171 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 172 | |
| rahul_dahiya |
0:fb8047b156bb | 173 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 174 | |
| rahul_dahiya |
0:fb8047b156bb | 175 | if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 176 | return; |
| rahul_dahiya |
0:fb8047b156bb | 177 | |
| rahul_dahiya |
0:fb8047b156bb | 178 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 179 | |
| rahul_dahiya |
0:fb8047b156bb | 180 | for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) |
| rahul_dahiya |
0:fb8047b156bb | 181 | { |
| rahul_dahiya |
0:fb8047b156bb | 182 | #if defined(MBEDTLS_ECDSA_C) |
| rahul_dahiya |
0:fb8047b156bb | 183 | sig_alg_len += 2; |
| rahul_dahiya |
0:fb8047b156bb | 184 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 185 | #if defined(MBEDTLS_RSA_C) |
| rahul_dahiya |
0:fb8047b156bb | 186 | sig_alg_len += 2; |
| rahul_dahiya |
0:fb8047b156bb | 187 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 188 | } |
| rahul_dahiya |
0:fb8047b156bb | 189 | |
| rahul_dahiya |
0:fb8047b156bb | 190 | if( end < p || (size_t)( end - p ) < sig_alg_len + 6 ) |
| rahul_dahiya |
0:fb8047b156bb | 191 | { |
| rahul_dahiya |
0:fb8047b156bb | 192 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 193 | return; |
| rahul_dahiya |
0:fb8047b156bb | 194 | } |
| rahul_dahiya |
0:fb8047b156bb | 195 | |
| rahul_dahiya |
0:fb8047b156bb | 196 | /* |
| rahul_dahiya |
0:fb8047b156bb | 197 | * Prepare signature_algorithms extension (TLS 1.2) |
| rahul_dahiya |
0:fb8047b156bb | 198 | */ |
| rahul_dahiya |
0:fb8047b156bb | 199 | sig_alg_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 200 | |
| rahul_dahiya |
0:fb8047b156bb | 201 | for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) |
| rahul_dahiya |
0:fb8047b156bb | 202 | { |
| rahul_dahiya |
0:fb8047b156bb | 203 | #if defined(MBEDTLS_ECDSA_C) |
| rahul_dahiya |
0:fb8047b156bb | 204 | sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md ); |
| rahul_dahiya |
0:fb8047b156bb | 205 | sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA; |
| rahul_dahiya |
0:fb8047b156bb | 206 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 207 | #if defined(MBEDTLS_RSA_C) |
| rahul_dahiya |
0:fb8047b156bb | 208 | sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md ); |
| rahul_dahiya |
0:fb8047b156bb | 209 | sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA; |
| rahul_dahiya |
0:fb8047b156bb | 210 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 211 | } |
| rahul_dahiya |
0:fb8047b156bb | 212 | |
| rahul_dahiya |
0:fb8047b156bb | 213 | /* |
| rahul_dahiya |
0:fb8047b156bb | 214 | * enum { |
| rahul_dahiya |
0:fb8047b156bb | 215 | * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), |
| rahul_dahiya |
0:fb8047b156bb | 216 | * sha512(6), (255) |
| rahul_dahiya |
0:fb8047b156bb | 217 | * } HashAlgorithm; |
| rahul_dahiya |
0:fb8047b156bb | 218 | * |
| rahul_dahiya |
0:fb8047b156bb | 219 | * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } |
| rahul_dahiya |
0:fb8047b156bb | 220 | * SignatureAlgorithm; |
| rahul_dahiya |
0:fb8047b156bb | 221 | * |
| rahul_dahiya |
0:fb8047b156bb | 222 | * struct { |
| rahul_dahiya |
0:fb8047b156bb | 223 | * HashAlgorithm hash; |
| rahul_dahiya |
0:fb8047b156bb | 224 | * SignatureAlgorithm signature; |
| rahul_dahiya |
0:fb8047b156bb | 225 | * } SignatureAndHashAlgorithm; |
| rahul_dahiya |
0:fb8047b156bb | 226 | * |
| rahul_dahiya |
0:fb8047b156bb | 227 | * SignatureAndHashAlgorithm |
| rahul_dahiya |
0:fb8047b156bb | 228 | * supported_signature_algorithms<2..2^16-2>; |
| rahul_dahiya |
0:fb8047b156bb | 229 | */ |
| rahul_dahiya |
0:fb8047b156bb | 230 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 231 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 232 | |
| rahul_dahiya |
0:fb8047b156bb | 233 | *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 234 | *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 235 | |
| rahul_dahiya |
0:fb8047b156bb | 236 | *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 237 | *p++ = (unsigned char)( ( sig_alg_len ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 238 | |
| rahul_dahiya |
0:fb8047b156bb | 239 | *olen = 6 + sig_alg_len; |
| rahul_dahiya |
0:fb8047b156bb | 240 | } |
| rahul_dahiya |
0:fb8047b156bb | 241 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && |
| rahul_dahiya |
0:fb8047b156bb | 242 | MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 243 | |
| rahul_dahiya |
0:fb8047b156bb | 244 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ |
| rahul_dahiya |
0:fb8047b156bb | 245 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 246 | static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 247 | unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 248 | size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 249 | { |
| rahul_dahiya |
0:fb8047b156bb | 250 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 251 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 252 | unsigned char *elliptic_curve_list = p + 6; |
| rahul_dahiya |
0:fb8047b156bb | 253 | size_t elliptic_curve_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 254 | const mbedtls_ecp_curve_info *info; |
| rahul_dahiya |
0:fb8047b156bb | 255 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 256 | const mbedtls_ecp_group_id *grp_id; |
| rahul_dahiya |
0:fb8047b156bb | 257 | #else |
| rahul_dahiya |
0:fb8047b156bb | 258 | ((void) ssl); |
| rahul_dahiya |
0:fb8047b156bb | 259 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 260 | |
| rahul_dahiya |
0:fb8047b156bb | 261 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 262 | |
| rahul_dahiya |
0:fb8047b156bb | 263 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 264 | |
| rahul_dahiya |
0:fb8047b156bb | 265 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 266 | for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) |
| rahul_dahiya |
0:fb8047b156bb | 267 | #else |
| rahul_dahiya |
0:fb8047b156bb | 268 | for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) |
| rahul_dahiya |
0:fb8047b156bb | 269 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 270 | { |
| rahul_dahiya |
0:fb8047b156bb | 271 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 272 | info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); |
| rahul_dahiya |
0:fb8047b156bb | 273 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 274 | if( info == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 275 | { |
| rahul_dahiya |
0:fb8047b156bb | 276 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 277 | return; |
| rahul_dahiya |
0:fb8047b156bb | 278 | } |
| rahul_dahiya |
0:fb8047b156bb | 279 | |
| rahul_dahiya |
0:fb8047b156bb | 280 | elliptic_curve_len += 2; |
| rahul_dahiya |
0:fb8047b156bb | 281 | } |
| rahul_dahiya |
0:fb8047b156bb | 282 | |
| rahul_dahiya |
0:fb8047b156bb | 283 | if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len ) |
| rahul_dahiya |
0:fb8047b156bb | 284 | { |
| rahul_dahiya |
0:fb8047b156bb | 285 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 286 | return; |
| rahul_dahiya |
0:fb8047b156bb | 287 | } |
| rahul_dahiya |
0:fb8047b156bb | 288 | |
| rahul_dahiya |
0:fb8047b156bb | 289 | elliptic_curve_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 290 | |
| rahul_dahiya |
0:fb8047b156bb | 291 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 292 | for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) |
| rahul_dahiya |
0:fb8047b156bb | 293 | #else |
| rahul_dahiya |
0:fb8047b156bb | 294 | for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) |
| rahul_dahiya |
0:fb8047b156bb | 295 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 296 | { |
| rahul_dahiya |
0:fb8047b156bb | 297 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 298 | info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); |
| rahul_dahiya |
0:fb8047b156bb | 299 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 300 | elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; |
| rahul_dahiya |
0:fb8047b156bb | 301 | elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; |
| rahul_dahiya |
0:fb8047b156bb | 302 | } |
| rahul_dahiya |
0:fb8047b156bb | 303 | |
| rahul_dahiya |
0:fb8047b156bb | 304 | if( elliptic_curve_len == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 305 | return; |
| rahul_dahiya |
0:fb8047b156bb | 306 | |
| rahul_dahiya |
0:fb8047b156bb | 307 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 308 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 309 | |
| rahul_dahiya |
0:fb8047b156bb | 310 | *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 311 | *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 312 | |
| rahul_dahiya |
0:fb8047b156bb | 313 | *p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 314 | *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 315 | |
| rahul_dahiya |
0:fb8047b156bb | 316 | *olen = 6 + elliptic_curve_len; |
| rahul_dahiya |
0:fb8047b156bb | 317 | } |
| rahul_dahiya |
0:fb8047b156bb | 318 | |
| rahul_dahiya |
0:fb8047b156bb | 319 | static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 320 | unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 321 | size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 322 | { |
| rahul_dahiya |
0:fb8047b156bb | 323 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 324 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 325 | |
| rahul_dahiya |
0:fb8047b156bb | 326 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 327 | |
| rahul_dahiya |
0:fb8047b156bb | 328 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 329 | |
| rahul_dahiya |
0:fb8047b156bb | 330 | if( end < p || (size_t)( end - p ) < 6 ) |
| rahul_dahiya |
0:fb8047b156bb | 331 | { |
| rahul_dahiya |
0:fb8047b156bb | 332 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 333 | return; |
| rahul_dahiya |
0:fb8047b156bb | 334 | } |
| rahul_dahiya |
0:fb8047b156bb | 335 | |
| rahul_dahiya |
0:fb8047b156bb | 336 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 337 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 338 | |
| rahul_dahiya |
0:fb8047b156bb | 339 | *p++ = 0x00; |
| rahul_dahiya |
0:fb8047b156bb | 340 | *p++ = 2; |
| rahul_dahiya |
0:fb8047b156bb | 341 | |
| rahul_dahiya |
0:fb8047b156bb | 342 | *p++ = 1; |
| rahul_dahiya |
0:fb8047b156bb | 343 | *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; |
| rahul_dahiya |
0:fb8047b156bb | 344 | |
| rahul_dahiya |
0:fb8047b156bb | 345 | *olen = 6; |
| rahul_dahiya |
0:fb8047b156bb | 346 | } |
| rahul_dahiya |
0:fb8047b156bb | 347 | #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || |
| rahul_dahiya |
0:fb8047b156bb | 348 | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 349 | |
| rahul_dahiya |
0:fb8047b156bb | 350 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 351 | static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 352 | unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 353 | size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 354 | { |
| rahul_dahiya |
0:fb8047b156bb | 355 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 356 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 357 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 358 | size_t kkpp_len; |
| rahul_dahiya |
0:fb8047b156bb | 359 | |
| rahul_dahiya |
0:fb8047b156bb | 360 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 361 | |
| rahul_dahiya |
0:fb8047b156bb | 362 | /* Skip costly extension if we can't use EC J-PAKE anyway */ |
| rahul_dahiya |
0:fb8047b156bb | 363 | if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 364 | return; |
| rahul_dahiya |
0:fb8047b156bb | 365 | |
| rahul_dahiya |
0:fb8047b156bb | 366 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 367 | |
| rahul_dahiya |
0:fb8047b156bb | 368 | if( end - p < 4 ) |
| rahul_dahiya |
0:fb8047b156bb | 369 | { |
| rahul_dahiya |
0:fb8047b156bb | 370 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 371 | return; |
| rahul_dahiya |
0:fb8047b156bb | 372 | } |
| rahul_dahiya |
0:fb8047b156bb | 373 | |
| rahul_dahiya |
0:fb8047b156bb | 374 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 375 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 376 | |
| rahul_dahiya |
0:fb8047b156bb | 377 | /* |
| rahul_dahiya |
0:fb8047b156bb | 378 | * We may need to send ClientHello multiple times for Hello verification. |
| rahul_dahiya |
0:fb8047b156bb | 379 | * We don't want to compute fresh values every time (both for performance |
| rahul_dahiya |
0:fb8047b156bb | 380 | * and consistency reasons), so cache the extension content. |
| rahul_dahiya |
0:fb8047b156bb | 381 | */ |
| rahul_dahiya |
0:fb8047b156bb | 382 | if( ssl->handshake->ecjpake_cache == NULL || |
| rahul_dahiya |
0:fb8047b156bb | 383 | ssl->handshake->ecjpake_cache_len == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 384 | { |
| rahul_dahiya |
0:fb8047b156bb | 385 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 386 | |
| rahul_dahiya |
0:fb8047b156bb | 387 | ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 388 | p + 2, end - p - 2, &kkpp_len, |
| rahul_dahiya |
0:fb8047b156bb | 389 | ssl->conf->f_rng, ssl->conf->p_rng ); |
| rahul_dahiya |
0:fb8047b156bb | 390 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 391 | { |
| rahul_dahiya |
0:fb8047b156bb | 392 | MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 393 | return; |
| rahul_dahiya |
0:fb8047b156bb | 394 | } |
| rahul_dahiya |
0:fb8047b156bb | 395 | |
| rahul_dahiya |
0:fb8047b156bb | 396 | ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len ); |
| rahul_dahiya |
0:fb8047b156bb | 397 | if( ssl->handshake->ecjpake_cache == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 398 | { |
| rahul_dahiya |
0:fb8047b156bb | 399 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 400 | return; |
| rahul_dahiya |
0:fb8047b156bb | 401 | } |
| rahul_dahiya |
0:fb8047b156bb | 402 | |
| rahul_dahiya |
0:fb8047b156bb | 403 | memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len ); |
| rahul_dahiya |
0:fb8047b156bb | 404 | ssl->handshake->ecjpake_cache_len = kkpp_len; |
| rahul_dahiya |
0:fb8047b156bb | 405 | } |
| rahul_dahiya |
0:fb8047b156bb | 406 | else |
| rahul_dahiya |
0:fb8047b156bb | 407 | { |
| rahul_dahiya |
0:fb8047b156bb | 408 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 409 | |
| rahul_dahiya |
0:fb8047b156bb | 410 | kkpp_len = ssl->handshake->ecjpake_cache_len; |
| rahul_dahiya |
0:fb8047b156bb | 411 | |
| rahul_dahiya |
0:fb8047b156bb | 412 | if( (size_t)( end - p - 2 ) < kkpp_len ) |
| rahul_dahiya |
0:fb8047b156bb | 413 | { |
| rahul_dahiya |
0:fb8047b156bb | 414 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 415 | return; |
| rahul_dahiya |
0:fb8047b156bb | 416 | } |
| rahul_dahiya |
0:fb8047b156bb | 417 | |
| rahul_dahiya |
0:fb8047b156bb | 418 | memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); |
| rahul_dahiya |
0:fb8047b156bb | 419 | } |
| rahul_dahiya |
0:fb8047b156bb | 420 | |
| rahul_dahiya |
0:fb8047b156bb | 421 | *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 422 | *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 423 | |
| rahul_dahiya |
0:fb8047b156bb | 424 | *olen = kkpp_len + 4; |
| rahul_dahiya |
0:fb8047b156bb | 425 | } |
| rahul_dahiya |
0:fb8047b156bb | 426 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 427 | |
| rahul_dahiya |
0:fb8047b156bb | 428 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| rahul_dahiya |
0:fb8047b156bb | 429 | static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 430 | unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 431 | size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 432 | { |
| rahul_dahiya |
0:fb8047b156bb | 433 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 434 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 435 | |
| rahul_dahiya |
0:fb8047b156bb | 436 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 437 | |
| rahul_dahiya |
0:fb8047b156bb | 438 | if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) { |
| rahul_dahiya |
0:fb8047b156bb | 439 | return; |
| rahul_dahiya |
0:fb8047b156bb | 440 | } |
| rahul_dahiya |
0:fb8047b156bb | 441 | |
| rahul_dahiya |
0:fb8047b156bb | 442 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 443 | |
| rahul_dahiya |
0:fb8047b156bb | 444 | if( end < p || (size_t)( end - p ) < 5 ) |
| rahul_dahiya |
0:fb8047b156bb | 445 | { |
| rahul_dahiya |
0:fb8047b156bb | 446 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 447 | return; |
| rahul_dahiya |
0:fb8047b156bb | 448 | } |
| rahul_dahiya |
0:fb8047b156bb | 449 | |
| rahul_dahiya |
0:fb8047b156bb | 450 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 451 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 452 | |
| rahul_dahiya |
0:fb8047b156bb | 453 | *p++ = 0x00; |
| rahul_dahiya |
0:fb8047b156bb | 454 | *p++ = 1; |
| rahul_dahiya |
0:fb8047b156bb | 455 | |
| rahul_dahiya |
0:fb8047b156bb | 456 | *p++ = ssl->conf->mfl_code; |
| rahul_dahiya |
0:fb8047b156bb | 457 | |
| rahul_dahiya |
0:fb8047b156bb | 458 | *olen = 5; |
| rahul_dahiya |
0:fb8047b156bb | 459 | } |
| rahul_dahiya |
0:fb8047b156bb | 460 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
| rahul_dahiya |
0:fb8047b156bb | 461 | |
| rahul_dahiya |
0:fb8047b156bb | 462 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
| rahul_dahiya |
0:fb8047b156bb | 463 | static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 464 | unsigned char *buf, size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 465 | { |
| rahul_dahiya |
0:fb8047b156bb | 466 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 467 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 468 | |
| rahul_dahiya |
0:fb8047b156bb | 469 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 470 | |
| rahul_dahiya |
0:fb8047b156bb | 471 | if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) |
| rahul_dahiya |
0:fb8047b156bb | 472 | { |
| rahul_dahiya |
0:fb8047b156bb | 473 | return; |
| rahul_dahiya |
0:fb8047b156bb | 474 | } |
| rahul_dahiya |
0:fb8047b156bb | 475 | |
| rahul_dahiya |
0:fb8047b156bb | 476 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 477 | |
| rahul_dahiya |
0:fb8047b156bb | 478 | if( end < p || (size_t)( end - p ) < 4 ) |
| rahul_dahiya |
0:fb8047b156bb | 479 | { |
| rahul_dahiya |
0:fb8047b156bb | 480 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 481 | return; |
| rahul_dahiya |
0:fb8047b156bb | 482 | } |
| rahul_dahiya |
0:fb8047b156bb | 483 | |
| rahul_dahiya |
0:fb8047b156bb | 484 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 485 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 486 | |
| rahul_dahiya |
0:fb8047b156bb | 487 | *p++ = 0x00; |
| rahul_dahiya |
0:fb8047b156bb | 488 | *p++ = 0x00; |
| rahul_dahiya |
0:fb8047b156bb | 489 | |
| rahul_dahiya |
0:fb8047b156bb | 490 | *olen = 4; |
| rahul_dahiya |
0:fb8047b156bb | 491 | } |
| rahul_dahiya |
0:fb8047b156bb | 492 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
| rahul_dahiya |
0:fb8047b156bb | 493 | |
| rahul_dahiya |
0:fb8047b156bb | 494 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 495 | static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 496 | unsigned char *buf, size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 497 | { |
| rahul_dahiya |
0:fb8047b156bb | 498 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 499 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 500 | |
| rahul_dahiya |
0:fb8047b156bb | 501 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 502 | |
| rahul_dahiya |
0:fb8047b156bb | 503 | if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || |
| rahul_dahiya |
0:fb8047b156bb | 504 | ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 505 | { |
| rahul_dahiya |
0:fb8047b156bb | 506 | return; |
| rahul_dahiya |
0:fb8047b156bb | 507 | } |
| rahul_dahiya |
0:fb8047b156bb | 508 | |
| rahul_dahiya |
0:fb8047b156bb | 509 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac " |
| rahul_dahiya |
0:fb8047b156bb | 510 | "extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 511 | |
| rahul_dahiya |
0:fb8047b156bb | 512 | if( end < p || (size_t)( end - p ) < 4 ) |
| rahul_dahiya |
0:fb8047b156bb | 513 | { |
| rahul_dahiya |
0:fb8047b156bb | 514 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 515 | return; |
| rahul_dahiya |
0:fb8047b156bb | 516 | } |
| rahul_dahiya |
0:fb8047b156bb | 517 | |
| rahul_dahiya |
0:fb8047b156bb | 518 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 519 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 520 | |
| rahul_dahiya |
0:fb8047b156bb | 521 | *p++ = 0x00; |
| rahul_dahiya |
0:fb8047b156bb | 522 | *p++ = 0x00; |
| rahul_dahiya |
0:fb8047b156bb | 523 | |
| rahul_dahiya |
0:fb8047b156bb | 524 | *olen = 4; |
| rahul_dahiya |
0:fb8047b156bb | 525 | } |
| rahul_dahiya |
0:fb8047b156bb | 526 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
| rahul_dahiya |
0:fb8047b156bb | 527 | |
| rahul_dahiya |
0:fb8047b156bb | 528 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| rahul_dahiya |
0:fb8047b156bb | 529 | static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 530 | unsigned char *buf, size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 531 | { |
| rahul_dahiya |
0:fb8047b156bb | 532 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 533 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 534 | |
| rahul_dahiya |
0:fb8047b156bb | 535 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 536 | |
| rahul_dahiya |
0:fb8047b156bb | 537 | if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || |
| rahul_dahiya |
0:fb8047b156bb | 538 | ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) |
| rahul_dahiya |
0:fb8047b156bb | 539 | { |
| rahul_dahiya |
0:fb8047b156bb | 540 | return; |
| rahul_dahiya |
0:fb8047b156bb | 541 | } |
| rahul_dahiya |
0:fb8047b156bb | 542 | |
| rahul_dahiya |
0:fb8047b156bb | 543 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret " |
| rahul_dahiya |
0:fb8047b156bb | 544 | "extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 545 | |
| rahul_dahiya |
0:fb8047b156bb | 546 | if( end < p || (size_t)( end - p ) < 4 ) |
| rahul_dahiya |
0:fb8047b156bb | 547 | { |
| rahul_dahiya |
0:fb8047b156bb | 548 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 549 | return; |
| rahul_dahiya |
0:fb8047b156bb | 550 | } |
| rahul_dahiya |
0:fb8047b156bb | 551 | |
| rahul_dahiya |
0:fb8047b156bb | 552 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 553 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 554 | |
| rahul_dahiya |
0:fb8047b156bb | 555 | *p++ = 0x00; |
| rahul_dahiya |
0:fb8047b156bb | 556 | *p++ = 0x00; |
| rahul_dahiya |
0:fb8047b156bb | 557 | |
| rahul_dahiya |
0:fb8047b156bb | 558 | *olen = 4; |
| rahul_dahiya |
0:fb8047b156bb | 559 | } |
| rahul_dahiya |
0:fb8047b156bb | 560 | #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ |
| rahul_dahiya |
0:fb8047b156bb | 561 | |
| rahul_dahiya |
0:fb8047b156bb | 562 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| rahul_dahiya |
0:fb8047b156bb | 563 | static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 564 | unsigned char *buf, size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 565 | { |
| rahul_dahiya |
0:fb8047b156bb | 566 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 567 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 568 | size_t tlen = ssl->session_negotiate->ticket_len; |
| rahul_dahiya |
0:fb8047b156bb | 569 | |
| rahul_dahiya |
0:fb8047b156bb | 570 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 571 | |
| rahul_dahiya |
0:fb8047b156bb | 572 | if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) |
| rahul_dahiya |
0:fb8047b156bb | 573 | { |
| rahul_dahiya |
0:fb8047b156bb | 574 | return; |
| rahul_dahiya |
0:fb8047b156bb | 575 | } |
| rahul_dahiya |
0:fb8047b156bb | 576 | |
| rahul_dahiya |
0:fb8047b156bb | 577 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 578 | |
| rahul_dahiya |
0:fb8047b156bb | 579 | if( end < p || (size_t)( end - p ) < 4 + tlen ) |
| rahul_dahiya |
0:fb8047b156bb | 580 | { |
| rahul_dahiya |
0:fb8047b156bb | 581 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 582 | return; |
| rahul_dahiya |
0:fb8047b156bb | 583 | } |
| rahul_dahiya |
0:fb8047b156bb | 584 | |
| rahul_dahiya |
0:fb8047b156bb | 585 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 586 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 587 | |
| rahul_dahiya |
0:fb8047b156bb | 588 | *p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 589 | *p++ = (unsigned char)( ( tlen ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 590 | |
| rahul_dahiya |
0:fb8047b156bb | 591 | *olen = 4; |
| rahul_dahiya |
0:fb8047b156bb | 592 | |
| rahul_dahiya |
0:fb8047b156bb | 593 | if( ssl->session_negotiate->ticket == NULL || tlen == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 594 | { |
| rahul_dahiya |
0:fb8047b156bb | 595 | return; |
| rahul_dahiya |
0:fb8047b156bb | 596 | } |
| rahul_dahiya |
0:fb8047b156bb | 597 | |
| rahul_dahiya |
0:fb8047b156bb | 598 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 599 | |
| rahul_dahiya |
0:fb8047b156bb | 600 | memcpy( p, ssl->session_negotiate->ticket, tlen ); |
| rahul_dahiya |
0:fb8047b156bb | 601 | |
| rahul_dahiya |
0:fb8047b156bb | 602 | *olen += tlen; |
| rahul_dahiya |
0:fb8047b156bb | 603 | } |
| rahul_dahiya |
0:fb8047b156bb | 604 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
| rahul_dahiya |
0:fb8047b156bb | 605 | |
| rahul_dahiya |
0:fb8047b156bb | 606 | #if defined(MBEDTLS_SSL_ALPN) |
| rahul_dahiya |
0:fb8047b156bb | 607 | static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 608 | unsigned char *buf, size_t *olen ) |
| rahul_dahiya |
0:fb8047b156bb | 609 | { |
| rahul_dahiya |
0:fb8047b156bb | 610 | unsigned char *p = buf; |
| rahul_dahiya |
0:fb8047b156bb | 611 | const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN; |
| rahul_dahiya |
0:fb8047b156bb | 612 | size_t alpnlen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 613 | const char **cur; |
| rahul_dahiya |
0:fb8047b156bb | 614 | |
| rahul_dahiya |
0:fb8047b156bb | 615 | *olen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 616 | |
| rahul_dahiya |
0:fb8047b156bb | 617 | if( ssl->conf->alpn_list == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 618 | { |
| rahul_dahiya |
0:fb8047b156bb | 619 | return; |
| rahul_dahiya |
0:fb8047b156bb | 620 | } |
| rahul_dahiya |
0:fb8047b156bb | 621 | |
| rahul_dahiya |
0:fb8047b156bb | 622 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 623 | |
| rahul_dahiya |
0:fb8047b156bb | 624 | for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) |
| rahul_dahiya |
0:fb8047b156bb | 625 | alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1; |
| rahul_dahiya |
0:fb8047b156bb | 626 | |
| rahul_dahiya |
0:fb8047b156bb | 627 | if( end < p || (size_t)( end - p ) < 6 + alpnlen ) |
| rahul_dahiya |
0:fb8047b156bb | 628 | { |
| rahul_dahiya |
0:fb8047b156bb | 629 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 630 | return; |
| rahul_dahiya |
0:fb8047b156bb | 631 | } |
| rahul_dahiya |
0:fb8047b156bb | 632 | |
| rahul_dahiya |
0:fb8047b156bb | 633 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 634 | *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 635 | |
| rahul_dahiya |
0:fb8047b156bb | 636 | /* |
| rahul_dahiya |
0:fb8047b156bb | 637 | * opaque ProtocolName<1..2^8-1>; |
| rahul_dahiya |
0:fb8047b156bb | 638 | * |
| rahul_dahiya |
0:fb8047b156bb | 639 | * struct { |
| rahul_dahiya |
0:fb8047b156bb | 640 | * ProtocolName protocol_name_list<2..2^16-1> |
| rahul_dahiya |
0:fb8047b156bb | 641 | * } ProtocolNameList; |
| rahul_dahiya |
0:fb8047b156bb | 642 | */ |
| rahul_dahiya |
0:fb8047b156bb | 643 | |
| rahul_dahiya |
0:fb8047b156bb | 644 | /* Skip writing extension and list length for now */ |
| rahul_dahiya |
0:fb8047b156bb | 645 | p += 4; |
| rahul_dahiya |
0:fb8047b156bb | 646 | |
| rahul_dahiya |
0:fb8047b156bb | 647 | for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) |
| rahul_dahiya |
0:fb8047b156bb | 648 | { |
| rahul_dahiya |
0:fb8047b156bb | 649 | *p = (unsigned char)( strlen( *cur ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 650 | memcpy( p + 1, *cur, *p ); |
| rahul_dahiya |
0:fb8047b156bb | 651 | p += 1 + *p; |
| rahul_dahiya |
0:fb8047b156bb | 652 | } |
| rahul_dahiya |
0:fb8047b156bb | 653 | |
| rahul_dahiya |
0:fb8047b156bb | 654 | *olen = p - buf; |
| rahul_dahiya |
0:fb8047b156bb | 655 | |
| rahul_dahiya |
0:fb8047b156bb | 656 | /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ |
| rahul_dahiya |
0:fb8047b156bb | 657 | buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 658 | buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 659 | |
| rahul_dahiya |
0:fb8047b156bb | 660 | /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ |
| rahul_dahiya |
0:fb8047b156bb | 661 | buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 662 | buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 663 | } |
| rahul_dahiya |
0:fb8047b156bb | 664 | #endif /* MBEDTLS_SSL_ALPN */ |
| rahul_dahiya |
0:fb8047b156bb | 665 | |
| rahul_dahiya |
0:fb8047b156bb | 666 | /* |
| rahul_dahiya |
0:fb8047b156bb | 667 | * Generate random bytes for ClientHello |
| rahul_dahiya |
0:fb8047b156bb | 668 | */ |
| rahul_dahiya |
0:fb8047b156bb | 669 | static int ssl_generate_random( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 670 | { |
| rahul_dahiya |
0:fb8047b156bb | 671 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 672 | unsigned char *p = ssl->handshake->randbytes; |
| rahul_dahiya |
0:fb8047b156bb | 673 | #if defined(MBEDTLS_HAVE_TIME) |
| rahul_dahiya |
0:fb8047b156bb | 674 | mbedtls_time_t t; |
| rahul_dahiya |
0:fb8047b156bb | 675 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 676 | |
| rahul_dahiya |
0:fb8047b156bb | 677 | /* |
| rahul_dahiya |
0:fb8047b156bb | 678 | * When responding to a verify request, MUST reuse random (RFC 6347 4.2.1) |
| rahul_dahiya |
0:fb8047b156bb | 679 | */ |
| rahul_dahiya |
0:fb8047b156bb | 680 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 681 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| rahul_dahiya |
0:fb8047b156bb | 682 | ssl->handshake->verify_cookie != NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 683 | { |
| rahul_dahiya |
0:fb8047b156bb | 684 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 685 | } |
| rahul_dahiya |
0:fb8047b156bb | 686 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 687 | |
| rahul_dahiya |
0:fb8047b156bb | 688 | #if defined(MBEDTLS_HAVE_TIME) |
| rahul_dahiya |
0:fb8047b156bb | 689 | t = mbedtls_time( NULL ); |
| rahul_dahiya |
0:fb8047b156bb | 690 | *p++ = (unsigned char)( t >> 24 ); |
| rahul_dahiya |
0:fb8047b156bb | 691 | *p++ = (unsigned char)( t >> 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 692 | *p++ = (unsigned char)( t >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 693 | *p++ = (unsigned char)( t ); |
| rahul_dahiya |
0:fb8047b156bb | 694 | |
| rahul_dahiya |
0:fb8047b156bb | 695 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); |
| rahul_dahiya |
0:fb8047b156bb | 696 | #else |
| rahul_dahiya |
0:fb8047b156bb | 697 | if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 698 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 699 | |
| rahul_dahiya |
0:fb8047b156bb | 700 | p += 4; |
| rahul_dahiya |
0:fb8047b156bb | 701 | #endif /* MBEDTLS_HAVE_TIME */ |
| rahul_dahiya |
0:fb8047b156bb | 702 | |
| rahul_dahiya |
0:fb8047b156bb | 703 | if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 704 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 705 | |
| rahul_dahiya |
0:fb8047b156bb | 706 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 707 | } |
| rahul_dahiya |
0:fb8047b156bb | 708 | |
| rahul_dahiya |
0:fb8047b156bb | 709 | static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 710 | { |
| rahul_dahiya |
0:fb8047b156bb | 711 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 712 | size_t i, n, olen, ext_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 713 | unsigned char *buf; |
| rahul_dahiya |
0:fb8047b156bb | 714 | unsigned char *p, *q; |
| rahul_dahiya |
0:fb8047b156bb | 715 | unsigned char offer_compress; |
| rahul_dahiya |
0:fb8047b156bb | 716 | const int *ciphersuites; |
| rahul_dahiya |
0:fb8047b156bb | 717 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info; |
| rahul_dahiya |
0:fb8047b156bb | 718 | |
| rahul_dahiya |
0:fb8047b156bb | 719 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 720 | |
| rahul_dahiya |
0:fb8047b156bb | 721 | if( ssl->conf->f_rng == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 722 | { |
| rahul_dahiya |
0:fb8047b156bb | 723 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") ); |
| rahul_dahiya |
0:fb8047b156bb | 724 | return( MBEDTLS_ERR_SSL_NO_RNG ); |
| rahul_dahiya |
0:fb8047b156bb | 725 | } |
| rahul_dahiya |
0:fb8047b156bb | 726 | |
| rahul_dahiya |
0:fb8047b156bb | 727 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 728 | if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 729 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 730 | { |
| rahul_dahiya |
0:fb8047b156bb | 731 | ssl->major_ver = ssl->conf->min_major_ver; |
| rahul_dahiya |
0:fb8047b156bb | 732 | ssl->minor_ver = ssl->conf->min_minor_ver; |
| rahul_dahiya |
0:fb8047b156bb | 733 | } |
| rahul_dahiya |
0:fb8047b156bb | 734 | |
| rahul_dahiya |
0:fb8047b156bb | 735 | if( ssl->conf->max_major_ver == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 736 | { |
| rahul_dahiya |
0:fb8047b156bb | 737 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, " |
| rahul_dahiya |
0:fb8047b156bb | 738 | "consider using mbedtls_ssl_config_defaults()" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 739 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 740 | } |
| rahul_dahiya |
0:fb8047b156bb | 741 | |
| rahul_dahiya |
0:fb8047b156bb | 742 | /* |
| rahul_dahiya |
0:fb8047b156bb | 743 | * 0 . 0 handshake type |
| rahul_dahiya |
0:fb8047b156bb | 744 | * 1 . 3 handshake length |
| rahul_dahiya |
0:fb8047b156bb | 745 | * 4 . 5 highest version supported |
| rahul_dahiya |
0:fb8047b156bb | 746 | * 6 . 9 current UNIX time |
| rahul_dahiya |
0:fb8047b156bb | 747 | * 10 . 37 random bytes |
| rahul_dahiya |
0:fb8047b156bb | 748 | */ |
| rahul_dahiya |
0:fb8047b156bb | 749 | buf = ssl->out_msg; |
| rahul_dahiya |
0:fb8047b156bb | 750 | p = buf + 4; |
| rahul_dahiya |
0:fb8047b156bb | 751 | |
| rahul_dahiya |
0:fb8047b156bb | 752 | mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, |
| rahul_dahiya |
0:fb8047b156bb | 753 | ssl->conf->transport, p ); |
| rahul_dahiya |
0:fb8047b156bb | 754 | p += 2; |
| rahul_dahiya |
0:fb8047b156bb | 755 | |
| rahul_dahiya |
0:fb8047b156bb | 756 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]", |
| rahul_dahiya |
0:fb8047b156bb | 757 | buf[4], buf[5] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 758 | |
| rahul_dahiya |
0:fb8047b156bb | 759 | if( ( ret = ssl_generate_random( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 760 | { |
| rahul_dahiya |
0:fb8047b156bb | 761 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 762 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 763 | } |
| rahul_dahiya |
0:fb8047b156bb | 764 | |
| rahul_dahiya |
0:fb8047b156bb | 765 | memcpy( p, ssl->handshake->randbytes, 32 ); |
| rahul_dahiya |
0:fb8047b156bb | 766 | MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, 32 ); |
| rahul_dahiya |
0:fb8047b156bb | 767 | p += 32; |
| rahul_dahiya |
0:fb8047b156bb | 768 | |
| rahul_dahiya |
0:fb8047b156bb | 769 | /* |
| rahul_dahiya |
0:fb8047b156bb | 770 | * 38 . 38 session id length |
| rahul_dahiya |
0:fb8047b156bb | 771 | * 39 . 39+n session id |
| rahul_dahiya |
0:fb8047b156bb | 772 | * 39+n . 39+n DTLS only: cookie length (1 byte) |
| rahul_dahiya |
0:fb8047b156bb | 773 | * 40+n . .. DTSL only: cookie |
| rahul_dahiya |
0:fb8047b156bb | 774 | * .. . .. ciphersuitelist length (2 bytes) |
| rahul_dahiya |
0:fb8047b156bb | 775 | * .. . .. ciphersuitelist |
| rahul_dahiya |
0:fb8047b156bb | 776 | * .. . .. compression methods length (1 byte) |
| rahul_dahiya |
0:fb8047b156bb | 777 | * .. . .. compression methods |
| rahul_dahiya |
0:fb8047b156bb | 778 | * .. . .. extensions length (2 bytes) |
| rahul_dahiya |
0:fb8047b156bb | 779 | * .. . .. extensions |
| rahul_dahiya |
0:fb8047b156bb | 780 | */ |
| rahul_dahiya |
0:fb8047b156bb | 781 | n = ssl->session_negotiate->id_len; |
| rahul_dahiya |
0:fb8047b156bb | 782 | |
| rahul_dahiya |
0:fb8047b156bb | 783 | if( n < 16 || n > 32 || |
| rahul_dahiya |
0:fb8047b156bb | 784 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 785 | ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || |
| rahul_dahiya |
0:fb8047b156bb | 786 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 787 | ssl->handshake->resume == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 788 | { |
| rahul_dahiya |
0:fb8047b156bb | 789 | n = 0; |
| rahul_dahiya |
0:fb8047b156bb | 790 | } |
| rahul_dahiya |
0:fb8047b156bb | 791 | |
| rahul_dahiya |
0:fb8047b156bb | 792 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| rahul_dahiya |
0:fb8047b156bb | 793 | /* |
| rahul_dahiya |
0:fb8047b156bb | 794 | * RFC 5077 section 3.4: "When presenting a ticket, the client MAY |
| rahul_dahiya |
0:fb8047b156bb | 795 | * generate and include a Session ID in the TLS ClientHello." |
| rahul_dahiya |
0:fb8047b156bb | 796 | */ |
| rahul_dahiya |
0:fb8047b156bb | 797 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 798 | if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 799 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 800 | { |
| rahul_dahiya |
0:fb8047b156bb | 801 | if( ssl->session_negotiate->ticket != NULL && |
| rahul_dahiya |
0:fb8047b156bb | 802 | ssl->session_negotiate->ticket_len != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 803 | { |
| rahul_dahiya |
0:fb8047b156bb | 804 | ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 ); |
| rahul_dahiya |
0:fb8047b156bb | 805 | |
| rahul_dahiya |
0:fb8047b156bb | 806 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 807 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 808 | |
| rahul_dahiya |
0:fb8047b156bb | 809 | ssl->session_negotiate->id_len = n = 32; |
| rahul_dahiya |
0:fb8047b156bb | 810 | } |
| rahul_dahiya |
0:fb8047b156bb | 811 | } |
| rahul_dahiya |
0:fb8047b156bb | 812 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
| rahul_dahiya |
0:fb8047b156bb | 813 | |
| rahul_dahiya |
0:fb8047b156bb | 814 | *p++ = (unsigned char) n; |
| rahul_dahiya |
0:fb8047b156bb | 815 | |
| rahul_dahiya |
0:fb8047b156bb | 816 | for( i = 0; i < n; i++ ) |
| rahul_dahiya |
0:fb8047b156bb | 817 | *p++ = ssl->session_negotiate->id[i]; |
| rahul_dahiya |
0:fb8047b156bb | 818 | |
| rahul_dahiya |
0:fb8047b156bb | 819 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) ); |
| rahul_dahiya |
0:fb8047b156bb | 820 | MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n ); |
| rahul_dahiya |
0:fb8047b156bb | 821 | |
| rahul_dahiya |
0:fb8047b156bb | 822 | /* |
| rahul_dahiya |
0:fb8047b156bb | 823 | * DTLS cookie |
| rahul_dahiya |
0:fb8047b156bb | 824 | */ |
| rahul_dahiya |
0:fb8047b156bb | 825 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 826 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 827 | { |
| rahul_dahiya |
0:fb8047b156bb | 828 | if( ssl->handshake->verify_cookie == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 829 | { |
| rahul_dahiya |
0:fb8047b156bb | 830 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 831 | *p++ = 0; |
| rahul_dahiya |
0:fb8047b156bb | 832 | } |
| rahul_dahiya |
0:fb8047b156bb | 833 | else |
| rahul_dahiya |
0:fb8047b156bb | 834 | { |
| rahul_dahiya |
0:fb8047b156bb | 835 | MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie", |
| rahul_dahiya |
0:fb8047b156bb | 836 | ssl->handshake->verify_cookie, |
| rahul_dahiya |
0:fb8047b156bb | 837 | ssl->handshake->verify_cookie_len ); |
| rahul_dahiya |
0:fb8047b156bb | 838 | |
| rahul_dahiya |
0:fb8047b156bb | 839 | *p++ = ssl->handshake->verify_cookie_len; |
| rahul_dahiya |
0:fb8047b156bb | 840 | memcpy( p, ssl->handshake->verify_cookie, |
| rahul_dahiya |
0:fb8047b156bb | 841 | ssl->handshake->verify_cookie_len ); |
| rahul_dahiya |
0:fb8047b156bb | 842 | p += ssl->handshake->verify_cookie_len; |
| rahul_dahiya |
0:fb8047b156bb | 843 | } |
| rahul_dahiya |
0:fb8047b156bb | 844 | } |
| rahul_dahiya |
0:fb8047b156bb | 845 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 846 | |
| rahul_dahiya |
0:fb8047b156bb | 847 | /* |
| rahul_dahiya |
0:fb8047b156bb | 848 | * Ciphersuite list |
| rahul_dahiya |
0:fb8047b156bb | 849 | */ |
| rahul_dahiya |
0:fb8047b156bb | 850 | ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver]; |
| rahul_dahiya |
0:fb8047b156bb | 851 | |
| rahul_dahiya |
0:fb8047b156bb | 852 | /* Skip writing ciphersuite length for now */ |
| rahul_dahiya |
0:fb8047b156bb | 853 | n = 0; |
| rahul_dahiya |
0:fb8047b156bb | 854 | q = p; |
| rahul_dahiya |
0:fb8047b156bb | 855 | p += 2; |
| rahul_dahiya |
0:fb8047b156bb | 856 | |
| rahul_dahiya |
0:fb8047b156bb | 857 | for( i = 0; ciphersuites[i] != 0; i++ ) |
| rahul_dahiya |
0:fb8047b156bb | 858 | { |
| rahul_dahiya |
0:fb8047b156bb | 859 | ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); |
| rahul_dahiya |
0:fb8047b156bb | 860 | |
| rahul_dahiya |
0:fb8047b156bb | 861 | if( ciphersuite_info == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 862 | continue; |
| rahul_dahiya |
0:fb8047b156bb | 863 | |
| rahul_dahiya |
0:fb8047b156bb | 864 | if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver || |
| rahul_dahiya |
0:fb8047b156bb | 865 | ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver ) |
| rahul_dahiya |
0:fb8047b156bb | 866 | continue; |
| rahul_dahiya |
0:fb8047b156bb | 867 | |
| rahul_dahiya |
0:fb8047b156bb | 868 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 869 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| rahul_dahiya |
0:fb8047b156bb | 870 | ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) ) |
| rahul_dahiya |
0:fb8047b156bb | 871 | continue; |
| rahul_dahiya |
0:fb8047b156bb | 872 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 873 | |
| rahul_dahiya |
0:fb8047b156bb | 874 | #if defined(MBEDTLS_ARC4_C) |
| rahul_dahiya |
0:fb8047b156bb | 875 | if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && |
| rahul_dahiya |
0:fb8047b156bb | 876 | ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) |
| rahul_dahiya |
0:fb8047b156bb | 877 | continue; |
| rahul_dahiya |
0:fb8047b156bb | 878 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 879 | |
| rahul_dahiya |
0:fb8047b156bb | 880 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 881 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && |
| rahul_dahiya |
0:fb8047b156bb | 882 | mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 883 | continue; |
| rahul_dahiya |
0:fb8047b156bb | 884 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 885 | |
| rahul_dahiya |
0:fb8047b156bb | 886 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x", |
| rahul_dahiya |
0:fb8047b156bb | 887 | ciphersuites[i] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 888 | |
| rahul_dahiya |
0:fb8047b156bb | 889 | n++; |
| rahul_dahiya |
0:fb8047b156bb | 890 | *p++ = (unsigned char)( ciphersuites[i] >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 891 | *p++ = (unsigned char)( ciphersuites[i] ); |
| rahul_dahiya |
0:fb8047b156bb | 892 | } |
| rahul_dahiya |
0:fb8047b156bb | 893 | |
| rahul_dahiya |
0:fb8047b156bb | 894 | /* |
| rahul_dahiya |
0:fb8047b156bb | 895 | * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV |
| rahul_dahiya |
0:fb8047b156bb | 896 | */ |
| rahul_dahiya |
0:fb8047b156bb | 897 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 898 | if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 899 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 900 | { |
| rahul_dahiya |
0:fb8047b156bb | 901 | *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 902 | *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); |
| rahul_dahiya |
0:fb8047b156bb | 903 | n++; |
| rahul_dahiya |
0:fb8047b156bb | 904 | } |
| rahul_dahiya |
0:fb8047b156bb | 905 | |
| rahul_dahiya |
0:fb8047b156bb | 906 | /* Some versions of OpenSSL don't handle it correctly if not at end */ |
| rahul_dahiya |
0:fb8047b156bb | 907 | #if defined(MBEDTLS_SSL_FALLBACK_SCSV) |
| rahul_dahiya |
0:fb8047b156bb | 908 | if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK ) |
| rahul_dahiya |
0:fb8047b156bb | 909 | { |
| rahul_dahiya |
0:fb8047b156bb | 910 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 911 | *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 912 | *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ); |
| rahul_dahiya |
0:fb8047b156bb | 913 | n++; |
| rahul_dahiya |
0:fb8047b156bb | 914 | } |
| rahul_dahiya |
0:fb8047b156bb | 915 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 916 | |
| rahul_dahiya |
0:fb8047b156bb | 917 | *q++ = (unsigned char)( n >> 7 ); |
| rahul_dahiya |
0:fb8047b156bb | 918 | *q++ = (unsigned char)( n << 1 ); |
| rahul_dahiya |
0:fb8047b156bb | 919 | |
| rahul_dahiya |
0:fb8047b156bb | 920 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) ); |
| rahul_dahiya |
0:fb8047b156bb | 921 | |
| rahul_dahiya |
0:fb8047b156bb | 922 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| rahul_dahiya |
0:fb8047b156bb | 923 | offer_compress = 1; |
| rahul_dahiya |
0:fb8047b156bb | 924 | #else |
| rahul_dahiya |
0:fb8047b156bb | 925 | offer_compress = 0; |
| rahul_dahiya |
0:fb8047b156bb | 926 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 927 | |
| rahul_dahiya |
0:fb8047b156bb | 928 | /* |
| rahul_dahiya |
0:fb8047b156bb | 929 | * We don't support compression with DTLS right now: is many records come |
| rahul_dahiya |
0:fb8047b156bb | 930 | * in the same datagram, uncompressing one could overwrite the next one. |
| rahul_dahiya |
0:fb8047b156bb | 931 | * We don't want to add complexity for handling that case unless there is |
| rahul_dahiya |
0:fb8047b156bb | 932 | * an actual need for it. |
| rahul_dahiya |
0:fb8047b156bb | 933 | */ |
| rahul_dahiya |
0:fb8047b156bb | 934 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 935 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 936 | offer_compress = 0; |
| rahul_dahiya |
0:fb8047b156bb | 937 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 938 | |
| rahul_dahiya |
0:fb8047b156bb | 939 | if( offer_compress ) |
| rahul_dahiya |
0:fb8047b156bb | 940 | { |
| rahul_dahiya |
0:fb8047b156bb | 941 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 942 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d", |
| rahul_dahiya |
0:fb8047b156bb | 943 | MBEDTLS_SSL_COMPRESS_DEFLATE, MBEDTLS_SSL_COMPRESS_NULL ) ); |
| rahul_dahiya |
0:fb8047b156bb | 944 | |
| rahul_dahiya |
0:fb8047b156bb | 945 | *p++ = 2; |
| rahul_dahiya |
0:fb8047b156bb | 946 | *p++ = MBEDTLS_SSL_COMPRESS_DEFLATE; |
| rahul_dahiya |
0:fb8047b156bb | 947 | *p++ = MBEDTLS_SSL_COMPRESS_NULL; |
| rahul_dahiya |
0:fb8047b156bb | 948 | } |
| rahul_dahiya |
0:fb8047b156bb | 949 | else |
| rahul_dahiya |
0:fb8047b156bb | 950 | { |
| rahul_dahiya |
0:fb8047b156bb | 951 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) ); |
| rahul_dahiya |
0:fb8047b156bb | 952 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d", |
| rahul_dahiya |
0:fb8047b156bb | 953 | MBEDTLS_SSL_COMPRESS_NULL ) ); |
| rahul_dahiya |
0:fb8047b156bb | 954 | |
| rahul_dahiya |
0:fb8047b156bb | 955 | *p++ = 1; |
| rahul_dahiya |
0:fb8047b156bb | 956 | *p++ = MBEDTLS_SSL_COMPRESS_NULL; |
| rahul_dahiya |
0:fb8047b156bb | 957 | } |
| rahul_dahiya |
0:fb8047b156bb | 958 | |
| rahul_dahiya |
0:fb8047b156bb | 959 | // First write extensions, then the total length |
| rahul_dahiya |
0:fb8047b156bb | 960 | // |
| rahul_dahiya |
0:fb8047b156bb | 961 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| rahul_dahiya |
0:fb8047b156bb | 962 | ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 963 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 964 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 965 | |
| rahul_dahiya |
0:fb8047b156bb | 966 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 967 | ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 968 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 969 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 970 | |
| rahul_dahiya |
0:fb8047b156bb | 971 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ |
| rahul_dahiya |
0:fb8047b156bb | 972 | defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 973 | ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 974 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 975 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 976 | |
| rahul_dahiya |
0:fb8047b156bb | 977 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ |
| rahul_dahiya |
0:fb8047b156bb | 978 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 979 | ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 980 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 981 | |
| rahul_dahiya |
0:fb8047b156bb | 982 | ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 983 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 984 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 985 | |
| rahul_dahiya |
0:fb8047b156bb | 986 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 987 | ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 988 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 989 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 990 | |
| rahul_dahiya |
0:fb8047b156bb | 991 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| rahul_dahiya |
0:fb8047b156bb | 992 | ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 993 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 994 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 995 | |
| rahul_dahiya |
0:fb8047b156bb | 996 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
| rahul_dahiya |
0:fb8047b156bb | 997 | ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 998 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 999 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1000 | |
| rahul_dahiya |
0:fb8047b156bb | 1001 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 1002 | ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 1003 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 1004 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1005 | |
| rahul_dahiya |
0:fb8047b156bb | 1006 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| rahul_dahiya |
0:fb8047b156bb | 1007 | ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 1008 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 1009 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1010 | |
| rahul_dahiya |
0:fb8047b156bb | 1011 | #if defined(MBEDTLS_SSL_ALPN) |
| rahul_dahiya |
0:fb8047b156bb | 1012 | ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 1013 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 1014 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1015 | |
| rahul_dahiya |
0:fb8047b156bb | 1016 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| rahul_dahiya |
0:fb8047b156bb | 1017 | ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); |
| rahul_dahiya |
0:fb8047b156bb | 1018 | ext_len += olen; |
| rahul_dahiya |
0:fb8047b156bb | 1019 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1020 | |
| rahul_dahiya |
0:fb8047b156bb | 1021 | /* olen unused if all extensions are disabled */ |
| rahul_dahiya |
0:fb8047b156bb | 1022 | ((void) olen); |
| rahul_dahiya |
0:fb8047b156bb | 1023 | |
| rahul_dahiya |
0:fb8047b156bb | 1024 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d", |
| rahul_dahiya |
0:fb8047b156bb | 1025 | ext_len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1026 | |
| rahul_dahiya |
0:fb8047b156bb | 1027 | if( ext_len > 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1028 | { |
| rahul_dahiya |
0:fb8047b156bb | 1029 | *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 1030 | *p++ = (unsigned char)( ( ext_len ) & 0xFF ); |
| rahul_dahiya |
0:fb8047b156bb | 1031 | p += ext_len; |
| rahul_dahiya |
0:fb8047b156bb | 1032 | } |
| rahul_dahiya |
0:fb8047b156bb | 1033 | |
| rahul_dahiya |
0:fb8047b156bb | 1034 | ssl->out_msglen = p - buf; |
| rahul_dahiya |
0:fb8047b156bb | 1035 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
| rahul_dahiya |
0:fb8047b156bb | 1036 | ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_HELLO; |
| rahul_dahiya |
0:fb8047b156bb | 1037 | |
| rahul_dahiya |
0:fb8047b156bb | 1038 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 1039 | |
| rahul_dahiya |
0:fb8047b156bb | 1040 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 1041 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 1042 | mbedtls_ssl_send_flight_completed( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 1043 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1044 | |
| rahul_dahiya |
0:fb8047b156bb | 1045 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1046 | { |
| rahul_dahiya |
0:fb8047b156bb | 1047 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1048 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1049 | } |
| rahul_dahiya |
0:fb8047b156bb | 1050 | |
| rahul_dahiya |
0:fb8047b156bb | 1051 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1052 | |
| rahul_dahiya |
0:fb8047b156bb | 1053 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1054 | } |
| rahul_dahiya |
0:fb8047b156bb | 1055 | |
| rahul_dahiya |
0:fb8047b156bb | 1056 | static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1057 | const unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 1058 | size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 1059 | { |
| rahul_dahiya |
0:fb8047b156bb | 1060 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 1061 | if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 1062 | { |
| rahul_dahiya |
0:fb8047b156bb | 1063 | /* Check verify-data in constant-time. The length OTOH is no secret */ |
| rahul_dahiya |
0:fb8047b156bb | 1064 | if( len != 1 + ssl->verify_data_len * 2 || |
| rahul_dahiya |
0:fb8047b156bb | 1065 | buf[0] != ssl->verify_data_len * 2 || |
| rahul_dahiya |
0:fb8047b156bb | 1066 | mbedtls_ssl_safer_memcmp( buf + 1, |
| rahul_dahiya |
0:fb8047b156bb | 1067 | ssl->own_verify_data, ssl->verify_data_len ) != 0 || |
| rahul_dahiya |
0:fb8047b156bb | 1068 | mbedtls_ssl_safer_memcmp( buf + 1 + ssl->verify_data_len, |
| rahul_dahiya |
0:fb8047b156bb | 1069 | ssl->peer_verify_data, ssl->verify_data_len ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1070 | { |
| rahul_dahiya |
0:fb8047b156bb | 1071 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1072 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1073 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1074 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1075 | } |
| rahul_dahiya |
0:fb8047b156bb | 1076 | } |
| rahul_dahiya |
0:fb8047b156bb | 1077 | else |
| rahul_dahiya |
0:fb8047b156bb | 1078 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
| rahul_dahiya |
0:fb8047b156bb | 1079 | { |
| rahul_dahiya |
0:fb8047b156bb | 1080 | if( len != 1 || buf[0] != 0x00 ) |
| rahul_dahiya |
0:fb8047b156bb | 1081 | { |
| rahul_dahiya |
0:fb8047b156bb | 1082 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1083 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1084 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1085 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1086 | } |
| rahul_dahiya |
0:fb8047b156bb | 1087 | |
| rahul_dahiya |
0:fb8047b156bb | 1088 | ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; |
| rahul_dahiya |
0:fb8047b156bb | 1089 | } |
| rahul_dahiya |
0:fb8047b156bb | 1090 | |
| rahul_dahiya |
0:fb8047b156bb | 1091 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1092 | } |
| rahul_dahiya |
0:fb8047b156bb | 1093 | |
| rahul_dahiya |
0:fb8047b156bb | 1094 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| rahul_dahiya |
0:fb8047b156bb | 1095 | static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1096 | const unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 1097 | size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 1098 | { |
| rahul_dahiya |
0:fb8047b156bb | 1099 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1100 | * server should use the extension only if we did, |
| rahul_dahiya |
0:fb8047b156bb | 1101 | * and if so the server's value should match ours (and len is always 1) |
| rahul_dahiya |
0:fb8047b156bb | 1102 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1103 | if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE || |
| rahul_dahiya |
0:fb8047b156bb | 1104 | len != 1 || |
| rahul_dahiya |
0:fb8047b156bb | 1105 | buf[0] != ssl->conf->mfl_code ) |
| rahul_dahiya |
0:fb8047b156bb | 1106 | { |
| rahul_dahiya |
0:fb8047b156bb | 1107 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching max fragment length extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1108 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1109 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1110 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1111 | } |
| rahul_dahiya |
0:fb8047b156bb | 1112 | |
| rahul_dahiya |
0:fb8047b156bb | 1113 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1114 | } |
| rahul_dahiya |
0:fb8047b156bb | 1115 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
| rahul_dahiya |
0:fb8047b156bb | 1116 | |
| rahul_dahiya |
0:fb8047b156bb | 1117 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
| rahul_dahiya |
0:fb8047b156bb | 1118 | static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1119 | const unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 1120 | size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 1121 | { |
| rahul_dahiya |
0:fb8047b156bb | 1122 | if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED || |
| rahul_dahiya |
0:fb8047b156bb | 1123 | len != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1124 | { |
| rahul_dahiya |
0:fb8047b156bb | 1125 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching truncated HMAC extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1126 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1127 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1128 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1129 | } |
| rahul_dahiya |
0:fb8047b156bb | 1130 | |
| rahul_dahiya |
0:fb8047b156bb | 1131 | ((void) buf); |
| rahul_dahiya |
0:fb8047b156bb | 1132 | |
| rahul_dahiya |
0:fb8047b156bb | 1133 | ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; |
| rahul_dahiya |
0:fb8047b156bb | 1134 | |
| rahul_dahiya |
0:fb8047b156bb | 1135 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1136 | } |
| rahul_dahiya |
0:fb8047b156bb | 1137 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
| rahul_dahiya |
0:fb8047b156bb | 1138 | |
| rahul_dahiya |
0:fb8047b156bb | 1139 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 1140 | static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1141 | const unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 1142 | size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 1143 | { |
| rahul_dahiya |
0:fb8047b156bb | 1144 | if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || |
| rahul_dahiya |
0:fb8047b156bb | 1145 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || |
| rahul_dahiya |
0:fb8047b156bb | 1146 | len != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1147 | { |
| rahul_dahiya |
0:fb8047b156bb | 1148 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching encrypt-then-MAC extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1149 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1150 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1151 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1152 | } |
| rahul_dahiya |
0:fb8047b156bb | 1153 | |
| rahul_dahiya |
0:fb8047b156bb | 1154 | ((void) buf); |
| rahul_dahiya |
0:fb8047b156bb | 1155 | |
| rahul_dahiya |
0:fb8047b156bb | 1156 | ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; |
| rahul_dahiya |
0:fb8047b156bb | 1157 | |
| rahul_dahiya |
0:fb8047b156bb | 1158 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1159 | } |
| rahul_dahiya |
0:fb8047b156bb | 1160 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
| rahul_dahiya |
0:fb8047b156bb | 1161 | |
| rahul_dahiya |
0:fb8047b156bb | 1162 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| rahul_dahiya |
0:fb8047b156bb | 1163 | static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1164 | const unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 1165 | size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 1166 | { |
| rahul_dahiya |
0:fb8047b156bb | 1167 | if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || |
| rahul_dahiya |
0:fb8047b156bb | 1168 | ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || |
| rahul_dahiya |
0:fb8047b156bb | 1169 | len != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1170 | { |
| rahul_dahiya |
0:fb8047b156bb | 1171 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching extended master secret extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1172 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1173 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1174 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1175 | } |
| rahul_dahiya |
0:fb8047b156bb | 1176 | |
| rahul_dahiya |
0:fb8047b156bb | 1177 | ((void) buf); |
| rahul_dahiya |
0:fb8047b156bb | 1178 | |
| rahul_dahiya |
0:fb8047b156bb | 1179 | ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; |
| rahul_dahiya |
0:fb8047b156bb | 1180 | |
| rahul_dahiya |
0:fb8047b156bb | 1181 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1182 | } |
| rahul_dahiya |
0:fb8047b156bb | 1183 | #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ |
| rahul_dahiya |
0:fb8047b156bb | 1184 | |
| rahul_dahiya |
0:fb8047b156bb | 1185 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| rahul_dahiya |
0:fb8047b156bb | 1186 | static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1187 | const unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 1188 | size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 1189 | { |
| rahul_dahiya |
0:fb8047b156bb | 1190 | if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || |
| rahul_dahiya |
0:fb8047b156bb | 1191 | len != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1192 | { |
| rahul_dahiya |
0:fb8047b156bb | 1193 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching session ticket extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1194 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1195 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1196 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1197 | } |
| rahul_dahiya |
0:fb8047b156bb | 1198 | |
| rahul_dahiya |
0:fb8047b156bb | 1199 | ((void) buf); |
| rahul_dahiya |
0:fb8047b156bb | 1200 | |
| rahul_dahiya |
0:fb8047b156bb | 1201 | ssl->handshake->new_session_ticket = 1; |
| rahul_dahiya |
0:fb8047b156bb | 1202 | |
| rahul_dahiya |
0:fb8047b156bb | 1203 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1204 | } |
| rahul_dahiya |
0:fb8047b156bb | 1205 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
| rahul_dahiya |
0:fb8047b156bb | 1206 | |
| rahul_dahiya |
0:fb8047b156bb | 1207 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ |
| rahul_dahiya |
0:fb8047b156bb | 1208 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1209 | static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1210 | const unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 1211 | size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 1212 | { |
| rahul_dahiya |
0:fb8047b156bb | 1213 | size_t list_size; |
| rahul_dahiya |
0:fb8047b156bb | 1214 | const unsigned char *p; |
| rahul_dahiya |
0:fb8047b156bb | 1215 | |
| rahul_dahiya |
0:fb8047b156bb | 1216 | list_size = buf[0]; |
| rahul_dahiya |
0:fb8047b156bb | 1217 | if( list_size + 1 != len ) |
| rahul_dahiya |
0:fb8047b156bb | 1218 | { |
| rahul_dahiya |
0:fb8047b156bb | 1219 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1220 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1221 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1222 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1223 | } |
| rahul_dahiya |
0:fb8047b156bb | 1224 | |
| rahul_dahiya |
0:fb8047b156bb | 1225 | p = buf + 1; |
| rahul_dahiya |
0:fb8047b156bb | 1226 | while( list_size > 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1227 | { |
| rahul_dahiya |
0:fb8047b156bb | 1228 | if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || |
| rahul_dahiya |
0:fb8047b156bb | 1229 | p[0] == MBEDTLS_ECP_PF_COMPRESSED ) |
| rahul_dahiya |
0:fb8047b156bb | 1230 | { |
| rahul_dahiya |
0:fb8047b156bb | 1231 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) |
| rahul_dahiya |
0:fb8047b156bb | 1232 | ssl->handshake->ecdh_ctx.point_format = p[0]; |
| rahul_dahiya |
0:fb8047b156bb | 1233 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1234 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1235 | ssl->handshake->ecjpake_ctx.point_format = p[0]; |
| rahul_dahiya |
0:fb8047b156bb | 1236 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1237 | MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1238 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1239 | } |
| rahul_dahiya |
0:fb8047b156bb | 1240 | |
| rahul_dahiya |
0:fb8047b156bb | 1241 | list_size--; |
| rahul_dahiya |
0:fb8047b156bb | 1242 | p++; |
| rahul_dahiya |
0:fb8047b156bb | 1243 | } |
| rahul_dahiya |
0:fb8047b156bb | 1244 | |
| rahul_dahiya |
0:fb8047b156bb | 1245 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "no point format in common" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1246 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1247 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1248 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1249 | } |
| rahul_dahiya |
0:fb8047b156bb | 1250 | #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || |
| rahul_dahiya |
0:fb8047b156bb | 1251 | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 1252 | |
| rahul_dahiya |
0:fb8047b156bb | 1253 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1254 | static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1255 | const unsigned char *buf, |
| rahul_dahiya |
0:fb8047b156bb | 1256 | size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 1257 | { |
| rahul_dahiya |
0:fb8047b156bb | 1258 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 1259 | |
| rahul_dahiya |
0:fb8047b156bb | 1260 | if( ssl->transform_negotiate->ciphersuite_info->key_exchange != |
| rahul_dahiya |
0:fb8047b156bb | 1261 | MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 1262 | { |
| rahul_dahiya |
0:fb8047b156bb | 1263 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1264 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1265 | } |
| rahul_dahiya |
0:fb8047b156bb | 1266 | |
| rahul_dahiya |
0:fb8047b156bb | 1267 | /* If we got here, we no longer need our cached extension */ |
| rahul_dahiya |
0:fb8047b156bb | 1268 | mbedtls_free( ssl->handshake->ecjpake_cache ); |
| rahul_dahiya |
0:fb8047b156bb | 1269 | ssl->handshake->ecjpake_cache = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 1270 | ssl->handshake->ecjpake_cache_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1271 | |
| rahul_dahiya |
0:fb8047b156bb | 1272 | if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 1273 | buf, len ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1274 | { |
| rahul_dahiya |
0:fb8047b156bb | 1275 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1276 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1277 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1278 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1279 | } |
| rahul_dahiya |
0:fb8047b156bb | 1280 | |
| rahul_dahiya |
0:fb8047b156bb | 1281 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1282 | } |
| rahul_dahiya |
0:fb8047b156bb | 1283 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 1284 | |
| rahul_dahiya |
0:fb8047b156bb | 1285 | #if defined(MBEDTLS_SSL_ALPN) |
| rahul_dahiya |
0:fb8047b156bb | 1286 | static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1287 | const unsigned char *buf, size_t len ) |
| rahul_dahiya |
0:fb8047b156bb | 1288 | { |
| rahul_dahiya |
0:fb8047b156bb | 1289 | size_t list_len, name_len; |
| rahul_dahiya |
0:fb8047b156bb | 1290 | const char **p; |
| rahul_dahiya |
0:fb8047b156bb | 1291 | |
| rahul_dahiya |
0:fb8047b156bb | 1292 | /* If we didn't send it, the server shouldn't send it */ |
| rahul_dahiya |
0:fb8047b156bb | 1293 | if( ssl->conf->alpn_list == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 1294 | { |
| rahul_dahiya |
0:fb8047b156bb | 1295 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1296 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1297 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1298 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1299 | } |
| rahul_dahiya |
0:fb8047b156bb | 1300 | |
| rahul_dahiya |
0:fb8047b156bb | 1301 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1302 | * opaque ProtocolName<1..2^8-1>; |
| rahul_dahiya |
0:fb8047b156bb | 1303 | * |
| rahul_dahiya |
0:fb8047b156bb | 1304 | * struct { |
| rahul_dahiya |
0:fb8047b156bb | 1305 | * ProtocolName protocol_name_list<2..2^16-1> |
| rahul_dahiya |
0:fb8047b156bb | 1306 | * } ProtocolNameList; |
| rahul_dahiya |
0:fb8047b156bb | 1307 | * |
| rahul_dahiya |
0:fb8047b156bb | 1308 | * the "ProtocolNameList" MUST contain exactly one "ProtocolName" |
| rahul_dahiya |
0:fb8047b156bb | 1309 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1310 | |
| rahul_dahiya |
0:fb8047b156bb | 1311 | /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */ |
| rahul_dahiya |
0:fb8047b156bb | 1312 | if( len < 4 ) |
| rahul_dahiya |
0:fb8047b156bb | 1313 | { |
| rahul_dahiya |
0:fb8047b156bb | 1314 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1315 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1316 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1317 | } |
| rahul_dahiya |
0:fb8047b156bb | 1318 | |
| rahul_dahiya |
0:fb8047b156bb | 1319 | list_len = ( buf[0] << 8 ) | buf[1]; |
| rahul_dahiya |
0:fb8047b156bb | 1320 | if( list_len != len - 2 ) |
| rahul_dahiya |
0:fb8047b156bb | 1321 | { |
| rahul_dahiya |
0:fb8047b156bb | 1322 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1323 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1324 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1325 | } |
| rahul_dahiya |
0:fb8047b156bb | 1326 | |
| rahul_dahiya |
0:fb8047b156bb | 1327 | name_len = buf[2]; |
| rahul_dahiya |
0:fb8047b156bb | 1328 | if( name_len != list_len - 1 ) |
| rahul_dahiya |
0:fb8047b156bb | 1329 | { |
| rahul_dahiya |
0:fb8047b156bb | 1330 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1331 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1332 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1333 | } |
| rahul_dahiya |
0:fb8047b156bb | 1334 | |
| rahul_dahiya |
0:fb8047b156bb | 1335 | /* Check that the server chosen protocol was in our list and save it */ |
| rahul_dahiya |
0:fb8047b156bb | 1336 | for( p = ssl->conf->alpn_list; *p != NULL; p++ ) |
| rahul_dahiya |
0:fb8047b156bb | 1337 | { |
| rahul_dahiya |
0:fb8047b156bb | 1338 | if( name_len == strlen( *p ) && |
| rahul_dahiya |
0:fb8047b156bb | 1339 | memcmp( buf + 3, *p, name_len ) == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1340 | { |
| rahul_dahiya |
0:fb8047b156bb | 1341 | ssl->alpn_chosen = *p; |
| rahul_dahiya |
0:fb8047b156bb | 1342 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1343 | } |
| rahul_dahiya |
0:fb8047b156bb | 1344 | } |
| rahul_dahiya |
0:fb8047b156bb | 1345 | |
| rahul_dahiya |
0:fb8047b156bb | 1346 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "ALPN extension: no matching protocol" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1347 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1348 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1349 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1350 | } |
| rahul_dahiya |
0:fb8047b156bb | 1351 | #endif /* MBEDTLS_SSL_ALPN */ |
| rahul_dahiya |
0:fb8047b156bb | 1352 | |
| rahul_dahiya |
0:fb8047b156bb | 1353 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1354 | * Parse HelloVerifyRequest. Only called after verifying the HS type. |
| rahul_dahiya |
0:fb8047b156bb | 1355 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1356 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 1357 | static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 1358 | { |
| rahul_dahiya |
0:fb8047b156bb | 1359 | const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 1360 | int major_ver, minor_ver; |
| rahul_dahiya |
0:fb8047b156bb | 1361 | unsigned char cookie_len; |
| rahul_dahiya |
0:fb8047b156bb | 1362 | |
| rahul_dahiya |
0:fb8047b156bb | 1363 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1364 | |
| rahul_dahiya |
0:fb8047b156bb | 1365 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1366 | * struct { |
| rahul_dahiya |
0:fb8047b156bb | 1367 | * ProtocolVersion server_version; |
| rahul_dahiya |
0:fb8047b156bb | 1368 | * opaque cookie<0..2^8-1>; |
| rahul_dahiya |
0:fb8047b156bb | 1369 | * } HelloVerifyRequest; |
| rahul_dahiya |
0:fb8047b156bb | 1370 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1371 | MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 ); |
| rahul_dahiya |
0:fb8047b156bb | 1372 | mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p ); |
| rahul_dahiya |
0:fb8047b156bb | 1373 | p += 2; |
| rahul_dahiya |
0:fb8047b156bb | 1374 | |
| rahul_dahiya |
0:fb8047b156bb | 1375 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1376 | * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1) |
| rahul_dahiya |
0:fb8047b156bb | 1377 | * even is lower than our min version. |
| rahul_dahiya |
0:fb8047b156bb | 1378 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1379 | if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || |
| rahul_dahiya |
0:fb8047b156bb | 1380 | minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 || |
| rahul_dahiya |
0:fb8047b156bb | 1381 | major_ver > ssl->conf->max_major_ver || |
| rahul_dahiya |
0:fb8047b156bb | 1382 | minor_ver > ssl->conf->max_minor_ver ) |
| rahul_dahiya |
0:fb8047b156bb | 1383 | { |
| rahul_dahiya |
0:fb8047b156bb | 1384 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1385 | |
| rahul_dahiya |
0:fb8047b156bb | 1386 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1387 | MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); |
| rahul_dahiya |
0:fb8047b156bb | 1388 | |
| rahul_dahiya |
0:fb8047b156bb | 1389 | return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); |
| rahul_dahiya |
0:fb8047b156bb | 1390 | } |
| rahul_dahiya |
0:fb8047b156bb | 1391 | |
| rahul_dahiya |
0:fb8047b156bb | 1392 | cookie_len = *p++; |
| rahul_dahiya |
0:fb8047b156bb | 1393 | MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len ); |
| rahul_dahiya |
0:fb8047b156bb | 1394 | |
| rahul_dahiya |
0:fb8047b156bb | 1395 | if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len ) |
| rahul_dahiya |
0:fb8047b156bb | 1396 | { |
| rahul_dahiya |
0:fb8047b156bb | 1397 | MBEDTLS_SSL_DEBUG_MSG( 1, |
| rahul_dahiya |
0:fb8047b156bb | 1398 | ( "cookie length does not match incoming message size" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1399 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1400 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1401 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1402 | } |
| rahul_dahiya |
0:fb8047b156bb | 1403 | |
| rahul_dahiya |
0:fb8047b156bb | 1404 | mbedtls_free( ssl->handshake->verify_cookie ); |
| rahul_dahiya |
0:fb8047b156bb | 1405 | |
| rahul_dahiya |
0:fb8047b156bb | 1406 | ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len ); |
| rahul_dahiya |
0:fb8047b156bb | 1407 | if( ssl->handshake->verify_cookie == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 1408 | { |
| rahul_dahiya |
0:fb8047b156bb | 1409 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1410 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 1411 | } |
| rahul_dahiya |
0:fb8047b156bb | 1412 | |
| rahul_dahiya |
0:fb8047b156bb | 1413 | memcpy( ssl->handshake->verify_cookie, p, cookie_len ); |
| rahul_dahiya |
0:fb8047b156bb | 1414 | ssl->handshake->verify_cookie_len = cookie_len; |
| rahul_dahiya |
0:fb8047b156bb | 1415 | |
| rahul_dahiya |
0:fb8047b156bb | 1416 | /* Start over at ClientHello */ |
| rahul_dahiya |
0:fb8047b156bb | 1417 | ssl->state = MBEDTLS_SSL_CLIENT_HELLO; |
| rahul_dahiya |
0:fb8047b156bb | 1418 | mbedtls_ssl_reset_checksum( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 1419 | |
| rahul_dahiya |
0:fb8047b156bb | 1420 | mbedtls_ssl_recv_flight_completed( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 1421 | |
| rahul_dahiya |
0:fb8047b156bb | 1422 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse hello verify request" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1423 | |
| rahul_dahiya |
0:fb8047b156bb | 1424 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1425 | } |
| rahul_dahiya |
0:fb8047b156bb | 1426 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 1427 | |
| rahul_dahiya |
0:fb8047b156bb | 1428 | static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 1429 | { |
| rahul_dahiya |
0:fb8047b156bb | 1430 | int ret, i; |
| rahul_dahiya |
0:fb8047b156bb | 1431 | size_t n; |
| rahul_dahiya |
0:fb8047b156bb | 1432 | size_t ext_len; |
| rahul_dahiya |
0:fb8047b156bb | 1433 | unsigned char *buf, *ext; |
| rahul_dahiya |
0:fb8047b156bb | 1434 | unsigned char comp; |
| rahul_dahiya |
0:fb8047b156bb | 1435 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| rahul_dahiya |
0:fb8047b156bb | 1436 | int accept_comp; |
| rahul_dahiya |
0:fb8047b156bb | 1437 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1438 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 1439 | int renegotiation_info_seen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1440 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1441 | int handshake_failure = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1442 | const mbedtls_ssl_ciphersuite_t *suite_info; |
| rahul_dahiya |
0:fb8047b156bb | 1443 | #if defined(MBEDTLS_DEBUG_C) |
| rahul_dahiya |
0:fb8047b156bb | 1444 | uint32_t t; |
| rahul_dahiya |
0:fb8047b156bb | 1445 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1446 | |
| rahul_dahiya |
0:fb8047b156bb | 1447 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1448 | |
| rahul_dahiya |
0:fb8047b156bb | 1449 | buf = ssl->in_msg; |
| rahul_dahiya |
0:fb8047b156bb | 1450 | |
| rahul_dahiya |
0:fb8047b156bb | 1451 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1452 | { |
| rahul_dahiya |
0:fb8047b156bb | 1453 | /* No alert on a read error. */ |
| rahul_dahiya |
0:fb8047b156bb | 1454 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1455 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1456 | } |
| rahul_dahiya |
0:fb8047b156bb | 1457 | |
| rahul_dahiya |
0:fb8047b156bb | 1458 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 1459 | { |
| rahul_dahiya |
0:fb8047b156bb | 1460 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 1461 | if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) |
| rahul_dahiya |
0:fb8047b156bb | 1462 | { |
| rahul_dahiya |
0:fb8047b156bb | 1463 | ssl->renego_records_seen++; |
| rahul_dahiya |
0:fb8047b156bb | 1464 | |
| rahul_dahiya |
0:fb8047b156bb | 1465 | if( ssl->conf->renego_max_records >= 0 && |
| rahul_dahiya |
0:fb8047b156bb | 1466 | ssl->renego_records_seen > ssl->conf->renego_max_records ) |
| rahul_dahiya |
0:fb8047b156bb | 1467 | { |
| rahul_dahiya |
0:fb8047b156bb | 1468 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, " |
| rahul_dahiya |
0:fb8047b156bb | 1469 | "but not honored by server" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1470 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 1471 | } |
| rahul_dahiya |
0:fb8047b156bb | 1472 | |
| rahul_dahiya |
0:fb8047b156bb | 1473 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1474 | |
| rahul_dahiya |
0:fb8047b156bb | 1475 | ssl->keep_current_message = 1; |
| rahul_dahiya |
0:fb8047b156bb | 1476 | return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ); |
| rahul_dahiya |
0:fb8047b156bb | 1477 | } |
| rahul_dahiya |
0:fb8047b156bb | 1478 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
| rahul_dahiya |
0:fb8047b156bb | 1479 | |
| rahul_dahiya |
0:fb8047b156bb | 1480 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1481 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1482 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 1483 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 1484 | } |
| rahul_dahiya |
0:fb8047b156bb | 1485 | |
| rahul_dahiya |
0:fb8047b156bb | 1486 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 1487 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 1488 | { |
| rahul_dahiya |
0:fb8047b156bb | 1489 | if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) |
| rahul_dahiya |
0:fb8047b156bb | 1490 | { |
| rahul_dahiya |
0:fb8047b156bb | 1491 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "received hello verify request" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1492 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1493 | return( ssl_parse_hello_verify_request( ssl ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1494 | } |
| rahul_dahiya |
0:fb8047b156bb | 1495 | else |
| rahul_dahiya |
0:fb8047b156bb | 1496 | { |
| rahul_dahiya |
0:fb8047b156bb | 1497 | /* We made it through the verification process */ |
| rahul_dahiya |
0:fb8047b156bb | 1498 | mbedtls_free( ssl->handshake->verify_cookie ); |
| rahul_dahiya |
0:fb8047b156bb | 1499 | ssl->handshake->verify_cookie = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 1500 | ssl->handshake->verify_cookie_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1501 | } |
| rahul_dahiya |
0:fb8047b156bb | 1502 | } |
| rahul_dahiya |
0:fb8047b156bb | 1503 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
| rahul_dahiya |
0:fb8047b156bb | 1504 | |
| rahul_dahiya |
0:fb8047b156bb | 1505 | if( ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len( ssl ) || |
| rahul_dahiya |
0:fb8047b156bb | 1506 | buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO ) |
| rahul_dahiya |
0:fb8047b156bb | 1507 | { |
| rahul_dahiya |
0:fb8047b156bb | 1508 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1509 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1510 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1511 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1512 | } |
| rahul_dahiya |
0:fb8047b156bb | 1513 | |
| rahul_dahiya |
0:fb8047b156bb | 1514 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1515 | * 0 . 1 server_version |
| rahul_dahiya |
0:fb8047b156bb | 1516 | * 2 . 33 random (maybe including 4 bytes of Unix time) |
| rahul_dahiya |
0:fb8047b156bb | 1517 | * 34 . 34 session_id length = n |
| rahul_dahiya |
0:fb8047b156bb | 1518 | * 35 . 34+n session_id |
| rahul_dahiya |
0:fb8047b156bb | 1519 | * 35+n . 36+n cipher_suite |
| rahul_dahiya |
0:fb8047b156bb | 1520 | * 37+n . 37+n compression_method |
| rahul_dahiya |
0:fb8047b156bb | 1521 | * |
| rahul_dahiya |
0:fb8047b156bb | 1522 | * 38+n . 39+n extensions length (optional) |
| rahul_dahiya |
0:fb8047b156bb | 1523 | * 40+n . .. extensions |
| rahul_dahiya |
0:fb8047b156bb | 1524 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1525 | buf += mbedtls_ssl_hs_hdr_len( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 1526 | |
| rahul_dahiya |
0:fb8047b156bb | 1527 | MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 ); |
| rahul_dahiya |
0:fb8047b156bb | 1528 | mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, |
| rahul_dahiya |
0:fb8047b156bb | 1529 | ssl->conf->transport, buf + 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1530 | |
| rahul_dahiya |
0:fb8047b156bb | 1531 | if( ssl->major_ver < ssl->conf->min_major_ver || |
| rahul_dahiya |
0:fb8047b156bb | 1532 | ssl->minor_ver < ssl->conf->min_minor_ver || |
| rahul_dahiya |
0:fb8047b156bb | 1533 | ssl->major_ver > ssl->conf->max_major_ver || |
| rahul_dahiya |
0:fb8047b156bb | 1534 | ssl->minor_ver > ssl->conf->max_minor_ver ) |
| rahul_dahiya |
0:fb8047b156bb | 1535 | { |
| rahul_dahiya |
0:fb8047b156bb | 1536 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - " |
| rahul_dahiya |
0:fb8047b156bb | 1537 | " min: [%d:%d], server: [%d:%d], max: [%d:%d]", |
| rahul_dahiya |
0:fb8047b156bb | 1538 | ssl->conf->min_major_ver, ssl->conf->min_minor_ver, |
| rahul_dahiya |
0:fb8047b156bb | 1539 | ssl->major_ver, ssl->minor_ver, |
| rahul_dahiya |
0:fb8047b156bb | 1540 | ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1541 | |
| rahul_dahiya |
0:fb8047b156bb | 1542 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1543 | MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); |
| rahul_dahiya |
0:fb8047b156bb | 1544 | |
| rahul_dahiya |
0:fb8047b156bb | 1545 | return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); |
| rahul_dahiya |
0:fb8047b156bb | 1546 | } |
| rahul_dahiya |
0:fb8047b156bb | 1547 | |
| rahul_dahiya |
0:fb8047b156bb | 1548 | #if defined(MBEDTLS_DEBUG_C) |
| rahul_dahiya |
0:fb8047b156bb | 1549 | t = ( (uint32_t) buf[2] << 24 ) |
| rahul_dahiya |
0:fb8047b156bb | 1550 | | ( (uint32_t) buf[3] << 16 ) |
| rahul_dahiya |
0:fb8047b156bb | 1551 | | ( (uint32_t) buf[4] << 8 ) |
| rahul_dahiya |
0:fb8047b156bb | 1552 | | ( (uint32_t) buf[5] ); |
| rahul_dahiya |
0:fb8047b156bb | 1553 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1554 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1555 | |
| rahul_dahiya |
0:fb8047b156bb | 1556 | memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); |
| rahul_dahiya |
0:fb8047b156bb | 1557 | |
| rahul_dahiya |
0:fb8047b156bb | 1558 | n = buf[34]; |
| rahul_dahiya |
0:fb8047b156bb | 1559 | |
| rahul_dahiya |
0:fb8047b156bb | 1560 | MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 2, 32 ); |
| rahul_dahiya |
0:fb8047b156bb | 1561 | |
| rahul_dahiya |
0:fb8047b156bb | 1562 | if( n > 32 ) |
| rahul_dahiya |
0:fb8047b156bb | 1563 | { |
| rahul_dahiya |
0:fb8047b156bb | 1564 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1565 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1566 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1567 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1568 | } |
| rahul_dahiya |
0:fb8047b156bb | 1569 | |
| rahul_dahiya |
0:fb8047b156bb | 1570 | if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n ) |
| rahul_dahiya |
0:fb8047b156bb | 1571 | { |
| rahul_dahiya |
0:fb8047b156bb | 1572 | ext_len = ( ( buf[38 + n] << 8 ) |
| rahul_dahiya |
0:fb8047b156bb | 1573 | | ( buf[39 + n] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1574 | |
| rahul_dahiya |
0:fb8047b156bb | 1575 | if( ( ext_len > 0 && ext_len < 4 ) || |
| rahul_dahiya |
0:fb8047b156bb | 1576 | ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len ) |
| rahul_dahiya |
0:fb8047b156bb | 1577 | { |
| rahul_dahiya |
0:fb8047b156bb | 1578 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1579 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1580 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1581 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1582 | } |
| rahul_dahiya |
0:fb8047b156bb | 1583 | } |
| rahul_dahiya |
0:fb8047b156bb | 1584 | else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n ) |
| rahul_dahiya |
0:fb8047b156bb | 1585 | { |
| rahul_dahiya |
0:fb8047b156bb | 1586 | ext_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1587 | } |
| rahul_dahiya |
0:fb8047b156bb | 1588 | else |
| rahul_dahiya |
0:fb8047b156bb | 1589 | { |
| rahul_dahiya |
0:fb8047b156bb | 1590 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1591 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1592 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1593 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1594 | } |
| rahul_dahiya |
0:fb8047b156bb | 1595 | |
| rahul_dahiya |
0:fb8047b156bb | 1596 | /* ciphersuite (used later) */ |
| rahul_dahiya |
0:fb8047b156bb | 1597 | i = ( buf[35 + n] << 8 ) | buf[36 + n]; |
| rahul_dahiya |
0:fb8047b156bb | 1598 | |
| rahul_dahiya |
0:fb8047b156bb | 1599 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1600 | * Read and check compression |
| rahul_dahiya |
0:fb8047b156bb | 1601 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1602 | comp = buf[37 + n]; |
| rahul_dahiya |
0:fb8047b156bb | 1603 | |
| rahul_dahiya |
0:fb8047b156bb | 1604 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| rahul_dahiya |
0:fb8047b156bb | 1605 | /* See comments in ssl_write_client_hello() */ |
| rahul_dahiya |
0:fb8047b156bb | 1606 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 1607 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 1608 | accept_comp = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1609 | else |
| rahul_dahiya |
0:fb8047b156bb | 1610 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1611 | accept_comp = 1; |
| rahul_dahiya |
0:fb8047b156bb | 1612 | |
| rahul_dahiya |
0:fb8047b156bb | 1613 | if( comp != MBEDTLS_SSL_COMPRESS_NULL && |
| rahul_dahiya |
0:fb8047b156bb | 1614 | ( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) ) |
| rahul_dahiya |
0:fb8047b156bb | 1615 | #else /* MBEDTLS_ZLIB_SUPPORT */ |
| rahul_dahiya |
0:fb8047b156bb | 1616 | if( comp != MBEDTLS_SSL_COMPRESS_NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 1617 | #endif/* MBEDTLS_ZLIB_SUPPORT */ |
| rahul_dahiya |
0:fb8047b156bb | 1618 | { |
| rahul_dahiya |
0:fb8047b156bb | 1619 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "server hello, bad compression: %d", comp ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1620 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1621 | MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); |
| rahul_dahiya |
0:fb8047b156bb | 1622 | return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); |
| rahul_dahiya |
0:fb8047b156bb | 1623 | } |
| rahul_dahiya |
0:fb8047b156bb | 1624 | |
| rahul_dahiya |
0:fb8047b156bb | 1625 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1626 | * Initialize update checksum functions |
| rahul_dahiya |
0:fb8047b156bb | 1627 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1628 | ssl->transform_negotiate->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i ); |
| rahul_dahiya |
0:fb8047b156bb | 1629 | |
| rahul_dahiya |
0:fb8047b156bb | 1630 | if( ssl->transform_negotiate->ciphersuite_info == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 1631 | { |
| rahul_dahiya |
0:fb8047b156bb | 1632 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1633 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1634 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1635 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 1636 | } |
| rahul_dahiya |
0:fb8047b156bb | 1637 | |
| rahul_dahiya |
0:fb8047b156bb | 1638 | mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info ); |
| rahul_dahiya |
0:fb8047b156bb | 1639 | |
| rahul_dahiya |
0:fb8047b156bb | 1640 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1641 | MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n ); |
| rahul_dahiya |
0:fb8047b156bb | 1642 | |
| rahul_dahiya |
0:fb8047b156bb | 1643 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1644 | * Check if the session can be resumed |
| rahul_dahiya |
0:fb8047b156bb | 1645 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1646 | if( ssl->handshake->resume == 0 || n == 0 || |
| rahul_dahiya |
0:fb8047b156bb | 1647 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 1648 | ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || |
| rahul_dahiya |
0:fb8047b156bb | 1649 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1650 | ssl->session_negotiate->ciphersuite != i || |
| rahul_dahiya |
0:fb8047b156bb | 1651 | ssl->session_negotiate->compression != comp || |
| rahul_dahiya |
0:fb8047b156bb | 1652 | ssl->session_negotiate->id_len != n || |
| rahul_dahiya |
0:fb8047b156bb | 1653 | memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1654 | { |
| rahul_dahiya |
0:fb8047b156bb | 1655 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 1656 | ssl->handshake->resume = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1657 | #if defined(MBEDTLS_HAVE_TIME) |
| rahul_dahiya |
0:fb8047b156bb | 1658 | ssl->session_negotiate->start = mbedtls_time( NULL ); |
| rahul_dahiya |
0:fb8047b156bb | 1659 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1660 | ssl->session_negotiate->ciphersuite = i; |
| rahul_dahiya |
0:fb8047b156bb | 1661 | ssl->session_negotiate->compression = comp; |
| rahul_dahiya |
0:fb8047b156bb | 1662 | ssl->session_negotiate->id_len = n; |
| rahul_dahiya |
0:fb8047b156bb | 1663 | memcpy( ssl->session_negotiate->id, buf + 35, n ); |
| rahul_dahiya |
0:fb8047b156bb | 1664 | } |
| rahul_dahiya |
0:fb8047b156bb | 1665 | else |
| rahul_dahiya |
0:fb8047b156bb | 1666 | { |
| rahul_dahiya |
0:fb8047b156bb | 1667 | ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; |
| rahul_dahiya |
0:fb8047b156bb | 1668 | |
| rahul_dahiya |
0:fb8047b156bb | 1669 | if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1670 | { |
| rahul_dahiya |
0:fb8047b156bb | 1671 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1672 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1673 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1674 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1675 | } |
| rahul_dahiya |
0:fb8047b156bb | 1676 | } |
| rahul_dahiya |
0:fb8047b156bb | 1677 | |
| rahul_dahiya |
0:fb8047b156bb | 1678 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", |
| rahul_dahiya |
0:fb8047b156bb | 1679 | ssl->handshake->resume ? "a" : "no" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1680 | |
| rahul_dahiya |
0:fb8047b156bb | 1681 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1682 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1683 | |
| rahul_dahiya |
0:fb8047b156bb | 1684 | suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); |
| rahul_dahiya |
0:fb8047b156bb | 1685 | if( suite_info == NULL |
| rahul_dahiya |
0:fb8047b156bb | 1686 | #if defined(MBEDTLS_ARC4_C) |
| rahul_dahiya |
0:fb8047b156bb | 1687 | || ( ssl->conf->arc4_disabled && |
| rahul_dahiya |
0:fb8047b156bb | 1688 | suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) |
| rahul_dahiya |
0:fb8047b156bb | 1689 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1690 | ) |
| rahul_dahiya |
0:fb8047b156bb | 1691 | { |
| rahul_dahiya |
0:fb8047b156bb | 1692 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1693 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1694 | MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); |
| rahul_dahiya |
0:fb8047b156bb | 1695 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1696 | } |
| rahul_dahiya |
0:fb8047b156bb | 1697 | |
| rahul_dahiya |
0:fb8047b156bb | 1698 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1699 | |
| rahul_dahiya |
0:fb8047b156bb | 1700 | i = 0; |
| rahul_dahiya |
0:fb8047b156bb | 1701 | while( 1 ) |
| rahul_dahiya |
0:fb8047b156bb | 1702 | { |
| rahul_dahiya |
0:fb8047b156bb | 1703 | if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1704 | { |
| rahul_dahiya |
0:fb8047b156bb | 1705 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1706 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1707 | MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); |
| rahul_dahiya |
0:fb8047b156bb | 1708 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1709 | } |
| rahul_dahiya |
0:fb8047b156bb | 1710 | |
| rahul_dahiya |
0:fb8047b156bb | 1711 | if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] == |
| rahul_dahiya |
0:fb8047b156bb | 1712 | ssl->session_negotiate->ciphersuite ) |
| rahul_dahiya |
0:fb8047b156bb | 1713 | { |
| rahul_dahiya |
0:fb8047b156bb | 1714 | break; |
| rahul_dahiya |
0:fb8047b156bb | 1715 | } |
| rahul_dahiya |
0:fb8047b156bb | 1716 | } |
| rahul_dahiya |
0:fb8047b156bb | 1717 | |
| rahul_dahiya |
0:fb8047b156bb | 1718 | if( comp != MBEDTLS_SSL_COMPRESS_NULL |
| rahul_dahiya |
0:fb8047b156bb | 1719 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| rahul_dahiya |
0:fb8047b156bb | 1720 | && comp != MBEDTLS_SSL_COMPRESS_DEFLATE |
| rahul_dahiya |
0:fb8047b156bb | 1721 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1722 | ) |
| rahul_dahiya |
0:fb8047b156bb | 1723 | { |
| rahul_dahiya |
0:fb8047b156bb | 1724 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1725 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1726 | MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); |
| rahul_dahiya |
0:fb8047b156bb | 1727 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1728 | } |
| rahul_dahiya |
0:fb8047b156bb | 1729 | ssl->session_negotiate->compression = comp; |
| rahul_dahiya |
0:fb8047b156bb | 1730 | |
| rahul_dahiya |
0:fb8047b156bb | 1731 | ext = buf + 40 + n; |
| rahul_dahiya |
0:fb8047b156bb | 1732 | |
| rahul_dahiya |
0:fb8047b156bb | 1733 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "server hello, total extension length: %d", ext_len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1734 | |
| rahul_dahiya |
0:fb8047b156bb | 1735 | while( ext_len ) |
| rahul_dahiya |
0:fb8047b156bb | 1736 | { |
| rahul_dahiya |
0:fb8047b156bb | 1737 | unsigned int ext_id = ( ( ext[0] << 8 ) |
| rahul_dahiya |
0:fb8047b156bb | 1738 | | ( ext[1] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1739 | unsigned int ext_size = ( ( ext[2] << 8 ) |
| rahul_dahiya |
0:fb8047b156bb | 1740 | | ( ext[3] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1741 | |
| rahul_dahiya |
0:fb8047b156bb | 1742 | if( ext_size + 4 > ext_len ) |
| rahul_dahiya |
0:fb8047b156bb | 1743 | { |
| rahul_dahiya |
0:fb8047b156bb | 1744 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1745 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1746 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1747 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1748 | } |
| rahul_dahiya |
0:fb8047b156bb | 1749 | |
| rahul_dahiya |
0:fb8047b156bb | 1750 | switch( ext_id ) |
| rahul_dahiya |
0:fb8047b156bb | 1751 | { |
| rahul_dahiya |
0:fb8047b156bb | 1752 | case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: |
| rahul_dahiya |
0:fb8047b156bb | 1753 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1754 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 1755 | renegotiation_info_seen = 1; |
| rahul_dahiya |
0:fb8047b156bb | 1756 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1757 | |
| rahul_dahiya |
0:fb8047b156bb | 1758 | if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4, |
| rahul_dahiya |
0:fb8047b156bb | 1759 | ext_size ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1760 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1761 | |
| rahul_dahiya |
0:fb8047b156bb | 1762 | break; |
| rahul_dahiya |
0:fb8047b156bb | 1763 | |
| rahul_dahiya |
0:fb8047b156bb | 1764 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| rahul_dahiya |
0:fb8047b156bb | 1765 | case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: |
| rahul_dahiya |
0:fb8047b156bb | 1766 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max_fragment_length extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1767 | |
| rahul_dahiya |
0:fb8047b156bb | 1768 | if( ( ret = ssl_parse_max_fragment_length_ext( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1769 | ext + 4, ext_size ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1770 | { |
| rahul_dahiya |
0:fb8047b156bb | 1771 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1772 | } |
| rahul_dahiya |
0:fb8047b156bb | 1773 | |
| rahul_dahiya |
0:fb8047b156bb | 1774 | break; |
| rahul_dahiya |
0:fb8047b156bb | 1775 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
| rahul_dahiya |
0:fb8047b156bb | 1776 | |
| rahul_dahiya |
0:fb8047b156bb | 1777 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
| rahul_dahiya |
0:fb8047b156bb | 1778 | case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: |
| rahul_dahiya |
0:fb8047b156bb | 1779 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1780 | |
| rahul_dahiya |
0:fb8047b156bb | 1781 | if( ( ret = ssl_parse_truncated_hmac_ext( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1782 | ext + 4, ext_size ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1783 | { |
| rahul_dahiya |
0:fb8047b156bb | 1784 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1785 | } |
| rahul_dahiya |
0:fb8047b156bb | 1786 | |
| rahul_dahiya |
0:fb8047b156bb | 1787 | break; |
| rahul_dahiya |
0:fb8047b156bb | 1788 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
| rahul_dahiya |
0:fb8047b156bb | 1789 | |
| rahul_dahiya |
0:fb8047b156bb | 1790 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| rahul_dahiya |
0:fb8047b156bb | 1791 | case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: |
| rahul_dahiya |
0:fb8047b156bb | 1792 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1793 | |
| rahul_dahiya |
0:fb8047b156bb | 1794 | if( ( ret = ssl_parse_encrypt_then_mac_ext( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1795 | ext + 4, ext_size ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1796 | { |
| rahul_dahiya |
0:fb8047b156bb | 1797 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1798 | } |
| rahul_dahiya |
0:fb8047b156bb | 1799 | |
| rahul_dahiya |
0:fb8047b156bb | 1800 | break; |
| rahul_dahiya |
0:fb8047b156bb | 1801 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
| rahul_dahiya |
0:fb8047b156bb | 1802 | |
| rahul_dahiya |
0:fb8047b156bb | 1803 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| rahul_dahiya |
0:fb8047b156bb | 1804 | case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: |
| rahul_dahiya |
0:fb8047b156bb | 1805 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended_master_secret extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1806 | |
| rahul_dahiya |
0:fb8047b156bb | 1807 | if( ( ret = ssl_parse_extended_ms_ext( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1808 | ext + 4, ext_size ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1809 | { |
| rahul_dahiya |
0:fb8047b156bb | 1810 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1811 | } |
| rahul_dahiya |
0:fb8047b156bb | 1812 | |
| rahul_dahiya |
0:fb8047b156bb | 1813 | break; |
| rahul_dahiya |
0:fb8047b156bb | 1814 | #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ |
| rahul_dahiya |
0:fb8047b156bb | 1815 | |
| rahul_dahiya |
0:fb8047b156bb | 1816 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| rahul_dahiya |
0:fb8047b156bb | 1817 | case MBEDTLS_TLS_EXT_SESSION_TICKET: |
| rahul_dahiya |
0:fb8047b156bb | 1818 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1819 | |
| rahul_dahiya |
0:fb8047b156bb | 1820 | if( ( ret = ssl_parse_session_ticket_ext( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1821 | ext + 4, ext_size ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1822 | { |
| rahul_dahiya |
0:fb8047b156bb | 1823 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1824 | } |
| rahul_dahiya |
0:fb8047b156bb | 1825 | |
| rahul_dahiya |
0:fb8047b156bb | 1826 | break; |
| rahul_dahiya |
0:fb8047b156bb | 1827 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
| rahul_dahiya |
0:fb8047b156bb | 1828 | |
| rahul_dahiya |
0:fb8047b156bb | 1829 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ |
| rahul_dahiya |
0:fb8047b156bb | 1830 | defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1831 | case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: |
| rahul_dahiya |
0:fb8047b156bb | 1832 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1833 | |
| rahul_dahiya |
0:fb8047b156bb | 1834 | if( ( ret = ssl_parse_supported_point_formats_ext( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1835 | ext + 4, ext_size ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1836 | { |
| rahul_dahiya |
0:fb8047b156bb | 1837 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1838 | } |
| rahul_dahiya |
0:fb8047b156bb | 1839 | |
| rahul_dahiya |
0:fb8047b156bb | 1840 | break; |
| rahul_dahiya |
0:fb8047b156bb | 1841 | #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || |
| rahul_dahiya |
0:fb8047b156bb | 1842 | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 1843 | |
| rahul_dahiya |
0:fb8047b156bb | 1844 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1845 | case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: |
| rahul_dahiya |
0:fb8047b156bb | 1846 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1847 | |
| rahul_dahiya |
0:fb8047b156bb | 1848 | if( ( ret = ssl_parse_ecjpake_kkpp( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 1849 | ext + 4, ext_size ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1850 | { |
| rahul_dahiya |
0:fb8047b156bb | 1851 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1852 | } |
| rahul_dahiya |
0:fb8047b156bb | 1853 | |
| rahul_dahiya |
0:fb8047b156bb | 1854 | break; |
| rahul_dahiya |
0:fb8047b156bb | 1855 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 1856 | |
| rahul_dahiya |
0:fb8047b156bb | 1857 | #if defined(MBEDTLS_SSL_ALPN) |
| rahul_dahiya |
0:fb8047b156bb | 1858 | case MBEDTLS_TLS_EXT_ALPN: |
| rahul_dahiya |
0:fb8047b156bb | 1859 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1860 | |
| rahul_dahiya |
0:fb8047b156bb | 1861 | if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1862 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1863 | |
| rahul_dahiya |
0:fb8047b156bb | 1864 | break; |
| rahul_dahiya |
0:fb8047b156bb | 1865 | #endif /* MBEDTLS_SSL_ALPN */ |
| rahul_dahiya |
0:fb8047b156bb | 1866 | |
| rahul_dahiya |
0:fb8047b156bb | 1867 | default: |
| rahul_dahiya |
0:fb8047b156bb | 1868 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", |
| rahul_dahiya |
0:fb8047b156bb | 1869 | ext_id ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1870 | } |
| rahul_dahiya |
0:fb8047b156bb | 1871 | |
| rahul_dahiya |
0:fb8047b156bb | 1872 | ext_len -= 4 + ext_size; |
| rahul_dahiya |
0:fb8047b156bb | 1873 | ext += 4 + ext_size; |
| rahul_dahiya |
0:fb8047b156bb | 1874 | |
| rahul_dahiya |
0:fb8047b156bb | 1875 | if( ext_len > 0 && ext_len < 4 ) |
| rahul_dahiya |
0:fb8047b156bb | 1876 | { |
| rahul_dahiya |
0:fb8047b156bb | 1877 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1878 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1879 | } |
| rahul_dahiya |
0:fb8047b156bb | 1880 | } |
| rahul_dahiya |
0:fb8047b156bb | 1881 | |
| rahul_dahiya |
0:fb8047b156bb | 1882 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1883 | * Renegotiation security checks |
| rahul_dahiya |
0:fb8047b156bb | 1884 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1885 | if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && |
| rahul_dahiya |
0:fb8047b156bb | 1886 | ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 1887 | { |
| rahul_dahiya |
0:fb8047b156bb | 1888 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1889 | handshake_failure = 1; |
| rahul_dahiya |
0:fb8047b156bb | 1890 | } |
| rahul_dahiya |
0:fb8047b156bb | 1891 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| rahul_dahiya |
0:fb8047b156bb | 1892 | else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && |
| rahul_dahiya |
0:fb8047b156bb | 1893 | ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && |
| rahul_dahiya |
0:fb8047b156bb | 1894 | renegotiation_info_seen == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1895 | { |
| rahul_dahiya |
0:fb8047b156bb | 1896 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1897 | handshake_failure = 1; |
| rahul_dahiya |
0:fb8047b156bb | 1898 | } |
| rahul_dahiya |
0:fb8047b156bb | 1899 | else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && |
| rahul_dahiya |
0:fb8047b156bb | 1900 | ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && |
| rahul_dahiya |
0:fb8047b156bb | 1901 | ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) |
| rahul_dahiya |
0:fb8047b156bb | 1902 | { |
| rahul_dahiya |
0:fb8047b156bb | 1903 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1904 | handshake_failure = 1; |
| rahul_dahiya |
0:fb8047b156bb | 1905 | } |
| rahul_dahiya |
0:fb8047b156bb | 1906 | else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && |
| rahul_dahiya |
0:fb8047b156bb | 1907 | ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && |
| rahul_dahiya |
0:fb8047b156bb | 1908 | renegotiation_info_seen == 1 ) |
| rahul_dahiya |
0:fb8047b156bb | 1909 | { |
| rahul_dahiya |
0:fb8047b156bb | 1910 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1911 | handshake_failure = 1; |
| rahul_dahiya |
0:fb8047b156bb | 1912 | } |
| rahul_dahiya |
0:fb8047b156bb | 1913 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
| rahul_dahiya |
0:fb8047b156bb | 1914 | |
| rahul_dahiya |
0:fb8047b156bb | 1915 | if( handshake_failure == 1 ) |
| rahul_dahiya |
0:fb8047b156bb | 1916 | { |
| rahul_dahiya |
0:fb8047b156bb | 1917 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 1918 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 1919 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); |
| rahul_dahiya |
0:fb8047b156bb | 1920 | } |
| rahul_dahiya |
0:fb8047b156bb | 1921 | |
| rahul_dahiya |
0:fb8047b156bb | 1922 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1923 | |
| rahul_dahiya |
0:fb8047b156bb | 1924 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1925 | } |
| rahul_dahiya |
0:fb8047b156bb | 1926 | |
| rahul_dahiya |
0:fb8047b156bb | 1927 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 1928 | defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1929 | static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p, |
| rahul_dahiya |
0:fb8047b156bb | 1930 | unsigned char *end ) |
| rahul_dahiya |
0:fb8047b156bb | 1931 | { |
| rahul_dahiya |
0:fb8047b156bb | 1932 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| rahul_dahiya |
0:fb8047b156bb | 1933 | |
| rahul_dahiya |
0:fb8047b156bb | 1934 | /* |
| rahul_dahiya |
0:fb8047b156bb | 1935 | * Ephemeral DH parameters: |
| rahul_dahiya |
0:fb8047b156bb | 1936 | * |
| rahul_dahiya |
0:fb8047b156bb | 1937 | * struct { |
| rahul_dahiya |
0:fb8047b156bb | 1938 | * opaque dh_p<1..2^16-1>; |
| rahul_dahiya |
0:fb8047b156bb | 1939 | * opaque dh_g<1..2^16-1>; |
| rahul_dahiya |
0:fb8047b156bb | 1940 | * opaque dh_Ys<1..2^16-1>; |
| rahul_dahiya |
0:fb8047b156bb | 1941 | * } ServerDHParams; |
| rahul_dahiya |
0:fb8047b156bb | 1942 | */ |
| rahul_dahiya |
0:fb8047b156bb | 1943 | if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, p, end ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1944 | { |
| rahul_dahiya |
0:fb8047b156bb | 1945 | MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1946 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1947 | } |
| rahul_dahiya |
0:fb8047b156bb | 1948 | |
| rahul_dahiya |
0:fb8047b156bb | 1949 | if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen ) |
| rahul_dahiya |
0:fb8047b156bb | 1950 | { |
| rahul_dahiya |
0:fb8047b156bb | 1951 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d", |
| rahul_dahiya |
0:fb8047b156bb | 1952 | ssl->handshake->dhm_ctx.len * 8, |
| rahul_dahiya |
0:fb8047b156bb | 1953 | ssl->conf->dhm_min_bitlen ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1954 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 1955 | } |
| rahul_dahiya |
0:fb8047b156bb | 1956 | |
| rahul_dahiya |
0:fb8047b156bb | 1957 | MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P ); |
| rahul_dahiya |
0:fb8047b156bb | 1958 | MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G ); |
| rahul_dahiya |
0:fb8047b156bb | 1959 | MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY ); |
| rahul_dahiya |
0:fb8047b156bb | 1960 | |
| rahul_dahiya |
0:fb8047b156bb | 1961 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 1962 | } |
| rahul_dahiya |
0:fb8047b156bb | 1963 | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 1964 | MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 1965 | |
| rahul_dahiya |
0:fb8047b156bb | 1966 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 1967 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 1968 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 1969 | defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 1970 | defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 1971 | static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 1972 | { |
| rahul_dahiya |
0:fb8047b156bb | 1973 | const mbedtls_ecp_curve_info *curve_info; |
| rahul_dahiya |
0:fb8047b156bb | 1974 | |
| rahul_dahiya |
0:fb8047b156bb | 1975 | curve_info = mbedtls_ecp_curve_info_from_grp_id( ssl->handshake->ecdh_ctx.grp.id ); |
| rahul_dahiya |
0:fb8047b156bb | 1976 | if( curve_info == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 1977 | { |
| rahul_dahiya |
0:fb8047b156bb | 1978 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1979 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 1980 | } |
| rahul_dahiya |
0:fb8047b156bb | 1981 | |
| rahul_dahiya |
0:fb8047b156bb | 1982 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); |
| rahul_dahiya |
0:fb8047b156bb | 1983 | |
| rahul_dahiya |
0:fb8047b156bb | 1984 | #if defined(MBEDTLS_ECP_C) |
| rahul_dahiya |
0:fb8047b156bb | 1985 | if( mbedtls_ssl_check_curve( ssl, ssl->handshake->ecdh_ctx.grp.id ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 1986 | #else |
| rahul_dahiya |
0:fb8047b156bb | 1987 | if( ssl->handshake->ecdh_ctx.grp.nbits < 163 || |
| rahul_dahiya |
0:fb8047b156bb | 1988 | ssl->handshake->ecdh_ctx.grp.nbits > 521 ) |
| rahul_dahiya |
0:fb8047b156bb | 1989 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 1990 | return( -1 ); |
| rahul_dahiya |
0:fb8047b156bb | 1991 | |
| rahul_dahiya |
0:fb8047b156bb | 1992 | MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp ); |
| rahul_dahiya |
0:fb8047b156bb | 1993 | |
| rahul_dahiya |
0:fb8047b156bb | 1994 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 1995 | } |
| rahul_dahiya |
0:fb8047b156bb | 1996 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 1997 | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 1998 | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 1999 | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2000 | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2001 | |
| rahul_dahiya |
0:fb8047b156bb | 2002 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2003 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2004 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2005 | static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 2006 | unsigned char **p, |
| rahul_dahiya |
0:fb8047b156bb | 2007 | unsigned char *end ) |
| rahul_dahiya |
0:fb8047b156bb | 2008 | { |
| rahul_dahiya |
0:fb8047b156bb | 2009 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| rahul_dahiya |
0:fb8047b156bb | 2010 | |
| rahul_dahiya |
0:fb8047b156bb | 2011 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2012 | * Ephemeral ECDH parameters: |
| rahul_dahiya |
0:fb8047b156bb | 2013 | * |
| rahul_dahiya |
0:fb8047b156bb | 2014 | * struct { |
| rahul_dahiya |
0:fb8047b156bb | 2015 | * ECParameters curve_params; |
| rahul_dahiya |
0:fb8047b156bb | 2016 | * ECPoint public; |
| rahul_dahiya |
0:fb8047b156bb | 2017 | * } ServerECDHParams; |
| rahul_dahiya |
0:fb8047b156bb | 2018 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2019 | if( ( ret = mbedtls_ecdh_read_params( &ssl->handshake->ecdh_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 2020 | (const unsigned char **) p, end ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2021 | { |
| rahul_dahiya |
0:fb8047b156bb | 2022 | MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2023 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2024 | } |
| rahul_dahiya |
0:fb8047b156bb | 2025 | |
| rahul_dahiya |
0:fb8047b156bb | 2026 | if( ssl_check_server_ecdh_params( ssl ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2027 | { |
| rahul_dahiya |
0:fb8047b156bb | 2028 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDHE curve)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2029 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2030 | } |
| rahul_dahiya |
0:fb8047b156bb | 2031 | |
| rahul_dahiya |
0:fb8047b156bb | 2032 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2033 | } |
| rahul_dahiya |
0:fb8047b156bb | 2034 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2035 | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2036 | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2037 | |
| rahul_dahiya |
0:fb8047b156bb | 2038 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2039 | static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 2040 | unsigned char **p, |
| rahul_dahiya |
0:fb8047b156bb | 2041 | unsigned char *end ) |
| rahul_dahiya |
0:fb8047b156bb | 2042 | { |
| rahul_dahiya |
0:fb8047b156bb | 2043 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| rahul_dahiya |
0:fb8047b156bb | 2044 | size_t len; |
| rahul_dahiya |
0:fb8047b156bb | 2045 | ((void) ssl); |
| rahul_dahiya |
0:fb8047b156bb | 2046 | |
| rahul_dahiya |
0:fb8047b156bb | 2047 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2048 | * PSK parameters: |
| rahul_dahiya |
0:fb8047b156bb | 2049 | * |
| rahul_dahiya |
0:fb8047b156bb | 2050 | * opaque psk_identity_hint<0..2^16-1>; |
| rahul_dahiya |
0:fb8047b156bb | 2051 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2052 | len = (*p)[0] << 8 | (*p)[1]; |
| rahul_dahiya |
0:fb8047b156bb | 2053 | *p += 2; |
| rahul_dahiya |
0:fb8047b156bb | 2054 | |
| rahul_dahiya |
0:fb8047b156bb | 2055 | if( (*p) + len > end ) |
| rahul_dahiya |
0:fb8047b156bb | 2056 | { |
| rahul_dahiya |
0:fb8047b156bb | 2057 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " |
| rahul_dahiya |
0:fb8047b156bb | 2058 | "(psk_identity_hint length)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2059 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2060 | } |
| rahul_dahiya |
0:fb8047b156bb | 2061 | |
| rahul_dahiya |
0:fb8047b156bb | 2062 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2063 | * Note: we currently ignore the PKS identity hint, as we only allow one |
| rahul_dahiya |
0:fb8047b156bb | 2064 | * PSK to be provisionned on the client. This could be changed later if |
| rahul_dahiya |
0:fb8047b156bb | 2065 | * someone needs that feature. |
| rahul_dahiya |
0:fb8047b156bb | 2066 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2067 | *p += len; |
| rahul_dahiya |
0:fb8047b156bb | 2068 | ret = 0; |
| rahul_dahiya |
0:fb8047b156bb | 2069 | |
| rahul_dahiya |
0:fb8047b156bb | 2070 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2071 | } |
| rahul_dahiya |
0:fb8047b156bb | 2072 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2073 | |
| rahul_dahiya |
0:fb8047b156bb | 2074 | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2075 | defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2076 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2077 | * Generate a pre-master secret and encrypt it with the server's RSA key |
| rahul_dahiya |
0:fb8047b156bb | 2078 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2079 | static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 2080 | size_t offset, size_t *olen, |
| rahul_dahiya |
0:fb8047b156bb | 2081 | size_t pms_offset ) |
| rahul_dahiya |
0:fb8047b156bb | 2082 | { |
| rahul_dahiya |
0:fb8047b156bb | 2083 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 2084 | size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2; |
| rahul_dahiya |
0:fb8047b156bb | 2085 | unsigned char *p = ssl->handshake->premaster + pms_offset; |
| rahul_dahiya |
0:fb8047b156bb | 2086 | |
| rahul_dahiya |
0:fb8047b156bb | 2087 | if( offset + len_bytes > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 2088 | { |
| rahul_dahiya |
0:fb8047b156bb | 2089 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2090 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
| rahul_dahiya |
0:fb8047b156bb | 2091 | } |
| rahul_dahiya |
0:fb8047b156bb | 2092 | |
| rahul_dahiya |
0:fb8047b156bb | 2093 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2094 | * Generate (part of) the pre-master as |
| rahul_dahiya |
0:fb8047b156bb | 2095 | * struct { |
| rahul_dahiya |
0:fb8047b156bb | 2096 | * ProtocolVersion client_version; |
| rahul_dahiya |
0:fb8047b156bb | 2097 | * opaque random[46]; |
| rahul_dahiya |
0:fb8047b156bb | 2098 | * } PreMasterSecret; |
| rahul_dahiya |
0:fb8047b156bb | 2099 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2100 | mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, |
| rahul_dahiya |
0:fb8047b156bb | 2101 | ssl->conf->transport, p ); |
| rahul_dahiya |
0:fb8047b156bb | 2102 | |
| rahul_dahiya |
0:fb8047b156bb | 2103 | if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2104 | { |
| rahul_dahiya |
0:fb8047b156bb | 2105 | MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2106 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2107 | } |
| rahul_dahiya |
0:fb8047b156bb | 2108 | |
| rahul_dahiya |
0:fb8047b156bb | 2109 | ssl->handshake->pmslen = 48; |
| rahul_dahiya |
0:fb8047b156bb | 2110 | |
| rahul_dahiya |
0:fb8047b156bb | 2111 | if( ssl->session_negotiate->peer_cert == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2112 | { |
| rahul_dahiya |
0:fb8047b156bb | 2113 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2114 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2115 | } |
| rahul_dahiya |
0:fb8047b156bb | 2116 | |
| rahul_dahiya |
0:fb8047b156bb | 2117 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2118 | * Now write it out, encrypted |
| rahul_dahiya |
0:fb8047b156bb | 2119 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2120 | if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, |
| rahul_dahiya |
0:fb8047b156bb | 2121 | MBEDTLS_PK_RSA ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2122 | { |
| rahul_dahiya |
0:fb8047b156bb | 2123 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2124 | return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); |
| rahul_dahiya |
0:fb8047b156bb | 2125 | } |
| rahul_dahiya |
0:fb8047b156bb | 2126 | |
| rahul_dahiya |
0:fb8047b156bb | 2127 | if( ( ret = mbedtls_pk_encrypt( &ssl->session_negotiate->peer_cert->pk, |
| rahul_dahiya |
0:fb8047b156bb | 2128 | p, ssl->handshake->pmslen, |
| rahul_dahiya |
0:fb8047b156bb | 2129 | ssl->out_msg + offset + len_bytes, olen, |
| rahul_dahiya |
0:fb8047b156bb | 2130 | MBEDTLS_SSL_MAX_CONTENT_LEN - offset - len_bytes, |
| rahul_dahiya |
0:fb8047b156bb | 2131 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2132 | { |
| rahul_dahiya |
0:fb8047b156bb | 2133 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2134 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2135 | } |
| rahul_dahiya |
0:fb8047b156bb | 2136 | |
| rahul_dahiya |
0:fb8047b156bb | 2137 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2138 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 2139 | if( len_bytes == 2 ) |
| rahul_dahiya |
0:fb8047b156bb | 2140 | { |
| rahul_dahiya |
0:fb8047b156bb | 2141 | ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2142 | ssl->out_msg[offset+1] = (unsigned char)( *olen ); |
| rahul_dahiya |
0:fb8047b156bb | 2143 | *olen += 2; |
| rahul_dahiya |
0:fb8047b156bb | 2144 | } |
| rahul_dahiya |
0:fb8047b156bb | 2145 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2146 | |
| rahul_dahiya |
0:fb8047b156bb | 2147 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2148 | } |
| rahul_dahiya |
0:fb8047b156bb | 2149 | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2150 | MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2151 | |
| rahul_dahiya |
0:fb8047b156bb | 2152 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 2153 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2154 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2155 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2156 | static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, |
| rahul_dahiya |
0:fb8047b156bb | 2157 | unsigned char **p, |
| rahul_dahiya |
0:fb8047b156bb | 2158 | unsigned char *end, |
| rahul_dahiya |
0:fb8047b156bb | 2159 | mbedtls_md_type_t *md_alg, |
| rahul_dahiya |
0:fb8047b156bb | 2160 | mbedtls_pk_type_t *pk_alg ) |
| rahul_dahiya |
0:fb8047b156bb | 2161 | { |
| rahul_dahiya |
0:fb8047b156bb | 2162 | ((void) ssl); |
| rahul_dahiya |
0:fb8047b156bb | 2163 | *md_alg = MBEDTLS_MD_NONE; |
| rahul_dahiya |
0:fb8047b156bb | 2164 | *pk_alg = MBEDTLS_PK_NONE; |
| rahul_dahiya |
0:fb8047b156bb | 2165 | |
| rahul_dahiya |
0:fb8047b156bb | 2166 | /* Only in TLS 1.2 */ |
| rahul_dahiya |
0:fb8047b156bb | 2167 | if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 2168 | { |
| rahul_dahiya |
0:fb8047b156bb | 2169 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2170 | } |
| rahul_dahiya |
0:fb8047b156bb | 2171 | |
| rahul_dahiya |
0:fb8047b156bb | 2172 | if( (*p) + 2 > end ) |
| rahul_dahiya |
0:fb8047b156bb | 2173 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2174 | |
| rahul_dahiya |
0:fb8047b156bb | 2175 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2176 | * Get hash algorithm |
| rahul_dahiya |
0:fb8047b156bb | 2177 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2178 | if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE ) |
| rahul_dahiya |
0:fb8047b156bb | 2179 | { |
| rahul_dahiya |
0:fb8047b156bb | 2180 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported " |
| rahul_dahiya |
0:fb8047b156bb | 2181 | "HashAlgorithm %d", *(p)[0] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2182 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2183 | } |
| rahul_dahiya |
0:fb8047b156bb | 2184 | |
| rahul_dahiya |
0:fb8047b156bb | 2185 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2186 | * Get signature algorithm |
| rahul_dahiya |
0:fb8047b156bb | 2187 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2188 | if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE ) |
| rahul_dahiya |
0:fb8047b156bb | 2189 | { |
| rahul_dahiya |
0:fb8047b156bb | 2190 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported " |
| rahul_dahiya |
0:fb8047b156bb | 2191 | "SignatureAlgorithm %d", (*p)[1] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2192 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2193 | } |
| rahul_dahiya |
0:fb8047b156bb | 2194 | |
| rahul_dahiya |
0:fb8047b156bb | 2195 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2196 | * Check if the hash is acceptable |
| rahul_dahiya |
0:fb8047b156bb | 2197 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2198 | if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2199 | { |
| rahul_dahiya |
0:fb8047b156bb | 2200 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered", |
| rahul_dahiya |
0:fb8047b156bb | 2201 | *(p)[0] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2202 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2203 | } |
| rahul_dahiya |
0:fb8047b156bb | 2204 | |
| rahul_dahiya |
0:fb8047b156bb | 2205 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2206 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", (*p)[0] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2207 | *p += 2; |
| rahul_dahiya |
0:fb8047b156bb | 2208 | |
| rahul_dahiya |
0:fb8047b156bb | 2209 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2210 | } |
| rahul_dahiya |
0:fb8047b156bb | 2211 | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2212 | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2213 | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2214 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 2215 | |
| rahul_dahiya |
0:fb8047b156bb | 2216 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2217 | defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2218 | static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2219 | { |
| rahul_dahiya |
0:fb8047b156bb | 2220 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 2221 | const mbedtls_ecp_keypair *peer_key; |
| rahul_dahiya |
0:fb8047b156bb | 2222 | |
| rahul_dahiya |
0:fb8047b156bb | 2223 | if( ssl->session_negotiate->peer_cert == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2224 | { |
| rahul_dahiya |
0:fb8047b156bb | 2225 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2226 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2227 | } |
| rahul_dahiya |
0:fb8047b156bb | 2228 | |
| rahul_dahiya |
0:fb8047b156bb | 2229 | if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, |
| rahul_dahiya |
0:fb8047b156bb | 2230 | MBEDTLS_PK_ECKEY ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2231 | { |
| rahul_dahiya |
0:fb8047b156bb | 2232 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2233 | return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); |
| rahul_dahiya |
0:fb8047b156bb | 2234 | } |
| rahul_dahiya |
0:fb8047b156bb | 2235 | |
| rahul_dahiya |
0:fb8047b156bb | 2236 | peer_key = mbedtls_pk_ec( ssl->session_negotiate->peer_cert->pk ); |
| rahul_dahiya |
0:fb8047b156bb | 2237 | |
| rahul_dahiya |
0:fb8047b156bb | 2238 | if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key, |
| rahul_dahiya |
0:fb8047b156bb | 2239 | MBEDTLS_ECDH_THEIRS ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2240 | { |
| rahul_dahiya |
0:fb8047b156bb | 2241 | MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2242 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2243 | } |
| rahul_dahiya |
0:fb8047b156bb | 2244 | |
| rahul_dahiya |
0:fb8047b156bb | 2245 | if( ssl_check_server_ecdh_params( ssl ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2246 | { |
| rahul_dahiya |
0:fb8047b156bb | 2247 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2248 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); |
| rahul_dahiya |
0:fb8047b156bb | 2249 | } |
| rahul_dahiya |
0:fb8047b156bb | 2250 | |
| rahul_dahiya |
0:fb8047b156bb | 2251 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2252 | } |
| rahul_dahiya |
0:fb8047b156bb | 2253 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || |
| rahul_dahiya |
0:fb8047b156bb | 2254 | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2255 | |
| rahul_dahiya |
0:fb8047b156bb | 2256 | static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2257 | { |
| rahul_dahiya |
0:fb8047b156bb | 2258 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 2259 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = |
| rahul_dahiya |
0:fb8047b156bb | 2260 | ssl->transform_negotiate->ciphersuite_info; |
| rahul_dahiya |
0:fb8047b156bb | 2261 | unsigned char *p, *end; |
| rahul_dahiya |
0:fb8047b156bb | 2262 | |
| rahul_dahiya |
0:fb8047b156bb | 2263 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2264 | |
| rahul_dahiya |
0:fb8047b156bb | 2265 | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2266 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) |
| rahul_dahiya |
0:fb8047b156bb | 2267 | { |
| rahul_dahiya |
0:fb8047b156bb | 2268 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2269 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 2270 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2271 | } |
| rahul_dahiya |
0:fb8047b156bb | 2272 | ((void) p); |
| rahul_dahiya |
0:fb8047b156bb | 2273 | ((void) end); |
| rahul_dahiya |
0:fb8047b156bb | 2274 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2275 | |
| rahul_dahiya |
0:fb8047b156bb | 2276 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2277 | defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2278 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || |
| rahul_dahiya |
0:fb8047b156bb | 2279 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) |
| rahul_dahiya |
0:fb8047b156bb | 2280 | { |
| rahul_dahiya |
0:fb8047b156bb | 2281 | if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2282 | { |
| rahul_dahiya |
0:fb8047b156bb | 2283 | MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2284 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2285 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 2286 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2287 | } |
| rahul_dahiya |
0:fb8047b156bb | 2288 | |
| rahul_dahiya |
0:fb8047b156bb | 2289 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2290 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 2291 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2292 | } |
| rahul_dahiya |
0:fb8047b156bb | 2293 | ((void) p); |
| rahul_dahiya |
0:fb8047b156bb | 2294 | ((void) end); |
| rahul_dahiya |
0:fb8047b156bb | 2295 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2296 | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2297 | |
| rahul_dahiya |
0:fb8047b156bb | 2298 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2299 | { |
| rahul_dahiya |
0:fb8047b156bb | 2300 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2301 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2302 | } |
| rahul_dahiya |
0:fb8047b156bb | 2303 | |
| rahul_dahiya |
0:fb8047b156bb | 2304 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 2305 | { |
| rahul_dahiya |
0:fb8047b156bb | 2306 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2307 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2308 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2309 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2310 | } |
| rahul_dahiya |
0:fb8047b156bb | 2311 | |
| rahul_dahiya |
0:fb8047b156bb | 2312 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2313 | * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server |
| rahul_dahiya |
0:fb8047b156bb | 2314 | * doesn't use a psk_identity_hint |
| rahul_dahiya |
0:fb8047b156bb | 2315 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2316 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE ) |
| rahul_dahiya |
0:fb8047b156bb | 2317 | { |
| rahul_dahiya |
0:fb8047b156bb | 2318 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 2319 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 2320 | { |
| rahul_dahiya |
0:fb8047b156bb | 2321 | /* Current message is probably either |
| rahul_dahiya |
0:fb8047b156bb | 2322 | * CertificateRequest or ServerHelloDone */ |
| rahul_dahiya |
0:fb8047b156bb | 2323 | ssl->keep_current_message = 1; |
| rahul_dahiya |
0:fb8047b156bb | 2324 | goto exit; |
| rahul_dahiya |
0:fb8047b156bb | 2325 | } |
| rahul_dahiya |
0:fb8047b156bb | 2326 | |
| rahul_dahiya |
0:fb8047b156bb | 2327 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key exchange message must " |
| rahul_dahiya |
0:fb8047b156bb | 2328 | "not be skipped" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2329 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2330 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2331 | |
| rahul_dahiya |
0:fb8047b156bb | 2332 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2333 | } |
| rahul_dahiya |
0:fb8047b156bb | 2334 | |
| rahul_dahiya |
0:fb8047b156bb | 2335 | p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 2336 | end = ssl->in_msg + ssl->in_hslen; |
| rahul_dahiya |
0:fb8047b156bb | 2337 | MBEDTLS_SSL_DEBUG_BUF( 3, "server key exchange", p, end - p ); |
| rahul_dahiya |
0:fb8047b156bb | 2338 | |
| rahul_dahiya |
0:fb8047b156bb | 2339 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2340 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 2341 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 2342 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 2343 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 2344 | { |
| rahul_dahiya |
0:fb8047b156bb | 2345 | if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2346 | { |
| rahul_dahiya |
0:fb8047b156bb | 2347 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2348 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2349 | MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); |
| rahul_dahiya |
0:fb8047b156bb | 2350 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2351 | } |
| rahul_dahiya |
0:fb8047b156bb | 2352 | } /* FALLTROUGH */ |
| rahul_dahiya |
0:fb8047b156bb | 2353 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2354 | |
| rahul_dahiya |
0:fb8047b156bb | 2355 | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2356 | defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2357 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 2358 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 2359 | ; /* nothing more to do */ |
| rahul_dahiya |
0:fb8047b156bb | 2360 | else |
| rahul_dahiya |
0:fb8047b156bb | 2361 | #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2362 | MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2363 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2364 | defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2365 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || |
| rahul_dahiya |
0:fb8047b156bb | 2366 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 2367 | { |
| rahul_dahiya |
0:fb8047b156bb | 2368 | if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2369 | { |
| rahul_dahiya |
0:fb8047b156bb | 2370 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2371 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2372 | MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); |
| rahul_dahiya |
0:fb8047b156bb | 2373 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2374 | } |
| rahul_dahiya |
0:fb8047b156bb | 2375 | } |
| rahul_dahiya |
0:fb8047b156bb | 2376 | else |
| rahul_dahiya |
0:fb8047b156bb | 2377 | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2378 | MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2379 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2380 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2381 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2382 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || |
| rahul_dahiya |
0:fb8047b156bb | 2383 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 2384 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) |
| rahul_dahiya |
0:fb8047b156bb | 2385 | { |
| rahul_dahiya |
0:fb8047b156bb | 2386 | if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2387 | { |
| rahul_dahiya |
0:fb8047b156bb | 2388 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2389 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2390 | MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); |
| rahul_dahiya |
0:fb8047b156bb | 2391 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2392 | } |
| rahul_dahiya |
0:fb8047b156bb | 2393 | } |
| rahul_dahiya |
0:fb8047b156bb | 2394 | else |
| rahul_dahiya |
0:fb8047b156bb | 2395 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2396 | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2397 | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2398 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2399 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 2400 | { |
| rahul_dahiya |
0:fb8047b156bb | 2401 | ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 2402 | p, end - p ); |
| rahul_dahiya |
0:fb8047b156bb | 2403 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2404 | { |
| rahul_dahiya |
0:fb8047b156bb | 2405 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2406 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2407 | MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); |
| rahul_dahiya |
0:fb8047b156bb | 2408 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2409 | } |
| rahul_dahiya |
0:fb8047b156bb | 2410 | } |
| rahul_dahiya |
0:fb8047b156bb | 2411 | else |
| rahul_dahiya |
0:fb8047b156bb | 2412 | #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2413 | { |
| rahul_dahiya |
0:fb8047b156bb | 2414 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2415 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2416 | } |
| rahul_dahiya |
0:fb8047b156bb | 2417 | |
| rahul_dahiya |
0:fb8047b156bb | 2418 | #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2419 | if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2420 | { |
| rahul_dahiya |
0:fb8047b156bb | 2421 | size_t sig_len, hashlen; |
| rahul_dahiya |
0:fb8047b156bb | 2422 | unsigned char hash[64]; |
| rahul_dahiya |
0:fb8047b156bb | 2423 | mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; |
| rahul_dahiya |
0:fb8047b156bb | 2424 | mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; |
| rahul_dahiya |
0:fb8047b156bb | 2425 | unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 2426 | size_t params_len = p - params; |
| rahul_dahiya |
0:fb8047b156bb | 2427 | |
| rahul_dahiya |
0:fb8047b156bb | 2428 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2429 | * Handle the digitally-signed structure |
| rahul_dahiya |
0:fb8047b156bb | 2430 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2431 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 2432 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 2433 | { |
| rahul_dahiya |
0:fb8047b156bb | 2434 | if( ssl_parse_signature_algorithm( ssl, &p, end, |
| rahul_dahiya |
0:fb8047b156bb | 2435 | &md_alg, &pk_alg ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2436 | { |
| rahul_dahiya |
0:fb8047b156bb | 2437 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2438 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2439 | MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); |
| rahul_dahiya |
0:fb8047b156bb | 2440 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2441 | } |
| rahul_dahiya |
0:fb8047b156bb | 2442 | |
| rahul_dahiya |
0:fb8047b156bb | 2443 | if( pk_alg != mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2444 | { |
| rahul_dahiya |
0:fb8047b156bb | 2445 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2446 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2447 | MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); |
| rahul_dahiya |
0:fb8047b156bb | 2448 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2449 | } |
| rahul_dahiya |
0:fb8047b156bb | 2450 | } |
| rahul_dahiya |
0:fb8047b156bb | 2451 | else |
| rahul_dahiya |
0:fb8047b156bb | 2452 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 2453 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2454 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 2455 | if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 2456 | { |
| rahul_dahiya |
0:fb8047b156bb | 2457 | pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); |
| rahul_dahiya |
0:fb8047b156bb | 2458 | |
| rahul_dahiya |
0:fb8047b156bb | 2459 | /* Default hash for ECDSA is SHA-1 */ |
| rahul_dahiya |
0:fb8047b156bb | 2460 | if( pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE ) |
| rahul_dahiya |
0:fb8047b156bb | 2461 | md_alg = MBEDTLS_MD_SHA1; |
| rahul_dahiya |
0:fb8047b156bb | 2462 | } |
| rahul_dahiya |
0:fb8047b156bb | 2463 | else |
| rahul_dahiya |
0:fb8047b156bb | 2464 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2465 | { |
| rahul_dahiya |
0:fb8047b156bb | 2466 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2467 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2468 | } |
| rahul_dahiya |
0:fb8047b156bb | 2469 | |
| rahul_dahiya |
0:fb8047b156bb | 2470 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2471 | * Read signature |
| rahul_dahiya |
0:fb8047b156bb | 2472 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2473 | sig_len = ( p[0] << 8 ) | p[1]; |
| rahul_dahiya |
0:fb8047b156bb | 2474 | p += 2; |
| rahul_dahiya |
0:fb8047b156bb | 2475 | |
| rahul_dahiya |
0:fb8047b156bb | 2476 | if( end != p + sig_len ) |
| rahul_dahiya |
0:fb8047b156bb | 2477 | { |
| rahul_dahiya |
0:fb8047b156bb | 2478 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2479 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2480 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2481 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2482 | } |
| rahul_dahiya |
0:fb8047b156bb | 2483 | |
| rahul_dahiya |
0:fb8047b156bb | 2484 | MBEDTLS_SSL_DEBUG_BUF( 3, "signature", p, sig_len ); |
| rahul_dahiya |
0:fb8047b156bb | 2485 | |
| rahul_dahiya |
0:fb8047b156bb | 2486 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2487 | * Compute the hash that has been signed |
| rahul_dahiya |
0:fb8047b156bb | 2488 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2489 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2490 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 2491 | if( md_alg == MBEDTLS_MD_NONE ) |
| rahul_dahiya |
0:fb8047b156bb | 2492 | { |
| rahul_dahiya |
0:fb8047b156bb | 2493 | mbedtls_md5_context mbedtls_md5; |
| rahul_dahiya |
0:fb8047b156bb | 2494 | mbedtls_sha1_context mbedtls_sha1; |
| rahul_dahiya |
0:fb8047b156bb | 2495 | |
| rahul_dahiya |
0:fb8047b156bb | 2496 | mbedtls_md5_init( &mbedtls_md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 2497 | mbedtls_sha1_init( &mbedtls_sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 2498 | |
| rahul_dahiya |
0:fb8047b156bb | 2499 | hashlen = 36; |
| rahul_dahiya |
0:fb8047b156bb | 2500 | |
| rahul_dahiya |
0:fb8047b156bb | 2501 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2502 | * digitally-signed struct { |
| rahul_dahiya |
0:fb8047b156bb | 2503 | * opaque md5_hash[16]; |
| rahul_dahiya |
0:fb8047b156bb | 2504 | * opaque sha_hash[20]; |
| rahul_dahiya |
0:fb8047b156bb | 2505 | * }; |
| rahul_dahiya |
0:fb8047b156bb | 2506 | * |
| rahul_dahiya |
0:fb8047b156bb | 2507 | * md5_hash |
| rahul_dahiya |
0:fb8047b156bb | 2508 | * MD5(ClientHello.random + ServerHello.random |
| rahul_dahiya |
0:fb8047b156bb | 2509 | * + ServerParams); |
| rahul_dahiya |
0:fb8047b156bb | 2510 | * sha_hash |
| rahul_dahiya |
0:fb8047b156bb | 2511 | * SHA(ClientHello.random + ServerHello.random |
| rahul_dahiya |
0:fb8047b156bb | 2512 | * + ServerParams); |
| rahul_dahiya |
0:fb8047b156bb | 2513 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2514 | mbedtls_md5_starts( &mbedtls_md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 2515 | mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes, 64 ); |
| rahul_dahiya |
0:fb8047b156bb | 2516 | mbedtls_md5_update( &mbedtls_md5, params, params_len ); |
| rahul_dahiya |
0:fb8047b156bb | 2517 | mbedtls_md5_finish( &mbedtls_md5, hash ); |
| rahul_dahiya |
0:fb8047b156bb | 2518 | |
| rahul_dahiya |
0:fb8047b156bb | 2519 | mbedtls_sha1_starts( &mbedtls_sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 2520 | mbedtls_sha1_update( &mbedtls_sha1, ssl->handshake->randbytes, 64 ); |
| rahul_dahiya |
0:fb8047b156bb | 2521 | mbedtls_sha1_update( &mbedtls_sha1, params, params_len ); |
| rahul_dahiya |
0:fb8047b156bb | 2522 | mbedtls_sha1_finish( &mbedtls_sha1, hash + 16 ); |
| rahul_dahiya |
0:fb8047b156bb | 2523 | |
| rahul_dahiya |
0:fb8047b156bb | 2524 | mbedtls_md5_free( &mbedtls_md5 ); |
| rahul_dahiya |
0:fb8047b156bb | 2525 | mbedtls_sha1_free( &mbedtls_sha1 ); |
| rahul_dahiya |
0:fb8047b156bb | 2526 | } |
| rahul_dahiya |
0:fb8047b156bb | 2527 | else |
| rahul_dahiya |
0:fb8047b156bb | 2528 | #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ |
| rahul_dahiya |
0:fb8047b156bb | 2529 | MBEDTLS_SSL_PROTO_TLS1_1 */ |
| rahul_dahiya |
0:fb8047b156bb | 2530 | #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2531 | defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 2532 | if( md_alg != MBEDTLS_MD_NONE ) |
| rahul_dahiya |
0:fb8047b156bb | 2533 | { |
| rahul_dahiya |
0:fb8047b156bb | 2534 | mbedtls_md_context_t ctx; |
| rahul_dahiya |
0:fb8047b156bb | 2535 | |
| rahul_dahiya |
0:fb8047b156bb | 2536 | mbedtls_md_init( &ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 2537 | |
| rahul_dahiya |
0:fb8047b156bb | 2538 | /* Info from md_alg will be used instead */ |
| rahul_dahiya |
0:fb8047b156bb | 2539 | hashlen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 2540 | |
| rahul_dahiya |
0:fb8047b156bb | 2541 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2542 | * digitally-signed struct { |
| rahul_dahiya |
0:fb8047b156bb | 2543 | * opaque client_random[32]; |
| rahul_dahiya |
0:fb8047b156bb | 2544 | * opaque server_random[32]; |
| rahul_dahiya |
0:fb8047b156bb | 2545 | * ServerDHParams params; |
| rahul_dahiya |
0:fb8047b156bb | 2546 | * }; |
| rahul_dahiya |
0:fb8047b156bb | 2547 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2548 | if( ( ret = mbedtls_md_setup( &ctx, |
| rahul_dahiya |
0:fb8047b156bb | 2549 | mbedtls_md_info_from_type( md_alg ), 0 ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2550 | { |
| rahul_dahiya |
0:fb8047b156bb | 2551 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2552 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2553 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2554 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2555 | } |
| rahul_dahiya |
0:fb8047b156bb | 2556 | |
| rahul_dahiya |
0:fb8047b156bb | 2557 | mbedtls_md_starts( &ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 2558 | mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ); |
| rahul_dahiya |
0:fb8047b156bb | 2559 | mbedtls_md_update( &ctx, params, params_len ); |
| rahul_dahiya |
0:fb8047b156bb | 2560 | mbedtls_md_finish( &ctx, hash ); |
| rahul_dahiya |
0:fb8047b156bb | 2561 | mbedtls_md_free( &ctx ); |
| rahul_dahiya |
0:fb8047b156bb | 2562 | } |
| rahul_dahiya |
0:fb8047b156bb | 2563 | else |
| rahul_dahiya |
0:fb8047b156bb | 2564 | #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ |
| rahul_dahiya |
0:fb8047b156bb | 2565 | MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 2566 | { |
| rahul_dahiya |
0:fb8047b156bb | 2567 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2568 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2569 | } |
| rahul_dahiya |
0:fb8047b156bb | 2570 | |
| rahul_dahiya |
0:fb8047b156bb | 2571 | MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen : |
| rahul_dahiya |
0:fb8047b156bb | 2572 | (unsigned int) ( mbedtls_md_get_size( mbedtls_md_info_from_type( md_alg ) ) ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2573 | |
| rahul_dahiya |
0:fb8047b156bb | 2574 | if( ssl->session_negotiate->peer_cert == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2575 | { |
| rahul_dahiya |
0:fb8047b156bb | 2576 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2577 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2578 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 2579 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2580 | } |
| rahul_dahiya |
0:fb8047b156bb | 2581 | |
| rahul_dahiya |
0:fb8047b156bb | 2582 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2583 | * Verify signature |
| rahul_dahiya |
0:fb8047b156bb | 2584 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2585 | if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2586 | { |
| rahul_dahiya |
0:fb8047b156bb | 2587 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2588 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2589 | MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); |
| rahul_dahiya |
0:fb8047b156bb | 2590 | return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); |
| rahul_dahiya |
0:fb8047b156bb | 2591 | } |
| rahul_dahiya |
0:fb8047b156bb | 2592 | |
| rahul_dahiya |
0:fb8047b156bb | 2593 | if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk, |
| rahul_dahiya |
0:fb8047b156bb | 2594 | md_alg, hash, hashlen, p, sig_len ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2595 | { |
| rahul_dahiya |
0:fb8047b156bb | 2596 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2597 | MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2598 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2599 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2600 | } |
| rahul_dahiya |
0:fb8047b156bb | 2601 | } |
| rahul_dahiya |
0:fb8047b156bb | 2602 | #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2603 | |
| rahul_dahiya |
0:fb8047b156bb | 2604 | exit: |
| rahul_dahiya |
0:fb8047b156bb | 2605 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 2606 | |
| rahul_dahiya |
0:fb8047b156bb | 2607 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2608 | |
| rahul_dahiya |
0:fb8047b156bb | 2609 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2610 | } |
| rahul_dahiya |
0:fb8047b156bb | 2611 | |
| rahul_dahiya |
0:fb8047b156bb | 2612 | #if ! defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2613 | static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2614 | { |
| rahul_dahiya |
0:fb8047b156bb | 2615 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = |
| rahul_dahiya |
0:fb8047b156bb | 2616 | ssl->transform_negotiate->ciphersuite_info; |
| rahul_dahiya |
0:fb8047b156bb | 2617 | |
| rahul_dahiya |
0:fb8047b156bb | 2618 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2619 | |
| rahul_dahiya |
0:fb8047b156bb | 2620 | if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2621 | { |
| rahul_dahiya |
0:fb8047b156bb | 2622 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2623 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 2624 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2625 | } |
| rahul_dahiya |
0:fb8047b156bb | 2626 | |
| rahul_dahiya |
0:fb8047b156bb | 2627 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2628 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2629 | } |
| rahul_dahiya |
0:fb8047b156bb | 2630 | #else /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2631 | static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2632 | { |
| rahul_dahiya |
0:fb8047b156bb | 2633 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 2634 | unsigned char *buf; |
| rahul_dahiya |
0:fb8047b156bb | 2635 | size_t n = 0; |
| rahul_dahiya |
0:fb8047b156bb | 2636 | size_t cert_type_len = 0, dn_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 2637 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = |
| rahul_dahiya |
0:fb8047b156bb | 2638 | ssl->transform_negotiate->ciphersuite_info; |
| rahul_dahiya |
0:fb8047b156bb | 2639 | |
| rahul_dahiya |
0:fb8047b156bb | 2640 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2641 | |
| rahul_dahiya |
0:fb8047b156bb | 2642 | if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2643 | { |
| rahul_dahiya |
0:fb8047b156bb | 2644 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2645 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 2646 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2647 | } |
| rahul_dahiya |
0:fb8047b156bb | 2648 | |
| rahul_dahiya |
0:fb8047b156bb | 2649 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2650 | { |
| rahul_dahiya |
0:fb8047b156bb | 2651 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2652 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2653 | } |
| rahul_dahiya |
0:fb8047b156bb | 2654 | |
| rahul_dahiya |
0:fb8047b156bb | 2655 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 2656 | { |
| rahul_dahiya |
0:fb8047b156bb | 2657 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2658 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2659 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2660 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2661 | } |
| rahul_dahiya |
0:fb8047b156bb | 2662 | |
| rahul_dahiya |
0:fb8047b156bb | 2663 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 2664 | ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ); |
| rahul_dahiya |
0:fb8047b156bb | 2665 | |
| rahul_dahiya |
0:fb8047b156bb | 2666 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request", |
| rahul_dahiya |
0:fb8047b156bb | 2667 | ssl->client_auth ? "a" : "no" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2668 | |
| rahul_dahiya |
0:fb8047b156bb | 2669 | if( ssl->client_auth == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2670 | { |
| rahul_dahiya |
0:fb8047b156bb | 2671 | /* Current message is probably the ServerHelloDone */ |
| rahul_dahiya |
0:fb8047b156bb | 2672 | ssl->keep_current_message = 1; |
| rahul_dahiya |
0:fb8047b156bb | 2673 | goto exit; |
| rahul_dahiya |
0:fb8047b156bb | 2674 | } |
| rahul_dahiya |
0:fb8047b156bb | 2675 | |
| rahul_dahiya |
0:fb8047b156bb | 2676 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2677 | * struct { |
| rahul_dahiya |
0:fb8047b156bb | 2678 | * ClientCertificateType certificate_types<1..2^8-1>; |
| rahul_dahiya |
0:fb8047b156bb | 2679 | * SignatureAndHashAlgorithm |
| rahul_dahiya |
0:fb8047b156bb | 2680 | * supported_signature_algorithms<2^16-1>; -- TLS 1.2 only |
| rahul_dahiya |
0:fb8047b156bb | 2681 | * DistinguishedName certificate_authorities<0..2^16-1>; |
| rahul_dahiya |
0:fb8047b156bb | 2682 | * } CertificateRequest; |
| rahul_dahiya |
0:fb8047b156bb | 2683 | * |
| rahul_dahiya |
0:fb8047b156bb | 2684 | * Since we only support a single certificate on clients, let's just |
| rahul_dahiya |
0:fb8047b156bb | 2685 | * ignore all the information that's supposed to help us pick a |
| rahul_dahiya |
0:fb8047b156bb | 2686 | * certificate. |
| rahul_dahiya |
0:fb8047b156bb | 2687 | * |
| rahul_dahiya |
0:fb8047b156bb | 2688 | * We could check that our certificate matches the request, and bail out |
| rahul_dahiya |
0:fb8047b156bb | 2689 | * if it doesn't, but it's simpler to just send the certificate anyway, |
| rahul_dahiya |
0:fb8047b156bb | 2690 | * and give the server the opportunity to decide if it should terminate |
| rahul_dahiya |
0:fb8047b156bb | 2691 | * the connection when it doesn't like our certificate. |
| rahul_dahiya |
0:fb8047b156bb | 2692 | * |
| rahul_dahiya |
0:fb8047b156bb | 2693 | * Same goes for the hash in TLS 1.2's signature_algorithms: at this |
| rahul_dahiya |
0:fb8047b156bb | 2694 | * point we only have one hash available (see comments in |
| rahul_dahiya |
0:fb8047b156bb | 2695 | * write_certificate_verify), so let's just use what we have. |
| rahul_dahiya |
0:fb8047b156bb | 2696 | * |
| rahul_dahiya |
0:fb8047b156bb | 2697 | * However, we still minimally parse the message to check it is at least |
| rahul_dahiya |
0:fb8047b156bb | 2698 | * superficially sane. |
| rahul_dahiya |
0:fb8047b156bb | 2699 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2700 | buf = ssl->in_msg; |
| rahul_dahiya |
0:fb8047b156bb | 2701 | |
| rahul_dahiya |
0:fb8047b156bb | 2702 | /* certificate_types */ |
| rahul_dahiya |
0:fb8047b156bb | 2703 | cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; |
| rahul_dahiya |
0:fb8047b156bb | 2704 | n = cert_type_len; |
| rahul_dahiya |
0:fb8047b156bb | 2705 | |
| rahul_dahiya |
0:fb8047b156bb | 2706 | if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) |
| rahul_dahiya |
0:fb8047b156bb | 2707 | { |
| rahul_dahiya |
0:fb8047b156bb | 2708 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2709 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2710 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2711 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); |
| rahul_dahiya |
0:fb8047b156bb | 2712 | } |
| rahul_dahiya |
0:fb8047b156bb | 2713 | |
| rahul_dahiya |
0:fb8047b156bb | 2714 | /* supported_signature_algorithms */ |
| rahul_dahiya |
0:fb8047b156bb | 2715 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 2716 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 2717 | { |
| rahul_dahiya |
0:fb8047b156bb | 2718 | size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) |
| rahul_dahiya |
0:fb8047b156bb | 2719 | | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2720 | #if defined(MBEDTLS_DEBUG_C) |
| rahul_dahiya |
0:fb8047b156bb | 2721 | unsigned char* sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; |
| rahul_dahiya |
0:fb8047b156bb | 2722 | size_t i; |
| rahul_dahiya |
0:fb8047b156bb | 2723 | |
| rahul_dahiya |
0:fb8047b156bb | 2724 | for( i = 0; i < sig_alg_len; i += 2 ) |
| rahul_dahiya |
0:fb8047b156bb | 2725 | { |
| rahul_dahiya |
0:fb8047b156bb | 2726 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d" |
| rahul_dahiya |
0:fb8047b156bb | 2727 | ",%d", sig_alg[i], sig_alg[i + 1] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2728 | } |
| rahul_dahiya |
0:fb8047b156bb | 2729 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2730 | |
| rahul_dahiya |
0:fb8047b156bb | 2731 | n += 2 + sig_alg_len; |
| rahul_dahiya |
0:fb8047b156bb | 2732 | |
| rahul_dahiya |
0:fb8047b156bb | 2733 | if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) |
| rahul_dahiya |
0:fb8047b156bb | 2734 | { |
| rahul_dahiya |
0:fb8047b156bb | 2735 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2736 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2737 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2738 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); |
| rahul_dahiya |
0:fb8047b156bb | 2739 | } |
| rahul_dahiya |
0:fb8047b156bb | 2740 | } |
| rahul_dahiya |
0:fb8047b156bb | 2741 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 2742 | |
| rahul_dahiya |
0:fb8047b156bb | 2743 | /* certificate_authorities */ |
| rahul_dahiya |
0:fb8047b156bb | 2744 | dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) |
| rahul_dahiya |
0:fb8047b156bb | 2745 | | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2746 | |
| rahul_dahiya |
0:fb8047b156bb | 2747 | n += dn_len; |
| rahul_dahiya |
0:fb8047b156bb | 2748 | if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n ) |
| rahul_dahiya |
0:fb8047b156bb | 2749 | { |
| rahul_dahiya |
0:fb8047b156bb | 2750 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2751 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2752 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2753 | return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); |
| rahul_dahiya |
0:fb8047b156bb | 2754 | } |
| rahul_dahiya |
0:fb8047b156bb | 2755 | |
| rahul_dahiya |
0:fb8047b156bb | 2756 | exit: |
| rahul_dahiya |
0:fb8047b156bb | 2757 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2758 | |
| rahul_dahiya |
0:fb8047b156bb | 2759 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2760 | } |
| rahul_dahiya |
0:fb8047b156bb | 2761 | #endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2762 | |
| rahul_dahiya |
0:fb8047b156bb | 2763 | static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2764 | { |
| rahul_dahiya |
0:fb8047b156bb | 2765 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 2766 | |
| rahul_dahiya |
0:fb8047b156bb | 2767 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2768 | |
| rahul_dahiya |
0:fb8047b156bb | 2769 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2770 | { |
| rahul_dahiya |
0:fb8047b156bb | 2771 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2772 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2773 | } |
| rahul_dahiya |
0:fb8047b156bb | 2774 | |
| rahul_dahiya |
0:fb8047b156bb | 2775 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 2776 | { |
| rahul_dahiya |
0:fb8047b156bb | 2777 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2778 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 2779 | } |
| rahul_dahiya |
0:fb8047b156bb | 2780 | |
| rahul_dahiya |
0:fb8047b156bb | 2781 | if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) || |
| rahul_dahiya |
0:fb8047b156bb | 2782 | ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE ) |
| rahul_dahiya |
0:fb8047b156bb | 2783 | { |
| rahul_dahiya |
0:fb8047b156bb | 2784 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2785 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 2786 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2787 | return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE ); |
| rahul_dahiya |
0:fb8047b156bb | 2788 | } |
| rahul_dahiya |
0:fb8047b156bb | 2789 | |
| rahul_dahiya |
0:fb8047b156bb | 2790 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 2791 | |
| rahul_dahiya |
0:fb8047b156bb | 2792 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 2793 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
| rahul_dahiya |
0:fb8047b156bb | 2794 | mbedtls_ssl_recv_flight_completed( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 2795 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2796 | |
| rahul_dahiya |
0:fb8047b156bb | 2797 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello done" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2798 | |
| rahul_dahiya |
0:fb8047b156bb | 2799 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 2800 | } |
| rahul_dahiya |
0:fb8047b156bb | 2801 | |
| rahul_dahiya |
0:fb8047b156bb | 2802 | static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 2803 | { |
| rahul_dahiya |
0:fb8047b156bb | 2804 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 2805 | size_t i, n; |
| rahul_dahiya |
0:fb8047b156bb | 2806 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = |
| rahul_dahiya |
0:fb8047b156bb | 2807 | ssl->transform_negotiate->ciphersuite_info; |
| rahul_dahiya |
0:fb8047b156bb | 2808 | |
| rahul_dahiya |
0:fb8047b156bb | 2809 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2810 | |
| rahul_dahiya |
0:fb8047b156bb | 2811 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2812 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ) |
| rahul_dahiya |
0:fb8047b156bb | 2813 | { |
| rahul_dahiya |
0:fb8047b156bb | 2814 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2815 | * DHM key exchange -- send G^X mod P |
| rahul_dahiya |
0:fb8047b156bb | 2816 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2817 | n = ssl->handshake->dhm_ctx.len; |
| rahul_dahiya |
0:fb8047b156bb | 2818 | |
| rahul_dahiya |
0:fb8047b156bb | 2819 | ssl->out_msg[4] = (unsigned char)( n >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2820 | ssl->out_msg[5] = (unsigned char)( n ); |
| rahul_dahiya |
0:fb8047b156bb | 2821 | i = 6; |
| rahul_dahiya |
0:fb8047b156bb | 2822 | |
| rahul_dahiya |
0:fb8047b156bb | 2823 | ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 2824 | (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), |
| rahul_dahiya |
0:fb8047b156bb | 2825 | &ssl->out_msg[i], n, |
| rahul_dahiya |
0:fb8047b156bb | 2826 | ssl->conf->f_rng, ssl->conf->p_rng ); |
| rahul_dahiya |
0:fb8047b156bb | 2827 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2828 | { |
| rahul_dahiya |
0:fb8047b156bb | 2829 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2830 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2831 | } |
| rahul_dahiya |
0:fb8047b156bb | 2832 | |
| rahul_dahiya |
0:fb8047b156bb | 2833 | MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X ); |
| rahul_dahiya |
0:fb8047b156bb | 2834 | MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); |
| rahul_dahiya |
0:fb8047b156bb | 2835 | |
| rahul_dahiya |
0:fb8047b156bb | 2836 | if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 2837 | ssl->handshake->premaster, |
| rahul_dahiya |
0:fb8047b156bb | 2838 | MBEDTLS_PREMASTER_SIZE, |
| rahul_dahiya |
0:fb8047b156bb | 2839 | &ssl->handshake->pmslen, |
| rahul_dahiya |
0:fb8047b156bb | 2840 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2841 | { |
| rahul_dahiya |
0:fb8047b156bb | 2842 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2843 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2844 | } |
| rahul_dahiya |
0:fb8047b156bb | 2845 | |
| rahul_dahiya |
0:fb8047b156bb | 2846 | MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); |
| rahul_dahiya |
0:fb8047b156bb | 2847 | } |
| rahul_dahiya |
0:fb8047b156bb | 2848 | else |
| rahul_dahiya |
0:fb8047b156bb | 2849 | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2850 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2851 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2852 | defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ |
| rahul_dahiya |
0:fb8047b156bb | 2853 | defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2854 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || |
| rahul_dahiya |
0:fb8047b156bb | 2855 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || |
| rahul_dahiya |
0:fb8047b156bb | 2856 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || |
| rahul_dahiya |
0:fb8047b156bb | 2857 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) |
| rahul_dahiya |
0:fb8047b156bb | 2858 | { |
| rahul_dahiya |
0:fb8047b156bb | 2859 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2860 | * ECDH key exchange -- send client public value |
| rahul_dahiya |
0:fb8047b156bb | 2861 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2862 | i = 4; |
| rahul_dahiya |
0:fb8047b156bb | 2863 | |
| rahul_dahiya |
0:fb8047b156bb | 2864 | ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 2865 | &n, |
| rahul_dahiya |
0:fb8047b156bb | 2866 | &ssl->out_msg[i], 1000, |
| rahul_dahiya |
0:fb8047b156bb | 2867 | ssl->conf->f_rng, ssl->conf->p_rng ); |
| rahul_dahiya |
0:fb8047b156bb | 2868 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2869 | { |
| rahul_dahiya |
0:fb8047b156bb | 2870 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2871 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2872 | } |
| rahul_dahiya |
0:fb8047b156bb | 2873 | |
| rahul_dahiya |
0:fb8047b156bb | 2874 | MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q ); |
| rahul_dahiya |
0:fb8047b156bb | 2875 | |
| rahul_dahiya |
0:fb8047b156bb | 2876 | if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 2877 | &ssl->handshake->pmslen, |
| rahul_dahiya |
0:fb8047b156bb | 2878 | ssl->handshake->premaster, |
| rahul_dahiya |
0:fb8047b156bb | 2879 | MBEDTLS_MPI_MAX_SIZE, |
| rahul_dahiya |
0:fb8047b156bb | 2880 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2881 | { |
| rahul_dahiya |
0:fb8047b156bb | 2882 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2883 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2884 | } |
| rahul_dahiya |
0:fb8047b156bb | 2885 | |
| rahul_dahiya |
0:fb8047b156bb | 2886 | MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); |
| rahul_dahiya |
0:fb8047b156bb | 2887 | } |
| rahul_dahiya |
0:fb8047b156bb | 2888 | else |
| rahul_dahiya |
0:fb8047b156bb | 2889 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2890 | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2891 | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || |
| rahul_dahiya |
0:fb8047b156bb | 2892 | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2893 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2894 | if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) ) |
| rahul_dahiya |
0:fb8047b156bb | 2895 | { |
| rahul_dahiya |
0:fb8047b156bb | 2896 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2897 | * opaque psk_identity<0..2^16-1>; |
| rahul_dahiya |
0:fb8047b156bb | 2898 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2899 | if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 2900 | { |
| rahul_dahiya |
0:fb8047b156bb | 2901 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for PSK" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2902 | return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); |
| rahul_dahiya |
0:fb8047b156bb | 2903 | } |
| rahul_dahiya |
0:fb8047b156bb | 2904 | |
| rahul_dahiya |
0:fb8047b156bb | 2905 | i = 4; |
| rahul_dahiya |
0:fb8047b156bb | 2906 | n = ssl->conf->psk_identity_len; |
| rahul_dahiya |
0:fb8047b156bb | 2907 | |
| rahul_dahiya |
0:fb8047b156bb | 2908 | if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 2909 | { |
| rahul_dahiya |
0:fb8047b156bb | 2910 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or " |
| rahul_dahiya |
0:fb8047b156bb | 2911 | "SSL buffer too short" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2912 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
| rahul_dahiya |
0:fb8047b156bb | 2913 | } |
| rahul_dahiya |
0:fb8047b156bb | 2914 | |
| rahul_dahiya |
0:fb8047b156bb | 2915 | ssl->out_msg[i++] = (unsigned char)( n >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2916 | ssl->out_msg[i++] = (unsigned char)( n ); |
| rahul_dahiya |
0:fb8047b156bb | 2917 | |
| rahul_dahiya |
0:fb8047b156bb | 2918 | memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len ); |
| rahul_dahiya |
0:fb8047b156bb | 2919 | i += ssl->conf->psk_identity_len; |
| rahul_dahiya |
0:fb8047b156bb | 2920 | |
| rahul_dahiya |
0:fb8047b156bb | 2921 | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2922 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 2923 | { |
| rahul_dahiya |
0:fb8047b156bb | 2924 | n = 0; |
| rahul_dahiya |
0:fb8047b156bb | 2925 | } |
| rahul_dahiya |
0:fb8047b156bb | 2926 | else |
| rahul_dahiya |
0:fb8047b156bb | 2927 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2928 | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2929 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 2930 | { |
| rahul_dahiya |
0:fb8047b156bb | 2931 | if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2932 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2933 | } |
| rahul_dahiya |
0:fb8047b156bb | 2934 | else |
| rahul_dahiya |
0:fb8047b156bb | 2935 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 2936 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2937 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 2938 | { |
| rahul_dahiya |
0:fb8047b156bb | 2939 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2940 | * ClientDiffieHellmanPublic public (DHM send G^X mod P) |
| rahul_dahiya |
0:fb8047b156bb | 2941 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2942 | n = ssl->handshake->dhm_ctx.len; |
| rahul_dahiya |
0:fb8047b156bb | 2943 | |
| rahul_dahiya |
0:fb8047b156bb | 2944 | if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN ) |
| rahul_dahiya |
0:fb8047b156bb | 2945 | { |
| rahul_dahiya |
0:fb8047b156bb | 2946 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long" |
| rahul_dahiya |
0:fb8047b156bb | 2947 | " or SSL buffer too short" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2948 | return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); |
| rahul_dahiya |
0:fb8047b156bb | 2949 | } |
| rahul_dahiya |
0:fb8047b156bb | 2950 | |
| rahul_dahiya |
0:fb8047b156bb | 2951 | ssl->out_msg[i++] = (unsigned char)( n >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 2952 | ssl->out_msg[i++] = (unsigned char)( n ); |
| rahul_dahiya |
0:fb8047b156bb | 2953 | |
| rahul_dahiya |
0:fb8047b156bb | 2954 | ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 2955 | (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), |
| rahul_dahiya |
0:fb8047b156bb | 2956 | &ssl->out_msg[i], n, |
| rahul_dahiya |
0:fb8047b156bb | 2957 | ssl->conf->f_rng, ssl->conf->p_rng ); |
| rahul_dahiya |
0:fb8047b156bb | 2958 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2959 | { |
| rahul_dahiya |
0:fb8047b156bb | 2960 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2961 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2962 | } |
| rahul_dahiya |
0:fb8047b156bb | 2963 | } |
| rahul_dahiya |
0:fb8047b156bb | 2964 | else |
| rahul_dahiya |
0:fb8047b156bb | 2965 | #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2966 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 2967 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) |
| rahul_dahiya |
0:fb8047b156bb | 2968 | { |
| rahul_dahiya |
0:fb8047b156bb | 2969 | /* |
| rahul_dahiya |
0:fb8047b156bb | 2970 | * ClientECDiffieHellmanPublic public; |
| rahul_dahiya |
0:fb8047b156bb | 2971 | */ |
| rahul_dahiya |
0:fb8047b156bb | 2972 | ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, |
| rahul_dahiya |
0:fb8047b156bb | 2973 | &ssl->out_msg[i], MBEDTLS_SSL_MAX_CONTENT_LEN - i, |
| rahul_dahiya |
0:fb8047b156bb | 2974 | ssl->conf->f_rng, ssl->conf->p_rng ); |
| rahul_dahiya |
0:fb8047b156bb | 2975 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2976 | { |
| rahul_dahiya |
0:fb8047b156bb | 2977 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2978 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2979 | } |
| rahul_dahiya |
0:fb8047b156bb | 2980 | |
| rahul_dahiya |
0:fb8047b156bb | 2981 | MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q ); |
| rahul_dahiya |
0:fb8047b156bb | 2982 | } |
| rahul_dahiya |
0:fb8047b156bb | 2983 | else |
| rahul_dahiya |
0:fb8047b156bb | 2984 | #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2985 | { |
| rahul_dahiya |
0:fb8047b156bb | 2986 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 2987 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 2988 | } |
| rahul_dahiya |
0:fb8047b156bb | 2989 | |
| rahul_dahiya |
0:fb8047b156bb | 2990 | if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, |
| rahul_dahiya |
0:fb8047b156bb | 2991 | ciphersuite_info->key_exchange ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 2992 | { |
| rahul_dahiya |
0:fb8047b156bb | 2993 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2994 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 2995 | } |
| rahul_dahiya |
0:fb8047b156bb | 2996 | } |
| rahul_dahiya |
0:fb8047b156bb | 2997 | else |
| rahul_dahiya |
0:fb8047b156bb | 2998 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 2999 | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 3000 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) |
| rahul_dahiya |
0:fb8047b156bb | 3001 | { |
| rahul_dahiya |
0:fb8047b156bb | 3002 | i = 4; |
| rahul_dahiya |
0:fb8047b156bb | 3003 | if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3004 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3005 | } |
| rahul_dahiya |
0:fb8047b156bb | 3006 | else |
| rahul_dahiya |
0:fb8047b156bb | 3007 | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 3008 | #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 3009 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 3010 | { |
| rahul_dahiya |
0:fb8047b156bb | 3011 | i = 4; |
| rahul_dahiya |
0:fb8047b156bb | 3012 | |
| rahul_dahiya |
0:fb8047b156bb | 3013 | ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 3014 | ssl->out_msg + i, MBEDTLS_SSL_MAX_CONTENT_LEN - i, &n, |
| rahul_dahiya |
0:fb8047b156bb | 3015 | ssl->conf->f_rng, ssl->conf->p_rng ); |
| rahul_dahiya |
0:fb8047b156bb | 3016 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3017 | { |
| rahul_dahiya |
0:fb8047b156bb | 3018 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3019 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3020 | } |
| rahul_dahiya |
0:fb8047b156bb | 3021 | |
| rahul_dahiya |
0:fb8047b156bb | 3022 | ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, |
| rahul_dahiya |
0:fb8047b156bb | 3023 | ssl->handshake->premaster, 32, &ssl->handshake->pmslen, |
| rahul_dahiya |
0:fb8047b156bb | 3024 | ssl->conf->f_rng, ssl->conf->p_rng ); |
| rahul_dahiya |
0:fb8047b156bb | 3025 | if( ret != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3026 | { |
| rahul_dahiya |
0:fb8047b156bb | 3027 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3028 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3029 | } |
| rahul_dahiya |
0:fb8047b156bb | 3030 | } |
| rahul_dahiya |
0:fb8047b156bb | 3031 | else |
| rahul_dahiya |
0:fb8047b156bb | 3032 | #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 3033 | { |
| rahul_dahiya |
0:fb8047b156bb | 3034 | ((void) ciphersuite_info); |
| rahul_dahiya |
0:fb8047b156bb | 3035 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3036 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 3037 | } |
| rahul_dahiya |
0:fb8047b156bb | 3038 | |
| rahul_dahiya |
0:fb8047b156bb | 3039 | ssl->out_msglen = i + n; |
| rahul_dahiya |
0:fb8047b156bb | 3040 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
| rahul_dahiya |
0:fb8047b156bb | 3041 | ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE; |
| rahul_dahiya |
0:fb8047b156bb | 3042 | |
| rahul_dahiya |
0:fb8047b156bb | 3043 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 3044 | |
| rahul_dahiya |
0:fb8047b156bb | 3045 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3046 | { |
| rahul_dahiya |
0:fb8047b156bb | 3047 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3048 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3049 | } |
| rahul_dahiya |
0:fb8047b156bb | 3050 | |
| rahul_dahiya |
0:fb8047b156bb | 3051 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3052 | |
| rahul_dahiya |
0:fb8047b156bb | 3053 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3054 | } |
| rahul_dahiya |
0:fb8047b156bb | 3055 | |
| rahul_dahiya |
0:fb8047b156bb | 3056 | #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ |
| rahul_dahiya |
0:fb8047b156bb | 3057 | !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ |
| rahul_dahiya |
0:fb8047b156bb | 3058 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ |
| rahul_dahiya |
0:fb8047b156bb | 3059 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ |
| rahul_dahiya |
0:fb8047b156bb | 3060 | !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ |
| rahul_dahiya |
0:fb8047b156bb | 3061 | !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) |
| rahul_dahiya |
0:fb8047b156bb | 3062 | static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3063 | { |
| rahul_dahiya |
0:fb8047b156bb | 3064 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = |
| rahul_dahiya |
0:fb8047b156bb | 3065 | ssl->transform_negotiate->ciphersuite_info; |
| rahul_dahiya |
0:fb8047b156bb | 3066 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 3067 | |
| rahul_dahiya |
0:fb8047b156bb | 3068 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3069 | |
| rahul_dahiya |
0:fb8047b156bb | 3070 | if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3071 | { |
| rahul_dahiya |
0:fb8047b156bb | 3072 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3073 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3074 | } |
| rahul_dahiya |
0:fb8047b156bb | 3075 | |
| rahul_dahiya |
0:fb8047b156bb | 3076 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 3077 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 3078 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 3079 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 3080 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 3081 | { |
| rahul_dahiya |
0:fb8047b156bb | 3082 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3083 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 3084 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3085 | } |
| rahul_dahiya |
0:fb8047b156bb | 3086 | |
| rahul_dahiya |
0:fb8047b156bb | 3087 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3088 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 3089 | } |
| rahul_dahiya |
0:fb8047b156bb | 3090 | #else |
| rahul_dahiya |
0:fb8047b156bb | 3091 | static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3092 | { |
| rahul_dahiya |
0:fb8047b156bb | 3093 | int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; |
| rahul_dahiya |
0:fb8047b156bb | 3094 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info = |
| rahul_dahiya |
0:fb8047b156bb | 3095 | ssl->transform_negotiate->ciphersuite_info; |
| rahul_dahiya |
0:fb8047b156bb | 3096 | size_t n = 0, offset = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3097 | unsigned char hash[48]; |
| rahul_dahiya |
0:fb8047b156bb | 3098 | unsigned char *hash_start = hash; |
| rahul_dahiya |
0:fb8047b156bb | 3099 | mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; |
| rahul_dahiya |
0:fb8047b156bb | 3100 | unsigned int hashlen; |
| rahul_dahiya |
0:fb8047b156bb | 3101 | |
| rahul_dahiya |
0:fb8047b156bb | 3102 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3103 | |
| rahul_dahiya |
0:fb8047b156bb | 3104 | if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3105 | { |
| rahul_dahiya |
0:fb8047b156bb | 3106 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3107 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3108 | } |
| rahul_dahiya |
0:fb8047b156bb | 3109 | |
| rahul_dahiya |
0:fb8047b156bb | 3110 | if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 3111 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 3112 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 3113 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || |
| rahul_dahiya |
0:fb8047b156bb | 3114 | ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 3115 | { |
| rahul_dahiya |
0:fb8047b156bb | 3116 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3117 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 3118 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3119 | } |
| rahul_dahiya |
0:fb8047b156bb | 3120 | |
| rahul_dahiya |
0:fb8047b156bb | 3121 | if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3122 | { |
| rahul_dahiya |
0:fb8047b156bb | 3123 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3124 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 3125 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3126 | } |
| rahul_dahiya |
0:fb8047b156bb | 3127 | |
| rahul_dahiya |
0:fb8047b156bb | 3128 | if( mbedtls_ssl_own_key( ssl ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3129 | { |
| rahul_dahiya |
0:fb8047b156bb | 3130 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for certificate" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3131 | return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); |
| rahul_dahiya |
0:fb8047b156bb | 3132 | } |
| rahul_dahiya |
0:fb8047b156bb | 3133 | |
| rahul_dahiya |
0:fb8047b156bb | 3134 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3135 | * Make an RSA signature of the handshake digests |
| rahul_dahiya |
0:fb8047b156bb | 3136 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3137 | ssl->handshake->calc_verify( ssl, hash ); |
| rahul_dahiya |
0:fb8047b156bb | 3138 | |
| rahul_dahiya |
0:fb8047b156bb | 3139 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| rahul_dahiya |
0:fb8047b156bb | 3140 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| rahul_dahiya |
0:fb8047b156bb | 3141 | if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 3142 | { |
| rahul_dahiya |
0:fb8047b156bb | 3143 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3144 | * digitally-signed struct { |
| rahul_dahiya |
0:fb8047b156bb | 3145 | * opaque md5_hash[16]; |
| rahul_dahiya |
0:fb8047b156bb | 3146 | * opaque sha_hash[20]; |
| rahul_dahiya |
0:fb8047b156bb | 3147 | * }; |
| rahul_dahiya |
0:fb8047b156bb | 3148 | * |
| rahul_dahiya |
0:fb8047b156bb | 3149 | * md5_hash |
| rahul_dahiya |
0:fb8047b156bb | 3150 | * MD5(handshake_messages); |
| rahul_dahiya |
0:fb8047b156bb | 3151 | * |
| rahul_dahiya |
0:fb8047b156bb | 3152 | * sha_hash |
| rahul_dahiya |
0:fb8047b156bb | 3153 | * SHA(handshake_messages); |
| rahul_dahiya |
0:fb8047b156bb | 3154 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3155 | hashlen = 36; |
| rahul_dahiya |
0:fb8047b156bb | 3156 | md_alg = MBEDTLS_MD_NONE; |
| rahul_dahiya |
0:fb8047b156bb | 3157 | |
| rahul_dahiya |
0:fb8047b156bb | 3158 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3159 | * For ECDSA, default hash is SHA-1 only |
| rahul_dahiya |
0:fb8047b156bb | 3160 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3161 | if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) ) |
| rahul_dahiya |
0:fb8047b156bb | 3162 | { |
| rahul_dahiya |
0:fb8047b156bb | 3163 | hash_start += 16; |
| rahul_dahiya |
0:fb8047b156bb | 3164 | hashlen -= 16; |
| rahul_dahiya |
0:fb8047b156bb | 3165 | md_alg = MBEDTLS_MD_SHA1; |
| rahul_dahiya |
0:fb8047b156bb | 3166 | } |
| rahul_dahiya |
0:fb8047b156bb | 3167 | } |
| rahul_dahiya |
0:fb8047b156bb | 3168 | else |
| rahul_dahiya |
0:fb8047b156bb | 3169 | #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ |
| rahul_dahiya |
0:fb8047b156bb | 3170 | MBEDTLS_SSL_PROTO_TLS1_1 */ |
| rahul_dahiya |
0:fb8047b156bb | 3171 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| rahul_dahiya |
0:fb8047b156bb | 3172 | if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) |
| rahul_dahiya |
0:fb8047b156bb | 3173 | { |
| rahul_dahiya |
0:fb8047b156bb | 3174 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3175 | * digitally-signed struct { |
| rahul_dahiya |
0:fb8047b156bb | 3176 | * opaque handshake_messages[handshake_messages_length]; |
| rahul_dahiya |
0:fb8047b156bb | 3177 | * }; |
| rahul_dahiya |
0:fb8047b156bb | 3178 | * |
| rahul_dahiya |
0:fb8047b156bb | 3179 | * Taking shortcut here. We assume that the server always allows the |
| rahul_dahiya |
0:fb8047b156bb | 3180 | * PRF Hash function and has sent it in the allowed signature |
| rahul_dahiya |
0:fb8047b156bb | 3181 | * algorithms list received in the Certificate Request message. |
| rahul_dahiya |
0:fb8047b156bb | 3182 | * |
| rahul_dahiya |
0:fb8047b156bb | 3183 | * Until we encounter a server that does not, we will take this |
| rahul_dahiya |
0:fb8047b156bb | 3184 | * shortcut. |
| rahul_dahiya |
0:fb8047b156bb | 3185 | * |
| rahul_dahiya |
0:fb8047b156bb | 3186 | * Reason: Otherwise we should have running hashes for SHA512 and SHA224 |
| rahul_dahiya |
0:fb8047b156bb | 3187 | * in order to satisfy 'weird' needs from the server side. |
| rahul_dahiya |
0:fb8047b156bb | 3188 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3189 | if( ssl->transform_negotiate->ciphersuite_info->mac == |
| rahul_dahiya |
0:fb8047b156bb | 3190 | MBEDTLS_MD_SHA384 ) |
| rahul_dahiya |
0:fb8047b156bb | 3191 | { |
| rahul_dahiya |
0:fb8047b156bb | 3192 | md_alg = MBEDTLS_MD_SHA384; |
| rahul_dahiya |
0:fb8047b156bb | 3193 | ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384; |
| rahul_dahiya |
0:fb8047b156bb | 3194 | } |
| rahul_dahiya |
0:fb8047b156bb | 3195 | else |
| rahul_dahiya |
0:fb8047b156bb | 3196 | { |
| rahul_dahiya |
0:fb8047b156bb | 3197 | md_alg = MBEDTLS_MD_SHA256; |
| rahul_dahiya |
0:fb8047b156bb | 3198 | ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256; |
| rahul_dahiya |
0:fb8047b156bb | 3199 | } |
| rahul_dahiya |
0:fb8047b156bb | 3200 | ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3201 | |
| rahul_dahiya |
0:fb8047b156bb | 3202 | /* Info from md_alg will be used instead */ |
| rahul_dahiya |
0:fb8047b156bb | 3203 | hashlen = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3204 | offset = 2; |
| rahul_dahiya |
0:fb8047b156bb | 3205 | } |
| rahul_dahiya |
0:fb8047b156bb | 3206 | else |
| rahul_dahiya |
0:fb8047b156bb | 3207 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| rahul_dahiya |
0:fb8047b156bb | 3208 | { |
| rahul_dahiya |
0:fb8047b156bb | 3209 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3210 | return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 3211 | } |
| rahul_dahiya |
0:fb8047b156bb | 3212 | |
| rahul_dahiya |
0:fb8047b156bb | 3213 | if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash_start, hashlen, |
| rahul_dahiya |
0:fb8047b156bb | 3214 | ssl->out_msg + 6 + offset, &n, |
| rahul_dahiya |
0:fb8047b156bb | 3215 | ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3216 | { |
| rahul_dahiya |
0:fb8047b156bb | 3217 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3218 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3219 | } |
| rahul_dahiya |
0:fb8047b156bb | 3220 | |
| rahul_dahiya |
0:fb8047b156bb | 3221 | ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); |
| rahul_dahiya |
0:fb8047b156bb | 3222 | ssl->out_msg[5 + offset] = (unsigned char)( n ); |
| rahul_dahiya |
0:fb8047b156bb | 3223 | |
| rahul_dahiya |
0:fb8047b156bb | 3224 | ssl->out_msglen = 6 + n + offset; |
| rahul_dahiya |
0:fb8047b156bb | 3225 | ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; |
| rahul_dahiya |
0:fb8047b156bb | 3226 | ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY; |
| rahul_dahiya |
0:fb8047b156bb | 3227 | |
| rahul_dahiya |
0:fb8047b156bb | 3228 | ssl->state++; |
| rahul_dahiya |
0:fb8047b156bb | 3229 | |
| rahul_dahiya |
0:fb8047b156bb | 3230 | if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3231 | { |
| rahul_dahiya |
0:fb8047b156bb | 3232 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3233 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3234 | } |
| rahul_dahiya |
0:fb8047b156bb | 3235 | |
| rahul_dahiya |
0:fb8047b156bb | 3236 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3237 | |
| rahul_dahiya |
0:fb8047b156bb | 3238 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3239 | } |
| rahul_dahiya |
0:fb8047b156bb | 3240 | #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED && |
| rahul_dahiya |
0:fb8047b156bb | 3241 | !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED && |
| rahul_dahiya |
0:fb8047b156bb | 3242 | !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED && |
| rahul_dahiya |
0:fb8047b156bb | 3243 | !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED && |
| rahul_dahiya |
0:fb8047b156bb | 3244 | !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && |
| rahul_dahiya |
0:fb8047b156bb | 3245 | !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ |
| rahul_dahiya |
0:fb8047b156bb | 3246 | |
| rahul_dahiya |
0:fb8047b156bb | 3247 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| rahul_dahiya |
0:fb8047b156bb | 3248 | static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3249 | { |
| rahul_dahiya |
0:fb8047b156bb | 3250 | int ret; |
| rahul_dahiya |
0:fb8047b156bb | 3251 | uint32_t lifetime; |
| rahul_dahiya |
0:fb8047b156bb | 3252 | size_t ticket_len; |
| rahul_dahiya |
0:fb8047b156bb | 3253 | unsigned char *ticket; |
| rahul_dahiya |
0:fb8047b156bb | 3254 | const unsigned char *msg; |
| rahul_dahiya |
0:fb8047b156bb | 3255 | |
| rahul_dahiya |
0:fb8047b156bb | 3256 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3257 | |
| rahul_dahiya |
0:fb8047b156bb | 3258 | if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3259 | { |
| rahul_dahiya |
0:fb8047b156bb | 3260 | MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3261 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3262 | } |
| rahul_dahiya |
0:fb8047b156bb | 3263 | |
| rahul_dahiya |
0:fb8047b156bb | 3264 | if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) |
| rahul_dahiya |
0:fb8047b156bb | 3265 | { |
| rahul_dahiya |
0:fb8047b156bb | 3266 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3267 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 3268 | MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 3269 | return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); |
| rahul_dahiya |
0:fb8047b156bb | 3270 | } |
| rahul_dahiya |
0:fb8047b156bb | 3271 | |
| rahul_dahiya |
0:fb8047b156bb | 3272 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3273 | * struct { |
| rahul_dahiya |
0:fb8047b156bb | 3274 | * uint32 ticket_lifetime_hint; |
| rahul_dahiya |
0:fb8047b156bb | 3275 | * opaque ticket<0..2^16-1>; |
| rahul_dahiya |
0:fb8047b156bb | 3276 | * } NewSessionTicket; |
| rahul_dahiya |
0:fb8047b156bb | 3277 | * |
| rahul_dahiya |
0:fb8047b156bb | 3278 | * 0 . 3 ticket_lifetime_hint |
| rahul_dahiya |
0:fb8047b156bb | 3279 | * 4 . 5 ticket_len (n) |
| rahul_dahiya |
0:fb8047b156bb | 3280 | * 6 . 5+n ticket content |
| rahul_dahiya |
0:fb8047b156bb | 3281 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3282 | if( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET || |
| rahul_dahiya |
0:fb8047b156bb | 3283 | ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len( ssl ) ) |
| rahul_dahiya |
0:fb8047b156bb | 3284 | { |
| rahul_dahiya |
0:fb8047b156bb | 3285 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3286 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 3287 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 3288 | return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); |
| rahul_dahiya |
0:fb8047b156bb | 3289 | } |
| rahul_dahiya |
0:fb8047b156bb | 3290 | |
| rahul_dahiya |
0:fb8047b156bb | 3291 | msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3292 | |
| rahul_dahiya |
0:fb8047b156bb | 3293 | lifetime = ( msg[0] << 24 ) | ( msg[1] << 16 ) | |
| rahul_dahiya |
0:fb8047b156bb | 3294 | ( msg[2] << 8 ) | ( msg[3] ); |
| rahul_dahiya |
0:fb8047b156bb | 3295 | |
| rahul_dahiya |
0:fb8047b156bb | 3296 | ticket_len = ( msg[4] << 8 ) | ( msg[5] ); |
| rahul_dahiya |
0:fb8047b156bb | 3297 | |
| rahul_dahiya |
0:fb8047b156bb | 3298 | if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen ) |
| rahul_dahiya |
0:fb8047b156bb | 3299 | { |
| rahul_dahiya |
0:fb8047b156bb | 3300 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3301 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 3302 | MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 3303 | return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); |
| rahul_dahiya |
0:fb8047b156bb | 3304 | } |
| rahul_dahiya |
0:fb8047b156bb | 3305 | |
| rahul_dahiya |
0:fb8047b156bb | 3306 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3307 | |
| rahul_dahiya |
0:fb8047b156bb | 3308 | /* We're not waiting for a NewSessionTicket message any more */ |
| rahul_dahiya |
0:fb8047b156bb | 3309 | ssl->handshake->new_session_ticket = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3310 | ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; |
| rahul_dahiya |
0:fb8047b156bb | 3311 | |
| rahul_dahiya |
0:fb8047b156bb | 3312 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3313 | * Zero-length ticket means the server changed his mind and doesn't want |
| rahul_dahiya |
0:fb8047b156bb | 3314 | * to send a ticket after all, so just forget it |
| rahul_dahiya |
0:fb8047b156bb | 3315 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3316 | if( ticket_len == 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3317 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3318 | |
| rahul_dahiya |
0:fb8047b156bb | 3319 | mbedtls_zeroize( ssl->session_negotiate->ticket, |
| rahul_dahiya |
0:fb8047b156bb | 3320 | ssl->session_negotiate->ticket_len ); |
| rahul_dahiya |
0:fb8047b156bb | 3321 | mbedtls_free( ssl->session_negotiate->ticket ); |
| rahul_dahiya |
0:fb8047b156bb | 3322 | ssl->session_negotiate->ticket = NULL; |
| rahul_dahiya |
0:fb8047b156bb | 3323 | ssl->session_negotiate->ticket_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3324 | |
| rahul_dahiya |
0:fb8047b156bb | 3325 | if( ( ticket = mbedtls_calloc( 1, ticket_len ) ) == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3326 | { |
| rahul_dahiya |
0:fb8047b156bb | 3327 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "ticket alloc failed" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3328 | mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, |
| rahul_dahiya |
0:fb8047b156bb | 3329 | MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); |
| rahul_dahiya |
0:fb8047b156bb | 3330 | return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); |
| rahul_dahiya |
0:fb8047b156bb | 3331 | } |
| rahul_dahiya |
0:fb8047b156bb | 3332 | |
| rahul_dahiya |
0:fb8047b156bb | 3333 | memcpy( ticket, msg + 6, ticket_len ); |
| rahul_dahiya |
0:fb8047b156bb | 3334 | |
| rahul_dahiya |
0:fb8047b156bb | 3335 | ssl->session_negotiate->ticket = ticket; |
| rahul_dahiya |
0:fb8047b156bb | 3336 | ssl->session_negotiate->ticket_len = ticket_len; |
| rahul_dahiya |
0:fb8047b156bb | 3337 | ssl->session_negotiate->ticket_lifetime = lifetime; |
| rahul_dahiya |
0:fb8047b156bb | 3338 | |
| rahul_dahiya |
0:fb8047b156bb | 3339 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3340 | * RFC 5077 section 3.4: |
| rahul_dahiya |
0:fb8047b156bb | 3341 | * "If the client receives a session ticket from the server, then it |
| rahul_dahiya |
0:fb8047b156bb | 3342 | * discards any Session ID that was sent in the ServerHello." |
| rahul_dahiya |
0:fb8047b156bb | 3343 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3344 | MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket in use, discarding session id" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3345 | ssl->session_negotiate->id_len = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3346 | |
| rahul_dahiya |
0:fb8047b156bb | 3347 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3348 | |
| rahul_dahiya |
0:fb8047b156bb | 3349 | return( 0 ); |
| rahul_dahiya |
0:fb8047b156bb | 3350 | } |
| rahul_dahiya |
0:fb8047b156bb | 3351 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
| rahul_dahiya |
0:fb8047b156bb | 3352 | |
| rahul_dahiya |
0:fb8047b156bb | 3353 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3354 | * SSL handshake -- client side -- single step |
| rahul_dahiya |
0:fb8047b156bb | 3355 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3356 | int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) |
| rahul_dahiya |
0:fb8047b156bb | 3357 | { |
| rahul_dahiya |
0:fb8047b156bb | 3358 | int ret = 0; |
| rahul_dahiya |
0:fb8047b156bb | 3359 | |
| rahul_dahiya |
0:fb8047b156bb | 3360 | if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) |
| rahul_dahiya |
0:fb8047b156bb | 3361 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 3362 | |
| rahul_dahiya |
0:fb8047b156bb | 3363 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3364 | |
| rahul_dahiya |
0:fb8047b156bb | 3365 | if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3366 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3367 | |
| rahul_dahiya |
0:fb8047b156bb | 3368 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| rahul_dahiya |
0:fb8047b156bb | 3369 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && |
| rahul_dahiya |
0:fb8047b156bb | 3370 | ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) |
| rahul_dahiya |
0:fb8047b156bb | 3371 | { |
| rahul_dahiya |
0:fb8047b156bb | 3372 | if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3373 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3374 | } |
| rahul_dahiya |
0:fb8047b156bb | 3375 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3376 | |
| rahul_dahiya |
0:fb8047b156bb | 3377 | /* Change state now, so that it is right in mbedtls_ssl_read_record(), used |
| rahul_dahiya |
0:fb8047b156bb | 3378 | * by DTLS for dropping out-of-sequence ChangeCipherSpec records */ |
| rahul_dahiya |
0:fb8047b156bb | 3379 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| rahul_dahiya |
0:fb8047b156bb | 3380 | if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && |
| rahul_dahiya |
0:fb8047b156bb | 3381 | ssl->handshake->new_session_ticket != 0 ) |
| rahul_dahiya |
0:fb8047b156bb | 3382 | { |
| rahul_dahiya |
0:fb8047b156bb | 3383 | ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET; |
| rahul_dahiya |
0:fb8047b156bb | 3384 | } |
| rahul_dahiya |
0:fb8047b156bb | 3385 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3386 | |
| rahul_dahiya |
0:fb8047b156bb | 3387 | switch( ssl->state ) |
| rahul_dahiya |
0:fb8047b156bb | 3388 | { |
| rahul_dahiya |
0:fb8047b156bb | 3389 | case MBEDTLS_SSL_HELLO_REQUEST: |
| rahul_dahiya |
0:fb8047b156bb | 3390 | ssl->state = MBEDTLS_SSL_CLIENT_HELLO; |
| rahul_dahiya |
0:fb8047b156bb | 3391 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3392 | |
| rahul_dahiya |
0:fb8047b156bb | 3393 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3394 | * ==> ClientHello |
| rahul_dahiya |
0:fb8047b156bb | 3395 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3396 | case MBEDTLS_SSL_CLIENT_HELLO: |
| rahul_dahiya |
0:fb8047b156bb | 3397 | ret = ssl_write_client_hello( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3398 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3399 | |
| rahul_dahiya |
0:fb8047b156bb | 3400 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3401 | * <== ServerHello |
| rahul_dahiya |
0:fb8047b156bb | 3402 | * Certificate |
| rahul_dahiya |
0:fb8047b156bb | 3403 | * ( ServerKeyExchange ) |
| rahul_dahiya |
0:fb8047b156bb | 3404 | * ( CertificateRequest ) |
| rahul_dahiya |
0:fb8047b156bb | 3405 | * ServerHelloDone |
| rahul_dahiya |
0:fb8047b156bb | 3406 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3407 | case MBEDTLS_SSL_SERVER_HELLO: |
| rahul_dahiya |
0:fb8047b156bb | 3408 | ret = ssl_parse_server_hello( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3409 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3410 | |
| rahul_dahiya |
0:fb8047b156bb | 3411 | case MBEDTLS_SSL_SERVER_CERTIFICATE: |
| rahul_dahiya |
0:fb8047b156bb | 3412 | ret = mbedtls_ssl_parse_certificate( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3413 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3414 | |
| rahul_dahiya |
0:fb8047b156bb | 3415 | case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: |
| rahul_dahiya |
0:fb8047b156bb | 3416 | ret = ssl_parse_server_key_exchange( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3417 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3418 | |
| rahul_dahiya |
0:fb8047b156bb | 3419 | case MBEDTLS_SSL_CERTIFICATE_REQUEST: |
| rahul_dahiya |
0:fb8047b156bb | 3420 | ret = ssl_parse_certificate_request( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3421 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3422 | |
| rahul_dahiya |
0:fb8047b156bb | 3423 | case MBEDTLS_SSL_SERVER_HELLO_DONE: |
| rahul_dahiya |
0:fb8047b156bb | 3424 | ret = ssl_parse_server_hello_done( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3425 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3426 | |
| rahul_dahiya |
0:fb8047b156bb | 3427 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3428 | * ==> ( Certificate/Alert ) |
| rahul_dahiya |
0:fb8047b156bb | 3429 | * ClientKeyExchange |
| rahul_dahiya |
0:fb8047b156bb | 3430 | * ( CertificateVerify ) |
| rahul_dahiya |
0:fb8047b156bb | 3431 | * ChangeCipherSpec |
| rahul_dahiya |
0:fb8047b156bb | 3432 | * Finished |
| rahul_dahiya |
0:fb8047b156bb | 3433 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3434 | case MBEDTLS_SSL_CLIENT_CERTIFICATE: |
| rahul_dahiya |
0:fb8047b156bb | 3435 | ret = mbedtls_ssl_write_certificate( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3436 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3437 | |
| rahul_dahiya |
0:fb8047b156bb | 3438 | case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: |
| rahul_dahiya |
0:fb8047b156bb | 3439 | ret = ssl_write_client_key_exchange( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3440 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3441 | |
| rahul_dahiya |
0:fb8047b156bb | 3442 | case MBEDTLS_SSL_CERTIFICATE_VERIFY: |
| rahul_dahiya |
0:fb8047b156bb | 3443 | ret = ssl_write_certificate_verify( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3444 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3445 | |
| rahul_dahiya |
0:fb8047b156bb | 3446 | case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: |
| rahul_dahiya |
0:fb8047b156bb | 3447 | ret = mbedtls_ssl_write_change_cipher_spec( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3448 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3449 | |
| rahul_dahiya |
0:fb8047b156bb | 3450 | case MBEDTLS_SSL_CLIENT_FINISHED: |
| rahul_dahiya |
0:fb8047b156bb | 3451 | ret = mbedtls_ssl_write_finished( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3452 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3453 | |
| rahul_dahiya |
0:fb8047b156bb | 3454 | /* |
| rahul_dahiya |
0:fb8047b156bb | 3455 | * <== ( NewSessionTicket ) |
| rahul_dahiya |
0:fb8047b156bb | 3456 | * ChangeCipherSpec |
| rahul_dahiya |
0:fb8047b156bb | 3457 | * Finished |
| rahul_dahiya |
0:fb8047b156bb | 3458 | */ |
| rahul_dahiya |
0:fb8047b156bb | 3459 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| rahul_dahiya |
0:fb8047b156bb | 3460 | case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: |
| rahul_dahiya |
0:fb8047b156bb | 3461 | ret = ssl_parse_new_session_ticket( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3462 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3463 | #endif |
| rahul_dahiya |
0:fb8047b156bb | 3464 | |
| rahul_dahiya |
0:fb8047b156bb | 3465 | case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: |
| rahul_dahiya |
0:fb8047b156bb | 3466 | ret = mbedtls_ssl_parse_change_cipher_spec( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3467 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3468 | |
| rahul_dahiya |
0:fb8047b156bb | 3469 | case MBEDTLS_SSL_SERVER_FINISHED: |
| rahul_dahiya |
0:fb8047b156bb | 3470 | ret = mbedtls_ssl_parse_finished( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3471 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3472 | |
| rahul_dahiya |
0:fb8047b156bb | 3473 | case MBEDTLS_SSL_FLUSH_BUFFERS: |
| rahul_dahiya |
0:fb8047b156bb | 3474 | MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3475 | ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; |
| rahul_dahiya |
0:fb8047b156bb | 3476 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3477 | |
| rahul_dahiya |
0:fb8047b156bb | 3478 | case MBEDTLS_SSL_HANDSHAKE_WRAPUP: |
| rahul_dahiya |
0:fb8047b156bb | 3479 | mbedtls_ssl_handshake_wrapup( ssl ); |
| rahul_dahiya |
0:fb8047b156bb | 3480 | break; |
| rahul_dahiya |
0:fb8047b156bb | 3481 | |
| rahul_dahiya |
0:fb8047b156bb | 3482 | default: |
| rahul_dahiya |
0:fb8047b156bb | 3483 | MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); |
| rahul_dahiya |
0:fb8047b156bb | 3484 | return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); |
| rahul_dahiya |
0:fb8047b156bb | 3485 | } |
| rahul_dahiya |
0:fb8047b156bb | 3486 | |
| rahul_dahiya |
0:fb8047b156bb | 3487 | return( ret ); |
| rahul_dahiya |
0:fb8047b156bb | 3488 | } |
| rahul_dahiya |
0:fb8047b156bb | 3489 | #endif /* MBEDTLS_SSL_CLI_C */ |