Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1 | /* |
| 2 | * SSLv3/TLSv1 shared functions |
| 3 | * |
Paul Bakker | 7dc4c44 | 2014-02-01 22:50:26 +0100 | [diff] [blame] | 4 | * Copyright (C) 2006-2014, Brainspark B.V. |
Paul Bakker | b96f154 | 2010-07-18 20:36:00 +0000 | [diff] [blame] | 5 | * |
| 6 | * This file is part of PolarSSL (http://www.polarssl.org) |
Paul Bakker | 84f12b7 | 2010-07-18 10:13:04 +0000 | [diff] [blame] | 7 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> |
Paul Bakker | b96f154 | 2010-07-18 20:36:00 +0000 | [diff] [blame] | 8 | * |
Paul Bakker | 77b385e | 2009-07-28 17:23:11 +0000 | [diff] [blame] | 9 | * All rights reserved. |
Paul Bakker | e0ccd0a | 2009-01-04 16:27:10 +0000 | [diff] [blame] | 10 | * |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 11 | * This program is free software; you can redistribute it and/or modify |
| 12 | * it under the terms of the GNU General Public License as published by |
| 13 | * the Free Software Foundation; either version 2 of the License, or |
| 14 | * (at your option) any later version. |
| 15 | * |
| 16 | * This program is distributed in the hope that it will be useful, |
| 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 19 | * GNU General Public License for more details. |
| 20 | * |
| 21 | * You should have received a copy of the GNU General Public License along |
| 22 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 24 | */ |
| 25 | /* |
| 26 | * The SSL 3.0 specification was drafted by Netscape in 1996, |
| 27 | * and became an IETF standard in 1999. |
| 28 | * |
| 29 | * http://wp.netscape.com/eng/ssl3/ |
| 30 | * http://www.ietf.org/rfc/rfc2246.txt |
| 31 | * http://www.ietf.org/rfc/rfc4346.txt |
| 32 | */ |
| 33 | |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 34 | #include "polarssl/config.h" |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 35 | |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 36 | #if defined(POLARSSL_SSL_TLS_C) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 37 | |
Paul Bakker | 0be444a | 2013-08-27 21:55:01 +0200 | [diff] [blame] | 38 | #include "polarssl/debug.h" |
| 39 | #include "polarssl/ssl.h" |
| 40 | |
Paul Bakker | 7dc4c44 | 2014-02-01 22:50:26 +0100 | [diff] [blame] | 41 | #if defined(POLARSSL_PLATFORM_C) |
| 42 | #include "polarssl/platform.h" |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 43 | #else |
| 44 | #define polarssl_malloc malloc |
| 45 | #define polarssl_free free |
| 46 | #endif |
| 47 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 48 | #include <stdlib.h> |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 49 | |
Paul Bakker | 6edcd41 | 2013-10-29 15:22:54 +0100 | [diff] [blame] | 50 | #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \ |
| 51 | !defined(EFI32) |
Paul Bakker | af5c85f | 2011-04-18 03:47:52 +0000 | [diff] [blame] | 52 | #define strcasecmp _stricmp |
| 53 | #endif |
| 54 | |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 55 | #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) |
Manuel Pégourié-Gonnard | 581e6b6 | 2013-07-18 12:32:27 +0200 | [diff] [blame] | 56 | /* |
| 57 | * Convert max_fragment_length codes to length. |
| 58 | * RFC 6066 says: |
| 59 | * enum{ |
| 60 | * 2^9(1), 2^10(2), 2^11(3), 2^12(4), (255) |
| 61 | * } MaxFragmentLength; |
| 62 | * and we add 0 -> extension unused |
| 63 | */ |
Manuel Pégourié-Gonnard | ed4af8b | 2013-07-18 14:07:09 +0200 | [diff] [blame] | 64 | static unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] = |
Manuel Pégourié-Gonnard | 581e6b6 | 2013-07-18 12:32:27 +0200 | [diff] [blame] | 65 | { |
| 66 | SSL_MAX_CONTENT_LEN, /* SSL_MAX_FRAG_LEN_NONE */ |
| 67 | 512, /* SSL_MAX_FRAG_LEN_512 */ |
| 68 | 1024, /* SSL_MAX_FRAG_LEN_1024 */ |
| 69 | 2048, /* SSL_MAX_FRAG_LEN_2048 */ |
| 70 | 4096, /* SSL_MAX_FRAG_LEN_4096 */ |
| 71 | }; |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 72 | #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ |
Manuel Pégourié-Gonnard | 581e6b6 | 2013-07-18 12:32:27 +0200 | [diff] [blame] | 73 | |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 74 | static int ssl_session_copy( ssl_session *dst, const ssl_session *src ) |
| 75 | { |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 76 | ssl_session_free( dst ); |
| 77 | memcpy( dst, src, sizeof( ssl_session ) ); |
| 78 | |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 79 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 80 | if( src->peer_cert != NULL ) |
| 81 | { |
Paul Bakker | 2292d1f | 2013-09-15 17:06:49 +0200 | [diff] [blame] | 82 | int ret; |
| 83 | |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 84 | dst->peer_cert = (x509_crt *) polarssl_malloc( sizeof(x509_crt) ); |
| 85 | if( dst->peer_cert == NULL ) |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 86 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
| 87 | |
Paul Bakker | b6b0956 | 2013-09-18 14:17:41 +0200 | [diff] [blame] | 88 | x509_crt_init( dst->peer_cert ); |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 89 | |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 90 | if( ( ret = x509_crt_parse( dst->peer_cert, src->peer_cert->raw.p, |
| 91 | src->peer_cert->raw.len ) != 0 ) ) |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 92 | { |
| 93 | polarssl_free( dst->peer_cert ); |
| 94 | dst->peer_cert = NULL; |
| 95 | return( ret ); |
| 96 | } |
| 97 | } |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 98 | #endif /* POLARSSL_X509_CRT_PARSE_C */ |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 99 | |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 100 | #if defined(POLARSSL_SSL_SESSION_TICKETS) |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 101 | if( src->ticket != NULL ) |
| 102 | { |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 103 | dst->ticket = (unsigned char *) polarssl_malloc( src->ticket_len ); |
| 104 | if( dst->ticket == NULL ) |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 105 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
| 106 | |
| 107 | memcpy( dst->ticket, src->ticket, src->ticket_len ); |
| 108 | } |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 109 | #endif /* POLARSSL_SSL_SESSION_TICKETS */ |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 110 | |
| 111 | return( 0 ); |
| 112 | } |
| 113 | |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 114 | #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) |
| 115 | int (*ssl_hw_record_init)(ssl_context *ssl, |
| 116 | const unsigned char *key_enc, const unsigned char *key_dec, |
Paul Bakker | 07eb38b | 2012-12-19 14:42:06 +0100 | [diff] [blame] | 117 | size_t keylen, |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 118 | const unsigned char *iv_enc, const unsigned char *iv_dec, |
Paul Bakker | 07eb38b | 2012-12-19 14:42:06 +0100 | [diff] [blame] | 119 | size_t ivlen, |
| 120 | const unsigned char *mac_enc, const unsigned char *mac_dec, |
| 121 | size_t maclen) = NULL; |
| 122 | int (*ssl_hw_record_activate)(ssl_context *ssl, int direction) = NULL; |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 123 | int (*ssl_hw_record_reset)(ssl_context *ssl) = NULL; |
| 124 | int (*ssl_hw_record_write)(ssl_context *ssl) = NULL; |
| 125 | int (*ssl_hw_record_read)(ssl_context *ssl) = NULL; |
| 126 | int (*ssl_hw_record_finish)(ssl_context *ssl) = NULL; |
| 127 | #endif |
| 128 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 129 | /* |
| 130 | * Key material generation |
| 131 | */ |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 132 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 133 | static int ssl3_prf( const unsigned char *secret, size_t slen, |
| 134 | const char *label, |
| 135 | const unsigned char *random, size_t rlen, |
Paul Bakker | 5f70b25 | 2012-09-13 14:23:06 +0000 | [diff] [blame] | 136 | unsigned char *dstbuf, size_t dlen ) |
| 137 | { |
| 138 | size_t i; |
| 139 | md5_context md5; |
| 140 | sha1_context sha1; |
| 141 | unsigned char padding[16]; |
| 142 | unsigned char sha1sum[20]; |
| 143 | ((void)label); |
| 144 | |
| 145 | /* |
| 146 | * SSLv3: |
| 147 | * block = |
| 148 | * MD5( secret + SHA1( 'A' + secret + random ) ) + |
| 149 | * MD5( secret + SHA1( 'BB' + secret + random ) ) + |
| 150 | * MD5( secret + SHA1( 'CCC' + secret + random ) ) + |
| 151 | * ... |
| 152 | */ |
| 153 | for( i = 0; i < dlen / 16; i++ ) |
| 154 | { |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 155 | memset( padding, (unsigned char) ('A' + i), 1 + i ); |
Paul Bakker | 5f70b25 | 2012-09-13 14:23:06 +0000 | [diff] [blame] | 156 | |
| 157 | sha1_starts( &sha1 ); |
| 158 | sha1_update( &sha1, padding, 1 + i ); |
| 159 | sha1_update( &sha1, secret, slen ); |
| 160 | sha1_update( &sha1, random, rlen ); |
| 161 | sha1_finish( &sha1, sha1sum ); |
| 162 | |
| 163 | md5_starts( &md5 ); |
| 164 | md5_update( &md5, secret, slen ); |
| 165 | md5_update( &md5, sha1sum, 20 ); |
| 166 | md5_finish( &md5, dstbuf + i * 16 ); |
| 167 | } |
| 168 | |
| 169 | memset( &md5, 0, sizeof( md5 ) ); |
| 170 | memset( &sha1, 0, sizeof( sha1 ) ); |
| 171 | |
| 172 | memset( padding, 0, sizeof( padding ) ); |
| 173 | memset( sha1sum, 0, sizeof( sha1sum ) ); |
| 174 | |
| 175 | return( 0 ); |
| 176 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 177 | #endif /* POLARSSL_SSL_PROTO_SSL3 */ |
Paul Bakker | 5f70b25 | 2012-09-13 14:23:06 +0000 | [diff] [blame] | 178 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 179 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 180 | static int tls1_prf( const unsigned char *secret, size_t slen, |
| 181 | const char *label, |
| 182 | const unsigned char *random, size_t rlen, |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 183 | unsigned char *dstbuf, size_t dlen ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 184 | { |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 185 | size_t nb, hs; |
| 186 | size_t i, j, k; |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 187 | const unsigned char *S1, *S2; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 188 | unsigned char tmp[128]; |
| 189 | unsigned char h_i[20]; |
| 190 | |
| 191 | if( sizeof( tmp ) < 20 + strlen( label ) + rlen ) |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 192 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 193 | |
| 194 | hs = ( slen + 1 ) / 2; |
| 195 | S1 = secret; |
| 196 | S2 = secret + slen - hs; |
| 197 | |
| 198 | nb = strlen( label ); |
| 199 | memcpy( tmp + 20, label, nb ); |
| 200 | memcpy( tmp + 20 + nb, random, rlen ); |
| 201 | nb += rlen; |
| 202 | |
| 203 | /* |
| 204 | * First compute P_md5(secret,label+random)[0..dlen] |
| 205 | */ |
| 206 | md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp ); |
| 207 | |
| 208 | for( i = 0; i < dlen; i += 16 ) |
| 209 | { |
| 210 | md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i ); |
| 211 | md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp ); |
| 212 | |
| 213 | k = ( i + 16 > dlen ) ? dlen % 16 : 16; |
| 214 | |
| 215 | for( j = 0; j < k; j++ ) |
| 216 | dstbuf[i + j] = h_i[j]; |
| 217 | } |
| 218 | |
| 219 | /* |
| 220 | * XOR out with P_sha1(secret,label+random)[0..dlen] |
| 221 | */ |
| 222 | sha1_hmac( S2, hs, tmp + 20, nb, tmp ); |
| 223 | |
| 224 | for( i = 0; i < dlen; i += 20 ) |
| 225 | { |
| 226 | sha1_hmac( S2, hs, tmp, 20 + nb, h_i ); |
| 227 | sha1_hmac( S2, hs, tmp, 20, tmp ); |
| 228 | |
| 229 | k = ( i + 20 > dlen ) ? dlen % 20 : 20; |
| 230 | |
| 231 | for( j = 0; j < k; j++ ) |
| 232 | dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] ); |
| 233 | } |
| 234 | |
| 235 | memset( tmp, 0, sizeof( tmp ) ); |
| 236 | memset( h_i, 0, sizeof( h_i ) ); |
| 237 | |
| 238 | return( 0 ); |
| 239 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 240 | #endif /* POLARSSL_SSL_PROTO_TLS1) || POLARSSL_SSL_PROTO_TLS1_1 */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 241 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 242 | #if defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 243 | #if defined(POLARSSL_SHA256_C) |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 244 | static int tls_prf_sha256( const unsigned char *secret, size_t slen, |
| 245 | const char *label, |
| 246 | const unsigned char *random, size_t rlen, |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 247 | unsigned char *dstbuf, size_t dlen ) |
| 248 | { |
| 249 | size_t nb; |
| 250 | size_t i, j, k; |
| 251 | unsigned char tmp[128]; |
| 252 | unsigned char h_i[32]; |
| 253 | |
| 254 | if( sizeof( tmp ) < 32 + strlen( label ) + rlen ) |
| 255 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 256 | |
| 257 | nb = strlen( label ); |
| 258 | memcpy( tmp + 32, label, nb ); |
| 259 | memcpy( tmp + 32 + nb, random, rlen ); |
| 260 | nb += rlen; |
| 261 | |
| 262 | /* |
| 263 | * Compute P_<hash>(secret, label + random)[0..dlen] |
| 264 | */ |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 265 | sha256_hmac( secret, slen, tmp + 32, nb, tmp, 0 ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 266 | |
| 267 | for( i = 0; i < dlen; i += 32 ) |
| 268 | { |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 269 | sha256_hmac( secret, slen, tmp, 32 + nb, h_i, 0 ); |
| 270 | sha256_hmac( secret, slen, tmp, 32, tmp, 0 ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 271 | |
| 272 | k = ( i + 32 > dlen ) ? dlen % 32 : 32; |
| 273 | |
| 274 | for( j = 0; j < k; j++ ) |
| 275 | dstbuf[i + j] = h_i[j]; |
| 276 | } |
| 277 | |
| 278 | memset( tmp, 0, sizeof( tmp ) ); |
| 279 | memset( h_i, 0, sizeof( h_i ) ); |
| 280 | |
| 281 | return( 0 ); |
| 282 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 283 | #endif /* POLARSSL_SHA256_C */ |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 284 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 285 | #if defined(POLARSSL_SHA512_C) |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 286 | static int tls_prf_sha384( const unsigned char *secret, size_t slen, |
| 287 | const char *label, |
| 288 | const unsigned char *random, size_t rlen, |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 289 | unsigned char *dstbuf, size_t dlen ) |
| 290 | { |
| 291 | size_t nb; |
| 292 | size_t i, j, k; |
| 293 | unsigned char tmp[128]; |
| 294 | unsigned char h_i[48]; |
| 295 | |
| 296 | if( sizeof( tmp ) < 48 + strlen( label ) + rlen ) |
| 297 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 298 | |
| 299 | nb = strlen( label ); |
| 300 | memcpy( tmp + 48, label, nb ); |
| 301 | memcpy( tmp + 48 + nb, random, rlen ); |
| 302 | nb += rlen; |
| 303 | |
| 304 | /* |
| 305 | * Compute P_<hash>(secret, label + random)[0..dlen] |
| 306 | */ |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 307 | sha512_hmac( secret, slen, tmp + 48, nb, tmp, 1 ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 308 | |
| 309 | for( i = 0; i < dlen; i += 48 ) |
| 310 | { |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 311 | sha512_hmac( secret, slen, tmp, 48 + nb, h_i, 1 ); |
| 312 | sha512_hmac( secret, slen, tmp, 48, tmp, 1 ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 313 | |
| 314 | k = ( i + 48 > dlen ) ? dlen % 48 : 48; |
| 315 | |
| 316 | for( j = 0; j < k; j++ ) |
| 317 | dstbuf[i + j] = h_i[j]; |
| 318 | } |
| 319 | |
| 320 | memset( tmp, 0, sizeof( tmp ) ); |
| 321 | memset( h_i, 0, sizeof( h_i ) ); |
| 322 | |
| 323 | return( 0 ); |
| 324 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 325 | #endif /* POLARSSL_SHA512_C */ |
| 326 | #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 327 | |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 328 | static void ssl_update_checksum_start(ssl_context *, const unsigned char *, size_t); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 329 | |
| 330 | #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ |
| 331 | defined(POLARSSL_SSL_PROTO_TLS1_1) |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 332 | static void ssl_update_checksum_md5sha1(ssl_context *, const unsigned char *, size_t); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 333 | #endif |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 334 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 335 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 336 | static void ssl_calc_verify_ssl(ssl_context *,unsigned char *); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 337 | static void ssl_calc_finished_ssl(ssl_context *,unsigned char *,int); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 338 | #endif |
| 339 | |
| 340 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) |
| 341 | static void ssl_calc_verify_tls(ssl_context *,unsigned char *); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 342 | static void ssl_calc_finished_tls(ssl_context *,unsigned char *,int); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 343 | #endif |
| 344 | |
| 345 | #if defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 346 | #if defined(POLARSSL_SHA256_C) |
| 347 | static void ssl_update_checksum_sha256(ssl_context *, const unsigned char *, size_t); |
| 348 | static void ssl_calc_verify_tls_sha256(ssl_context *,unsigned char *); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 349 | static void ssl_calc_finished_tls_sha256(ssl_context *,unsigned char *,int); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 350 | #endif |
Paul Bakker | 769075d | 2012-11-24 11:26:46 +0100 | [diff] [blame] | 351 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 352 | #if defined(POLARSSL_SHA512_C) |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 353 | static void ssl_update_checksum_sha384(ssl_context *, const unsigned char *, size_t); |
Paul Bakker | 769075d | 2012-11-24 11:26:46 +0100 | [diff] [blame] | 354 | static void ssl_calc_verify_tls_sha384(ssl_context *,unsigned char *); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 355 | static void ssl_calc_finished_tls_sha384(ssl_context *,unsigned char *,int); |
Paul Bakker | 769075d | 2012-11-24 11:26:46 +0100 | [diff] [blame] | 356 | #endif |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 357 | #endif |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 358 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 359 | int ssl_derive_keys( ssl_context *ssl ) |
| 360 | { |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 361 | int ret = 0; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 362 | unsigned char tmp[64]; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 363 | unsigned char keyblk[256]; |
| 364 | unsigned char *key1; |
| 365 | unsigned char *key2; |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 366 | unsigned char *mac_enc; |
| 367 | unsigned char *mac_dec; |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 368 | size_t iv_copy_len; |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 369 | const cipher_info_t *cipher_info; |
| 370 | const md_info_t *md_info; |
| 371 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 372 | ssl_session *session = ssl->session_negotiate; |
| 373 | ssl_transform *transform = ssl->transform_negotiate; |
| 374 | ssl_handshake_params *handshake = ssl->handshake; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 375 | |
| 376 | SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); |
| 377 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 378 | cipher_info = cipher_info_from_type( transform->ciphersuite_info->cipher ); |
| 379 | if( cipher_info == NULL ) |
| 380 | { |
Paul Bakker | f7abd42 | 2013-04-16 13:15:56 +0200 | [diff] [blame] | 381 | SSL_DEBUG_MSG( 1, ( "cipher info for %d not found", |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 382 | transform->ciphersuite_info->cipher ) ); |
| 383 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 384 | } |
| 385 | |
| 386 | md_info = md_info_from_type( transform->ciphersuite_info->mac ); |
| 387 | if( md_info == NULL ) |
| 388 | { |
Paul Bakker | f7abd42 | 2013-04-16 13:15:56 +0200 | [diff] [blame] | 389 | SSL_DEBUG_MSG( 1, ( "md info for %d not found", |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 390 | transform->ciphersuite_info->mac ) ); |
| 391 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 392 | } |
| 393 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 394 | /* |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 395 | * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 396 | */ |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 397 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 398 | if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 399 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 400 | handshake->tls_prf = ssl3_prf; |
| 401 | handshake->calc_verify = ssl_calc_verify_ssl; |
| 402 | handshake->calc_finished = ssl_calc_finished_ssl; |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 403 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 404 | else |
| 405 | #endif |
| 406 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) |
| 407 | if( ssl->minor_ver < SSL_MINOR_VERSION_3 ) |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 408 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 409 | handshake->tls_prf = tls1_prf; |
| 410 | handshake->calc_verify = ssl_calc_verify_tls; |
| 411 | handshake->calc_finished = ssl_calc_finished_tls; |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 412 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 413 | else |
| 414 | #endif |
| 415 | #if defined(POLARSSL_SSL_PROTO_TLS1_2) |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 416 | #if defined(POLARSSL_SHA512_C) |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 417 | if( ssl->minor_ver == SSL_MINOR_VERSION_3 && |
| 418 | transform->ciphersuite_info->mac == POLARSSL_MD_SHA384 ) |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 419 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 420 | handshake->tls_prf = tls_prf_sha384; |
| 421 | handshake->calc_verify = ssl_calc_verify_tls_sha384; |
| 422 | handshake->calc_finished = ssl_calc_finished_tls_sha384; |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 423 | } |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 424 | else |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 425 | #endif |
| 426 | #if defined(POLARSSL_SHA256_C) |
| 427 | if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 428 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 429 | handshake->tls_prf = tls_prf_sha256; |
| 430 | handshake->calc_verify = ssl_calc_verify_tls_sha256; |
| 431 | handshake->calc_finished = ssl_calc_finished_tls_sha256; |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 432 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 433 | else |
| 434 | #endif |
| 435 | #endif |
Paul Bakker | 577e006 | 2013-08-28 11:57:20 +0200 | [diff] [blame] | 436 | { |
| 437 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 438 | return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); |
Paul Bakker | 577e006 | 2013-08-28 11:57:20 +0200 | [diff] [blame] | 439 | } |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 440 | |
| 441 | /* |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 442 | * SSLv3: |
| 443 | * master = |
| 444 | * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) + |
| 445 | * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) + |
| 446 | * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) ) |
Paul Bakker | f7abd42 | 2013-04-16 13:15:56 +0200 | [diff] [blame] | 447 | * |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 448 | * TLSv1+: |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 449 | * master = PRF( premaster, "master secret", randbytes )[0..47] |
| 450 | */ |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 451 | if( handshake->resume == 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 452 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 453 | SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster, |
| 454 | handshake->pmslen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 455 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 456 | handshake->tls_prf( handshake->premaster, handshake->pmslen, |
| 457 | "master secret", |
| 458 | handshake->randbytes, 64, session->master, 48 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 459 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 460 | memset( handshake->premaster, 0, sizeof( handshake->premaster ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 461 | } |
| 462 | else |
| 463 | SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); |
| 464 | |
| 465 | /* |
| 466 | * Swap the client and server random values. |
| 467 | */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 468 | memcpy( tmp, handshake->randbytes, 64 ); |
| 469 | memcpy( handshake->randbytes, tmp + 32, 32 ); |
| 470 | memcpy( handshake->randbytes + 32, tmp, 32 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 471 | memset( tmp, 0, sizeof( tmp ) ); |
| 472 | |
| 473 | /* |
| 474 | * SSLv3: |
| 475 | * key block = |
| 476 | * MD5( master + SHA1( 'A' + master + randbytes ) ) + |
| 477 | * MD5( master + SHA1( 'BB' + master + randbytes ) ) + |
| 478 | * MD5( master + SHA1( 'CCC' + master + randbytes ) ) + |
| 479 | * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) + |
| 480 | * ... |
| 481 | * |
| 482 | * TLSv1: |
| 483 | * key block = PRF( master, "key expansion", randbytes ) |
| 484 | */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 485 | handshake->tls_prf( session->master, 48, "key expansion", |
| 486 | handshake->randbytes, 64, keyblk, 256 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 487 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 488 | SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", |
| 489 | ssl_get_ciphersuite_name( session->ciphersuite ) ) ); |
| 490 | SSL_DEBUG_BUF( 3, "master secret", session->master, 48 ); |
| 491 | SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 492 | SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); |
| 493 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 494 | memset( handshake->randbytes, 0, sizeof( handshake->randbytes ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 495 | |
| 496 | /* |
| 497 | * Determine the appropriate key, IV and MAC length. |
| 498 | */ |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 499 | |
| 500 | if( cipher_info->mode == POLARSSL_MODE_GCM ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 501 | { |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 502 | transform->keylen = cipher_info->key_length; |
| 503 | transform->keylen /= 8; |
| 504 | transform->minlen = 1; |
| 505 | transform->ivlen = 12; |
| 506 | transform->fixed_ivlen = 4; |
| 507 | transform->maclen = 0; |
| 508 | } |
| 509 | else |
| 510 | { |
| 511 | if( md_info->type != POLARSSL_MD_NONE ) |
| 512 | { |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 513 | int ret; |
| 514 | |
Paul Bakker | 61d113b | 2013-07-04 11:51:43 +0200 | [diff] [blame] | 515 | if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 ) |
| 516 | { |
| 517 | SSL_DEBUG_RET( 1, "md_init_ctx", ret ); |
| 518 | return( ret ); |
| 519 | } |
| 520 | |
| 521 | if( ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 ) |
| 522 | { |
| 523 | SSL_DEBUG_RET( 1, "md_init_ctx", ret ); |
| 524 | return( ret ); |
| 525 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 526 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 527 | transform->maclen = md_get_size( md_info ); |
Manuel Pégourié-Gonnard | 277f7f2 | 2013-07-19 12:19:21 +0200 | [diff] [blame] | 528 | |
Paul Bakker | 1f2bc62 | 2013-08-15 13:45:55 +0200 | [diff] [blame] | 529 | #if defined(POLARSSL_SSL_TRUNCATED_HMAC) |
Manuel Pégourié-Gonnard | 277f7f2 | 2013-07-19 12:19:21 +0200 | [diff] [blame] | 530 | /* |
| 531 | * If HMAC is to be truncated, we shall keep the leftmost bytes, |
| 532 | * (rfc 6066 page 13 or rfc 2104 section 4), |
| 533 | * so we only need to adjust the length here. |
| 534 | */ |
| 535 | if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED ) |
| 536 | transform->maclen = SSL_TRUNCATED_HMAC_LEN; |
Paul Bakker | 1f2bc62 | 2013-08-15 13:45:55 +0200 | [diff] [blame] | 537 | #endif /* POLARSSL_SSL_TRUNCATED_HMAC */ |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 538 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 539 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 540 | transform->keylen = cipher_info->key_length; |
| 541 | transform->keylen /= 8; |
| 542 | transform->ivlen = cipher_info->iv_size; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 543 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 544 | transform->minlen = transform->keylen; |
| 545 | if( transform->minlen < transform->maclen ) |
| 546 | { |
| 547 | if( cipher_info->mode == POLARSSL_MODE_STREAM ) |
| 548 | transform->minlen = transform->maclen; |
| 549 | else |
| 550 | transform->minlen += transform->keylen; |
| 551 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 552 | } |
| 553 | |
| 554 | SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d", |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 555 | transform->keylen, transform->minlen, transform->ivlen, |
| 556 | transform->maclen ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 557 | |
| 558 | /* |
| 559 | * Finally setup the cipher contexts, IVs and MAC secrets. |
| 560 | */ |
| 561 | if( ssl->endpoint == SSL_IS_CLIENT ) |
| 562 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 563 | key1 = keyblk + transform->maclen * 2; |
| 564 | key2 = keyblk + transform->maclen * 2 + transform->keylen; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 565 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 566 | mac_enc = keyblk; |
| 567 | mac_dec = keyblk + transform->maclen; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 568 | |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 569 | /* |
| 570 | * This is not used in TLS v1.1. |
| 571 | */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 572 | iv_copy_len = ( transform->fixed_ivlen ) ? |
| 573 | transform->fixed_ivlen : transform->ivlen; |
| 574 | memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len ); |
| 575 | memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len, |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 576 | iv_copy_len ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 577 | } |
| 578 | else |
| 579 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 580 | key1 = keyblk + transform->maclen * 2 + transform->keylen; |
| 581 | key2 = keyblk + transform->maclen * 2; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 582 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 583 | mac_enc = keyblk + transform->maclen; |
| 584 | mac_dec = keyblk; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 585 | |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 586 | /* |
| 587 | * This is not used in TLS v1.1. |
| 588 | */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 589 | iv_copy_len = ( transform->fixed_ivlen ) ? |
| 590 | transform->fixed_ivlen : transform->ivlen; |
| 591 | memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len ); |
| 592 | memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len, |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 593 | iv_copy_len ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 594 | } |
| 595 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 596 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 597 | if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) |
| 598 | { |
Manuel Pégourié-Gonnard | 7cfdcb8 | 2014-01-18 18:22:55 +0100 | [diff] [blame] | 599 | if( transform->maclen > sizeof transform->mac_enc ) |
| 600 | { |
| 601 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| 602 | return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); |
| 603 | } |
| 604 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 605 | memcpy( transform->mac_enc, mac_enc, transform->maclen ); |
| 606 | memcpy( transform->mac_dec, mac_dec, transform->maclen ); |
| 607 | } |
| 608 | else |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 609 | #endif |
| 610 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \ |
| 611 | defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 612 | if( ssl->minor_ver >= SSL_MINOR_VERSION_1 ) |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 613 | { |
| 614 | md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen ); |
| 615 | md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen ); |
| 616 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 617 | else |
| 618 | #endif |
Paul Bakker | 577e006 | 2013-08-28 11:57:20 +0200 | [diff] [blame] | 619 | { |
| 620 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 621 | return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); |
Paul Bakker | 577e006 | 2013-08-28 11:57:20 +0200 | [diff] [blame] | 622 | } |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 623 | |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 624 | #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) |
| 625 | if( ssl_hw_record_init != NULL) |
| 626 | { |
| 627 | int ret = 0; |
| 628 | |
| 629 | SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_init()" ) ); |
| 630 | |
Paul Bakker | 07eb38b | 2012-12-19 14:42:06 +0100 | [diff] [blame] | 631 | if( ( ret = ssl_hw_record_init( ssl, key1, key2, transform->keylen, |
| 632 | transform->iv_enc, transform->iv_dec, |
| 633 | iv_copy_len, |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 634 | mac_enc, mac_dec, |
Paul Bakker | 07eb38b | 2012-12-19 14:42:06 +0100 | [diff] [blame] | 635 | transform->maclen ) ) != 0 ) |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 636 | { |
| 637 | SSL_DEBUG_RET( 1, "ssl_hw_record_init", ret ); |
| 638 | return POLARSSL_ERR_SSL_HW_ACCEL_FAILED; |
| 639 | } |
| 640 | } |
| 641 | #endif |
| 642 | |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 643 | if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc, |
| 644 | cipher_info ) ) != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 645 | { |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 646 | SSL_DEBUG_RET( 1, "cipher_init_ctx", ret ); |
| 647 | return( ret ); |
| 648 | } |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 649 | |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 650 | if( ( ret = cipher_init_ctx( &transform->cipher_ctx_dec, |
| 651 | cipher_info ) ) != 0 ) |
| 652 | { |
| 653 | SSL_DEBUG_RET( 1, "cipher_init_ctx", ret ); |
| 654 | return( ret ); |
| 655 | } |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 656 | |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 657 | if( ( ret = cipher_setkey( &transform->cipher_ctx_enc, key1, |
| 658 | cipher_info->key_length, |
| 659 | POLARSSL_ENCRYPT ) ) != 0 ) |
| 660 | { |
| 661 | SSL_DEBUG_RET( 1, "cipher_setkey", ret ); |
| 662 | return( ret ); |
| 663 | } |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 664 | |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 665 | if( ( ret = cipher_setkey( &transform->cipher_ctx_dec, key2, |
| 666 | cipher_info->key_length, |
| 667 | POLARSSL_DECRYPT ) ) != 0 ) |
| 668 | { |
| 669 | SSL_DEBUG_RET( 1, "cipher_setkey", ret ); |
| 670 | return( ret ); |
| 671 | } |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 672 | |
Manuel Pégourié-Gonnard | f7dc378 | 2013-09-13 14:10:44 +0200 | [diff] [blame] | 673 | #if defined(POLARSSL_CIPHER_MODE_CBC) |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 674 | if( cipher_info->mode == POLARSSL_MODE_CBC ) |
| 675 | { |
| 676 | if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_enc, |
| 677 | POLARSSL_PADDING_NONE ) ) != 0 ) |
Manuel Pégourié-Gonnard | 126a66f | 2013-10-25 18:33:32 +0200 | [diff] [blame] | 678 | { |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 679 | SSL_DEBUG_RET( 1, "cipher_set_padding_mode", ret ); |
| 680 | return( ret ); |
Manuel Pégourié-Gonnard | 126a66f | 2013-10-25 18:33:32 +0200 | [diff] [blame] | 681 | } |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 682 | |
| 683 | if( ( ret = cipher_set_padding_mode( &transform->cipher_ctx_dec, |
| 684 | POLARSSL_PADDING_NONE ) ) != 0 ) |
| 685 | { |
| 686 | SSL_DEBUG_RET( 1, "cipher_set_padding_mode", ret ); |
| 687 | return( ret ); |
| 688 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 689 | } |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 690 | #endif /* POLARSSL_CIPHER_MODE_CBC */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 691 | |
| 692 | memset( keyblk, 0, sizeof( keyblk ) ); |
| 693 | |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 694 | #if defined(POLARSSL_ZLIB_SUPPORT) |
| 695 | // Initialize compression |
| 696 | // |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 697 | if( session->compression == SSL_COMPRESS_DEFLATE ) |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 698 | { |
Paul Bakker | 1677033 | 2013-10-11 09:59:44 +0200 | [diff] [blame] | 699 | if( ssl->compress_buf == NULL ) |
| 700 | { |
| 701 | SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) ); |
| 702 | ssl->compress_buf = polarssl_malloc( SSL_BUFFER_LEN ); |
| 703 | if( ssl->compress_buf == NULL ) |
| 704 | { |
| 705 | SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", |
| 706 | SSL_BUFFER_LEN ) ); |
| 707 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
| 708 | } |
| 709 | } |
| 710 | |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 711 | SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) ); |
| 712 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 713 | memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) ); |
| 714 | memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) ); |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 715 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 716 | if( deflateInit( &transform->ctx_deflate, Z_DEFAULT_COMPRESSION ) != Z_OK || |
| 717 | inflateInit( &transform->ctx_inflate ) != Z_OK ) |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 718 | { |
| 719 | SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) ); |
| 720 | return( POLARSSL_ERR_SSL_COMPRESSION_FAILED ); |
| 721 | } |
| 722 | } |
| 723 | #endif /* POLARSSL_ZLIB_SUPPORT */ |
| 724 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 725 | SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); |
| 726 | |
| 727 | return( 0 ); |
| 728 | } |
| 729 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 730 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 731 | void ssl_calc_verify_ssl( ssl_context *ssl, unsigned char hash[36] ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 732 | { |
| 733 | md5_context md5; |
| 734 | sha1_context sha1; |
| 735 | unsigned char pad_1[48]; |
| 736 | unsigned char pad_2[48]; |
| 737 | |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 738 | SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 739 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 740 | memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) ); |
| 741 | memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 742 | |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 743 | memset( pad_1, 0x36, 48 ); |
| 744 | memset( pad_2, 0x5C, 48 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 745 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 746 | md5_update( &md5, ssl->session_negotiate->master, 48 ); |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 747 | md5_update( &md5, pad_1, 48 ); |
| 748 | md5_finish( &md5, hash ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 749 | |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 750 | md5_starts( &md5 ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 751 | md5_update( &md5, ssl->session_negotiate->master, 48 ); |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 752 | md5_update( &md5, pad_2, 48 ); |
| 753 | md5_update( &md5, hash, 16 ); |
| 754 | md5_finish( &md5, hash ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 755 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 756 | sha1_update( &sha1, ssl->session_negotiate->master, 48 ); |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 757 | sha1_update( &sha1, pad_1, 40 ); |
| 758 | sha1_finish( &sha1, hash + 16 ); |
| 759 | |
| 760 | sha1_starts( &sha1 ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 761 | sha1_update( &sha1, ssl->session_negotiate->master, 48 ); |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 762 | sha1_update( &sha1, pad_2, 40 ); |
| 763 | sha1_update( &sha1, hash + 16, 20 ); |
| 764 | sha1_finish( &sha1, hash + 16 ); |
| 765 | |
| 766 | SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
| 767 | SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| 768 | |
| 769 | return; |
| 770 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 771 | #endif |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 772 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 773 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 774 | void ssl_calc_verify_tls( ssl_context *ssl, unsigned char hash[36] ) |
| 775 | { |
| 776 | md5_context md5; |
| 777 | sha1_context sha1; |
| 778 | |
| 779 | SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) ); |
| 780 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 781 | memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) ); |
| 782 | memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) ); |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 783 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 784 | md5_finish( &md5, hash ); |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 785 | sha1_finish( &sha1, hash + 16 ); |
| 786 | |
| 787 | SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); |
| 788 | SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| 789 | |
| 790 | return; |
| 791 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 792 | #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 */ |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 793 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 794 | #if defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 795 | #if defined(POLARSSL_SHA256_C) |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 796 | void ssl_calc_verify_tls_sha256( ssl_context *ssl, unsigned char hash[32] ) |
| 797 | { |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 798 | sha256_context sha256; |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 799 | |
| 800 | SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); |
| 801 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 802 | memcpy( &sha256, &ssl->handshake->fin_sha256, sizeof(sha256_context) ); |
| 803 | sha256_finish( &sha256, hash ); |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 804 | |
| 805 | SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); |
| 806 | SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| 807 | |
| 808 | return; |
| 809 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 810 | #endif /* POLARSSL_SHA256_C */ |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 811 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 812 | #if defined(POLARSSL_SHA512_C) |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 813 | void ssl_calc_verify_tls_sha384( ssl_context *ssl, unsigned char hash[48] ) |
| 814 | { |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 815 | sha512_context sha512; |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 816 | |
| 817 | SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); |
| 818 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 819 | memcpy( &sha512, &ssl->handshake->fin_sha512, sizeof(sha512_context) ); |
| 820 | sha512_finish( &sha512, hash ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 821 | |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 822 | SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 823 | SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); |
| 824 | |
| 825 | return; |
| 826 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 827 | #endif /* POLARSSL_SHA512_C */ |
| 828 | #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 829 | |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 830 | #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Manuel Pégourié-Gonnard | bd1ae24 | 2013-10-14 13:09:25 +0200 | [diff] [blame] | 831 | int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex ) |
| 832 | { |
Manuel Pégourié-Gonnard | bd1ae24 | 2013-10-14 13:09:25 +0200 | [diff] [blame] | 833 | unsigned char *p = ssl->handshake->premaster; |
| 834 | unsigned char *end = p + sizeof( ssl->handshake->premaster ); |
| 835 | |
| 836 | /* |
| 837 | * PMS = struct { |
| 838 | * opaque other_secret<0..2^16-1>; |
| 839 | * opaque psk<0..2^16-1>; |
| 840 | * }; |
| 841 | * with "other_secret" depending on the particular key exchange |
| 842 | */ |
| 843 | #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) |
| 844 | if( key_ex == POLARSSL_KEY_EXCHANGE_PSK ) |
| 845 | { |
| 846 | if( end - p < 2 + (int) ssl->psk_len ) |
| 847 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 848 | |
| 849 | *(p++) = (unsigned char)( ssl->psk_len >> 8 ); |
| 850 | *(p++) = (unsigned char)( ssl->psk_len ); |
| 851 | p += ssl->psk_len; |
| 852 | } |
| 853 | else |
| 854 | #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ |
Manuel Pégourié-Gonnard | 0fae60b | 2013-10-14 17:39:48 +0200 | [diff] [blame] | 855 | #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) |
| 856 | if( key_ex == POLARSSL_KEY_EXCHANGE_RSA_PSK ) |
| 857 | { |
| 858 | /* |
| 859 | * other_secret already set by the ClientKeyExchange message, |
| 860 | * and is 48 bytes long |
| 861 | */ |
| 862 | *p++ = 0; |
| 863 | *p++ = 48; |
| 864 | p += 48; |
| 865 | } |
| 866 | else |
| 867 | #endif /* POLARSSL_KEY_EXCHANGE_RSA_PKS_ENABLED */ |
Manuel Pégourié-Gonnard | bd1ae24 | 2013-10-14 13:09:25 +0200 | [diff] [blame] | 868 | #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) |
| 869 | if( key_ex == POLARSSL_KEY_EXCHANGE_DHE_PSK ) |
| 870 | { |
Manuel Pégourié-Gonnard | 1b62c7f | 2013-10-14 14:02:19 +0200 | [diff] [blame] | 871 | int ret; |
Manuel Pégourié-Gonnard | bd1ae24 | 2013-10-14 13:09:25 +0200 | [diff] [blame] | 872 | size_t len = ssl->handshake->dhm_ctx.len; |
| 873 | |
| 874 | if( end - p < 2 + (int) len ) |
| 875 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 876 | |
| 877 | *(p++) = (unsigned char)( len >> 8 ); |
| 878 | *(p++) = (unsigned char)( len ); |
| 879 | if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx, |
| 880 | p, &len, ssl->f_rng, ssl->p_rng ) ) != 0 ) |
| 881 | { |
| 882 | SSL_DEBUG_RET( 1, "dhm_calc_secret", ret ); |
| 883 | return( ret ); |
| 884 | } |
| 885 | p += len; |
| 886 | |
| 887 | SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); |
| 888 | } |
| 889 | else |
| 890 | #endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */ |
| 891 | #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
| 892 | if( key_ex == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ) |
| 893 | { |
Manuel Pégourié-Gonnard | 1b62c7f | 2013-10-14 14:02:19 +0200 | [diff] [blame] | 894 | int ret; |
Manuel Pégourié-Gonnard | bd1ae24 | 2013-10-14 13:09:25 +0200 | [diff] [blame] | 895 | size_t zlen; |
| 896 | |
| 897 | if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, |
| 898 | p + 2, end - (p + 2), |
| 899 | ssl->f_rng, ssl->p_rng ) ) != 0 ) |
| 900 | { |
| 901 | SSL_DEBUG_RET( 1, "ecdh_calc_secret", ret ); |
| 902 | return( ret ); |
| 903 | } |
| 904 | |
| 905 | *(p++) = (unsigned char)( zlen >> 8 ); |
| 906 | *(p++) = (unsigned char)( zlen ); |
| 907 | p += zlen; |
| 908 | |
| 909 | SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); |
| 910 | } |
| 911 | else |
| 912 | #endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ |
| 913 | { |
| 914 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| 915 | return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); |
| 916 | } |
| 917 | |
| 918 | /* opaque psk<0..2^16-1>; */ |
Manuel Pégourié-Gonnard | b2bf5a1 | 2014-03-25 16:28:12 +0100 | [diff] [blame] | 919 | if( end - p < 2 + (int) ssl->psk_len ) |
| 920 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 921 | |
Manuel Pégourié-Gonnard | bd1ae24 | 2013-10-14 13:09:25 +0200 | [diff] [blame] | 922 | *(p++) = (unsigned char)( ssl->psk_len >> 8 ); |
| 923 | *(p++) = (unsigned char)( ssl->psk_len ); |
| 924 | memcpy( p, ssl->psk, ssl->psk_len ); |
| 925 | p += ssl->psk_len; |
| 926 | |
| 927 | ssl->handshake->pmslen = p - ssl->handshake->premaster; |
| 928 | |
| 929 | return( 0 ); |
| 930 | } |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 931 | #endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
Manuel Pégourié-Gonnard | bd1ae24 | 2013-10-14 13:09:25 +0200 | [diff] [blame] | 932 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 933 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 934 | /* |
| 935 | * SSLv3.0 MAC functions |
| 936 | */ |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 937 | static void ssl_mac( md_context_t *md_ctx, unsigned char *secret, |
| 938 | unsigned char *buf, size_t len, |
| 939 | unsigned char *ctr, int type ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 940 | { |
| 941 | unsigned char header[11]; |
| 942 | unsigned char padding[48]; |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 943 | int padlen = 0; |
| 944 | int md_size = md_get_size( md_ctx->md_info ); |
| 945 | int md_type = md_get_type( md_ctx->md_info ); |
| 946 | |
| 947 | if( md_type == POLARSSL_MD_MD5 ) |
| 948 | padlen = 48; |
| 949 | else if( md_type == POLARSSL_MD_SHA1 ) |
| 950 | padlen = 40; |
| 951 | else if( md_type == POLARSSL_MD_SHA256 ) |
| 952 | padlen = 32; |
Manuel Pégourié-Gonnard | c72ac7c | 2013-12-17 10:17:08 +0100 | [diff] [blame] | 953 | else if( md_type == POLARSSL_MD_SHA384 ) |
| 954 | padlen = 16; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 955 | |
| 956 | memcpy( header, ctr, 8 ); |
| 957 | header[ 8] = (unsigned char) type; |
| 958 | header[ 9] = (unsigned char)( len >> 8 ); |
| 959 | header[10] = (unsigned char)( len ); |
| 960 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 961 | memset( padding, 0x36, padlen ); |
| 962 | md_starts( md_ctx ); |
| 963 | md_update( md_ctx, secret, md_size ); |
| 964 | md_update( md_ctx, padding, padlen ); |
| 965 | md_update( md_ctx, header, 11 ); |
| 966 | md_update( md_ctx, buf, len ); |
| 967 | md_finish( md_ctx, buf + len ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 968 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 969 | memset( padding, 0x5C, padlen ); |
| 970 | md_starts( md_ctx ); |
| 971 | md_update( md_ctx, secret, md_size ); |
| 972 | md_update( md_ctx, padding, padlen ); |
| 973 | md_update( md_ctx, buf + len, md_size ); |
| 974 | md_finish( md_ctx, buf + len ); |
Paul Bakker | 5f70b25 | 2012-09-13 14:23:06 +0000 | [diff] [blame] | 975 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 976 | #endif /* POLARSSL_SSL_PROTO_SSL3 */ |
Paul Bakker | 5f70b25 | 2012-09-13 14:23:06 +0000 | [diff] [blame] | 977 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 978 | /* |
| 979 | * Encryption/decryption functions |
Paul Bakker | f7abd42 | 2013-04-16 13:15:56 +0200 | [diff] [blame] | 980 | */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 981 | static int ssl_encrypt_buf( ssl_context *ssl ) |
| 982 | { |
Manuel Pégourié-Gonnard | f7dc378 | 2013-09-13 14:10:44 +0200 | [diff] [blame] | 983 | size_t i; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 984 | |
| 985 | SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); |
| 986 | |
| 987 | /* |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 988 | * Add MAC before encrypt, except for GCM |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 989 | */ |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 990 | #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \ |
| 991 | ( defined(POLARSSL_CIPHER_MODE_CBC) && \ |
| 992 | ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) ) |
| 993 | if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode != |
| 994 | POLARSSL_MODE_GCM ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 995 | { |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 996 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
| 997 | if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) |
| 998 | { |
| 999 | ssl_mac( &ssl->transform_out->md_ctx_enc, |
| 1000 | ssl->transform_out->mac_enc, |
| 1001 | ssl->out_msg, ssl->out_msglen, |
| 1002 | ssl->out_ctr, ssl->out_msgtype ); |
| 1003 | } |
| 1004 | else |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1005 | #endif |
| 1006 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \ |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1007 | defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 1008 | if( ssl->minor_ver >= SSL_MINOR_VERSION_1 ) |
| 1009 | { |
| 1010 | md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 13 ); |
| 1011 | md_hmac_update( &ssl->transform_out->md_ctx_enc, |
| 1012 | ssl->out_msg, ssl->out_msglen ); |
| 1013 | md_hmac_finish( &ssl->transform_out->md_ctx_enc, |
| 1014 | ssl->out_msg + ssl->out_msglen ); |
| 1015 | md_hmac_reset( &ssl->transform_out->md_ctx_enc ); |
| 1016 | } |
| 1017 | else |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1018 | #endif |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1019 | { |
| 1020 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| 1021 | return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); |
| 1022 | } |
| 1023 | |
| 1024 | SSL_DEBUG_BUF( 4, "computed mac", |
| 1025 | ssl->out_msg + ssl->out_msglen, |
| 1026 | ssl->transform_out->maclen ); |
| 1027 | |
| 1028 | ssl->out_msglen += ssl->transform_out->maclen; |
Paul Bakker | 577e006 | 2013-08-28 11:57:20 +0200 | [diff] [blame] | 1029 | } |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1030 | #endif /* GCM not the only option */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1031 | |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1032 | /* |
| 1033 | * Encrypt |
| 1034 | */ |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 1035 | #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) |
Manuel Pégourié-Gonnard | 126a66f | 2013-10-25 18:33:32 +0200 | [diff] [blame] | 1036 | if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode == |
| 1037 | POLARSSL_MODE_STREAM ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1038 | { |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1039 | int ret; |
| 1040 | size_t olen = 0; |
| 1041 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1042 | SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
| 1043 | "including %d bytes of padding", |
| 1044 | ssl->out_msglen, 0 ) ); |
| 1045 | |
| 1046 | SSL_DEBUG_BUF( 4, "before encrypt: output payload", |
| 1047 | ssl->out_msg, ssl->out_msglen ); |
| 1048 | |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1049 | if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 ) |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1050 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1051 | SSL_DEBUG_RET( 1, "cipher_reset", ret ); |
| 1052 | return( ret ); |
| 1053 | } |
| 1054 | |
| 1055 | if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc, |
| 1056 | ssl->transform_out->iv_enc, |
| 1057 | ssl->transform_out->ivlen ) ) != 0 ) |
| 1058 | { |
| 1059 | SSL_DEBUG_RET( 1, "cipher_set_iv", ret ); |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1060 | return( ret ); |
| 1061 | } |
| 1062 | |
| 1063 | if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc, |
| 1064 | ssl->out_msg, ssl->out_msglen, ssl->out_msg, |
| 1065 | &olen ) ) != 0 ) |
| 1066 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1067 | SSL_DEBUG_RET( 1, "cipher_update", ret ); |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1068 | return( ret ); |
| 1069 | } |
| 1070 | |
| 1071 | if( ssl->out_msglen != olen ) |
| 1072 | { |
| 1073 | SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d", |
| 1074 | ssl->out_msglen, olen ) ); |
Manuel Pégourié-Gonnard | a8a25ae | 2013-10-27 13:48:15 +0100 | [diff] [blame] | 1075 | return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1076 | } |
| 1077 | |
| 1078 | if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc, |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1079 | ssl->out_msg + olen, &olen ) ) != 0 ) |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1080 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1081 | SSL_DEBUG_RET( 1, "cipher_finish", ret ); |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1082 | return( ret ); |
| 1083 | } |
| 1084 | |
| 1085 | if( 0 != olen ) |
| 1086 | { |
| 1087 | SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d", |
| 1088 | 0, olen ) ); |
Manuel Pégourié-Gonnard | a8a25ae | 2013-10-27 13:48:15 +0100 | [diff] [blame] | 1089 | return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1090 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1091 | } |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1092 | else |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 1093 | #endif /* POLARSSL_ARC4_C || POLARSSL_CIPHER_NULL_CIPHER */ |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1094 | #if defined(POLARSSL_GCM_C) |
Manuel Pégourié-Gonnard | 126a66f | 2013-10-25 18:33:32 +0200 | [diff] [blame] | 1095 | if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode == |
| 1096 | POLARSSL_MODE_GCM ) |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1097 | { |
Manuel Pégourié-Gonnard | d13a409 | 2013-09-05 16:10:41 +0200 | [diff] [blame] | 1098 | size_t enc_msglen, olen, totlen; |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1099 | unsigned char *enc_msg; |
| 1100 | unsigned char add_data[13]; |
| 1101 | int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; |
| 1102 | |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1103 | memcpy( add_data, ssl->out_ctr, 8 ); |
| 1104 | add_data[8] = ssl->out_msgtype; |
| 1105 | add_data[9] = ssl->major_ver; |
| 1106 | add_data[10] = ssl->minor_ver; |
| 1107 | add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF; |
| 1108 | add_data[12] = ssl->out_msglen & 0xFF; |
| 1109 | |
| 1110 | SSL_DEBUG_BUF( 4, "additional data used for AEAD", |
| 1111 | add_data, 13 ); |
| 1112 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1113 | /* |
| 1114 | * Generate IV |
| 1115 | */ |
| 1116 | ret = ssl->f_rng( ssl->p_rng, |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1117 | ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1118 | ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); |
| 1119 | if( ret != 0 ) |
| 1120 | return( ret ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1121 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1122 | memcpy( ssl->out_iv, |
| 1123 | ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, |
| 1124 | ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1125 | |
Manuel Pégourié-Gonnard | 226d5da | 2013-09-05 13:19:22 +0200 | [diff] [blame] | 1126 | SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv, |
| 1127 | ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); |
| 1128 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1129 | /* |
| 1130 | * Fix pointer positions and message length with added IV |
| 1131 | */ |
| 1132 | enc_msg = ssl->out_msg; |
| 1133 | enc_msglen = ssl->out_msglen; |
| 1134 | ssl->out_msglen += ssl->transform_out->ivlen - |
| 1135 | ssl->transform_out->fixed_ivlen; |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1136 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1137 | SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
| 1138 | "including %d bytes of padding", |
| 1139 | ssl->out_msglen, 0 ) ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1140 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1141 | SSL_DEBUG_BUF( 4, "before encrypt: output payload", |
| 1142 | ssl->out_msg, ssl->out_msglen ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1143 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1144 | /* |
Manuel Pégourié-Gonnard | d13a409 | 2013-09-05 16:10:41 +0200 | [diff] [blame] | 1145 | * Encrypt |
| 1146 | */ |
| 1147 | if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc, |
| 1148 | ssl->transform_out->iv_enc, |
| 1149 | ssl->transform_out->ivlen ) ) != 0 || |
| 1150 | ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 ) |
| 1151 | { |
| 1152 | return( ret ); |
| 1153 | } |
| 1154 | |
| 1155 | if( ( ret = cipher_update_ad( &ssl->transform_out->cipher_ctx_enc, |
| 1156 | add_data, 13 ) ) != 0 ) |
| 1157 | { |
| 1158 | return( ret ); |
| 1159 | } |
| 1160 | |
| 1161 | if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc, |
| 1162 | enc_msg, enc_msglen, |
| 1163 | enc_msg, &olen ) ) != 0 ) |
| 1164 | { |
| 1165 | return( ret ); |
| 1166 | } |
| 1167 | totlen = olen; |
| 1168 | |
| 1169 | if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc, |
| 1170 | enc_msg + olen, &olen ) ) != 0 ) |
| 1171 | { |
| 1172 | return( ret ); |
| 1173 | } |
| 1174 | totlen += olen; |
| 1175 | |
| 1176 | if( totlen != enc_msglen ) |
| 1177 | { |
| 1178 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| 1179 | return( -1 ); |
| 1180 | } |
| 1181 | |
| 1182 | /* |
| 1183 | * Authenticate |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1184 | */ |
| 1185 | ssl->out_msglen += 16; |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1186 | |
Manuel Pégourié-Gonnard | d13a409 | 2013-09-05 16:10:41 +0200 | [diff] [blame] | 1187 | if( ( ret = cipher_write_tag( &ssl->transform_out->cipher_ctx_enc, |
| 1188 | enc_msg + enc_msglen, 16 ) ) != 0 ) |
| 1189 | { |
| 1190 | return( ret ); |
| 1191 | } |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1192 | |
Manuel Pégourié-Gonnard | d13a409 | 2013-09-05 16:10:41 +0200 | [diff] [blame] | 1193 | SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, 16 ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1194 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1195 | else |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1196 | #endif /* POLARSSL_GCM_C */ |
Manuel Pégourié-Gonnard | 126a66f | 2013-10-25 18:33:32 +0200 | [diff] [blame] | 1197 | #if defined(POLARSSL_CIPHER_MODE_CBC) && \ |
| 1198 | ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) |
Manuel Pégourié-Gonnard | f7dc378 | 2013-09-13 14:10:44 +0200 | [diff] [blame] | 1199 | if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode == |
| 1200 | POLARSSL_MODE_CBC ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1201 | { |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 1202 | int ret; |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1203 | unsigned char *enc_msg; |
Manuel Pégourié-Gonnard | f7dc378 | 2013-09-13 14:10:44 +0200 | [diff] [blame] | 1204 | size_t enc_msglen, padlen, olen = 0; |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1205 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1206 | padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) % |
| 1207 | ssl->transform_out->ivlen; |
| 1208 | if( padlen == ssl->transform_out->ivlen ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1209 | padlen = 0; |
| 1210 | |
| 1211 | for( i = 0; i <= padlen; i++ ) |
| 1212 | ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen; |
| 1213 | |
| 1214 | ssl->out_msglen += padlen + 1; |
| 1215 | |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1216 | enc_msglen = ssl->out_msglen; |
| 1217 | enc_msg = ssl->out_msg; |
| 1218 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1219 | #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2) |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1220 | /* |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 1221 | * Prepend per-record IV for block cipher in TLS v1.1 and up as per |
| 1222 | * Method 1 (6.2.3.2. in RFC4346 and RFC5246) |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1223 | */ |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 1224 | if( ssl->minor_ver >= SSL_MINOR_VERSION_2 ) |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1225 | { |
| 1226 | /* |
| 1227 | * Generate IV |
| 1228 | */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1229 | int ret = ssl->f_rng( ssl->p_rng, ssl->transform_out->iv_enc, |
| 1230 | ssl->transform_out->ivlen ); |
Paul Bakker | a3d195c | 2011-11-27 21:07:34 +0000 | [diff] [blame] | 1231 | if( ret != 0 ) |
| 1232 | return( ret ); |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1233 | |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 1234 | memcpy( ssl->out_iv, ssl->transform_out->iv_enc, |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1235 | ssl->transform_out->ivlen ); |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1236 | |
| 1237 | /* |
| 1238 | * Fix pointer positions and message length with added IV |
| 1239 | */ |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 1240 | enc_msg = ssl->out_msg; |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1241 | enc_msglen = ssl->out_msglen; |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1242 | ssl->out_msglen += ssl->transform_out->ivlen; |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1243 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1244 | #endif /* POLARSSL_SSL_PROTO_TLS1_1 || POLARSSL_SSL_PROTO_TLS1_2 */ |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1245 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1246 | SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1247 | "including %d bytes of IV and %d bytes of padding", |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1248 | ssl->out_msglen, ssl->transform_out->ivlen, padlen + 1 ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1249 | |
| 1250 | SSL_DEBUG_BUF( 4, "before encrypt: output payload", |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 1251 | ssl->out_iv, ssl->out_msglen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1252 | |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1253 | if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1254 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1255 | SSL_DEBUG_RET( 1, "cipher_reset", ret ); |
| 1256 | return( ret ); |
| 1257 | } |
| 1258 | |
| 1259 | if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc, |
| 1260 | ssl->transform_out->iv_enc, |
| 1261 | ssl->transform_out->ivlen ) ) != 0 ) |
| 1262 | { |
| 1263 | SSL_DEBUG_RET( 1, "cipher_set_iv", ret ); |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1264 | return( ret ); |
| 1265 | } |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1266 | |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1267 | if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc, |
| 1268 | enc_msg, enc_msglen, enc_msg, |
| 1269 | &olen ) ) != 0 ) |
| 1270 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1271 | SSL_DEBUG_RET( 1, "cipher_update", ret ); |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1272 | return( ret ); |
| 1273 | } |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1274 | |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1275 | enc_msglen -= olen; |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 1276 | |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1277 | if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc, |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1278 | enc_msg + olen, &olen ) ) != 0 ) |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1279 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1280 | SSL_DEBUG_RET( 1, "cipher_finish", ret ); |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1281 | return( ret ); |
| 1282 | } |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 1283 | |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1284 | if( enc_msglen != olen ) |
| 1285 | { |
| 1286 | SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d", |
| 1287 | enc_msglen, olen ) ); |
Manuel Pégourié-Gonnard | a8a25ae | 2013-10-27 13:48:15 +0100 | [diff] [blame] | 1288 | return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1289 | } |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 1290 | |
| 1291 | #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1292 | if( ssl->minor_ver < SSL_MINOR_VERSION_2 ) |
| 1293 | { |
| 1294 | /* |
| 1295 | * Save IV in SSL3 and TLS1 |
| 1296 | */ |
| 1297 | memcpy( ssl->transform_out->iv_enc, |
| 1298 | ssl->transform_out->cipher_ctx_enc.iv, |
| 1299 | ssl->transform_out->ivlen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1300 | } |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1301 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1302 | } |
Manuel Pégourié-Gonnard | f7dc378 | 2013-09-13 14:10:44 +0200 | [diff] [blame] | 1303 | else |
Manuel Pégourié-Gonnard | 126a66f | 2013-10-25 18:33:32 +0200 | [diff] [blame] | 1304 | #endif /* POLARSSL_CIPHER_MODE_CBC && |
| 1305 | ( POLARSSL_AES_C || POLARSSL_CAMELLIA_C ) */ |
Manuel Pégourié-Gonnard | f7dc378 | 2013-09-13 14:10:44 +0200 | [diff] [blame] | 1306 | { |
| 1307 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| 1308 | return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); |
| 1309 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1310 | |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1311 | for( i = 8; i > 0; i-- ) |
| 1312 | if( ++ssl->out_ctr[i - 1] != 0 ) |
| 1313 | break; |
| 1314 | |
Manuel Pégourié-Gonnard | 83cdffc | 2014-03-10 21:20:29 +0100 | [diff] [blame] | 1315 | /* The loops goes to its end iff the counter is wrapping */ |
| 1316 | if( i == 0 ) |
| 1317 | { |
| 1318 | SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); |
| 1319 | return( POLARSSL_ERR_SSL_COUNTER_WRAPPING ); |
| 1320 | } |
| 1321 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1322 | SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); |
| 1323 | |
| 1324 | return( 0 ); |
| 1325 | } |
| 1326 | |
Paul Bakker | b7149bc | 2013-03-20 15:30:09 +0100 | [diff] [blame] | 1327 | #define POLARSSL_SSL_MAX_MAC_SIZE 48 |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 1328 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1329 | static int ssl_decrypt_buf( ssl_context *ssl ) |
| 1330 | { |
Paul Bakker | 1e5369c | 2013-12-19 16:40:57 +0100 | [diff] [blame] | 1331 | size_t i; |
| 1332 | #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \ |
| 1333 | ( defined(POLARSSL_CIPHER_MODE_CBC) && \ |
| 1334 | ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) ) |
| 1335 | size_t padlen = 0, correct = 1; |
| 1336 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1337 | |
| 1338 | SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); |
| 1339 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1340 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1341 | { |
| 1342 | SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)", |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1343 | ssl->in_msglen, ssl->transform_in->minlen ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 1344 | return( POLARSSL_ERR_SSL_INVALID_MAC ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1345 | } |
| 1346 | |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 1347 | #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) |
Manuel Pégourié-Gonnard | 126a66f | 2013-10-25 18:33:32 +0200 | [diff] [blame] | 1348 | if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode == |
| 1349 | POLARSSL_MODE_STREAM ) |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1350 | { |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1351 | int ret; |
| 1352 | size_t olen = 0; |
| 1353 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1354 | padlen = 0; |
| 1355 | |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1356 | if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 ) |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1357 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1358 | SSL_DEBUG_RET( 1, "cipher_reset", ret ); |
| 1359 | return( ret ); |
| 1360 | } |
| 1361 | |
| 1362 | if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec, |
| 1363 | ssl->transform_in->iv_dec, |
| 1364 | ssl->transform_in->ivlen ) ) != 0 ) |
| 1365 | { |
| 1366 | SSL_DEBUG_RET( 1, "cipher_set_iv", ret ); |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1367 | return( ret ); |
| 1368 | } |
| 1369 | |
| 1370 | if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec, |
| 1371 | ssl->in_msg, ssl->in_msglen, ssl->in_msg, |
| 1372 | &olen ) ) != 0 ) |
| 1373 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1374 | SSL_DEBUG_RET( 1, "cipher_update", ret ); |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1375 | return( ret ); |
| 1376 | } |
| 1377 | |
| 1378 | if( ssl->in_msglen != olen ) |
| 1379 | { |
| 1380 | SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) ); |
Manuel Pégourié-Gonnard | a8a25ae | 2013-10-27 13:48:15 +0100 | [diff] [blame] | 1381 | return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1382 | } |
| 1383 | |
| 1384 | if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec, |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1385 | ssl->in_msg + olen, &olen ) ) != 0 ) |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1386 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1387 | SSL_DEBUG_RET( 1, "cipher_finish", ret ); |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1388 | return( ret ); |
| 1389 | } |
| 1390 | |
| 1391 | if( 0 != olen ) |
| 1392 | { |
| 1393 | SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) ); |
Manuel Pégourié-Gonnard | a8a25ae | 2013-10-27 13:48:15 +0100 | [diff] [blame] | 1394 | return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); |
Paul Bakker | ea6ad3f | 2013-09-02 14:57:01 +0200 | [diff] [blame] | 1395 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1396 | } |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1397 | else |
Manuel Pégourié-Gonnard | 8866591 | 2013-10-25 18:42:44 +0200 | [diff] [blame] | 1398 | #endif /* POLARSSL_ARC4_C || POLARSSL_CIPHER_NULL_CIPHER */ |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1399 | #if defined(POLARSSL_GCM_C) |
Manuel Pégourié-Gonnard | 126a66f | 2013-10-25 18:33:32 +0200 | [diff] [blame] | 1400 | if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode == |
| 1401 | POLARSSL_MODE_GCM ) |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1402 | { |
| 1403 | unsigned char *dec_msg; |
| 1404 | unsigned char *dec_msg_result; |
Manuel Pégourié-Gonnard | d13a409 | 2013-09-05 16:10:41 +0200 | [diff] [blame] | 1405 | size_t dec_msglen, olen, totlen; |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1406 | unsigned char add_data[13]; |
| 1407 | int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; |
| 1408 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1409 | dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen - |
| 1410 | ssl->transform_in->fixed_ivlen ); |
| 1411 | dec_msglen -= 16; |
| 1412 | dec_msg = ssl->in_msg; |
| 1413 | dec_msg_result = ssl->in_msg; |
| 1414 | ssl->in_msglen = dec_msglen; |
| 1415 | |
| 1416 | memcpy( add_data, ssl->in_ctr, 8 ); |
| 1417 | add_data[8] = ssl->in_msgtype; |
| 1418 | add_data[9] = ssl->major_ver; |
| 1419 | add_data[10] = ssl->minor_ver; |
| 1420 | add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; |
| 1421 | add_data[12] = ssl->in_msglen & 0xFF; |
| 1422 | |
| 1423 | SSL_DEBUG_BUF( 4, "additional data used for AEAD", |
| 1424 | add_data, 13 ); |
| 1425 | |
| 1426 | memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen, |
| 1427 | ssl->in_iv, |
| 1428 | ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen ); |
| 1429 | |
| 1430 | SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec, |
| 1431 | ssl->transform_in->ivlen ); |
| 1432 | SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 ); |
| 1433 | |
Manuel Pégourié-Gonnard | d13a409 | 2013-09-05 16:10:41 +0200 | [diff] [blame] | 1434 | /* |
| 1435 | * Decrypt |
| 1436 | */ |
| 1437 | if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec, |
| 1438 | ssl->transform_in->iv_dec, |
| 1439 | ssl->transform_in->ivlen ) ) != 0 || |
| 1440 | ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 ) |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1441 | { |
Manuel Pégourié-Gonnard | d13a409 | 2013-09-05 16:10:41 +0200 | [diff] [blame] | 1442 | return( ret ); |
| 1443 | } |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1444 | |
Manuel Pégourié-Gonnard | d13a409 | 2013-09-05 16:10:41 +0200 | [diff] [blame] | 1445 | if( ( ret = cipher_update_ad( &ssl->transform_in->cipher_ctx_dec, |
| 1446 | add_data, 13 ) ) != 0 ) |
| 1447 | { |
| 1448 | return( ret ); |
| 1449 | } |
| 1450 | |
| 1451 | if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec, |
| 1452 | dec_msg, dec_msglen, |
| 1453 | dec_msg_result, &olen ) ) != 0 ) |
| 1454 | { |
| 1455 | return( ret ); |
| 1456 | } |
| 1457 | totlen = olen; |
| 1458 | |
| 1459 | if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec, |
| 1460 | dec_msg_result + olen, &olen ) ) != 0 ) |
| 1461 | { |
| 1462 | return( ret ); |
| 1463 | } |
| 1464 | totlen += olen; |
| 1465 | |
| 1466 | if( totlen != dec_msglen ) |
| 1467 | { |
| 1468 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| 1469 | return( -1 ); |
| 1470 | } |
| 1471 | |
| 1472 | /* |
| 1473 | * Authenticate |
| 1474 | */ |
| 1475 | if( ( ret = cipher_check_tag( &ssl->transform_in->cipher_ctx_dec, |
| 1476 | dec_msg + dec_msglen, 16 ) ) != 0 ) |
| 1477 | { |
| 1478 | SSL_DEBUG_RET( 1, "cipher_check_tag", ret ); |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1479 | return( POLARSSL_ERR_SSL_INVALID_MAC ); |
| 1480 | } |
Manuel Pégourié-Gonnard | 226d5da | 2013-09-05 13:19:22 +0200 | [diff] [blame] | 1481 | |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 1482 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1483 | else |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 1484 | #endif /* POLARSSL_GCM_C */ |
Manuel Pégourié-Gonnard | 126a66f | 2013-10-25 18:33:32 +0200 | [diff] [blame] | 1485 | #if defined(POLARSSL_CIPHER_MODE_CBC) && \ |
| 1486 | ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) |
Manuel Pégourié-Gonnard | f7dc378 | 2013-09-13 14:10:44 +0200 | [diff] [blame] | 1487 | if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode == |
| 1488 | POLARSSL_MODE_CBC ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1489 | { |
Paul Bakker | 4582999 | 2013-01-03 14:52:21 +0100 | [diff] [blame] | 1490 | /* |
| 1491 | * Decrypt and check the padding |
| 1492 | */ |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 1493 | int ret; |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1494 | unsigned char *dec_msg; |
| 1495 | unsigned char *dec_msg_result; |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 1496 | size_t dec_msglen; |
Paul Bakker | e47b34b | 2013-02-27 14:48:00 +0100 | [diff] [blame] | 1497 | size_t minlen = 0; |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 1498 | size_t olen = 0; |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1499 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1500 | /* |
Paul Bakker | 4582999 | 2013-01-03 14:52:21 +0100 | [diff] [blame] | 1501 | * Check immediate ciphertext sanity |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1502 | */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1503 | if( ssl->in_msglen % ssl->transform_in->ivlen != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1504 | { |
| 1505 | SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0", |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1506 | ssl->in_msglen, ssl->transform_in->ivlen ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 1507 | return( POLARSSL_ERR_SSL_INVALID_MAC ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1508 | } |
| 1509 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1510 | #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2) |
Paul Bakker | 4582999 | 2013-01-03 14:52:21 +0100 | [diff] [blame] | 1511 | if( ssl->minor_ver >= SSL_MINOR_VERSION_2 ) |
| 1512 | minlen += ssl->transform_in->ivlen; |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1513 | #endif |
Paul Bakker | 4582999 | 2013-01-03 14:52:21 +0100 | [diff] [blame] | 1514 | |
| 1515 | if( ssl->in_msglen < minlen + ssl->transform_in->ivlen || |
| 1516 | ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 ) |
| 1517 | { |
| 1518 | SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) + 1 ) ( + expl IV )", |
| 1519 | ssl->in_msglen, ssl->transform_in->ivlen, ssl->transform_in->maclen ) ); |
| 1520 | return( POLARSSL_ERR_SSL_INVALID_MAC ); |
| 1521 | } |
| 1522 | |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1523 | dec_msglen = ssl->in_msglen; |
| 1524 | dec_msg = ssl->in_msg; |
| 1525 | dec_msg_result = ssl->in_msg; |
| 1526 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1527 | #if defined(POLARSSL_SSL_PROTO_TLS1_1) || defined(POLARSSL_SSL_PROTO_TLS1_2) |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1528 | /* |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 1529 | * Initialize for prepended IV for block cipher in TLS v1.1 and up |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1530 | */ |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 1531 | if( ssl->minor_ver >= SSL_MINOR_VERSION_2 ) |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1532 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1533 | dec_msglen -= ssl->transform_in->ivlen; |
| 1534 | ssl->in_msglen -= ssl->transform_in->ivlen; |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1535 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1536 | for( i = 0; i < ssl->transform_in->ivlen; i++ ) |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 1537 | ssl->transform_in->iv_dec[i] = ssl->in_iv[i]; |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1538 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1539 | #endif /* POLARSSL_SSL_PROTO_TLS1_1 || POLARSSL_SSL_PROTO_TLS1_2 */ |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 1540 | |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1541 | if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1542 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1543 | SSL_DEBUG_RET( 1, "cipher_reset", ret ); |
| 1544 | return( ret ); |
| 1545 | } |
| 1546 | |
| 1547 | if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec, |
| 1548 | ssl->transform_in->iv_dec, |
| 1549 | ssl->transform_in->ivlen ) ) != 0 ) |
| 1550 | { |
| 1551 | SSL_DEBUG_RET( 1, "cipher_set_iv", ret ); |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1552 | return( ret ); |
| 1553 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1554 | |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1555 | if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec, |
| 1556 | dec_msg, dec_msglen, dec_msg_result, |
| 1557 | &olen ) ) != 0 ) |
| 1558 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1559 | SSL_DEBUG_RET( 1, "cipher_update", ret ); |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1560 | return( ret ); |
| 1561 | } |
Paul Bakker | b5ef0ba | 2009-01-11 20:25:36 +0000 | [diff] [blame] | 1562 | |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1563 | dec_msglen -= olen; |
| 1564 | if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec, |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1565 | dec_msg_result + olen, &olen ) ) != 0 ) |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1566 | { |
Paul Bakker | 45125bc | 2013-09-04 16:47:11 +0200 | [diff] [blame] | 1567 | SSL_DEBUG_RET( 1, "cipher_finish", ret ); |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1568 | return( ret ); |
| 1569 | } |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 1570 | |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1571 | if( dec_msglen != olen ) |
| 1572 | { |
| 1573 | SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) ); |
Manuel Pégourié-Gonnard | a8a25ae | 2013-10-27 13:48:15 +0100 | [diff] [blame] | 1574 | return( POLARSSL_ERR_SSL_INTERNAL_ERROR ); |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1575 | } |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 1576 | |
| 1577 | #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1578 | if( ssl->minor_ver < SSL_MINOR_VERSION_2 ) |
| 1579 | { |
| 1580 | /* |
| 1581 | * Save IV in SSL3 and TLS1 |
| 1582 | */ |
| 1583 | memcpy( ssl->transform_in->iv_dec, |
| 1584 | ssl->transform_in->cipher_ctx_dec.iv, |
| 1585 | ssl->transform_in->ivlen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1586 | } |
Paul Bakker | cca5b81 | 2013-08-31 17:40:26 +0200 | [diff] [blame] | 1587 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1588 | |
| 1589 | padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; |
Paul Bakker | 4582999 | 2013-01-03 14:52:21 +0100 | [diff] [blame] | 1590 | |
| 1591 | if( ssl->in_msglen < ssl->transform_in->maclen + padlen ) |
| 1592 | { |
Paul Bakker | d66f070 | 2013-01-31 16:57:45 +0100 | [diff] [blame] | 1593 | #if defined(POLARSSL_SSL_DEBUG_ALL) |
Paul Bakker | 4582999 | 2013-01-03 14:52:21 +0100 | [diff] [blame] | 1594 | SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)", |
| 1595 | ssl->in_msglen, ssl->transform_in->maclen, padlen ) ); |
Paul Bakker | d66f070 | 2013-01-31 16:57:45 +0100 | [diff] [blame] | 1596 | #endif |
Paul Bakker | 4582999 | 2013-01-03 14:52:21 +0100 | [diff] [blame] | 1597 | padlen = 0; |
Paul Bakker | 4582999 | 2013-01-03 14:52:21 +0100 | [diff] [blame] | 1598 | correct = 0; |
| 1599 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1600 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1601 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1602 | if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) |
| 1603 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1604 | if( padlen > ssl->transform_in->ivlen ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1605 | { |
Paul Bakker | d66f070 | 2013-01-31 16:57:45 +0100 | [diff] [blame] | 1606 | #if defined(POLARSSL_SSL_DEBUG_ALL) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1607 | SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " |
| 1608 | "should be no more than %d", |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1609 | padlen, ssl->transform_in->ivlen ) ); |
Paul Bakker | d66f070 | 2013-01-31 16:57:45 +0100 | [diff] [blame] | 1610 | #endif |
Paul Bakker | 4582999 | 2013-01-03 14:52:21 +0100 | [diff] [blame] | 1611 | correct = 0; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1612 | } |
| 1613 | } |
| 1614 | else |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1615 | #endif |
| 1616 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \ |
| 1617 | defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 1618 | if( ssl->minor_ver > SSL_MINOR_VERSION_0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1619 | { |
| 1620 | /* |
Paul Bakker | 4582999 | 2013-01-03 14:52:21 +0100 | [diff] [blame] | 1621 | * TLSv1+: always check the padding up to the first failure |
| 1622 | * and fake check up to 256 bytes of padding |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1623 | */ |
Paul Bakker | ca9c87e | 2013-09-25 18:52:37 +0200 | [diff] [blame] | 1624 | size_t pad_count = 0, real_count = 1; |
Paul Bakker | e47b34b | 2013-02-27 14:48:00 +0100 | [diff] [blame] | 1625 | size_t padding_idx = ssl->in_msglen - padlen - 1; |
| 1626 | |
Paul Bakker | 956c9e0 | 2013-12-19 14:42:28 +0100 | [diff] [blame] | 1627 | /* |
| 1628 | * Padding is guaranteed to be incorrect if: |
Paul Bakker | 91c61bc | 2014-03-26 14:06:55 +0100 | [diff] [blame] | 1629 | * 1. padlen >= ssl->in_msglen |
Paul Bakker | 956c9e0 | 2013-12-19 14:42:28 +0100 | [diff] [blame] | 1630 | * |
Paul Bakker | 91c61bc | 2014-03-26 14:06:55 +0100 | [diff] [blame] | 1631 | * 2. padding_idx > SSL_MAX_CONTENT_LEN |
Paul Bakker | 956c9e0 | 2013-12-19 14:42:28 +0100 | [diff] [blame] | 1632 | * |
| 1633 | * In both cases we reset padding_idx to a safe value (0) to |
| 1634 | * prevent out-of-buffer reads. |
| 1635 | */ |
Paul Bakker | 91c61bc | 2014-03-26 14:06:55 +0100 | [diff] [blame] | 1636 | correct &= ( ssl->in_msglen >= padlen + 1 ); |
| 1637 | correct &= ( padding_idx <= SSL_MAX_CONTENT_LEN ); |
Paul Bakker | 956c9e0 | 2013-12-19 14:42:28 +0100 | [diff] [blame] | 1638 | |
| 1639 | padding_idx *= correct; |
| 1640 | |
Paul Bakker | ca9c87e | 2013-09-25 18:52:37 +0200 | [diff] [blame] | 1641 | for( i = 1; i <= 256; i++ ) |
| 1642 | { |
| 1643 | real_count &= ( i <= padlen ); |
| 1644 | pad_count += real_count * |
| 1645 | ( ssl->in_msg[padding_idx + i] == padlen - 1 ); |
| 1646 | } |
Paul Bakker | e47b34b | 2013-02-27 14:48:00 +0100 | [diff] [blame] | 1647 | |
| 1648 | correct &= ( pad_count == padlen ); /* Only 1 on correct padding */ |
Paul Bakker | e47b34b | 2013-02-27 14:48:00 +0100 | [diff] [blame] | 1649 | |
Paul Bakker | d66f070 | 2013-01-31 16:57:45 +0100 | [diff] [blame] | 1650 | #if defined(POLARSSL_SSL_DEBUG_ALL) |
Paul Bakker | 4582999 | 2013-01-03 14:52:21 +0100 | [diff] [blame] | 1651 | if( padlen > 0 && correct == 0) |
| 1652 | SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) ); |
Paul Bakker | d66f070 | 2013-01-31 16:57:45 +0100 | [diff] [blame] | 1653 | #endif |
Paul Bakker | e47b34b | 2013-02-27 14:48:00 +0100 | [diff] [blame] | 1654 | padlen &= correct * 0x1FF; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1655 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1656 | else |
| 1657 | #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ |
| 1658 | POLARSSL_SSL_PROTO_TLS1_2 */ |
Paul Bakker | 577e006 | 2013-08-28 11:57:20 +0200 | [diff] [blame] | 1659 | { |
| 1660 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1661 | return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); |
Paul Bakker | 577e006 | 2013-08-28 11:57:20 +0200 | [diff] [blame] | 1662 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1663 | } |
Manuel Pégourié-Gonnard | f7dc378 | 2013-09-13 14:10:44 +0200 | [diff] [blame] | 1664 | else |
Manuel Pégourié-Gonnard | 126a66f | 2013-10-25 18:33:32 +0200 | [diff] [blame] | 1665 | #endif /* POLARSSL_CIPHER_MODE_CBC && |
| 1666 | ( POLARSSL_AES_C || POLARSSL_CAMELLIA_C ) */ |
Manuel Pégourié-Gonnard | f7dc378 | 2013-09-13 14:10:44 +0200 | [diff] [blame] | 1667 | { |
| 1668 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| 1669 | return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); |
| 1670 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1671 | |
| 1672 | SSL_DEBUG_BUF( 4, "raw buffer after decryption", |
| 1673 | ssl->in_msg, ssl->in_msglen ); |
| 1674 | |
| 1675 | /* |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1676 | * Always compute the MAC (RFC4346, CBCTIME), except for GCM of course |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1677 | */ |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1678 | #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \ |
| 1679 | ( defined(POLARSSL_CIPHER_MODE_CBC) && \ |
| 1680 | ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) ) |
| 1681 | if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode != |
| 1682 | POLARSSL_MODE_GCM ) |
| 1683 | { |
Paul Bakker | 1e5369c | 2013-12-19 16:40:57 +0100 | [diff] [blame] | 1684 | unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE]; |
| 1685 | |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1686 | ssl->in_msglen -= ( ssl->transform_in->maclen + padlen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1687 | |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1688 | ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 ); |
| 1689 | ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1690 | |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1691 | memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1692 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1693 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1694 | if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) |
| 1695 | { |
| 1696 | ssl_mac( &ssl->transform_in->md_ctx_dec, |
| 1697 | ssl->transform_in->mac_dec, |
| 1698 | ssl->in_msg, ssl->in_msglen, |
| 1699 | ssl->in_ctr, ssl->in_msgtype ); |
| 1700 | } |
| 1701 | else |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1702 | #endif /* POLARSSL_SSL_PROTO_SSL3 */ |
| 1703 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \ |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1704 | defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 1705 | if( ssl->minor_ver > SSL_MINOR_VERSION_0 ) |
| 1706 | { |
| 1707 | /* |
| 1708 | * Process MAC and always update for padlen afterwards to make |
| 1709 | * total time independent of padlen |
| 1710 | * |
| 1711 | * extra_run compensates MAC check for padlen |
| 1712 | * |
| 1713 | * Known timing attacks: |
| 1714 | * - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf) |
| 1715 | * |
| 1716 | * We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values |
| 1717 | * correctly. (We round down instead of up, so -56 is the correct |
| 1718 | * value for our calculations instead of -55) |
| 1719 | */ |
| 1720 | size_t j, extra_run = 0; |
| 1721 | extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 - |
| 1722 | ( 13 + ssl->in_msglen + 8 ) / 64; |
Paul Bakker | e47b34b | 2013-02-27 14:48:00 +0100 | [diff] [blame] | 1723 | |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1724 | extra_run &= correct * 0xFF; |
Paul Bakker | e47b34b | 2013-02-27 14:48:00 +0100 | [diff] [blame] | 1725 | |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1726 | md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 13 ); |
| 1727 | md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, |
| 1728 | ssl->in_msglen ); |
| 1729 | md_hmac_finish( &ssl->transform_in->md_ctx_dec, |
| 1730 | ssl->in_msg + ssl->in_msglen ); |
| 1731 | for( j = 0; j < extra_run; j++ ) |
| 1732 | md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); |
Paul Bakker | e47b34b | 2013-02-27 14:48:00 +0100 | [diff] [blame] | 1733 | |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1734 | md_hmac_reset( &ssl->transform_in->md_ctx_dec ); |
| 1735 | } |
| 1736 | else |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1737 | #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1738 | POLARSSL_SSL_PROTO_TLS1_2 */ |
| 1739 | { |
| 1740 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
| 1741 | return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); |
| 1742 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1743 | |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1744 | SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen ); |
| 1745 | SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen, |
| 1746 | ssl->transform_in->maclen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1747 | |
Manuel Pégourié-Gonnard | 31ff1d2 | 2013-10-28 13:46:11 +0100 | [diff] [blame] | 1748 | if( safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen, |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1749 | ssl->transform_in->maclen ) != 0 ) |
| 1750 | { |
Paul Bakker | e47b34b | 2013-02-27 14:48:00 +0100 | [diff] [blame] | 1751 | #if defined(POLARSSL_SSL_DEBUG_ALL) |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1752 | SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); |
Paul Bakker | e47b34b | 2013-02-27 14:48:00 +0100 | [diff] [blame] | 1753 | #endif |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1754 | correct = 0; |
| 1755 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1756 | |
Manuel Pégourié-Gonnard | 7109624 | 2013-10-25 19:31:25 +0200 | [diff] [blame] | 1757 | /* |
| 1758 | * Finally check the correct flag |
| 1759 | */ |
| 1760 | if( correct == 0 ) |
| 1761 | return( POLARSSL_ERR_SSL_INVALID_MAC ); |
| 1762 | } |
| 1763 | #endif /* GCM not the only option */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1764 | |
| 1765 | if( ssl->in_msglen == 0 ) |
| 1766 | { |
| 1767 | ssl->nb_zero++; |
| 1768 | |
| 1769 | /* |
| 1770 | * Three or more empty messages may be a DoS attack |
| 1771 | * (excessive CPU consumption). |
| 1772 | */ |
| 1773 | if( ssl->nb_zero > 3 ) |
| 1774 | { |
| 1775 | SSL_DEBUG_MSG( 1, ( "received four consecutive empty " |
| 1776 | "messages, possible DoS attack" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 1777 | return( POLARSSL_ERR_SSL_INVALID_MAC ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1778 | } |
| 1779 | } |
| 1780 | else |
| 1781 | ssl->nb_zero = 0; |
Paul Bakker | f7abd42 | 2013-04-16 13:15:56 +0200 | [diff] [blame] | 1782 | |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 1783 | for( i = 8; i > 0; i-- ) |
| 1784 | if( ++ssl->in_ctr[i - 1] != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1785 | break; |
| 1786 | |
Manuel Pégourié-Gonnard | 83cdffc | 2014-03-10 21:20:29 +0100 | [diff] [blame] | 1787 | /* The loops goes to its end iff the counter is wrapping */ |
| 1788 | if( i == 0 ) |
| 1789 | { |
| 1790 | SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); |
| 1791 | return( POLARSSL_ERR_SSL_COUNTER_WRAPPING ); |
| 1792 | } |
| 1793 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1794 | SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); |
| 1795 | |
| 1796 | return( 0 ); |
| 1797 | } |
| 1798 | |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1799 | #if defined(POLARSSL_ZLIB_SUPPORT) |
| 1800 | /* |
| 1801 | * Compression/decompression functions |
| 1802 | */ |
| 1803 | static int ssl_compress_buf( ssl_context *ssl ) |
| 1804 | { |
| 1805 | int ret; |
| 1806 | unsigned char *msg_post = ssl->out_msg; |
| 1807 | size_t len_pre = ssl->out_msglen; |
Paul Bakker | 1677033 | 2013-10-11 09:59:44 +0200 | [diff] [blame] | 1808 | unsigned char *msg_pre = ssl->compress_buf; |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1809 | |
| 1810 | SSL_DEBUG_MSG( 2, ( "=> compress buf" ) ); |
| 1811 | |
Paul Bakker | abf2f8f | 2013-06-30 14:57:46 +0200 | [diff] [blame] | 1812 | if( len_pre == 0 ) |
| 1813 | return( 0 ); |
| 1814 | |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1815 | memcpy( msg_pre, ssl->out_msg, len_pre ); |
| 1816 | |
| 1817 | SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ", |
| 1818 | ssl->out_msglen ) ); |
| 1819 | |
| 1820 | SSL_DEBUG_BUF( 4, "before compression: output payload", |
| 1821 | ssl->out_msg, ssl->out_msglen ); |
| 1822 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1823 | ssl->transform_out->ctx_deflate.next_in = msg_pre; |
| 1824 | ssl->transform_out->ctx_deflate.avail_in = len_pre; |
| 1825 | ssl->transform_out->ctx_deflate.next_out = msg_post; |
| 1826 | ssl->transform_out->ctx_deflate.avail_out = SSL_BUFFER_LEN; |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1827 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1828 | ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1829 | if( ret != Z_OK ) |
| 1830 | { |
| 1831 | SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) ); |
| 1832 | return( POLARSSL_ERR_SSL_COMPRESSION_FAILED ); |
| 1833 | } |
| 1834 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1835 | ssl->out_msglen = SSL_BUFFER_LEN - ssl->transform_out->ctx_deflate.avail_out; |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1836 | |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1837 | SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ", |
| 1838 | ssl->out_msglen ) ); |
| 1839 | |
| 1840 | SSL_DEBUG_BUF( 4, "after compression: output payload", |
| 1841 | ssl->out_msg, ssl->out_msglen ); |
| 1842 | |
| 1843 | SSL_DEBUG_MSG( 2, ( "<= compress buf" ) ); |
| 1844 | |
| 1845 | return( 0 ); |
| 1846 | } |
| 1847 | |
| 1848 | static int ssl_decompress_buf( ssl_context *ssl ) |
| 1849 | { |
| 1850 | int ret; |
| 1851 | unsigned char *msg_post = ssl->in_msg; |
| 1852 | size_t len_pre = ssl->in_msglen; |
Paul Bakker | 1677033 | 2013-10-11 09:59:44 +0200 | [diff] [blame] | 1853 | unsigned char *msg_pre = ssl->compress_buf; |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1854 | |
| 1855 | SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) ); |
| 1856 | |
Paul Bakker | abf2f8f | 2013-06-30 14:57:46 +0200 | [diff] [blame] | 1857 | if( len_pre == 0 ) |
| 1858 | return( 0 ); |
| 1859 | |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1860 | memcpy( msg_pre, ssl->in_msg, len_pre ); |
| 1861 | |
| 1862 | SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ", |
| 1863 | ssl->in_msglen ) ); |
| 1864 | |
| 1865 | SSL_DEBUG_BUF( 4, "before decompression: input payload", |
| 1866 | ssl->in_msg, ssl->in_msglen ); |
| 1867 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1868 | ssl->transform_in->ctx_inflate.next_in = msg_pre; |
| 1869 | ssl->transform_in->ctx_inflate.avail_in = len_pre; |
| 1870 | ssl->transform_in->ctx_inflate.next_out = msg_post; |
| 1871 | ssl->transform_in->ctx_inflate.avail_out = SSL_MAX_CONTENT_LEN; |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1872 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1873 | ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1874 | if( ret != Z_OK ) |
| 1875 | { |
| 1876 | SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) ); |
| 1877 | return( POLARSSL_ERR_SSL_COMPRESSION_FAILED ); |
| 1878 | } |
| 1879 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1880 | ssl->in_msglen = SSL_MAX_CONTENT_LEN - ssl->transform_in->ctx_inflate.avail_out; |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1881 | |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1882 | SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ", |
| 1883 | ssl->in_msglen ) ); |
| 1884 | |
| 1885 | SSL_DEBUG_BUF( 4, "after decompression: input payload", |
| 1886 | ssl->in_msg, ssl->in_msglen ); |
| 1887 | |
| 1888 | SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) ); |
| 1889 | |
| 1890 | return( 0 ); |
| 1891 | } |
| 1892 | #endif /* POLARSSL_ZLIB_SUPPORT */ |
| 1893 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1894 | /* |
| 1895 | * Fill the input message buffer |
| 1896 | */ |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 1897 | int ssl_fetch_input( ssl_context *ssl, size_t nb_want ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1898 | { |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 1899 | int ret; |
| 1900 | size_t len; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1901 | |
| 1902 | SSL_DEBUG_MSG( 2, ( "=> fetch input" ) ); |
| 1903 | |
| 1904 | while( ssl->in_left < nb_want ) |
| 1905 | { |
| 1906 | len = nb_want - ssl->in_left; |
| 1907 | ret = ssl->f_recv( ssl->p_recv, ssl->in_hdr + ssl->in_left, len ); |
| 1908 | |
| 1909 | SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", |
| 1910 | ssl->in_left, nb_want ) ); |
| 1911 | SSL_DEBUG_RET( 2, "ssl->f_recv", ret ); |
| 1912 | |
Paul Bakker | 831a755 | 2011-05-18 13:32:51 +0000 | [diff] [blame] | 1913 | if( ret == 0 ) |
| 1914 | return( POLARSSL_ERR_SSL_CONN_EOF ); |
| 1915 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1916 | if( ret < 0 ) |
| 1917 | return( ret ); |
| 1918 | |
| 1919 | ssl->in_left += ret; |
| 1920 | } |
| 1921 | |
| 1922 | SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); |
| 1923 | |
| 1924 | return( 0 ); |
| 1925 | } |
| 1926 | |
| 1927 | /* |
| 1928 | * Flush any data not yet written |
| 1929 | */ |
| 1930 | int ssl_flush_output( ssl_context *ssl ) |
| 1931 | { |
| 1932 | int ret; |
| 1933 | unsigned char *buf; |
| 1934 | |
| 1935 | SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); |
| 1936 | |
| 1937 | while( ssl->out_left > 0 ) |
| 1938 | { |
| 1939 | SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d", |
| 1940 | 5 + ssl->out_msglen, ssl->out_left ) ); |
| 1941 | |
Paul Bakker | 5bd4229 | 2012-12-19 14:40:42 +0100 | [diff] [blame] | 1942 | buf = ssl->out_hdr + 5 + ssl->out_msglen - ssl->out_left; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1943 | ret = ssl->f_send( ssl->p_send, buf, ssl->out_left ); |
Paul Bakker | 186751d | 2012-05-08 13:16:14 +0000 | [diff] [blame] | 1944 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1945 | SSL_DEBUG_RET( 2, "ssl->f_send", ret ); |
| 1946 | |
| 1947 | if( ret <= 0 ) |
| 1948 | return( ret ); |
| 1949 | |
| 1950 | ssl->out_left -= ret; |
| 1951 | } |
| 1952 | |
| 1953 | SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); |
| 1954 | |
| 1955 | return( 0 ); |
| 1956 | } |
| 1957 | |
| 1958 | /* |
| 1959 | * Record layer functions |
| 1960 | */ |
| 1961 | int ssl_write_record( ssl_context *ssl ) |
| 1962 | { |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 1963 | int ret, done = 0; |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 1964 | size_t len = ssl->out_msglen; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1965 | |
| 1966 | SSL_DEBUG_MSG( 2, ( "=> write record" ) ); |
| 1967 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1968 | if( ssl->out_msgtype == SSL_MSG_HANDSHAKE ) |
| 1969 | { |
| 1970 | ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 ); |
| 1971 | ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 ); |
| 1972 | ssl->out_msg[3] = (unsigned char)( ( len - 4 ) ); |
| 1973 | |
Manuel Pégourié-Gonnard | f3dc2f6 | 2013-10-29 18:17:41 +0100 | [diff] [blame] | 1974 | if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST ) |
| 1975 | ssl->handshake->update_checksum( ssl, ssl->out_msg, len ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1976 | } |
| 1977 | |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1978 | #if defined(POLARSSL_ZLIB_SUPPORT) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1979 | if( ssl->transform_out != NULL && |
| 1980 | ssl->session_out->compression == SSL_COMPRESS_DEFLATE ) |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 1981 | { |
| 1982 | if( ( ret = ssl_compress_buf( ssl ) ) != 0 ) |
| 1983 | { |
| 1984 | SSL_DEBUG_RET( 1, "ssl_compress_buf", ret ); |
| 1985 | return( ret ); |
| 1986 | } |
| 1987 | |
| 1988 | len = ssl->out_msglen; |
| 1989 | } |
| 1990 | #endif /*POLARSSL_ZLIB_SUPPORT */ |
| 1991 | |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 1992 | #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) |
| 1993 | if( ssl_hw_record_write != NULL) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1994 | { |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 1995 | SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_write()" ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1996 | |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 1997 | ret = ssl_hw_record_write( ssl ); |
| 1998 | if( ret != 0 && ret != POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
| 1999 | { |
| 2000 | SSL_DEBUG_RET( 1, "ssl_hw_record_write", ret ); |
| 2001 | return POLARSSL_ERR_SSL_HW_ACCEL_FAILED; |
| 2002 | } |
Paul Bakker | c787811 | 2012-12-19 14:41:14 +0100 | [diff] [blame] | 2003 | |
| 2004 | if( ret == 0 ) |
| 2005 | done = 1; |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 2006 | } |
| 2007 | #endif |
| 2008 | if( !done ) |
| 2009 | { |
| 2010 | ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; |
| 2011 | ssl->out_hdr[1] = (unsigned char) ssl->major_ver; |
| 2012 | ssl->out_hdr[2] = (unsigned char) ssl->minor_ver; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2013 | ssl->out_hdr[3] = (unsigned char)( len >> 8 ); |
| 2014 | ssl->out_hdr[4] = (unsigned char)( len ); |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 2015 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2016 | if( ssl->transform_out != NULL ) |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 2017 | { |
| 2018 | if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 ) |
| 2019 | { |
| 2020 | SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); |
| 2021 | return( ret ); |
| 2022 | } |
| 2023 | |
| 2024 | len = ssl->out_msglen; |
| 2025 | ssl->out_hdr[3] = (unsigned char)( len >> 8 ); |
| 2026 | ssl->out_hdr[4] = (unsigned char)( len ); |
| 2027 | } |
| 2028 | |
| 2029 | ssl->out_left = 5 + ssl->out_msglen; |
| 2030 | |
| 2031 | SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, " |
| 2032 | "version = [%d:%d], msglen = %d", |
| 2033 | ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], |
| 2034 | ( ssl->out_hdr[3] << 8 ) | ssl->out_hdr[4] ) ); |
| 2035 | |
| 2036 | SSL_DEBUG_BUF( 4, "output record sent to network", |
Paul Bakker | 5bd4229 | 2012-12-19 14:40:42 +0100 | [diff] [blame] | 2037 | ssl->out_hdr, 5 + ssl->out_msglen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2038 | } |
| 2039 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2040 | if( ( ret = ssl_flush_output( ssl ) ) != 0 ) |
| 2041 | { |
| 2042 | SSL_DEBUG_RET( 1, "ssl_flush_output", ret ); |
| 2043 | return( ret ); |
| 2044 | } |
| 2045 | |
| 2046 | SSL_DEBUG_MSG( 2, ( "<= write record" ) ); |
| 2047 | |
| 2048 | return( 0 ); |
| 2049 | } |
| 2050 | |
| 2051 | int ssl_read_record( ssl_context *ssl ) |
| 2052 | { |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 2053 | int ret, done = 0; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2054 | |
| 2055 | SSL_DEBUG_MSG( 2, ( "=> read record" ) ); |
| 2056 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 2057 | SSL_DEBUG_BUF( 4, "input record from network", |
| 2058 | ssl->in_hdr, 5 + ssl->in_msglen ); |
| 2059 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2060 | if( ssl->in_hslen != 0 && |
| 2061 | ssl->in_hslen < ssl->in_msglen ) |
| 2062 | { |
| 2063 | /* |
| 2064 | * Get next Handshake message in the current record |
| 2065 | */ |
| 2066 | ssl->in_msglen -= ssl->in_hslen; |
| 2067 | |
Paul Bakker | 8934a98 | 2011-08-05 11:11:53 +0000 | [diff] [blame] | 2068 | memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen, |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2069 | ssl->in_msglen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2070 | |
| 2071 | ssl->in_hslen = 4; |
| 2072 | ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3]; |
| 2073 | |
| 2074 | SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" |
| 2075 | " %d, type = %d, hslen = %d", |
| 2076 | ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); |
| 2077 | |
| 2078 | if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 ) |
| 2079 | { |
| 2080 | SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2081 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2082 | } |
| 2083 | |
| 2084 | if( ssl->in_msglen < ssl->in_hslen ) |
| 2085 | { |
| 2086 | SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2087 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2088 | } |
| 2089 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2090 | ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2091 | |
| 2092 | return( 0 ); |
| 2093 | } |
| 2094 | |
| 2095 | ssl->in_hslen = 0; |
| 2096 | |
| 2097 | /* |
| 2098 | * Read the record header and validate it |
| 2099 | */ |
| 2100 | if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 ) |
| 2101 | { |
| 2102 | SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); |
| 2103 | return( ret ); |
| 2104 | } |
| 2105 | |
| 2106 | ssl->in_msgtype = ssl->in_hdr[0]; |
| 2107 | ssl->in_msglen = ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4]; |
| 2108 | |
| 2109 | SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " |
| 2110 | "version = [%d:%d], msglen = %d", |
| 2111 | ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2], |
| 2112 | ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4] ) ); |
| 2113 | |
| 2114 | if( ssl->in_hdr[1] != ssl->major_ver ) |
| 2115 | { |
| 2116 | SSL_DEBUG_MSG( 1, ( "major version mismatch" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2117 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2118 | } |
| 2119 | |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 2120 | if( ssl->in_hdr[2] > ssl->max_minor_ver ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2121 | { |
| 2122 | SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2123 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2124 | } |
| 2125 | |
| 2126 | /* |
| 2127 | * Make sure the message length is acceptable |
| 2128 | */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2129 | if( ssl->transform_in == NULL ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2130 | { |
| 2131 | if( ssl->in_msglen < 1 || |
| 2132 | ssl->in_msglen > SSL_MAX_CONTENT_LEN ) |
| 2133 | { |
| 2134 | SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2135 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2136 | } |
| 2137 | } |
| 2138 | else |
| 2139 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2140 | if( ssl->in_msglen < ssl->transform_in->minlen ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2141 | { |
| 2142 | SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2143 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2144 | } |
| 2145 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2146 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2147 | if( ssl->minor_ver == SSL_MINOR_VERSION_0 && |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2148 | ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2149 | { |
| 2150 | SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2151 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2152 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2153 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2154 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2155 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \ |
| 2156 | defined(POLARSSL_SSL_PROTO_TLS1_2) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2157 | /* |
| 2158 | * TLS encrypted messages can have up to 256 bytes of padding |
| 2159 | */ |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2160 | if( ssl->minor_ver >= SSL_MINOR_VERSION_1 && |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2161 | ssl->in_msglen > ssl->transform_in->minlen + SSL_MAX_CONTENT_LEN + 256 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2162 | { |
| 2163 | SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2164 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2165 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2166 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2167 | } |
| 2168 | |
| 2169 | /* |
| 2170 | * Read and optionally decrypt the message contents |
| 2171 | */ |
| 2172 | if( ( ret = ssl_fetch_input( ssl, 5 + ssl->in_msglen ) ) != 0 ) |
| 2173 | { |
| 2174 | SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); |
| 2175 | return( ret ); |
| 2176 | } |
| 2177 | |
| 2178 | SSL_DEBUG_BUF( 4, "input record from network", |
| 2179 | ssl->in_hdr, 5 + ssl->in_msglen ); |
| 2180 | |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 2181 | #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) |
| 2182 | if( ssl_hw_record_read != NULL) |
| 2183 | { |
| 2184 | SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_read()" ) ); |
| 2185 | |
| 2186 | ret = ssl_hw_record_read( ssl ); |
| 2187 | if( ret != 0 && ret != POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH ) |
| 2188 | { |
| 2189 | SSL_DEBUG_RET( 1, "ssl_hw_record_read", ret ); |
| 2190 | return POLARSSL_ERR_SSL_HW_ACCEL_FAILED; |
| 2191 | } |
Paul Bakker | c787811 | 2012-12-19 14:41:14 +0100 | [diff] [blame] | 2192 | |
| 2193 | if( ret == 0 ) |
| 2194 | done = 1; |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 2195 | } |
| 2196 | #endif |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2197 | if( !done && ssl->transform_in != NULL ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2198 | { |
| 2199 | if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 ) |
| 2200 | { |
Paul Bakker | 40865c8 | 2013-01-31 17:13:13 +0100 | [diff] [blame] | 2201 | #if defined(POLARSSL_SSL_ALERT_MESSAGES) |
| 2202 | if( ret == POLARSSL_ERR_SSL_INVALID_MAC ) |
| 2203 | { |
| 2204 | ssl_send_alert_message( ssl, |
| 2205 | SSL_ALERT_LEVEL_FATAL, |
| 2206 | SSL_ALERT_MSG_BAD_RECORD_MAC ); |
| 2207 | } |
| 2208 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2209 | SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); |
| 2210 | return( ret ); |
| 2211 | } |
| 2212 | |
| 2213 | SSL_DEBUG_BUF( 4, "input payload after decrypt", |
| 2214 | ssl->in_msg, ssl->in_msglen ); |
| 2215 | |
| 2216 | if( ssl->in_msglen > SSL_MAX_CONTENT_LEN ) |
| 2217 | { |
| 2218 | SSL_DEBUG_MSG( 1, ( "bad message length" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2219 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2220 | } |
| 2221 | } |
| 2222 | |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 2223 | #if defined(POLARSSL_ZLIB_SUPPORT) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2224 | if( ssl->transform_in != NULL && |
| 2225 | ssl->session_in->compression == SSL_COMPRESS_DEFLATE ) |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 2226 | { |
| 2227 | if( ( ret = ssl_decompress_buf( ssl ) ) != 0 ) |
| 2228 | { |
| 2229 | SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); |
| 2230 | return( ret ); |
| 2231 | } |
| 2232 | |
| 2233 | ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 ); |
| 2234 | ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen ); |
| 2235 | } |
| 2236 | #endif /* POLARSSL_ZLIB_SUPPORT */ |
| 2237 | |
Paul Bakker | 0a92518 | 2012-04-16 06:46:41 +0000 | [diff] [blame] | 2238 | if( ssl->in_msgtype != SSL_MSG_HANDSHAKE && |
| 2239 | ssl->in_msgtype != SSL_MSG_ALERT && |
| 2240 | ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC && |
| 2241 | ssl->in_msgtype != SSL_MSG_APPLICATION_DATA ) |
| 2242 | { |
| 2243 | SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); |
| 2244 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2245 | if( ( ret = ssl_send_alert_message( ssl, |
| 2246 | SSL_ALERT_LEVEL_FATAL, |
| 2247 | SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 ) |
Paul Bakker | 0a92518 | 2012-04-16 06:46:41 +0000 | [diff] [blame] | 2248 | { |
| 2249 | return( ret ); |
| 2250 | } |
| 2251 | |
| 2252 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
| 2253 | } |
| 2254 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2255 | if( ssl->in_msgtype == SSL_MSG_HANDSHAKE ) |
| 2256 | { |
| 2257 | ssl->in_hslen = 4; |
| 2258 | ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3]; |
| 2259 | |
| 2260 | SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" |
| 2261 | " %d, type = %d, hslen = %d", |
| 2262 | ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); |
| 2263 | |
| 2264 | /* |
| 2265 | * Additional checks to validate the handshake header |
| 2266 | */ |
| 2267 | if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 ) |
| 2268 | { |
| 2269 | SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2270 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2271 | } |
| 2272 | |
| 2273 | if( ssl->in_msglen < ssl->in_hslen ) |
| 2274 | { |
| 2275 | SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2276 | return( POLARSSL_ERR_SSL_INVALID_RECORD ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2277 | } |
| 2278 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2279 | if( ssl->state != SSL_HANDSHAKE_OVER ) |
| 2280 | ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2281 | } |
| 2282 | |
| 2283 | if( ssl->in_msgtype == SSL_MSG_ALERT ) |
| 2284 | { |
| 2285 | SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", |
| 2286 | ssl->in_msg[0], ssl->in_msg[1] ) ); |
| 2287 | |
| 2288 | /* |
| 2289 | * Ignore non-fatal alerts, except close_notify |
| 2290 | */ |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 2291 | if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2292 | { |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 2293 | SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)", |
| 2294 | ssl->in_msg[1] ) ); |
Paul Bakker | 9d78140 | 2011-05-09 16:17:09 +0000 | [diff] [blame] | 2295 | /** |
| 2296 | * Subtract from error code as ssl->in_msg[1] is 7-bit positive |
| 2297 | * error identifier. |
| 2298 | */ |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 2299 | return( POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2300 | } |
| 2301 | |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 2302 | if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING && |
| 2303 | ssl->in_msg[1] == SSL_ALERT_MSG_CLOSE_NOTIFY ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2304 | { |
| 2305 | SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2306 | return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2307 | } |
| 2308 | } |
| 2309 | |
| 2310 | ssl->in_left = 0; |
| 2311 | |
| 2312 | SSL_DEBUG_MSG( 2, ( "<= read record" ) ); |
| 2313 | |
| 2314 | return( 0 ); |
| 2315 | } |
| 2316 | |
Paul Bakker | d0f6fa7 | 2012-09-17 09:18:12 +0000 | [diff] [blame] | 2317 | int ssl_send_fatal_handshake_failure( ssl_context *ssl ) |
| 2318 | { |
| 2319 | int ret; |
| 2320 | |
| 2321 | if( ( ret = ssl_send_alert_message( ssl, |
| 2322 | SSL_ALERT_LEVEL_FATAL, |
| 2323 | SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 ) |
| 2324 | { |
| 2325 | return( ret ); |
| 2326 | } |
| 2327 | |
| 2328 | return( 0 ); |
| 2329 | } |
| 2330 | |
Paul Bakker | 0a92518 | 2012-04-16 06:46:41 +0000 | [diff] [blame] | 2331 | int ssl_send_alert_message( ssl_context *ssl, |
| 2332 | unsigned char level, |
| 2333 | unsigned char message ) |
| 2334 | { |
| 2335 | int ret; |
| 2336 | |
| 2337 | SSL_DEBUG_MSG( 2, ( "=> send alert message" ) ); |
| 2338 | |
| 2339 | ssl->out_msgtype = SSL_MSG_ALERT; |
| 2340 | ssl->out_msglen = 2; |
| 2341 | ssl->out_msg[0] = level; |
| 2342 | ssl->out_msg[1] = message; |
| 2343 | |
| 2344 | if( ( ret = ssl_write_record( ssl ) ) != 0 ) |
| 2345 | { |
| 2346 | SSL_DEBUG_RET( 1, "ssl_write_record", ret ); |
| 2347 | return( ret ); |
| 2348 | } |
| 2349 | |
| 2350 | SSL_DEBUG_MSG( 2, ( "<= send alert message" ) ); |
| 2351 | |
| 2352 | return( 0 ); |
| 2353 | } |
| 2354 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2355 | /* |
| 2356 | * Handshake functions |
| 2357 | */ |
Manuel Pégourié-Gonnard | d18cc57 | 2013-12-11 17:45:46 +0100 | [diff] [blame] | 2358 | #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ |
| 2359 | !defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ |
| 2360 | !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ |
| 2361 | !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ |
| 2362 | !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ |
| 2363 | !defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ |
| 2364 | !defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2365 | int ssl_write_certificate( ssl_context *ssl ) |
| 2366 | { |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 2367 | int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 2368 | const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2369 | |
| 2370 | SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
| 2371 | |
Paul Bakker | 48f7a5d | 2013-04-19 14:30:58 +0200 | [diff] [blame] | 2372 | if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || |
Manuel Pégourié-Gonnard | 3ce3bbd | 2013-10-11 16:53:50 +0200 | [diff] [blame] | 2373 | ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK || |
| 2374 | ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ) |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 2375 | { |
| 2376 | SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
| 2377 | ssl->state++; |
| 2378 | return( 0 ); |
| 2379 | } |
| 2380 | |
Manuel Pégourié-Gonnard | a310459 | 2013-09-17 21:17:44 +0200 | [diff] [blame] | 2381 | SSL_DEBUG_MSG( 1, ( "should not happen" ) ); |
Paul Bakker | 48f7a5d | 2013-04-19 14:30:58 +0200 | [diff] [blame] | 2382 | return( ret ); |
| 2383 | } |
| 2384 | |
| 2385 | int ssl_parse_certificate( ssl_context *ssl ) |
| 2386 | { |
| 2387 | int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; |
| 2388 | const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
| 2389 | |
| 2390 | SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
| 2391 | |
| 2392 | if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || |
Manuel Pégourié-Gonnard | 3ce3bbd | 2013-10-11 16:53:50 +0200 | [diff] [blame] | 2393 | ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK || |
| 2394 | ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ) |
Paul Bakker | 48f7a5d | 2013-04-19 14:30:58 +0200 | [diff] [blame] | 2395 | { |
| 2396 | SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
| 2397 | ssl->state++; |
| 2398 | return( 0 ); |
| 2399 | } |
| 2400 | |
Manuel Pégourié-Gonnard | a310459 | 2013-09-17 21:17:44 +0200 | [diff] [blame] | 2401 | SSL_DEBUG_MSG( 1, ( "should not happen" ) ); |
Paul Bakker | 48f7a5d | 2013-04-19 14:30:58 +0200 | [diff] [blame] | 2402 | return( ret ); |
| 2403 | } |
| 2404 | #else |
| 2405 | int ssl_write_certificate( ssl_context *ssl ) |
| 2406 | { |
| 2407 | int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; |
| 2408 | size_t i, n; |
Paul Bakker | c559c7a | 2013-09-18 14:13:26 +0200 | [diff] [blame] | 2409 | const x509_crt *crt; |
Paul Bakker | 48f7a5d | 2013-04-19 14:30:58 +0200 | [diff] [blame] | 2410 | const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
| 2411 | |
| 2412 | SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); |
| 2413 | |
| 2414 | if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || |
Manuel Pégourié-Gonnard | 3ce3bbd | 2013-10-11 16:53:50 +0200 | [diff] [blame] | 2415 | ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK || |
| 2416 | ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ) |
Paul Bakker | 48f7a5d | 2013-04-19 14:30:58 +0200 | [diff] [blame] | 2417 | { |
| 2418 | SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
| 2419 | ssl->state++; |
| 2420 | return( 0 ); |
| 2421 | } |
| 2422 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2423 | if( ssl->endpoint == SSL_IS_CLIENT ) |
| 2424 | { |
| 2425 | if( ssl->client_auth == 0 ) |
| 2426 | { |
| 2427 | SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); |
| 2428 | ssl->state++; |
| 2429 | return( 0 ); |
| 2430 | } |
| 2431 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2432 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2433 | /* |
| 2434 | * If using SSLv3 and got no cert, send an Alert message |
| 2435 | * (otherwise an empty Certificate message will be sent). |
| 2436 | */ |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 2437 | if( ssl_own_cert( ssl ) == NULL && |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2438 | ssl->minor_ver == SSL_MINOR_VERSION_0 ) |
| 2439 | { |
| 2440 | ssl->out_msglen = 2; |
| 2441 | ssl->out_msgtype = SSL_MSG_ALERT; |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 2442 | ssl->out_msg[0] = SSL_ALERT_LEVEL_WARNING; |
| 2443 | ssl->out_msg[1] = SSL_ALERT_MSG_NO_CERT; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2444 | |
| 2445 | SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) ); |
| 2446 | goto write_msg; |
| 2447 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2448 | #endif /* POLARSSL_SSL_PROTO_SSL3 */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2449 | } |
| 2450 | else /* SSL_IS_SERVER */ |
| 2451 | { |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 2452 | if( ssl_own_cert( ssl ) == NULL ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2453 | { |
| 2454 | SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2455 | return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2456 | } |
| 2457 | } |
| 2458 | |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 2459 | SSL_DEBUG_CRT( 3, "own certificate", ssl_own_cert( ssl ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2460 | |
| 2461 | /* |
| 2462 | * 0 . 0 handshake type |
| 2463 | * 1 . 3 handshake length |
| 2464 | * 4 . 6 length of all certs |
| 2465 | * 7 . 9 length of cert. 1 |
| 2466 | * 10 . n-1 peer certificate |
| 2467 | * n . n+2 length of cert. 2 |
| 2468 | * n+3 . ... upper level cert, etc. |
| 2469 | */ |
| 2470 | i = 7; |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 2471 | crt = ssl_own_cert( ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2472 | |
Paul Bakker | 2908713 | 2010-03-21 21:03:34 +0000 | [diff] [blame] | 2473 | while( crt != NULL ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2474 | { |
| 2475 | n = crt->raw.len; |
Paul Bakker | 6992eb7 | 2013-12-31 11:35:16 +0100 | [diff] [blame] | 2476 | if( n > SSL_MAX_CONTENT_LEN - 3 - i ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2477 | { |
| 2478 | SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d", |
| 2479 | i + 3 + n, SSL_MAX_CONTENT_LEN ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2480 | return( POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2481 | } |
| 2482 | |
| 2483 | ssl->out_msg[i ] = (unsigned char)( n >> 16 ); |
| 2484 | ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); |
| 2485 | ssl->out_msg[i + 2] = (unsigned char)( n ); |
| 2486 | |
| 2487 | i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); |
| 2488 | i += n; crt = crt->next; |
| 2489 | } |
| 2490 | |
| 2491 | ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); |
| 2492 | ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); |
| 2493 | ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); |
| 2494 | |
| 2495 | ssl->out_msglen = i; |
| 2496 | ssl->out_msgtype = SSL_MSG_HANDSHAKE; |
| 2497 | ssl->out_msg[0] = SSL_HS_CERTIFICATE; |
| 2498 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2499 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2500 | write_msg: |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2501 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2502 | |
| 2503 | ssl->state++; |
| 2504 | |
| 2505 | if( ( ret = ssl_write_record( ssl ) ) != 0 ) |
| 2506 | { |
| 2507 | SSL_DEBUG_RET( 1, "ssl_write_record", ret ); |
| 2508 | return( ret ); |
| 2509 | } |
| 2510 | |
| 2511 | SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); |
| 2512 | |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 2513 | return( ret ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2514 | } |
| 2515 | |
| 2516 | int ssl_parse_certificate( ssl_context *ssl ) |
| 2517 | { |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 2518 | int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 2519 | size_t i, n; |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 2520 | const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2521 | |
| 2522 | SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); |
| 2523 | |
Paul Bakker | 48f7a5d | 2013-04-19 14:30:58 +0200 | [diff] [blame] | 2524 | if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || |
Manuel Pégourié-Gonnard | 3ce3bbd | 2013-10-11 16:53:50 +0200 | [diff] [blame] | 2525 | ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK || |
| 2526 | ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ) |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 2527 | { |
| 2528 | SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
| 2529 | ssl->state++; |
| 2530 | return( 0 ); |
| 2531 | } |
| 2532 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2533 | if( ssl->endpoint == SSL_IS_SERVER && |
Manuel Pégourié-Gonnard | dc953e8 | 2013-11-25 17:27:39 +0100 | [diff] [blame] | 2534 | ( ssl->authmode == SSL_VERIFY_NONE || |
| 2535 | ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ) ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2536 | { |
Manuel Pégourié-Gonnard | 38d1eba | 2013-08-23 10:44:29 +0200 | [diff] [blame] | 2537 | ssl->session_negotiate->verify_result = BADCERT_SKIP_VERIFY; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2538 | SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); |
| 2539 | ssl->state++; |
| 2540 | return( 0 ); |
| 2541 | } |
| 2542 | |
| 2543 | if( ( ret = ssl_read_record( ssl ) ) != 0 ) |
| 2544 | { |
| 2545 | SSL_DEBUG_RET( 1, "ssl_read_record", ret ); |
| 2546 | return( ret ); |
| 2547 | } |
| 2548 | |
| 2549 | ssl->state++; |
| 2550 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2551 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2552 | /* |
| 2553 | * Check if the client sent an empty certificate |
| 2554 | */ |
| 2555 | if( ssl->endpoint == SSL_IS_SERVER && |
| 2556 | ssl->minor_ver == SSL_MINOR_VERSION_0 ) |
| 2557 | { |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 2558 | if( ssl->in_msglen == 2 && |
| 2559 | ssl->in_msgtype == SSL_MSG_ALERT && |
| 2560 | ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING && |
| 2561 | ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2562 | { |
| 2563 | SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); |
| 2564 | |
Manuel Pégourié-Gonnard | 38d1eba | 2013-08-23 10:44:29 +0200 | [diff] [blame] | 2565 | ssl->session_negotiate->verify_result = BADCERT_MISSING; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2566 | if( ssl->authmode == SSL_VERIFY_OPTIONAL ) |
| 2567 | return( 0 ); |
| 2568 | else |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2569 | return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2570 | } |
| 2571 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2572 | #endif /* POLARSSL_SSL_PROTO_SSL3 */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2573 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2574 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \ |
| 2575 | defined(POLARSSL_SSL_PROTO_TLS1_2) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2576 | if( ssl->endpoint == SSL_IS_SERVER && |
| 2577 | ssl->minor_ver != SSL_MINOR_VERSION_0 ) |
| 2578 | { |
| 2579 | if( ssl->in_hslen == 7 && |
| 2580 | ssl->in_msgtype == SSL_MSG_HANDSHAKE && |
| 2581 | ssl->in_msg[0] == SSL_HS_CERTIFICATE && |
| 2582 | memcmp( ssl->in_msg + 4, "\0\0\0", 3 ) == 0 ) |
| 2583 | { |
| 2584 | SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); |
| 2585 | |
Manuel Pégourié-Gonnard | 38d1eba | 2013-08-23 10:44:29 +0200 | [diff] [blame] | 2586 | ssl->session_negotiate->verify_result = BADCERT_MISSING; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2587 | if( ssl->authmode == SSL_VERIFY_REQUIRED ) |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2588 | return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2589 | else |
| 2590 | return( 0 ); |
| 2591 | } |
| 2592 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2593 | #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ |
| 2594 | POLARSSL_SSL_PROTO_TLS1_2 */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2595 | |
| 2596 | if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) |
| 2597 | { |
| 2598 | SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2599 | return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2600 | } |
| 2601 | |
| 2602 | if( ssl->in_msg[0] != SSL_HS_CERTIFICATE || ssl->in_hslen < 10 ) |
| 2603 | { |
| 2604 | SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2605 | return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2606 | } |
| 2607 | |
| 2608 | /* |
| 2609 | * Same message structure as in ssl_write_certificate() |
| 2610 | */ |
| 2611 | n = ( ssl->in_msg[5] << 8 ) | ssl->in_msg[6]; |
| 2612 | |
| 2613 | if( ssl->in_msg[4] != 0 || ssl->in_hslen != 7 + n ) |
| 2614 | { |
| 2615 | SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2616 | return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2617 | } |
| 2618 | |
Manuel Pégourié-Gonnard | bfb355c | 2013-09-07 17:27:43 +0200 | [diff] [blame] | 2619 | /* In case we tried to reuse a session but it failed */ |
| 2620 | if( ssl->session_negotiate->peer_cert != NULL ) |
| 2621 | { |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 2622 | x509_crt_free( ssl->session_negotiate->peer_cert ); |
Manuel Pégourié-Gonnard | bfb355c | 2013-09-07 17:27:43 +0200 | [diff] [blame] | 2623 | polarssl_free( ssl->session_negotiate->peer_cert ); |
| 2624 | } |
| 2625 | |
Paul Bakker | c559c7a | 2013-09-18 14:13:26 +0200 | [diff] [blame] | 2626 | if( ( ssl->session_negotiate->peer_cert = (x509_crt *) polarssl_malloc( |
| 2627 | sizeof( x509_crt ) ) ) == NULL ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2628 | { |
| 2629 | SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", |
Paul Bakker | c559c7a | 2013-09-18 14:13:26 +0200 | [diff] [blame] | 2630 | sizeof( x509_crt ) ) ); |
Paul Bakker | 69e095c | 2011-12-10 21:55:01 +0000 | [diff] [blame] | 2631 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2632 | } |
| 2633 | |
Paul Bakker | b6b0956 | 2013-09-18 14:17:41 +0200 | [diff] [blame] | 2634 | x509_crt_init( ssl->session_negotiate->peer_cert ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2635 | |
| 2636 | i = 7; |
| 2637 | |
| 2638 | while( i < ssl->in_hslen ) |
| 2639 | { |
| 2640 | if( ssl->in_msg[i] != 0 ) |
| 2641 | { |
| 2642 | SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2643 | return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2644 | } |
| 2645 | |
| 2646 | n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) |
| 2647 | | (unsigned int) ssl->in_msg[i + 2]; |
| 2648 | i += 3; |
| 2649 | |
| 2650 | if( n < 128 || i + n > ssl->in_hslen ) |
| 2651 | { |
| 2652 | SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2653 | return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2654 | } |
| 2655 | |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 2656 | ret = x509_crt_parse_der( ssl->session_negotiate->peer_cert, |
| 2657 | ssl->in_msg + i, n ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2658 | if( ret != 0 ) |
| 2659 | { |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 2660 | SSL_DEBUG_RET( 1, " x509_crt_parse_der", ret ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2661 | return( ret ); |
| 2662 | } |
| 2663 | |
| 2664 | i += n; |
| 2665 | } |
| 2666 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2667 | SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2668 | |
Manuel Pégourié-Gonnard | 796c6f3 | 2014-03-10 09:34:49 +0100 | [diff] [blame] | 2669 | /* |
| 2670 | * On client, make sure the server cert doesn't change during renego to |
| 2671 | * avoid "triple handshake" attack: https://secure-resumption.com/ |
| 2672 | */ |
| 2673 | if( ssl->endpoint == SSL_IS_CLIENT && |
| 2674 | ssl->renegotiation == SSL_RENEGOTIATION ) |
| 2675 | { |
| 2676 | if( ssl->session->peer_cert == NULL ) |
| 2677 | { |
| 2678 | SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) ); |
| 2679 | return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); |
| 2680 | } |
| 2681 | |
| 2682 | if( ssl->session->peer_cert->raw.len != |
| 2683 | ssl->session_negotiate->peer_cert->raw.len || |
| 2684 | memcmp( ssl->session->peer_cert->raw.p, |
| 2685 | ssl->session_negotiate->peer_cert->raw.p, |
| 2686 | ssl->session->peer_cert->raw.len ) != 0 ) |
| 2687 | { |
| 2688 | SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) ); |
| 2689 | return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); |
| 2690 | } |
| 2691 | } |
| 2692 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2693 | if( ssl->authmode != SSL_VERIFY_NONE ) |
| 2694 | { |
| 2695 | if( ssl->ca_chain == NULL ) |
| 2696 | { |
| 2697 | SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2698 | return( POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2699 | } |
| 2700 | |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 2701 | ret = x509_crt_verify( ssl->session_negotiate->peer_cert, |
| 2702 | ssl->ca_chain, ssl->ca_crl, ssl->peer_cn, |
| 2703 | &ssl->session_negotiate->verify_result, |
| 2704 | ssl->f_vrfy, ssl->p_vrfy ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2705 | |
| 2706 | if( ret != 0 ) |
Manuel Pégourié-Gonnard | ab24010 | 2014-02-04 16:18:07 +0100 | [diff] [blame] | 2707 | { |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2708 | SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); |
Manuel Pégourié-Gonnard | ab24010 | 2014-02-04 16:18:07 +0100 | [diff] [blame] | 2709 | } |
| 2710 | #if defined(POLARSSL_SSL_SET_CURVES) |
| 2711 | else |
| 2712 | { |
| 2713 | pk_context *pk = &ssl->session_negotiate->peer_cert->pk; |
| 2714 | |
| 2715 | /* If certificate uses an EC key, make sure the curve is OK */ |
| 2716 | if( pk_can_do( pk, POLARSSL_PK_ECKEY ) && |
| 2717 | ! ssl_curve_is_acceptable( ssl, pk_ec( *pk )->grp.id ) ) |
| 2718 | { |
| 2719 | SSL_DEBUG_MSG( 1, ( "bad server certificate (EC key curve)" ) ); |
| 2720 | ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE; |
| 2721 | } |
| 2722 | } |
| 2723 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2724 | |
| 2725 | if( ssl->authmode != SSL_VERIFY_REQUIRED ) |
| 2726 | ret = 0; |
| 2727 | } |
| 2728 | |
| 2729 | SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); |
| 2730 | |
| 2731 | return( ret ); |
| 2732 | } |
Manuel Pégourié-Gonnard | d18cc57 | 2013-12-11 17:45:46 +0100 | [diff] [blame] | 2733 | #endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED |
| 2734 | !POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED |
| 2735 | !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED |
| 2736 | !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED |
| 2737 | !POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED |
| 2738 | !POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED |
| 2739 | !POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2740 | |
| 2741 | int ssl_write_change_cipher_spec( ssl_context *ssl ) |
| 2742 | { |
| 2743 | int ret; |
| 2744 | |
| 2745 | SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); |
| 2746 | |
| 2747 | ssl->out_msgtype = SSL_MSG_CHANGE_CIPHER_SPEC; |
| 2748 | ssl->out_msglen = 1; |
| 2749 | ssl->out_msg[0] = 1; |
| 2750 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2751 | ssl->state++; |
| 2752 | |
| 2753 | if( ( ret = ssl_write_record( ssl ) ) != 0 ) |
| 2754 | { |
| 2755 | SSL_DEBUG_RET( 1, "ssl_write_record", ret ); |
| 2756 | return( ret ); |
| 2757 | } |
| 2758 | |
| 2759 | SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) ); |
| 2760 | |
| 2761 | return( 0 ); |
| 2762 | } |
| 2763 | |
| 2764 | int ssl_parse_change_cipher_spec( ssl_context *ssl ) |
| 2765 | { |
| 2766 | int ret; |
| 2767 | |
| 2768 | SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); |
| 2769 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2770 | if( ( ret = ssl_read_record( ssl ) ) != 0 ) |
| 2771 | { |
| 2772 | SSL_DEBUG_RET( 1, "ssl_read_record", ret ); |
| 2773 | return( ret ); |
| 2774 | } |
| 2775 | |
| 2776 | if( ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC ) |
| 2777 | { |
| 2778 | SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2779 | return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2780 | } |
| 2781 | |
| 2782 | if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 ) |
| 2783 | { |
| 2784 | SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 2785 | return( POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2786 | } |
| 2787 | |
| 2788 | ssl->state++; |
| 2789 | |
| 2790 | SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) ); |
| 2791 | |
| 2792 | return( 0 ); |
| 2793 | } |
| 2794 | |
Paul Bakker | 41c83d3 | 2013-03-20 14:39:14 +0100 | [diff] [blame] | 2795 | void ssl_optimize_checksum( ssl_context *ssl, |
| 2796 | const ssl_ciphersuite_t *ciphersuite_info ) |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2797 | { |
Paul Bakker | fb08fd2 | 2013-08-27 15:06:26 +0200 | [diff] [blame] | 2798 | ((void) ciphersuite_info); |
Paul Bakker | 769075d | 2012-11-24 11:26:46 +0100 | [diff] [blame] | 2799 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2800 | #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ |
| 2801 | defined(POLARSSL_SSL_PROTO_TLS1_1) |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2802 | if( ssl->minor_ver < SSL_MINOR_VERSION_3 ) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2803 | ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2804 | else |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2805 | #endif |
| 2806 | #if defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 2807 | #if defined(POLARSSL_SHA512_C) |
| 2808 | if( ciphersuite_info->mac == POLARSSL_MD_SHA384 ) |
| 2809 | ssl->handshake->update_checksum = ssl_update_checksum_sha384; |
| 2810 | else |
| 2811 | #endif |
| 2812 | #if defined(POLARSSL_SHA256_C) |
| 2813 | if( ciphersuite_info->mac != POLARSSL_MD_SHA384 ) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2814 | ssl->handshake->update_checksum = ssl_update_checksum_sha256; |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2815 | else |
| 2816 | #endif |
| 2817 | #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ |
| 2818 | /* Should never happen */ |
| 2819 | return; |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2820 | } |
Paul Bakker | f7abd42 | 2013-04-16 13:15:56 +0200 | [diff] [blame] | 2821 | |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 2822 | static void ssl_update_checksum_start( ssl_context *ssl, |
| 2823 | const unsigned char *buf, size_t len ) |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2824 | { |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2825 | #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ |
| 2826 | defined(POLARSSL_SSL_PROTO_TLS1_1) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2827 | md5_update( &ssl->handshake->fin_md5 , buf, len ); |
| 2828 | sha1_update( &ssl->handshake->fin_sha1, buf, len ); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2829 | #endif |
| 2830 | #if defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 2831 | #if defined(POLARSSL_SHA256_C) |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 2832 | sha256_update( &ssl->handshake->fin_sha256, buf, len ); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2833 | #endif |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 2834 | #if defined(POLARSSL_SHA512_C) |
| 2835 | sha512_update( &ssl->handshake->fin_sha512, buf, len ); |
Paul Bakker | 769075d | 2012-11-24 11:26:46 +0100 | [diff] [blame] | 2836 | #endif |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2837 | #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2838 | } |
| 2839 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2840 | #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ |
| 2841 | defined(POLARSSL_SSL_PROTO_TLS1_1) |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 2842 | static void ssl_update_checksum_md5sha1( ssl_context *ssl, |
| 2843 | const unsigned char *buf, size_t len ) |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2844 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2845 | md5_update( &ssl->handshake->fin_md5 , buf, len ); |
| 2846 | sha1_update( &ssl->handshake->fin_sha1, buf, len ); |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2847 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2848 | #endif |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2849 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2850 | #if defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 2851 | #if defined(POLARSSL_SHA256_C) |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 2852 | static void ssl_update_checksum_sha256( ssl_context *ssl, |
| 2853 | const unsigned char *buf, size_t len ) |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2854 | { |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 2855 | sha256_update( &ssl->handshake->fin_sha256, buf, len ); |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2856 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2857 | #endif |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2858 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 2859 | #if defined(POLARSSL_SHA512_C) |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 2860 | static void ssl_update_checksum_sha384( ssl_context *ssl, |
| 2861 | const unsigned char *buf, size_t len ) |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2862 | { |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 2863 | sha512_update( &ssl->handshake->fin_sha512, buf, len ); |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2864 | } |
Paul Bakker | 769075d | 2012-11-24 11:26:46 +0100 | [diff] [blame] | 2865 | #endif |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2866 | #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2867 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2868 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2869 | static void ssl_calc_finished_ssl( |
| 2870 | ssl_context *ssl, unsigned char *buf, int from ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2871 | { |
Paul Bakker | 3c2122f | 2013-06-24 19:03:14 +0200 | [diff] [blame] | 2872 | const char *sender; |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2873 | md5_context md5; |
| 2874 | sha1_context sha1; |
| 2875 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2876 | unsigned char padbuf[48]; |
| 2877 | unsigned char md5sum[16]; |
| 2878 | unsigned char sha1sum[20]; |
| 2879 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2880 | ssl_session *session = ssl->session_negotiate; |
| 2881 | if( !session ) |
| 2882 | session = ssl->session; |
| 2883 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2884 | SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) ); |
| 2885 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2886 | memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) ); |
| 2887 | memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2888 | |
| 2889 | /* |
| 2890 | * SSLv3: |
| 2891 | * hash = |
| 2892 | * MD5( master + pad2 + |
| 2893 | * MD5( handshake + sender + master + pad1 ) ) |
| 2894 | * + SHA1( master + pad2 + |
| 2895 | * SHA1( handshake + sender + master + pad1 ) ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2896 | */ |
| 2897 | |
Paul Bakker | 90995b5 | 2013-06-24 19:20:35 +0200 | [diff] [blame] | 2898 | #if !defined(POLARSSL_MD5_ALT) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2899 | SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2900 | md5.state, sizeof( md5.state ) ); |
Paul Bakker | 90995b5 | 2013-06-24 19:20:35 +0200 | [diff] [blame] | 2901 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2902 | |
Paul Bakker | 90995b5 | 2013-06-24 19:20:35 +0200 | [diff] [blame] | 2903 | #if !defined(POLARSSL_SHA1_ALT) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2904 | SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2905 | sha1.state, sizeof( sha1.state ) ); |
Paul Bakker | 90995b5 | 2013-06-24 19:20:35 +0200 | [diff] [blame] | 2906 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2907 | |
Paul Bakker | 3c2122f | 2013-06-24 19:03:14 +0200 | [diff] [blame] | 2908 | sender = ( from == SSL_IS_CLIENT ) ? "CLNT" |
| 2909 | : "SRVR"; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2910 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2911 | memset( padbuf, 0x36, 48 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2912 | |
Paul Bakker | 3c2122f | 2013-06-24 19:03:14 +0200 | [diff] [blame] | 2913 | md5_update( &md5, (const unsigned char *) sender, 4 ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2914 | md5_update( &md5, session->master, 48 ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2915 | md5_update( &md5, padbuf, 48 ); |
| 2916 | md5_finish( &md5, md5sum ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2917 | |
Paul Bakker | 3c2122f | 2013-06-24 19:03:14 +0200 | [diff] [blame] | 2918 | sha1_update( &sha1, (const unsigned char *) sender, 4 ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2919 | sha1_update( &sha1, session->master, 48 ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2920 | sha1_update( &sha1, padbuf, 40 ); |
| 2921 | sha1_finish( &sha1, sha1sum ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2922 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2923 | memset( padbuf, 0x5C, 48 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2924 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2925 | md5_starts( &md5 ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2926 | md5_update( &md5, session->master, 48 ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2927 | md5_update( &md5, padbuf, 48 ); |
| 2928 | md5_update( &md5, md5sum, 16 ); |
| 2929 | md5_finish( &md5, buf ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2930 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2931 | sha1_starts( &sha1 ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2932 | sha1_update( &sha1, session->master, 48 ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2933 | sha1_update( &sha1, padbuf , 40 ); |
| 2934 | sha1_update( &sha1, sha1sum, 20 ); |
| 2935 | sha1_finish( &sha1, buf + 16 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2936 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2937 | SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2938 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2939 | memset( &md5, 0, sizeof( md5_context ) ); |
| 2940 | memset( &sha1, 0, sizeof( sha1_context ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2941 | |
| 2942 | memset( padbuf, 0, sizeof( padbuf ) ); |
| 2943 | memset( md5sum, 0, sizeof( md5sum ) ); |
| 2944 | memset( sha1sum, 0, sizeof( sha1sum ) ); |
| 2945 | |
| 2946 | SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| 2947 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2948 | #endif /* POLARSSL_SSL_PROTO_SSL3 */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2949 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 2950 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2951 | static void ssl_calc_finished_tls( |
| 2952 | ssl_context *ssl, unsigned char *buf, int from ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2953 | { |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2954 | int len = 12; |
Paul Bakker | 3c2122f | 2013-06-24 19:03:14 +0200 | [diff] [blame] | 2955 | const char *sender; |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2956 | md5_context md5; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2957 | sha1_context sha1; |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2958 | unsigned char padbuf[36]; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2959 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2960 | ssl_session *session = ssl->session_negotiate; |
| 2961 | if( !session ) |
| 2962 | session = ssl->session; |
| 2963 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2964 | SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2965 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2966 | memcpy( &md5 , &ssl->handshake->fin_md5 , sizeof(md5_context) ); |
| 2967 | memcpy( &sha1, &ssl->handshake->fin_sha1, sizeof(sha1_context) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2968 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2969 | /* |
| 2970 | * TLSv1: |
| 2971 | * hash = PRF( master, finished_label, |
| 2972 | * MD5( handshake ) + SHA1( handshake ) )[0..11] |
| 2973 | */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2974 | |
Paul Bakker | 90995b5 | 2013-06-24 19:20:35 +0200 | [diff] [blame] | 2975 | #if !defined(POLARSSL_MD5_ALT) |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2976 | SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) |
| 2977 | md5.state, sizeof( md5.state ) ); |
Paul Bakker | 90995b5 | 2013-06-24 19:20:35 +0200 | [diff] [blame] | 2978 | #endif |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2979 | |
Paul Bakker | 90995b5 | 2013-06-24 19:20:35 +0200 | [diff] [blame] | 2980 | #if !defined(POLARSSL_SHA1_ALT) |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2981 | SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) |
| 2982 | sha1.state, sizeof( sha1.state ) ); |
Paul Bakker | 90995b5 | 2013-06-24 19:20:35 +0200 | [diff] [blame] | 2983 | #endif |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2984 | |
| 2985 | sender = ( from == SSL_IS_CLIENT ) |
Paul Bakker | 3c2122f | 2013-06-24 19:03:14 +0200 | [diff] [blame] | 2986 | ? "client finished" |
| 2987 | : "server finished"; |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2988 | |
| 2989 | md5_finish( &md5, padbuf ); |
| 2990 | sha1_finish( &sha1, padbuf + 16 ); |
| 2991 | |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 2992 | ssl->handshake->tls_prf( session->master, 48, sender, |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2993 | padbuf, 36, buf, len ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 2994 | |
| 2995 | SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
| 2996 | |
| 2997 | memset( &md5, 0, sizeof( md5_context ) ); |
| 2998 | memset( &sha1, 0, sizeof( sha1_context ) ); |
| 2999 | |
| 3000 | memset( padbuf, 0, sizeof( padbuf ) ); |
| 3001 | |
| 3002 | SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| 3003 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 3004 | #endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 */ |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3005 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 3006 | #if defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 3007 | #if defined(POLARSSL_SHA256_C) |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 3008 | static void ssl_calc_finished_tls_sha256( |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3009 | ssl_context *ssl, unsigned char *buf, int from ) |
| 3010 | { |
| 3011 | int len = 12; |
Paul Bakker | 3c2122f | 2013-06-24 19:03:14 +0200 | [diff] [blame] | 3012 | const char *sender; |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3013 | sha256_context sha256; |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3014 | unsigned char padbuf[32]; |
| 3015 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3016 | ssl_session *session = ssl->session_negotiate; |
| 3017 | if( !session ) |
| 3018 | session = ssl->session; |
| 3019 | |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 3020 | SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3021 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3022 | memcpy( &sha256, &ssl->handshake->fin_sha256, sizeof(sha256_context) ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3023 | |
| 3024 | /* |
| 3025 | * TLSv1.2: |
| 3026 | * hash = PRF( master, finished_label, |
| 3027 | * Hash( handshake ) )[0.11] |
| 3028 | */ |
| 3029 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3030 | #if !defined(POLARSSL_SHA256_ALT) |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3031 | SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *) |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3032 | sha256.state, sizeof( sha256.state ) ); |
Paul Bakker | 90995b5 | 2013-06-24 19:20:35 +0200 | [diff] [blame] | 3033 | #endif |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3034 | |
| 3035 | sender = ( from == SSL_IS_CLIENT ) |
Paul Bakker | 3c2122f | 2013-06-24 19:03:14 +0200 | [diff] [blame] | 3036 | ? "client finished" |
| 3037 | : "server finished"; |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3038 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3039 | sha256_finish( &sha256, padbuf ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3040 | |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 3041 | ssl->handshake->tls_prf( session->master, 48, sender, |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3042 | padbuf, 32, buf, len ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3043 | |
| 3044 | SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
| 3045 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3046 | memset( &sha256, 0, sizeof( sha256_context ) ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3047 | |
| 3048 | memset( padbuf, 0, sizeof( padbuf ) ); |
| 3049 | |
| 3050 | SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| 3051 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 3052 | #endif /* POLARSSL_SHA256_C */ |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3053 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3054 | #if defined(POLARSSL_SHA512_C) |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 3055 | static void ssl_calc_finished_tls_sha384( |
| 3056 | ssl_context *ssl, unsigned char *buf, int from ) |
| 3057 | { |
| 3058 | int len = 12; |
Paul Bakker | 3c2122f | 2013-06-24 19:03:14 +0200 | [diff] [blame] | 3059 | const char *sender; |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3060 | sha512_context sha512; |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 3061 | unsigned char padbuf[48]; |
| 3062 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3063 | ssl_session *session = ssl->session_negotiate; |
| 3064 | if( !session ) |
| 3065 | session = ssl->session; |
| 3066 | |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 3067 | SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 3068 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3069 | memcpy( &sha512, &ssl->handshake->fin_sha512, sizeof(sha512_context) ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 3070 | |
| 3071 | /* |
| 3072 | * TLSv1.2: |
| 3073 | * hash = PRF( master, finished_label, |
| 3074 | * Hash( handshake ) )[0.11] |
| 3075 | */ |
| 3076 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3077 | #if !defined(POLARSSL_SHA512_ALT) |
| 3078 | SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) |
| 3079 | sha512.state, sizeof( sha512.state ) ); |
Paul Bakker | 90995b5 | 2013-06-24 19:20:35 +0200 | [diff] [blame] | 3080 | #endif |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 3081 | |
| 3082 | sender = ( from == SSL_IS_CLIENT ) |
Paul Bakker | 3c2122f | 2013-06-24 19:03:14 +0200 | [diff] [blame] | 3083 | ? "client finished" |
| 3084 | : "server finished"; |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 3085 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3086 | sha512_finish( &sha512, padbuf ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 3087 | |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 3088 | ssl->handshake->tls_prf( session->master, 48, sender, |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3089 | padbuf, 48, buf, len ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 3090 | |
| 3091 | SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); |
| 3092 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3093 | memset( &sha512, 0, sizeof( sha512_context ) ); |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 3094 | |
| 3095 | memset( padbuf, 0, sizeof( padbuf ) ); |
| 3096 | |
| 3097 | SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); |
| 3098 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 3099 | #endif /* POLARSSL_SHA512_C */ |
| 3100 | #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ |
Paul Bakker | ca4ab49 | 2012-04-18 14:23:57 +0000 | [diff] [blame] | 3101 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3102 | void ssl_handshake_wrapup( ssl_context *ssl ) |
| 3103 | { |
Manuel Pégourié-Gonnard | c086cce | 2013-08-02 14:13:02 +0200 | [diff] [blame] | 3104 | int resume = ssl->handshake->resume; |
| 3105 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3106 | SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); |
| 3107 | |
| 3108 | /* |
| 3109 | * Free our handshake params |
| 3110 | */ |
| 3111 | ssl_handshake_free( ssl->handshake ); |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 3112 | polarssl_free( ssl->handshake ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3113 | ssl->handshake = NULL; |
| 3114 | |
Manuel Pégourié-Gonnard | caed054 | 2013-10-30 12:47:35 +0100 | [diff] [blame] | 3115 | if( ssl->renegotiation == SSL_RENEGOTIATION ) |
| 3116 | ssl->renegotiation = SSL_RENEGOTIATION_DONE; |
| 3117 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3118 | /* |
| 3119 | * Switch in our now active transform context |
| 3120 | */ |
| 3121 | if( ssl->transform ) |
| 3122 | { |
| 3123 | ssl_transform_free( ssl->transform ); |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 3124 | polarssl_free( ssl->transform ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3125 | } |
| 3126 | ssl->transform = ssl->transform_negotiate; |
| 3127 | ssl->transform_negotiate = NULL; |
| 3128 | |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 3129 | if( ssl->session ) |
| 3130 | { |
| 3131 | ssl_session_free( ssl->session ); |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 3132 | polarssl_free( ssl->session ); |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 3133 | } |
| 3134 | ssl->session = ssl->session_negotiate; |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3135 | ssl->session_negotiate = NULL; |
| 3136 | |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 3137 | /* |
| 3138 | * Add cache entry |
| 3139 | */ |
Manuel Pégourié-Gonnard | c086cce | 2013-08-02 14:13:02 +0200 | [diff] [blame] | 3140 | if( ssl->f_set_cache != NULL && |
| 3141 | ssl->session->length != 0 && |
| 3142 | resume == 0 ) |
| 3143 | { |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 3144 | if( ssl->f_set_cache( ssl->p_set_cache, ssl->session ) != 0 ) |
| 3145 | SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); |
Manuel Pégourié-Gonnard | c086cce | 2013-08-02 14:13:02 +0200 | [diff] [blame] | 3146 | } |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 3147 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3148 | ssl->state++; |
| 3149 | |
| 3150 | SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); |
| 3151 | } |
| 3152 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3153 | int ssl_write_finished( ssl_context *ssl ) |
| 3154 | { |
| 3155 | int ret, hash_len; |
| 3156 | |
| 3157 | SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); |
| 3158 | |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 3159 | /* |
| 3160 | * Set the out_msg pointer to the correct location based on IV length |
| 3161 | */ |
| 3162 | if( ssl->minor_ver >= SSL_MINOR_VERSION_2 ) |
| 3163 | { |
| 3164 | ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen - |
| 3165 | ssl->transform_negotiate->fixed_ivlen; |
| 3166 | } |
| 3167 | else |
| 3168 | ssl->out_msg = ssl->out_iv; |
| 3169 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3170 | ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->endpoint ); |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3171 | |
| 3172 | // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3173 | hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12; |
| 3174 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3175 | ssl->verify_data_len = hash_len; |
| 3176 | memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len ); |
| 3177 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3178 | ssl->out_msglen = 4 + hash_len; |
| 3179 | ssl->out_msgtype = SSL_MSG_HANDSHAKE; |
| 3180 | ssl->out_msg[0] = SSL_HS_FINISHED; |
| 3181 | |
| 3182 | /* |
| 3183 | * In case of session resuming, invert the client and server |
| 3184 | * ChangeCipherSpec messages order. |
| 3185 | */ |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 3186 | if( ssl->handshake->resume != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3187 | { |
| 3188 | if( ssl->endpoint == SSL_IS_CLIENT ) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3189 | ssl->state = SSL_HANDSHAKE_WRAPUP; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3190 | else |
| 3191 | ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC; |
| 3192 | } |
| 3193 | else |
| 3194 | ssl->state++; |
| 3195 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3196 | /* |
| 3197 | * Switch to our negotiated transform and session parameters for outbound data. |
| 3198 | */ |
| 3199 | SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); |
| 3200 | ssl->transform_out = ssl->transform_negotiate; |
| 3201 | ssl->session_out = ssl->session_negotiate; |
| 3202 | memset( ssl->out_ctr, 0, 8 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3203 | |
Paul Bakker | 07eb38b | 2012-12-19 14:42:06 +0100 | [diff] [blame] | 3204 | #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) |
| 3205 | if( ssl_hw_record_activate != NULL) |
| 3206 | { |
| 3207 | if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_OUTBOUND ) ) != 0 ) |
| 3208 | { |
| 3209 | SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret ); |
| 3210 | return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED ); |
| 3211 | } |
| 3212 | } |
| 3213 | #endif |
| 3214 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3215 | if( ( ret = ssl_write_record( ssl ) ) != 0 ) |
| 3216 | { |
| 3217 | SSL_DEBUG_RET( 1, "ssl_write_record", ret ); |
| 3218 | return( ret ); |
| 3219 | } |
| 3220 | |
| 3221 | SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); |
| 3222 | |
| 3223 | return( 0 ); |
| 3224 | } |
| 3225 | |
| 3226 | int ssl_parse_finished( ssl_context *ssl ) |
| 3227 | { |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 3228 | int ret; |
| 3229 | unsigned int hash_len; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3230 | unsigned char buf[36]; |
| 3231 | |
| 3232 | SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); |
| 3233 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3234 | ssl->handshake->calc_finished( ssl, buf, ssl->endpoint ^ 1 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3235 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3236 | /* |
| 3237 | * Switch to our negotiated transform and session parameters for inbound data. |
| 3238 | */ |
| 3239 | SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) ); |
| 3240 | ssl->transform_in = ssl->transform_negotiate; |
| 3241 | ssl->session_in = ssl->session_negotiate; |
| 3242 | memset( ssl->in_ctr, 0, 8 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3243 | |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 3244 | /* |
| 3245 | * Set the in_msg pointer to the correct location based on IV length |
| 3246 | */ |
| 3247 | if( ssl->minor_ver >= SSL_MINOR_VERSION_2 ) |
| 3248 | { |
| 3249 | ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen - |
| 3250 | ssl->transform_negotiate->fixed_ivlen; |
| 3251 | } |
| 3252 | else |
| 3253 | ssl->in_msg = ssl->in_iv; |
| 3254 | |
Paul Bakker | 07eb38b | 2012-12-19 14:42:06 +0100 | [diff] [blame] | 3255 | #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) |
| 3256 | if( ssl_hw_record_activate != NULL) |
| 3257 | { |
| 3258 | if( ( ret = ssl_hw_record_activate( ssl, SSL_CHANNEL_INBOUND ) ) != 0 ) |
| 3259 | { |
| 3260 | SSL_DEBUG_RET( 1, "ssl_hw_record_activate", ret ); |
| 3261 | return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED ); |
| 3262 | } |
| 3263 | } |
| 3264 | #endif |
| 3265 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3266 | if( ( ret = ssl_read_record( ssl ) ) != 0 ) |
| 3267 | { |
| 3268 | SSL_DEBUG_RET( 1, "ssl_read_record", ret ); |
| 3269 | return( ret ); |
| 3270 | } |
| 3271 | |
| 3272 | if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) |
| 3273 | { |
| 3274 | SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 3275 | return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3276 | } |
| 3277 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 3278 | // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3279 | hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12; |
| 3280 | |
| 3281 | if( ssl->in_msg[0] != SSL_HS_FINISHED || |
| 3282 | ssl->in_hslen != 4 + hash_len ) |
| 3283 | { |
| 3284 | SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 3285 | return( POLARSSL_ERR_SSL_BAD_HS_FINISHED ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3286 | } |
| 3287 | |
Manuel Pégourié-Gonnard | 31ff1d2 | 2013-10-28 13:46:11 +0100 | [diff] [blame] | 3288 | if( safer_memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3289 | { |
| 3290 | SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 3291 | return( POLARSSL_ERR_SSL_BAD_HS_FINISHED ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3292 | } |
| 3293 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3294 | ssl->verify_data_len = hash_len; |
| 3295 | memcpy( ssl->peer_verify_data, buf, hash_len ); |
| 3296 | |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 3297 | if( ssl->handshake->resume != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3298 | { |
| 3299 | if( ssl->endpoint == SSL_IS_CLIENT ) |
| 3300 | ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC; |
| 3301 | |
| 3302 | if( ssl->endpoint == SSL_IS_SERVER ) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3303 | ssl->state = SSL_HANDSHAKE_WRAPUP; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3304 | } |
| 3305 | else |
| 3306 | ssl->state++; |
| 3307 | |
| 3308 | SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); |
| 3309 | |
| 3310 | return( 0 ); |
| 3311 | } |
| 3312 | |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 3313 | static int ssl_handshake_init( ssl_context *ssl ) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3314 | { |
| 3315 | if( ssl->transform_negotiate ) |
| 3316 | ssl_transform_free( ssl->transform_negotiate ); |
| 3317 | else |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3318 | { |
| 3319 | ssl->transform_negotiate = |
| 3320 | (ssl_transform *) polarssl_malloc( sizeof(ssl_transform) ); |
Paul Bakker | 77f4f39 | 2014-03-26 15:28:55 +0100 | [diff] [blame] | 3321 | |
| 3322 | if( ssl->transform_negotiate != NULL ) |
| 3323 | memset( ssl->transform_negotiate, 0, sizeof(ssl_transform) ); |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3324 | } |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3325 | |
| 3326 | if( ssl->session_negotiate ) |
| 3327 | ssl_session_free( ssl->session_negotiate ); |
| 3328 | else |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3329 | { |
| 3330 | ssl->session_negotiate = |
| 3331 | (ssl_session *) polarssl_malloc( sizeof(ssl_session) ); |
Paul Bakker | 77f4f39 | 2014-03-26 15:28:55 +0100 | [diff] [blame] | 3332 | |
| 3333 | if( ssl->session_negotiate != NULL ) |
| 3334 | memset( ssl->session_negotiate, 0, sizeof(ssl_session) ); |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3335 | } |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3336 | |
| 3337 | if( ssl->handshake ) |
| 3338 | ssl_handshake_free( ssl->handshake ); |
| 3339 | else |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3340 | { |
| 3341 | ssl->handshake = (ssl_handshake_params *) |
| 3342 | polarssl_malloc( sizeof(ssl_handshake_params) ); |
Paul Bakker | 77f4f39 | 2014-03-26 15:28:55 +0100 | [diff] [blame] | 3343 | |
| 3344 | if( ssl->handshake != NULL ) |
| 3345 | memset( ssl->handshake, 0, sizeof(ssl_handshake_params) ); |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3346 | } |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3347 | |
| 3348 | if( ssl->handshake == NULL || |
| 3349 | ssl->transform_negotiate == NULL || |
| 3350 | ssl->session_negotiate == NULL ) |
| 3351 | { |
| 3352 | SSL_DEBUG_MSG( 1, ( "malloc() of ssl sub-contexts failed" ) ); |
| 3353 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
| 3354 | } |
| 3355 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 3356 | #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ |
| 3357 | defined(POLARSSL_SSL_PROTO_TLS1_1) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3358 | md5_starts( &ssl->handshake->fin_md5 ); |
| 3359 | sha1_starts( &ssl->handshake->fin_sha1 ); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 3360 | #endif |
| 3361 | #if defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 3362 | #if defined(POLARSSL_SHA256_C) |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3363 | sha256_starts( &ssl->handshake->fin_sha256, 0 ); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 3364 | #endif |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 3365 | #if defined(POLARSSL_SHA512_C) |
| 3366 | sha512_starts( &ssl->handshake->fin_sha512, 1 ); |
Paul Bakker | 769075d | 2012-11-24 11:26:46 +0100 | [diff] [blame] | 3367 | #endif |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 3368 | #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3369 | |
| 3370 | ssl->handshake->update_checksum = ssl_update_checksum_start; |
Paul Bakker | 23f3680 | 2012-09-28 14:15:14 +0000 | [diff] [blame] | 3371 | ssl->handshake->sig_alg = SSL_HASH_SHA1; |
Paul Bakker | f7abd42 | 2013-04-16 13:15:56 +0200 | [diff] [blame] | 3372 | |
Paul Bakker | 61d113b | 2013-07-04 11:51:43 +0200 | [diff] [blame] | 3373 | #if defined(POLARSSL_ECDH_C) |
| 3374 | ecdh_init( &ssl->handshake->ecdh_ctx ); |
| 3375 | #endif |
| 3376 | |
Manuel Pégourié-Gonnard | e5e1bb9 | 2013-10-30 11:25:30 +0100 | [diff] [blame] | 3377 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
| 3378 | ssl->handshake->key_cert = ssl->key_cert; |
| 3379 | #endif |
| 3380 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3381 | return( 0 ); |
| 3382 | } |
| 3383 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3384 | /* |
| 3385 | * Initialize an SSL context |
| 3386 | */ |
| 3387 | int ssl_init( ssl_context *ssl ) |
| 3388 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3389 | int ret; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3390 | int len = SSL_BUFFER_LEN; |
| 3391 | |
| 3392 | memset( ssl, 0, sizeof( ssl_context ) ); |
| 3393 | |
Paul Bakker | 62f2dee | 2012-09-28 07:31:51 +0000 | [diff] [blame] | 3394 | /* |
| 3395 | * Sane defaults |
| 3396 | */ |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 3397 | ssl->min_major_ver = SSL_MIN_MAJOR_VERSION; |
| 3398 | ssl->min_minor_ver = SSL_MIN_MINOR_VERSION; |
| 3399 | ssl->max_major_ver = SSL_MAX_MAJOR_VERSION; |
| 3400 | ssl->max_minor_ver = SSL_MAX_MINOR_VERSION; |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 3401 | |
Paul Bakker | 8f4ddae | 2013-04-15 15:09:54 +0200 | [diff] [blame] | 3402 | ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() ); |
Paul Bakker | 645ce3a | 2012-10-31 12:32:41 +0000 | [diff] [blame] | 3403 | |
Paul Bakker | 62f2dee | 2012-09-28 07:31:51 +0000 | [diff] [blame] | 3404 | #if defined(POLARSSL_DHM_C) |
| 3405 | if( ( ret = mpi_read_string( &ssl->dhm_P, 16, |
| 3406 | POLARSSL_DHM_RFC5114_MODP_1024_P) ) != 0 || |
| 3407 | ( ret = mpi_read_string( &ssl->dhm_G, 16, |
| 3408 | POLARSSL_DHM_RFC5114_MODP_1024_G) ) != 0 ) |
| 3409 | { |
| 3410 | SSL_DEBUG_RET( 1, "mpi_read_string", ret ); |
| 3411 | return( ret ); |
| 3412 | } |
| 3413 | #endif |
| 3414 | |
| 3415 | /* |
| 3416 | * Prepare base structures |
| 3417 | */ |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 3418 | ssl->in_ctr = (unsigned char *) polarssl_malloc( len ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3419 | ssl->in_hdr = ssl->in_ctr + 8; |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 3420 | ssl->in_iv = ssl->in_ctr + 13; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3421 | ssl->in_msg = ssl->in_ctr + 13; |
| 3422 | |
| 3423 | if( ssl->in_ctr == NULL ) |
| 3424 | { |
| 3425 | SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) ); |
Paul Bakker | 69e095c | 2011-12-10 21:55:01 +0000 | [diff] [blame] | 3426 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3427 | } |
| 3428 | |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 3429 | ssl->out_ctr = (unsigned char *) polarssl_malloc( len ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3430 | ssl->out_hdr = ssl->out_ctr + 8; |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 3431 | ssl->out_iv = ssl->out_ctr + 13; |
Paul Bakker | 5bd4229 | 2012-12-19 14:40:42 +0100 | [diff] [blame] | 3432 | ssl->out_msg = ssl->out_ctr + 13; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3433 | |
| 3434 | if( ssl->out_ctr == NULL ) |
| 3435 | { |
| 3436 | SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) ); |
Paul Bakker | 3d6504a | 2014-03-17 13:41:51 +0100 | [diff] [blame] | 3437 | polarssl_free( ssl->in_ctr ); |
| 3438 | ssl->in_ctr = NULL; |
Paul Bakker | 69e095c | 2011-12-10 21:55:01 +0000 | [diff] [blame] | 3439 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3440 | } |
| 3441 | |
| 3442 | memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN ); |
| 3443 | memset( ssl->out_ctr, 0, SSL_BUFFER_LEN ); |
| 3444 | |
Paul Bakker | 606b4ba | 2013-08-14 16:52:14 +0200 | [diff] [blame] | 3445 | #if defined(POLARSSL_SSL_SESSION_TICKETS) |
| 3446 | ssl->ticket_lifetime = SSL_DEFAULT_TICKET_LIFETIME; |
| 3447 | #endif |
| 3448 | |
Manuel Pégourié-Gonnard | 7f38ed0 | 2014-02-04 15:52:33 +0100 | [diff] [blame] | 3449 | #if defined(POLARSSL_SSL_SET_CURVES) |
Manuel Pégourié-Gonnard | ac71941 | 2014-02-04 14:48:50 +0100 | [diff] [blame] | 3450 | ssl->curve_list = ecp_grp_id_list( ); |
Gergely Budai | 987bfb5 | 2014-01-19 21:48:42 +0100 | [diff] [blame] | 3451 | #endif |
| 3452 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3453 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
| 3454 | return( ret ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3455 | |
| 3456 | return( 0 ); |
| 3457 | } |
| 3458 | |
| 3459 | /* |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 3460 | * Reset an initialized and used SSL context for re-use while retaining |
| 3461 | * all application-set variables, function pointers and data. |
| 3462 | */ |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 3463 | int ssl_session_reset( ssl_context *ssl ) |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 3464 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3465 | int ret; |
| 3466 | |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 3467 | ssl->state = SSL_HELLO_REQUEST; |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3468 | ssl->renegotiation = SSL_INITIAL_HANDSHAKE; |
| 3469 | ssl->secure_renegotiation = SSL_LEGACY_RENEGOTIATION; |
| 3470 | |
| 3471 | ssl->verify_data_len = 0; |
| 3472 | memset( ssl->own_verify_data, 0, 36 ); |
| 3473 | memset( ssl->peer_verify_data, 0, 36 ); |
| 3474 | |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 3475 | ssl->in_offt = NULL; |
| 3476 | |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 3477 | ssl->in_msg = ssl->in_ctr + 13; |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 3478 | ssl->in_msgtype = 0; |
| 3479 | ssl->in_msglen = 0; |
| 3480 | ssl->in_left = 0; |
| 3481 | |
| 3482 | ssl->in_hslen = 0; |
| 3483 | ssl->nb_zero = 0; |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 3484 | ssl->record_read = 0; |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 3485 | |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 3486 | ssl->out_msg = ssl->out_ctr + 13; |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 3487 | ssl->out_msgtype = 0; |
| 3488 | ssl->out_msglen = 0; |
| 3489 | ssl->out_left = 0; |
| 3490 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3491 | ssl->transform_in = NULL; |
| 3492 | ssl->transform_out = NULL; |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 3493 | |
| 3494 | memset( ssl->out_ctr, 0, SSL_BUFFER_LEN ); |
| 3495 | memset( ssl->in_ctr, 0, SSL_BUFFER_LEN ); |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 3496 | |
| 3497 | #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) |
| 3498 | if( ssl_hw_record_reset != NULL) |
| 3499 | { |
| 3500 | SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_reset()" ) ); |
Paul Bakker | 07eb38b | 2012-12-19 14:42:06 +0100 | [diff] [blame] | 3501 | if( ( ret = ssl_hw_record_reset( ssl ) ) != 0 ) |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 3502 | { |
| 3503 | SSL_DEBUG_RET( 1, "ssl_hw_record_reset", ret ); |
| 3504 | return( POLARSSL_ERR_SSL_HW_ACCEL_FAILED ); |
| 3505 | } |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 3506 | } |
| 3507 | #endif |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 3508 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3509 | if( ssl->transform ) |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 3510 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3511 | ssl_transform_free( ssl->transform ); |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 3512 | polarssl_free( ssl->transform ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3513 | ssl->transform = NULL; |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 3514 | } |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3515 | |
Paul Bakker | c046350 | 2013-02-14 11:19:38 +0100 | [diff] [blame] | 3516 | if( ssl->session ) |
| 3517 | { |
| 3518 | ssl_session_free( ssl->session ); |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 3519 | polarssl_free( ssl->session ); |
Paul Bakker | c046350 | 2013-02-14 11:19:38 +0100 | [diff] [blame] | 3520 | ssl->session = NULL; |
| 3521 | } |
| 3522 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3523 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
| 3524 | return( ret ); |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 3525 | |
| 3526 | return( 0 ); |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 3527 | } |
| 3528 | |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 3529 | #if defined(POLARSSL_SSL_SESSION_TICKETS) |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 3530 | /* |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 3531 | * Allocate and initialize ticket keys |
| 3532 | */ |
| 3533 | static int ssl_ticket_keys_init( ssl_context *ssl ) |
| 3534 | { |
| 3535 | int ret; |
| 3536 | ssl_ticket_keys *tkeys; |
Manuel Pégourié-Gonnard | 56dc9e8 | 2013-08-03 17:16:31 +0200 | [diff] [blame] | 3537 | unsigned char buf[16]; |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 3538 | |
| 3539 | if( ssl->ticket_keys != NULL ) |
| 3540 | return( 0 ); |
| 3541 | |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3542 | tkeys = (ssl_ticket_keys *) polarssl_malloc( sizeof(ssl_ticket_keys) ); |
| 3543 | if( tkeys == NULL ) |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 3544 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
| 3545 | |
| 3546 | if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->key_name, 16 ) ) != 0 ) |
Paul Bakker | 6f0636a | 2013-12-16 15:24:05 +0100 | [diff] [blame] | 3547 | { |
| 3548 | polarssl_free( tkeys ); |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 3549 | return( ret ); |
Paul Bakker | 6f0636a | 2013-12-16 15:24:05 +0100 | [diff] [blame] | 3550 | } |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 3551 | |
Manuel Pégourié-Gonnard | 990c51a | 2013-08-03 15:37:58 +0200 | [diff] [blame] | 3552 | if( ( ret = ssl->f_rng( ssl->p_rng, buf, 16 ) ) != 0 || |
| 3553 | ( ret = aes_setkey_enc( &tkeys->enc, buf, 128 ) ) != 0 || |
| 3554 | ( ret = aes_setkey_dec( &tkeys->dec, buf, 128 ) ) != 0 ) |
| 3555 | { |
Paul Bakker | 6f0636a | 2013-12-16 15:24:05 +0100 | [diff] [blame] | 3556 | polarssl_free( tkeys ); |
| 3557 | return( ret ); |
Manuel Pégourié-Gonnard | 990c51a | 2013-08-03 15:37:58 +0200 | [diff] [blame] | 3558 | } |
| 3559 | |
Manuel Pégourié-Gonnard | 56dc9e8 | 2013-08-03 17:16:31 +0200 | [diff] [blame] | 3560 | if( ( ret = ssl->f_rng( ssl->p_rng, tkeys->mac_key, 16 ) ) != 0 ) |
Paul Bakker | 6f0636a | 2013-12-16 15:24:05 +0100 | [diff] [blame] | 3561 | { |
| 3562 | polarssl_free( tkeys ); |
Manuel Pégourié-Gonnard | 56dc9e8 | 2013-08-03 17:16:31 +0200 | [diff] [blame] | 3563 | return( ret ); |
Paul Bakker | 6f0636a | 2013-12-16 15:24:05 +0100 | [diff] [blame] | 3564 | } |
Manuel Pégourié-Gonnard | 56dc9e8 | 2013-08-03 17:16:31 +0200 | [diff] [blame] | 3565 | |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 3566 | ssl->ticket_keys = tkeys; |
| 3567 | |
| 3568 | return( 0 ); |
| 3569 | } |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 3570 | #endif /* POLARSSL_SSL_SESSION_TICKETS */ |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 3571 | |
| 3572 | /* |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3573 | * SSL set accessors |
| 3574 | */ |
| 3575 | void ssl_set_endpoint( ssl_context *ssl, int endpoint ) |
| 3576 | { |
| 3577 | ssl->endpoint = endpoint; |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 3578 | |
Paul Bakker | 606b4ba | 2013-08-14 16:52:14 +0200 | [diff] [blame] | 3579 | #if defined(POLARSSL_SSL_SESSION_TICKETS) |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 3580 | if( endpoint == SSL_IS_CLIENT ) |
| 3581 | ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED; |
Paul Bakker | 606b4ba | 2013-08-14 16:52:14 +0200 | [diff] [blame] | 3582 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3583 | } |
| 3584 | |
| 3585 | void ssl_set_authmode( ssl_context *ssl, int authmode ) |
| 3586 | { |
| 3587 | ssl->authmode = authmode; |
| 3588 | } |
| 3589 | |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 3590 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Paul Bakker | b63b0af | 2011-01-13 17:54:59 +0000 | [diff] [blame] | 3591 | void ssl_set_verify( ssl_context *ssl, |
Paul Bakker | c559c7a | 2013-09-18 14:13:26 +0200 | [diff] [blame] | 3592 | int (*f_vrfy)(void *, x509_crt *, int, int *), |
Paul Bakker | b63b0af | 2011-01-13 17:54:59 +0000 | [diff] [blame] | 3593 | void *p_vrfy ) |
| 3594 | { |
| 3595 | ssl->f_vrfy = f_vrfy; |
| 3596 | ssl->p_vrfy = p_vrfy; |
| 3597 | } |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 3598 | #endif /* POLARSSL_X509_CRT_PARSE_C */ |
Paul Bakker | b63b0af | 2011-01-13 17:54:59 +0000 | [diff] [blame] | 3599 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3600 | void ssl_set_rng( ssl_context *ssl, |
Paul Bakker | a3d195c | 2011-11-27 21:07:34 +0000 | [diff] [blame] | 3601 | int (*f_rng)(void *, unsigned char *, size_t), |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3602 | void *p_rng ) |
| 3603 | { |
| 3604 | ssl->f_rng = f_rng; |
| 3605 | ssl->p_rng = p_rng; |
| 3606 | } |
| 3607 | |
| 3608 | void ssl_set_dbg( ssl_context *ssl, |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 3609 | void (*f_dbg)(void *, int, const char *), |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3610 | void *p_dbg ) |
| 3611 | { |
| 3612 | ssl->f_dbg = f_dbg; |
| 3613 | ssl->p_dbg = p_dbg; |
| 3614 | } |
| 3615 | |
| 3616 | void ssl_set_bio( ssl_context *ssl, |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 3617 | int (*f_recv)(void *, unsigned char *, size_t), void *p_recv, |
Paul Bakker | 39bb418 | 2011-06-21 07:36:43 +0000 | [diff] [blame] | 3618 | int (*f_send)(void *, const unsigned char *, size_t), void *p_send ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3619 | { |
| 3620 | ssl->f_recv = f_recv; |
| 3621 | ssl->f_send = f_send; |
| 3622 | ssl->p_recv = p_recv; |
| 3623 | ssl->p_send = p_send; |
| 3624 | } |
| 3625 | |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 3626 | void ssl_set_session_cache( ssl_context *ssl, |
| 3627 | int (*f_get_cache)(void *, ssl_session *), void *p_get_cache, |
| 3628 | int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3629 | { |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 3630 | ssl->f_get_cache = f_get_cache; |
| 3631 | ssl->p_get_cache = p_get_cache; |
| 3632 | ssl->f_set_cache = f_set_cache; |
| 3633 | ssl->p_set_cache = p_set_cache; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3634 | } |
| 3635 | |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 3636 | int ssl_set_session( ssl_context *ssl, const ssl_session *session ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3637 | { |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 3638 | int ret; |
| 3639 | |
| 3640 | if( ssl == NULL || |
| 3641 | session == NULL || |
| 3642 | ssl->session_negotiate == NULL || |
| 3643 | ssl->endpoint != SSL_IS_CLIENT ) |
| 3644 | { |
| 3645 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 3646 | } |
| 3647 | |
| 3648 | if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) |
| 3649 | return( ret ); |
| 3650 | |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 3651 | ssl->handshake->resume = 1; |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 3652 | |
| 3653 | return( 0 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3654 | } |
| 3655 | |
Paul Bakker | b68cad6 | 2012-08-23 08:34:18 +0000 | [diff] [blame] | 3656 | void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3657 | { |
Paul Bakker | 8f4ddae | 2013-04-15 15:09:54 +0200 | [diff] [blame] | 3658 | ssl->ciphersuite_list[SSL_MINOR_VERSION_0] = ciphersuites; |
| 3659 | ssl->ciphersuite_list[SSL_MINOR_VERSION_1] = ciphersuites; |
| 3660 | ssl->ciphersuite_list[SSL_MINOR_VERSION_2] = ciphersuites; |
| 3661 | ssl->ciphersuite_list[SSL_MINOR_VERSION_3] = ciphersuites; |
| 3662 | } |
| 3663 | |
| 3664 | void ssl_set_ciphersuites_for_version( ssl_context *ssl, const int *ciphersuites, |
| 3665 | int major, int minor ) |
| 3666 | { |
| 3667 | if( major != SSL_MAJOR_VERSION_3 ) |
| 3668 | return; |
| 3669 | |
| 3670 | if( minor < SSL_MINOR_VERSION_0 || minor > SSL_MINOR_VERSION_3 ) |
| 3671 | return; |
| 3672 | |
| 3673 | ssl->ciphersuite_list[minor] = ciphersuites; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3674 | } |
| 3675 | |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 3676 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3677 | /* Add a new (empty) key_cert entry an return a pointer to it */ |
| 3678 | static ssl_key_cert *ssl_add_key_cert( ssl_context *ssl ) |
| 3679 | { |
| 3680 | ssl_key_cert *key_cert, *last; |
| 3681 | |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3682 | key_cert = (ssl_key_cert *) polarssl_malloc( sizeof(ssl_key_cert) ); |
| 3683 | if( key_cert == NULL ) |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3684 | return( NULL ); |
| 3685 | |
| 3686 | memset( key_cert, 0, sizeof( ssl_key_cert ) ); |
| 3687 | |
| 3688 | /* Append the new key_cert to the (possibly empty) current list */ |
| 3689 | if( ssl->key_cert == NULL ) |
Paul Bakker | 0333b97 | 2013-11-04 17:08:28 +0100 | [diff] [blame] | 3690 | { |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3691 | ssl->key_cert = key_cert; |
Paul Bakker | 08b028f | 2013-11-19 10:42:37 +0100 | [diff] [blame] | 3692 | if( ssl->handshake != NULL ) |
| 3693 | ssl->handshake->key_cert = key_cert; |
Paul Bakker | 0333b97 | 2013-11-04 17:08:28 +0100 | [diff] [blame] | 3694 | } |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3695 | else |
| 3696 | { |
| 3697 | last = ssl->key_cert; |
| 3698 | while( last->next != NULL ) |
| 3699 | last = last->next; |
| 3700 | last->next = key_cert; |
| 3701 | } |
| 3702 | |
| 3703 | return key_cert; |
| 3704 | } |
| 3705 | |
Paul Bakker | c559c7a | 2013-09-18 14:13:26 +0200 | [diff] [blame] | 3706 | void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain, |
Paul Bakker | 57b7914 | 2010-03-24 06:51:15 +0000 | [diff] [blame] | 3707 | x509_crl *ca_crl, const char *peer_cn ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3708 | { |
| 3709 | ssl->ca_chain = ca_chain; |
Paul Bakker | 40ea7de | 2009-05-03 10:18:48 +0000 | [diff] [blame] | 3710 | ssl->ca_crl = ca_crl; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3711 | ssl->peer_cn = peer_cn; |
| 3712 | } |
| 3713 | |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3714 | int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert, |
Manuel Pégourié-Gonnard | ac75523 | 2013-08-19 14:10:16 +0200 | [diff] [blame] | 3715 | pk_context *pk_key ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3716 | { |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3717 | ssl_key_cert *key_cert = ssl_add_key_cert( ssl ); |
| 3718 | |
| 3719 | if( key_cert == NULL ) |
| 3720 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
| 3721 | |
| 3722 | key_cert->cert = own_cert; |
| 3723 | key_cert->key = pk_key; |
| 3724 | |
| 3725 | return( 0 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3726 | } |
| 3727 | |
Manuel Pégourié-Gonnard | ac75523 | 2013-08-19 14:10:16 +0200 | [diff] [blame] | 3728 | #if defined(POLARSSL_RSA_C) |
Paul Bakker | c559c7a | 2013-09-18 14:13:26 +0200 | [diff] [blame] | 3729 | int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert, |
Manuel Pégourié-Gonnard | ac75523 | 2013-08-19 14:10:16 +0200 | [diff] [blame] | 3730 | rsa_context *rsa_key ) |
Paul Bakker | 43b7e35 | 2011-01-18 15:27:19 +0000 | [diff] [blame] | 3731 | { |
Manuel Pégourié-Gonnard | 0d42049 | 2013-08-21 16:14:26 +0200 | [diff] [blame] | 3732 | int ret; |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3733 | ssl_key_cert *key_cert = ssl_add_key_cert( ssl ); |
Manuel Pégourié-Gonnard | 0d42049 | 2013-08-21 16:14:26 +0200 | [diff] [blame] | 3734 | |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3735 | if( key_cert == NULL ) |
Manuel Pégourié-Gonnard | 0d42049 | 2013-08-21 16:14:26 +0200 | [diff] [blame] | 3736 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
| 3737 | |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3738 | key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) ); |
| 3739 | if( key_cert->key == NULL ) |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3740 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
Manuel Pégourié-Gonnard | 0d42049 | 2013-08-21 16:14:26 +0200 | [diff] [blame] | 3741 | |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3742 | pk_init( key_cert->key ); |
Manuel Pégourié-Gonnard | 0d42049 | 2013-08-21 16:14:26 +0200 | [diff] [blame] | 3743 | |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3744 | ret = pk_init_ctx( key_cert->key, pk_info_from_type( POLARSSL_PK_RSA ) ); |
Manuel Pégourié-Gonnard | 0d42049 | 2013-08-21 16:14:26 +0200 | [diff] [blame] | 3745 | if( ret != 0 ) |
| 3746 | return( ret ); |
| 3747 | |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3748 | if( ( ret = rsa_copy( pk_rsa( *key_cert->key ), rsa_key ) ) != 0 ) |
Manuel Pégourié-Gonnard | 0d42049 | 2013-08-21 16:14:26 +0200 | [diff] [blame] | 3749 | return( ret ); |
| 3750 | |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3751 | key_cert->cert = own_cert; |
| 3752 | key_cert->key_own_alloc = 1; |
| 3753 | |
Manuel Pégourié-Gonnard | 0d42049 | 2013-08-21 16:14:26 +0200 | [diff] [blame] | 3754 | return( 0 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3755 | } |
Manuel Pégourié-Gonnard | ac75523 | 2013-08-19 14:10:16 +0200 | [diff] [blame] | 3756 | #endif /* POLARSSL_RSA_C */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3757 | |
Paul Bakker | c559c7a | 2013-09-18 14:13:26 +0200 | [diff] [blame] | 3758 | int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert, |
Manuel Pégourié-Gonnard | 2fb15f6 | 2013-08-22 17:54:20 +0200 | [diff] [blame] | 3759 | void *rsa_key, |
| 3760 | rsa_decrypt_func rsa_decrypt, |
| 3761 | rsa_sign_func rsa_sign, |
| 3762 | rsa_key_len_func rsa_key_len ) |
Paul Bakker | 43b7e35 | 2011-01-18 15:27:19 +0000 | [diff] [blame] | 3763 | { |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3764 | int ret; |
| 3765 | ssl_key_cert *key_cert = ssl_add_key_cert( ssl ); |
Manuel Pégourié-Gonnard | 070cc7f | 2013-08-21 15:09:31 +0200 | [diff] [blame] | 3766 | |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3767 | if( key_cert == NULL ) |
Manuel Pégourié-Gonnard | 070cc7f | 2013-08-21 15:09:31 +0200 | [diff] [blame] | 3768 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
| 3769 | |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3770 | key_cert->key = (pk_context *) polarssl_malloc( sizeof(pk_context) ); |
| 3771 | if( key_cert->key == NULL ) |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3772 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
Manuel Pégourié-Gonnard | 070cc7f | 2013-08-21 15:09:31 +0200 | [diff] [blame] | 3773 | |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3774 | pk_init( key_cert->key ); |
Manuel Pégourié-Gonnard | 070cc7f | 2013-08-21 15:09:31 +0200 | [diff] [blame] | 3775 | |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 3776 | if( ( ret = pk_init_ctx_rsa_alt( key_cert->key, rsa_key, |
| 3777 | rsa_decrypt, rsa_sign, rsa_key_len ) ) != 0 ) |
| 3778 | return( ret ); |
| 3779 | |
| 3780 | key_cert->cert = own_cert; |
| 3781 | key_cert->key_own_alloc = 1; |
| 3782 | |
| 3783 | return( 0 ); |
Paul Bakker | 43b7e35 | 2011-01-18 15:27:19 +0000 | [diff] [blame] | 3784 | } |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 3785 | #endif /* POLARSSL_X509_CRT_PARSE_C */ |
Paul Bakker | eb2c658 | 2012-09-27 19:15:01 +0000 | [diff] [blame] | 3786 | |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 3787 | #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 3788 | int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len, |
| 3789 | const unsigned char *psk_identity, size_t psk_identity_len ) |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 3790 | { |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 3791 | if( psk == NULL || psk_identity == NULL ) |
| 3792 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 3793 | |
Manuel Pégourié-Gonnard | b2bf5a1 | 2014-03-25 16:28:12 +0100 | [diff] [blame] | 3794 | /* |
| 3795 | * The length will be check later anyway, but in case it is obviously |
| 3796 | * too large, better abort now. The PMS is as follows: |
| 3797 | * other_len (2 bytes) + other + psk_len (2 bytes) + psk |
| 3798 | */ |
| 3799 | if( psk_len + 4 > POLARSSL_PREMASTER_SIZE ) |
| 3800 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 3801 | |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 3802 | if( ssl->psk != NULL ) |
| 3803 | { |
| 3804 | polarssl_free( ssl->psk ); |
| 3805 | polarssl_free( ssl->psk_identity ); |
| 3806 | } |
| 3807 | |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 3808 | ssl->psk_len = psk_len; |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 3809 | ssl->psk_identity_len = psk_identity_len; |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 3810 | |
Paul Bakker | b9cfaa0 | 2013-10-11 18:58:55 +0200 | [diff] [blame] | 3811 | ssl->psk = (unsigned char *) polarssl_malloc( ssl->psk_len ); |
| 3812 | ssl->psk_identity = (unsigned char *) polarssl_malloc( ssl->psk_identity_len ); |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 3813 | |
| 3814 | if( ssl->psk == NULL || ssl->psk_identity == NULL ) |
| 3815 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
| 3816 | |
| 3817 | memcpy( ssl->psk, psk, ssl->psk_len ); |
| 3818 | memcpy( ssl->psk_identity, psk_identity, ssl->psk_identity_len ); |
Paul Bakker | 5ad403f | 2013-09-18 21:21:30 +0200 | [diff] [blame] | 3819 | |
| 3820 | return( 0 ); |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 3821 | } |
| 3822 | |
| 3823 | void ssl_set_psk_cb( ssl_context *ssl, |
| 3824 | int (*f_psk)(void *, ssl_context *, const unsigned char *, |
| 3825 | size_t), |
| 3826 | void *p_psk ) |
| 3827 | { |
| 3828 | ssl->f_psk = f_psk; |
| 3829 | ssl->p_psk = p_psk; |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 3830 | } |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 3831 | #endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
Paul Bakker | 43b7e35 | 2011-01-18 15:27:19 +0000 | [diff] [blame] | 3832 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3833 | #if defined(POLARSSL_DHM_C) |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 3834 | int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3835 | { |
| 3836 | int ret; |
| 3837 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3838 | if( ( ret = mpi_read_string( &ssl->dhm_P, 16, dhm_P ) ) != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3839 | { |
| 3840 | SSL_DEBUG_RET( 1, "mpi_read_string", ret ); |
| 3841 | return( ret ); |
| 3842 | } |
| 3843 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3844 | if( ( ret = mpi_read_string( &ssl->dhm_G, 16, dhm_G ) ) != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3845 | { |
| 3846 | SSL_DEBUG_RET( 1, "mpi_read_string", ret ); |
| 3847 | return( ret ); |
| 3848 | } |
| 3849 | |
| 3850 | return( 0 ); |
| 3851 | } |
| 3852 | |
Paul Bakker | 1b57b06 | 2011-01-06 15:48:19 +0000 | [diff] [blame] | 3853 | int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx ) |
| 3854 | { |
| 3855 | int ret; |
| 3856 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3857 | if( ( ret = mpi_copy(&ssl->dhm_P, &dhm_ctx->P) ) != 0 ) |
Paul Bakker | 1b57b06 | 2011-01-06 15:48:19 +0000 | [diff] [blame] | 3858 | { |
| 3859 | SSL_DEBUG_RET( 1, "mpi_copy", ret ); |
| 3860 | return( ret ); |
| 3861 | } |
| 3862 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3863 | if( ( ret = mpi_copy(&ssl->dhm_G, &dhm_ctx->G) ) != 0 ) |
Paul Bakker | 1b57b06 | 2011-01-06 15:48:19 +0000 | [diff] [blame] | 3864 | { |
| 3865 | SSL_DEBUG_RET( 1, "mpi_copy", ret ); |
| 3866 | return( ret ); |
| 3867 | } |
| 3868 | |
| 3869 | return( 0 ); |
| 3870 | } |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3871 | #endif /* POLARSSL_DHM_C */ |
Paul Bakker | 1b57b06 | 2011-01-06 15:48:19 +0000 | [diff] [blame] | 3872 | |
Manuel Pégourié-Gonnard | 7f38ed0 | 2014-02-04 15:52:33 +0100 | [diff] [blame] | 3873 | #if defined(POLARSSL_SSL_SET_CURVES) |
| 3874 | /* |
| 3875 | * Set the allowed elliptic curves |
| 3876 | */ |
| 3877 | void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curve_list ) |
| 3878 | { |
| 3879 | ssl->curve_list = curve_list; |
| 3880 | } |
| 3881 | #endif |
| 3882 | |
Paul Bakker | 0be444a | 2013-08-27 21:55:01 +0200 | [diff] [blame] | 3883 | #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 3884 | int ssl_set_hostname( ssl_context *ssl, const char *hostname ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3885 | { |
| 3886 | if( hostname == NULL ) |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 3887 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3888 | |
| 3889 | ssl->hostname_len = strlen( hostname ); |
Paul Bakker | 75c1a6f | 2013-08-19 14:25:29 +0200 | [diff] [blame] | 3890 | |
| 3891 | if( ssl->hostname_len + 1 == 0 ) |
| 3892 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 3893 | |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 3894 | ssl->hostname = (unsigned char *) polarssl_malloc( ssl->hostname_len + 1 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3895 | |
Paul Bakker | b15b851 | 2012-01-13 13:44:06 +0000 | [diff] [blame] | 3896 | if( ssl->hostname == NULL ) |
| 3897 | return( POLARSSL_ERR_SSL_MALLOC_FAILED ); |
| 3898 | |
Paul Bakker | 3c2122f | 2013-06-24 19:03:14 +0200 | [diff] [blame] | 3899 | memcpy( ssl->hostname, (const unsigned char *) hostname, |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3900 | ssl->hostname_len ); |
Paul Bakker | f7abd42 | 2013-04-16 13:15:56 +0200 | [diff] [blame] | 3901 | |
Paul Bakker | 40ea7de | 2009-05-03 10:18:48 +0000 | [diff] [blame] | 3902 | ssl->hostname[ssl->hostname_len] = '\0'; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3903 | |
| 3904 | return( 0 ); |
| 3905 | } |
| 3906 | |
Paul Bakker | 5701cdc | 2012-09-27 21:49:42 +0000 | [diff] [blame] | 3907 | void ssl_set_sni( ssl_context *ssl, |
| 3908 | int (*f_sni)(void *, ssl_context *, |
| 3909 | const unsigned char *, size_t), |
| 3910 | void *p_sni ) |
| 3911 | { |
| 3912 | ssl->f_sni = f_sni; |
| 3913 | ssl->p_sni = p_sni; |
| 3914 | } |
Paul Bakker | 0be444a | 2013-08-27 21:55:01 +0200 | [diff] [blame] | 3915 | #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */ |
Paul Bakker | 5701cdc | 2012-09-27 21:49:42 +0000 | [diff] [blame] | 3916 | |
Paul Bakker | 490ecc8 | 2011-10-06 13:04:09 +0000 | [diff] [blame] | 3917 | void ssl_set_max_version( ssl_context *ssl, int major, int minor ) |
| 3918 | { |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 3919 | if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION && |
| 3920 | minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION ) |
| 3921 | { |
| 3922 | ssl->max_major_ver = major; |
| 3923 | ssl->max_minor_ver = minor; |
| 3924 | } |
Paul Bakker | 490ecc8 | 2011-10-06 13:04:09 +0000 | [diff] [blame] | 3925 | } |
| 3926 | |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 3927 | void ssl_set_min_version( ssl_context *ssl, int major, int minor ) |
| 3928 | { |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 3929 | if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION && |
| 3930 | minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION ) |
| 3931 | { |
| 3932 | ssl->min_major_ver = major; |
| 3933 | ssl->min_minor_ver = minor; |
| 3934 | } |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 3935 | } |
| 3936 | |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 3937 | #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 3938 | int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code ) |
| 3939 | { |
Paul Bakker | 77e257e | 2013-12-16 15:29:52 +0100 | [diff] [blame] | 3940 | if( mfl_code >= SSL_MAX_FRAG_LEN_INVALID || |
Manuel Pégourié-Gonnard | 581e6b6 | 2013-07-18 12:32:27 +0200 | [diff] [blame] | 3941 | mfl_code_to_length[mfl_code] > SSL_MAX_CONTENT_LEN ) |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 3942 | { |
Manuel Pégourié-Gonnard | 581e6b6 | 2013-07-18 12:32:27 +0200 | [diff] [blame] | 3943 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 3944 | } |
| 3945 | |
| 3946 | ssl->mfl_code = mfl_code; |
| 3947 | |
| 3948 | return( 0 ); |
| 3949 | } |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 3950 | #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 3951 | |
Paul Bakker | 1f2bc62 | 2013-08-15 13:45:55 +0200 | [diff] [blame] | 3952 | #if defined(POLARSSL_SSL_TRUNCATED_HMAC) |
Paul Bakker | 8c1ede6 | 2013-07-19 14:14:37 +0200 | [diff] [blame] | 3953 | int ssl_set_truncated_hmac( ssl_context *ssl, int truncate ) |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 3954 | { |
| 3955 | if( ssl->endpoint != SSL_IS_CLIENT ) |
| 3956 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 3957 | |
Paul Bakker | 8c1ede6 | 2013-07-19 14:14:37 +0200 | [diff] [blame] | 3958 | ssl->trunc_hmac = truncate; |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 3959 | |
| 3960 | return( 0 ); |
| 3961 | } |
Paul Bakker | 1f2bc62 | 2013-08-15 13:45:55 +0200 | [diff] [blame] | 3962 | #endif /* POLARSSL_SSL_TRUNCATED_HMAC */ |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 3963 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 3964 | void ssl_set_renegotiation( ssl_context *ssl, int renegotiation ) |
| 3965 | { |
| 3966 | ssl->disable_renegotiation = renegotiation; |
| 3967 | } |
| 3968 | |
| 3969 | void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy ) |
| 3970 | { |
| 3971 | ssl->allow_legacy_renegotiation = allow_legacy; |
| 3972 | } |
| 3973 | |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 3974 | #if defined(POLARSSL_SSL_SESSION_TICKETS) |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 3975 | int ssl_set_session_tickets( ssl_context *ssl, int use_tickets ) |
| 3976 | { |
| 3977 | ssl->session_tickets = use_tickets; |
| 3978 | |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 3979 | if( ssl->endpoint == SSL_IS_CLIENT ) |
| 3980 | return( 0 ); |
| 3981 | |
| 3982 | if( ssl->f_rng == NULL ) |
| 3983 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 3984 | |
| 3985 | return( ssl_ticket_keys_init( ssl ) ); |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 3986 | } |
Paul Bakker | 606b4ba | 2013-08-14 16:52:14 +0200 | [diff] [blame] | 3987 | |
| 3988 | void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime ) |
| 3989 | { |
| 3990 | ssl->ticket_lifetime = lifetime; |
| 3991 | } |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 3992 | #endif /* POLARSSL_SSL_SESSION_TICKETS */ |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 3993 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3994 | /* |
| 3995 | * SSL get accessors |
| 3996 | */ |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 3997 | size_t ssl_get_bytes_avail( const ssl_context *ssl ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 3998 | { |
| 3999 | return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); |
| 4000 | } |
| 4001 | |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 4002 | int ssl_get_verify_result( const ssl_context *ssl ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4003 | { |
Manuel Pégourié-Gonnard | 38d1eba | 2013-08-23 10:44:29 +0200 | [diff] [blame] | 4004 | return( ssl->session->verify_result ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4005 | } |
| 4006 | |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 4007 | const char *ssl_get_ciphersuite( const ssl_context *ssl ) |
Paul Bakker | 72f6266 | 2011-01-16 21:27:44 +0000 | [diff] [blame] | 4008 | { |
Paul Bakker | 926c8e4 | 2013-03-06 10:23:34 +0100 | [diff] [blame] | 4009 | if( ssl == NULL || ssl->session == NULL ) |
| 4010 | return NULL; |
| 4011 | |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 4012 | return ssl_get_ciphersuite_name( ssl->session->ciphersuite ); |
Paul Bakker | 72f6266 | 2011-01-16 21:27:44 +0000 | [diff] [blame] | 4013 | } |
| 4014 | |
Paul Bakker | 43ca69c | 2011-01-15 17:35:19 +0000 | [diff] [blame] | 4015 | const char *ssl_get_version( const ssl_context *ssl ) |
| 4016 | { |
| 4017 | switch( ssl->minor_ver ) |
| 4018 | { |
| 4019 | case SSL_MINOR_VERSION_0: |
| 4020 | return( "SSLv3.0" ); |
| 4021 | |
| 4022 | case SSL_MINOR_VERSION_1: |
| 4023 | return( "TLSv1.0" ); |
| 4024 | |
| 4025 | case SSL_MINOR_VERSION_2: |
| 4026 | return( "TLSv1.1" ); |
| 4027 | |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 4028 | case SSL_MINOR_VERSION_3: |
| 4029 | return( "TLSv1.2" ); |
| 4030 | |
Paul Bakker | 43ca69c | 2011-01-15 17:35:19 +0000 | [diff] [blame] | 4031 | default: |
| 4032 | break; |
| 4033 | } |
| 4034 | return( "unknown" ); |
| 4035 | } |
| 4036 | |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 4037 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Paul Bakker | c559c7a | 2013-09-18 14:13:26 +0200 | [diff] [blame] | 4038 | const x509_crt *ssl_get_peer_cert( const ssl_context *ssl ) |
Paul Bakker | b0550d9 | 2012-10-30 07:51:03 +0000 | [diff] [blame] | 4039 | { |
| 4040 | if( ssl == NULL || ssl->session == NULL ) |
| 4041 | return NULL; |
| 4042 | |
| 4043 | return ssl->session->peer_cert; |
| 4044 | } |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 4045 | #endif /* POLARSSL_X509_CRT_PARSE_C */ |
Paul Bakker | b0550d9 | 2012-10-30 07:51:03 +0000 | [diff] [blame] | 4046 | |
Manuel Pégourié-Gonnard | 7471803 | 2013-07-30 12:41:56 +0200 | [diff] [blame] | 4047 | int ssl_get_session( const ssl_context *ssl, ssl_session *dst ) |
| 4048 | { |
Manuel Pégourié-Gonnard | 7471803 | 2013-07-30 12:41:56 +0200 | [diff] [blame] | 4049 | if( ssl == NULL || |
| 4050 | dst == NULL || |
| 4051 | ssl->session == NULL || |
| 4052 | ssl->endpoint != SSL_IS_CLIENT ) |
| 4053 | { |
| 4054 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 4055 | } |
| 4056 | |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 4057 | return( ssl_session_copy( dst, ssl->session ) ); |
Manuel Pégourié-Gonnard | 7471803 | 2013-07-30 12:41:56 +0200 | [diff] [blame] | 4058 | } |
| 4059 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4060 | /* |
Paul Bakker | 1961b70 | 2013-01-25 14:49:24 +0100 | [diff] [blame] | 4061 | * Perform a single step of the SSL handshake |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4062 | */ |
Paul Bakker | 1961b70 | 2013-01-25 14:49:24 +0100 | [diff] [blame] | 4063 | int ssl_handshake_step( ssl_context *ssl ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4064 | { |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 4065 | int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4066 | |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 4067 | #if defined(POLARSSL_SSL_CLI_C) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4068 | if( ssl->endpoint == SSL_IS_CLIENT ) |
Paul Bakker | 1961b70 | 2013-01-25 14:49:24 +0100 | [diff] [blame] | 4069 | ret = ssl_handshake_client_step( ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4070 | #endif |
| 4071 | |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 4072 | #if defined(POLARSSL_SSL_SRV_C) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4073 | if( ssl->endpoint == SSL_IS_SERVER ) |
Paul Bakker | 1961b70 | 2013-01-25 14:49:24 +0100 | [diff] [blame] | 4074 | ret = ssl_handshake_server_step( ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4075 | #endif |
| 4076 | |
Paul Bakker | 1961b70 | 2013-01-25 14:49:24 +0100 | [diff] [blame] | 4077 | return( ret ); |
| 4078 | } |
| 4079 | |
| 4080 | /* |
| 4081 | * Perform the SSL handshake |
| 4082 | */ |
| 4083 | int ssl_handshake( ssl_context *ssl ) |
| 4084 | { |
| 4085 | int ret = 0; |
| 4086 | |
| 4087 | SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); |
| 4088 | |
| 4089 | while( ssl->state != SSL_HANDSHAKE_OVER ) |
| 4090 | { |
| 4091 | ret = ssl_handshake_step( ssl ); |
| 4092 | |
| 4093 | if( ret != 0 ) |
| 4094 | break; |
| 4095 | } |
| 4096 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4097 | SSL_DEBUG_MSG( 2, ( "<= handshake" ) ); |
| 4098 | |
| 4099 | return( ret ); |
| 4100 | } |
| 4101 | |
Paul Bakker | 37ce0ff | 2013-10-31 14:32:04 +0100 | [diff] [blame] | 4102 | #if defined(POLARSSL_SSL_SRV_C) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4103 | /* |
Manuel Pégourié-Gonnard | 214eed3 | 2013-10-30 13:06:54 +0100 | [diff] [blame] | 4104 | * Write HelloRequest to request renegotiation on server |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4105 | */ |
Manuel Pégourié-Gonnard | 214eed3 | 2013-10-30 13:06:54 +0100 | [diff] [blame] | 4106 | static int ssl_write_hello_request( ssl_context *ssl ) |
| 4107 | { |
| 4108 | int ret; |
| 4109 | |
| 4110 | SSL_DEBUG_MSG( 2, ( "=> write hello request" ) ); |
| 4111 | |
| 4112 | ssl->out_msglen = 4; |
| 4113 | ssl->out_msgtype = SSL_MSG_HANDSHAKE; |
| 4114 | ssl->out_msg[0] = SSL_HS_HELLO_REQUEST; |
| 4115 | |
| 4116 | if( ( ret = ssl_write_record( ssl ) ) != 0 ) |
| 4117 | { |
| 4118 | SSL_DEBUG_RET( 1, "ssl_write_record", ret ); |
| 4119 | return( ret ); |
| 4120 | } |
| 4121 | |
Manuel Pégourié-Gonnard | 6d8404d | 2013-10-30 16:41:45 +0100 | [diff] [blame] | 4122 | ssl->renegotiation = SSL_RENEGOTIATION_PENDING; |
| 4123 | |
Manuel Pégourié-Gonnard | 214eed3 | 2013-10-30 13:06:54 +0100 | [diff] [blame] | 4124 | SSL_DEBUG_MSG( 2, ( "<= write hello request" ) ); |
| 4125 | |
| 4126 | return( 0 ); |
| 4127 | } |
Paul Bakker | 37ce0ff | 2013-10-31 14:32:04 +0100 | [diff] [blame] | 4128 | #endif /* POLARSSL_SSL_SRV_C */ |
Manuel Pégourié-Gonnard | 214eed3 | 2013-10-30 13:06:54 +0100 | [diff] [blame] | 4129 | |
| 4130 | /* |
| 4131 | * Actually renegotiate current connection, triggered by either: |
| 4132 | * - calling ssl_renegotiate() on client, |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4133 | * - receiving a HelloRequest on client during ssl_read(), |
Manuel Pégourié-Gonnard | 214eed3 | 2013-10-30 13:06:54 +0100 | [diff] [blame] | 4134 | * - receiving any handshake message on server during ssl_read() after the |
| 4135 | * initial handshake is completed |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4136 | * If the handshake doesn't complete due to waiting for I/O, it will continue |
| 4137 | * during the next calls to ssl_renegotiate() or ssl_read() respectively. |
Manuel Pégourié-Gonnard | 214eed3 | 2013-10-30 13:06:54 +0100 | [diff] [blame] | 4138 | */ |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4139 | static int ssl_start_renegotiation( ssl_context *ssl ) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4140 | { |
| 4141 | int ret; |
| 4142 | |
| 4143 | SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) ); |
| 4144 | |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4145 | if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) |
| 4146 | return( ret ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4147 | |
| 4148 | ssl->state = SSL_HELLO_REQUEST; |
| 4149 | ssl->renegotiation = SSL_RENEGOTIATION; |
| 4150 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4151 | if( ( ret = ssl_handshake( ssl ) ) != 0 ) |
| 4152 | { |
| 4153 | SSL_DEBUG_RET( 1, "ssl_handshake", ret ); |
| 4154 | return( ret ); |
| 4155 | } |
| 4156 | |
| 4157 | SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) ); |
| 4158 | |
| 4159 | return( 0 ); |
| 4160 | } |
| 4161 | |
| 4162 | /* |
Manuel Pégourié-Gonnard | 214eed3 | 2013-10-30 13:06:54 +0100 | [diff] [blame] | 4163 | * Renegotiate current connection on client, |
| 4164 | * or request renegotiation on server |
| 4165 | */ |
| 4166 | int ssl_renegotiate( ssl_context *ssl ) |
| 4167 | { |
Paul Bakker | 37ce0ff | 2013-10-31 14:32:04 +0100 | [diff] [blame] | 4168 | int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4169 | |
Paul Bakker | 37ce0ff | 2013-10-31 14:32:04 +0100 | [diff] [blame] | 4170 | #if defined(POLARSSL_SSL_SRV_C) |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4171 | /* On server, just send the request */ |
| 4172 | if( ssl->endpoint == SSL_IS_SERVER ) |
| 4173 | { |
| 4174 | if( ssl->state != SSL_HANDSHAKE_OVER ) |
| 4175 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 4176 | |
Manuel Pégourié-Gonnard | 214eed3 | 2013-10-30 13:06:54 +0100 | [diff] [blame] | 4177 | return( ssl_write_hello_request( ssl ) ); |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4178 | } |
Paul Bakker | 37ce0ff | 2013-10-31 14:32:04 +0100 | [diff] [blame] | 4179 | #endif /* POLARSSL_SSL_SRV_C */ |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4180 | |
Paul Bakker | 37ce0ff | 2013-10-31 14:32:04 +0100 | [diff] [blame] | 4181 | #if defined(POLARSSL_SSL_CLI_C) |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4182 | /* |
| 4183 | * On client, either start the renegotiation process or, |
| 4184 | * if already in progress, continue the handshake |
| 4185 | */ |
| 4186 | if( ssl->renegotiation != SSL_RENEGOTIATION ) |
| 4187 | { |
| 4188 | if( ssl->state != SSL_HANDSHAKE_OVER ) |
| 4189 | return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); |
| 4190 | |
| 4191 | if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 ) |
| 4192 | { |
| 4193 | SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
| 4194 | return( ret ); |
| 4195 | } |
| 4196 | } |
| 4197 | else |
| 4198 | { |
| 4199 | if( ( ret = ssl_handshake( ssl ) ) != 0 ) |
| 4200 | { |
| 4201 | SSL_DEBUG_RET( 1, "ssl_handshake", ret ); |
| 4202 | return( ret ); |
| 4203 | } |
| 4204 | } |
Paul Bakker | 37ce0ff | 2013-10-31 14:32:04 +0100 | [diff] [blame] | 4205 | #endif /* POLARSSL_SSL_CLI_C */ |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4206 | |
Paul Bakker | 37ce0ff | 2013-10-31 14:32:04 +0100 | [diff] [blame] | 4207 | return( ret ); |
Manuel Pégourié-Gonnard | 214eed3 | 2013-10-30 13:06:54 +0100 | [diff] [blame] | 4208 | } |
| 4209 | |
| 4210 | /* |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4211 | * Receive application data decrypted from the SSL layer |
| 4212 | */ |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 4213 | int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4214 | { |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 4215 | int ret; |
| 4216 | size_t n; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4217 | |
| 4218 | SSL_DEBUG_MSG( 2, ( "=> read" ) ); |
| 4219 | |
| 4220 | if( ssl->state != SSL_HANDSHAKE_OVER ) |
| 4221 | { |
| 4222 | if( ( ret = ssl_handshake( ssl ) ) != 0 ) |
| 4223 | { |
| 4224 | SSL_DEBUG_RET( 1, "ssl_handshake", ret ); |
| 4225 | return( ret ); |
| 4226 | } |
| 4227 | } |
| 4228 | |
| 4229 | if( ssl->in_offt == NULL ) |
| 4230 | { |
| 4231 | if( ( ret = ssl_read_record( ssl ) ) != 0 ) |
| 4232 | { |
Paul Bakker | 831a755 | 2011-05-18 13:32:51 +0000 | [diff] [blame] | 4233 | if( ret == POLARSSL_ERR_SSL_CONN_EOF ) |
| 4234 | return( 0 ); |
| 4235 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4236 | SSL_DEBUG_RET( 1, "ssl_read_record", ret ); |
| 4237 | return( ret ); |
| 4238 | } |
| 4239 | |
| 4240 | if( ssl->in_msglen == 0 && |
| 4241 | ssl->in_msgtype == SSL_MSG_APPLICATION_DATA ) |
| 4242 | { |
| 4243 | /* |
| 4244 | * OpenSSL sends empty messages to randomize the IV |
| 4245 | */ |
| 4246 | if( ( ret = ssl_read_record( ssl ) ) != 0 ) |
| 4247 | { |
Paul Bakker | 831a755 | 2011-05-18 13:32:51 +0000 | [diff] [blame] | 4248 | if( ret == POLARSSL_ERR_SSL_CONN_EOF ) |
| 4249 | return( 0 ); |
| 4250 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4251 | SSL_DEBUG_RET( 1, "ssl_read_record", ret ); |
| 4252 | return( ret ); |
| 4253 | } |
| 4254 | } |
| 4255 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4256 | if( ssl->in_msgtype == SSL_MSG_HANDSHAKE ) |
| 4257 | { |
| 4258 | SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); |
| 4259 | |
| 4260 | if( ssl->endpoint == SSL_IS_CLIENT && |
| 4261 | ( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST || |
| 4262 | ssl->in_hslen != 4 ) ) |
| 4263 | { |
| 4264 | SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) ); |
| 4265 | return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); |
| 4266 | } |
| 4267 | |
Paul Bakker | d0f6fa7 | 2012-09-17 09:18:12 +0000 | [diff] [blame] | 4268 | if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED || |
| 4269 | ( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION && |
| 4270 | ssl->allow_legacy_renegotiation == SSL_LEGACY_NO_RENEGOTIATION ) ) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4271 | { |
| 4272 | SSL_DEBUG_MSG( 3, ( "ignoring renegotiation, sending alert" ) ); |
| 4273 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 4274 | #if defined(POLARSSL_SSL_PROTO_SSL3) |
Paul Bakker | d0f6fa7 | 2012-09-17 09:18:12 +0000 | [diff] [blame] | 4275 | if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4276 | { |
Paul Bakker | d0f6fa7 | 2012-09-17 09:18:12 +0000 | [diff] [blame] | 4277 | /* |
| 4278 | * SSLv3 does not have a "no_renegotiation" alert |
| 4279 | */ |
| 4280 | if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 ) |
| 4281 | return( ret ); |
| 4282 | } |
| 4283 | else |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 4284 | #endif |
| 4285 | #if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \ |
| 4286 | defined(POLARSSL_SSL_PROTO_TLS1_2) |
| 4287 | if( ssl->minor_ver >= SSL_MINOR_VERSION_1 ) |
Paul Bakker | d0f6fa7 | 2012-09-17 09:18:12 +0000 | [diff] [blame] | 4288 | { |
| 4289 | if( ( ret = ssl_send_alert_message( ssl, |
| 4290 | SSL_ALERT_LEVEL_WARNING, |
| 4291 | SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 ) |
| 4292 | { |
| 4293 | return( ret ); |
| 4294 | } |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4295 | } |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 4296 | else |
| 4297 | #endif |
Paul Bakker | 577e006 | 2013-08-28 11:57:20 +0200 | [diff] [blame] | 4298 | { |
| 4299 | SSL_DEBUG_MSG( 1, ( "should never happen" ) ); |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 4300 | return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); |
Paul Bakker | 577e006 | 2013-08-28 11:57:20 +0200 | [diff] [blame] | 4301 | } |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4302 | } |
| 4303 | else |
| 4304 | { |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4305 | if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 ) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4306 | { |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 4307 | SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4308 | return( ret ); |
| 4309 | } |
| 4310 | |
| 4311 | return( POLARSSL_ERR_NET_WANT_READ ); |
| 4312 | } |
| 4313 | } |
Manuel Pégourié-Gonnard | 6d8404d | 2013-10-30 16:41:45 +0100 | [diff] [blame] | 4314 | else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING ) |
| 4315 | { |
| 4316 | SSL_DEBUG_MSG( 1, ( "renegotiation requested, " |
| 4317 | "but not honored by client" ) ); |
| 4318 | return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); |
| 4319 | } |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4320 | else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4321 | { |
| 4322 | SSL_DEBUG_MSG( 1, ( "bad application data message" ) ); |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 4323 | return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4324 | } |
| 4325 | |
| 4326 | ssl->in_offt = ssl->in_msg; |
| 4327 | } |
| 4328 | |
| 4329 | n = ( len < ssl->in_msglen ) |
| 4330 | ? len : ssl->in_msglen; |
| 4331 | |
| 4332 | memcpy( buf, ssl->in_offt, n ); |
| 4333 | ssl->in_msglen -= n; |
| 4334 | |
| 4335 | if( ssl->in_msglen == 0 ) |
| 4336 | /* all bytes consumed */ |
| 4337 | ssl->in_offt = NULL; |
| 4338 | else |
| 4339 | /* more data available */ |
| 4340 | ssl->in_offt += n; |
| 4341 | |
| 4342 | SSL_DEBUG_MSG( 2, ( "<= read" ) ); |
| 4343 | |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 4344 | return( (int) n ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4345 | } |
| 4346 | |
| 4347 | /* |
| 4348 | * Send application data to be encrypted by the SSL layer |
| 4349 | */ |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 4350 | int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4351 | { |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 4352 | int ret; |
| 4353 | size_t n; |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 4354 | unsigned int max_len = SSL_MAX_CONTENT_LEN; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4355 | |
| 4356 | SSL_DEBUG_MSG( 2, ( "=> write" ) ); |
| 4357 | |
| 4358 | if( ssl->state != SSL_HANDSHAKE_OVER ) |
| 4359 | { |
| 4360 | if( ( ret = ssl_handshake( ssl ) ) != 0 ) |
| 4361 | { |
| 4362 | SSL_DEBUG_RET( 1, "ssl_handshake", ret ); |
| 4363 | return( ret ); |
| 4364 | } |
| 4365 | } |
| 4366 | |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 4367 | #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) |
Manuel Pégourié-Gonnard | 581e6b6 | 2013-07-18 12:32:27 +0200 | [diff] [blame] | 4368 | /* |
| 4369 | * Assume mfl_code is correct since it was checked when set |
| 4370 | */ |
| 4371 | max_len = mfl_code_to_length[ssl->mfl_code]; |
| 4372 | |
Manuel Pégourié-Gonnard | ed4af8b | 2013-07-18 14:07:09 +0200 | [diff] [blame] | 4373 | /* |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 4374 | * Check if a smaller max length was negotiated |
Manuel Pégourié-Gonnard | ed4af8b | 2013-07-18 14:07:09 +0200 | [diff] [blame] | 4375 | */ |
| 4376 | if( ssl->session_out != NULL && |
| 4377 | mfl_code_to_length[ssl->session_out->mfl_code] < max_len ) |
| 4378 | { |
| 4379 | max_len = mfl_code_to_length[ssl->session_out->mfl_code]; |
| 4380 | } |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 4381 | #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ |
Manuel Pégourié-Gonnard | ed4af8b | 2013-07-18 14:07:09 +0200 | [diff] [blame] | 4382 | |
Manuel Pégourié-Gonnard | 581e6b6 | 2013-07-18 12:32:27 +0200 | [diff] [blame] | 4383 | n = ( len < max_len) ? len : max_len; |
Paul Bakker | 887bd50 | 2011-06-08 13:10:54 +0000 | [diff] [blame] | 4384 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4385 | if( ssl->out_left != 0 ) |
| 4386 | { |
| 4387 | if( ( ret = ssl_flush_output( ssl ) ) != 0 ) |
| 4388 | { |
| 4389 | SSL_DEBUG_RET( 1, "ssl_flush_output", ret ); |
| 4390 | return( ret ); |
| 4391 | } |
| 4392 | } |
Paul Bakker | 887bd50 | 2011-06-08 13:10:54 +0000 | [diff] [blame] | 4393 | else |
Paul Bakker | 1fd00bf | 2011-03-14 20:50:15 +0000 | [diff] [blame] | 4394 | { |
Paul Bakker | 887bd50 | 2011-06-08 13:10:54 +0000 | [diff] [blame] | 4395 | ssl->out_msglen = n; |
| 4396 | ssl->out_msgtype = SSL_MSG_APPLICATION_DATA; |
| 4397 | memcpy( ssl->out_msg, buf, n ); |
| 4398 | |
| 4399 | if( ( ret = ssl_write_record( ssl ) ) != 0 ) |
| 4400 | { |
| 4401 | SSL_DEBUG_RET( 1, "ssl_write_record", ret ); |
| 4402 | return( ret ); |
| 4403 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4404 | } |
| 4405 | |
| 4406 | SSL_DEBUG_MSG( 2, ( "<= write" ) ); |
| 4407 | |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 4408 | return( (int) n ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4409 | } |
| 4410 | |
| 4411 | /* |
| 4412 | * Notify the peer that the connection is being closed |
| 4413 | */ |
| 4414 | int ssl_close_notify( ssl_context *ssl ) |
| 4415 | { |
| 4416 | int ret; |
| 4417 | |
| 4418 | SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); |
| 4419 | |
| 4420 | if( ( ret = ssl_flush_output( ssl ) ) != 0 ) |
| 4421 | { |
| 4422 | SSL_DEBUG_RET( 1, "ssl_flush_output", ret ); |
| 4423 | return( ret ); |
| 4424 | } |
| 4425 | |
| 4426 | if( ssl->state == SSL_HANDSHAKE_OVER ) |
| 4427 | { |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4428 | if( ( ret = ssl_send_alert_message( ssl, |
| 4429 | SSL_ALERT_LEVEL_WARNING, |
| 4430 | SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4431 | { |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4432 | return( ret ); |
| 4433 | } |
| 4434 | } |
| 4435 | |
| 4436 | SSL_DEBUG_MSG( 2, ( "<= write close notify" ) ); |
| 4437 | |
| 4438 | return( ret ); |
| 4439 | } |
| 4440 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4441 | void ssl_transform_free( ssl_transform *transform ) |
| 4442 | { |
| 4443 | #if defined(POLARSSL_ZLIB_SUPPORT) |
| 4444 | deflateEnd( &transform->ctx_deflate ); |
| 4445 | inflateEnd( &transform->ctx_inflate ); |
| 4446 | #endif |
| 4447 | |
Manuel Pégourié-Gonnard | f71e587 | 2013-09-23 17:12:43 +0200 | [diff] [blame] | 4448 | cipher_free_ctx( &transform->cipher_ctx_enc ); |
| 4449 | cipher_free_ctx( &transform->cipher_ctx_dec ); |
| 4450 | |
Paul Bakker | 61d113b | 2013-07-04 11:51:43 +0200 | [diff] [blame] | 4451 | md_free_ctx( &transform->md_ctx_enc ); |
| 4452 | md_free_ctx( &transform->md_ctx_dec ); |
| 4453 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4454 | memset( transform, 0, sizeof( ssl_transform ) ); |
| 4455 | } |
| 4456 | |
Manuel Pégourié-Gonnard | 705fcca | 2013-09-23 20:04:20 +0200 | [diff] [blame] | 4457 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
| 4458 | static void ssl_key_cert_free( ssl_key_cert *key_cert ) |
| 4459 | { |
| 4460 | ssl_key_cert *cur = key_cert, *next; |
| 4461 | |
| 4462 | while( cur != NULL ) |
| 4463 | { |
| 4464 | next = cur->next; |
| 4465 | |
| 4466 | if( cur->key_own_alloc ) |
| 4467 | { |
| 4468 | pk_free( cur->key ); |
| 4469 | polarssl_free( cur->key ); |
| 4470 | } |
| 4471 | polarssl_free( cur ); |
| 4472 | |
| 4473 | cur = next; |
| 4474 | } |
| 4475 | } |
| 4476 | #endif /* POLARSSL_X509_CRT_PARSE_C */ |
| 4477 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4478 | void ssl_handshake_free( ssl_handshake_params *handshake ) |
| 4479 | { |
| 4480 | #if defined(POLARSSL_DHM_C) |
| 4481 | dhm_free( &handshake->dhm_ctx ); |
| 4482 | #endif |
Paul Bakker | 61d113b | 2013-07-04 11:51:43 +0200 | [diff] [blame] | 4483 | #if defined(POLARSSL_ECDH_C) |
| 4484 | ecdh_free( &handshake->ecdh_ctx ); |
| 4485 | #endif |
| 4486 | |
Manuel Pégourié-Gonnard | d09453c | 2013-09-23 19:11:32 +0200 | [diff] [blame] | 4487 | #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) |
Paul Bakker | beccd9f | 2013-10-11 15:20:27 +0200 | [diff] [blame] | 4488 | /* explicit void pointer cast for buggy MS compiler */ |
| 4489 | polarssl_free( (void *) handshake->curves ); |
Manuel Pégourié-Gonnard | d09453c | 2013-09-23 19:11:32 +0200 | [diff] [blame] | 4490 | #endif |
| 4491 | |
Manuel Pégourié-Gonnard | 8372454 | 2013-09-24 22:30:56 +0200 | [diff] [blame] | 4492 | #if defined(POLARSSL_X509_CRT_PARSE_C) && \ |
| 4493 | defined(POLARSSL_SSL_SERVER_NAME_INDICATION) |
| 4494 | /* |
| 4495 | * Free only the linked list wrapper, not the keys themselves |
| 4496 | * since the belong to the SNI callback |
| 4497 | */ |
| 4498 | if( handshake->sni_key_cert != NULL ) |
| 4499 | { |
| 4500 | ssl_key_cert *cur = handshake->sni_key_cert, *next; |
| 4501 | |
| 4502 | while( cur != NULL ) |
| 4503 | { |
| 4504 | next = cur->next; |
| 4505 | polarssl_free( cur ); |
| 4506 | cur = next; |
| 4507 | } |
| 4508 | } |
Manuel Pégourié-Gonnard | 705fcca | 2013-09-23 20:04:20 +0200 | [diff] [blame] | 4509 | #endif |
| 4510 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4511 | memset( handshake, 0, sizeof( ssl_handshake_params ) ); |
| 4512 | } |
| 4513 | |
| 4514 | void ssl_session_free( ssl_session *session ) |
| 4515 | { |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 4516 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 4517 | if( session->peer_cert != NULL ) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4518 | { |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 4519 | x509_crt_free( session->peer_cert ); |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 4520 | polarssl_free( session->peer_cert ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4521 | } |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 4522 | #endif |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 4523 | |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 4524 | #if defined(POLARSSL_SSL_SESSION_TICKETS) |
Manuel Pégourié-Gonnard | 75d4401 | 2013-08-02 14:44:04 +0200 | [diff] [blame] | 4525 | polarssl_free( session->ticket ); |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 4526 | #endif |
Manuel Pégourié-Gonnard | 75d4401 | 2013-08-02 14:44:04 +0200 | [diff] [blame] | 4527 | |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 4528 | memset( session, 0, sizeof( ssl_session ) ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4529 | } |
| 4530 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4531 | /* |
| 4532 | * Free an SSL context |
| 4533 | */ |
| 4534 | void ssl_free( ssl_context *ssl ) |
| 4535 | { |
| 4536 | SSL_DEBUG_MSG( 2, ( "=> free" ) ); |
| 4537 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4538 | if( ssl->out_ctr != NULL ) |
| 4539 | { |
| 4540 | memset( ssl->out_ctr, 0, SSL_BUFFER_LEN ); |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 4541 | polarssl_free( ssl->out_ctr ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4542 | } |
| 4543 | |
| 4544 | if( ssl->in_ctr != NULL ) |
| 4545 | { |
| 4546 | memset( ssl->in_ctr, 0, SSL_BUFFER_LEN ); |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 4547 | polarssl_free( ssl->in_ctr ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4548 | } |
| 4549 | |
Paul Bakker | 1677033 | 2013-10-11 09:59:44 +0200 | [diff] [blame] | 4550 | #if defined(POLARSSL_ZLIB_SUPPORT) |
| 4551 | if( ssl->compress_buf != NULL ) |
| 4552 | { |
| 4553 | memset( ssl->compress_buf, 0, SSL_BUFFER_LEN ); |
| 4554 | polarssl_free( ssl->compress_buf ); |
| 4555 | } |
| 4556 | #endif |
| 4557 | |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 4558 | #if defined(POLARSSL_DHM_C) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4559 | mpi_free( &ssl->dhm_P ); |
| 4560 | mpi_free( &ssl->dhm_G ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4561 | #endif |
| 4562 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4563 | if( ssl->transform ) |
| 4564 | { |
| 4565 | ssl_transform_free( ssl->transform ); |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 4566 | polarssl_free( ssl->transform ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4567 | } |
| 4568 | |
| 4569 | if( ssl->handshake ) |
| 4570 | { |
| 4571 | ssl_handshake_free( ssl->handshake ); |
| 4572 | ssl_transform_free( ssl->transform_negotiate ); |
| 4573 | ssl_session_free( ssl->session_negotiate ); |
| 4574 | |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 4575 | polarssl_free( ssl->handshake ); |
| 4576 | polarssl_free( ssl->transform_negotiate ); |
| 4577 | polarssl_free( ssl->session_negotiate ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 4578 | } |
| 4579 | |
Paul Bakker | c046350 | 2013-02-14 11:19:38 +0100 | [diff] [blame] | 4580 | if( ssl->session ) |
| 4581 | { |
| 4582 | ssl_session_free( ssl->session ); |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 4583 | polarssl_free( ssl->session ); |
Paul Bakker | c046350 | 2013-02-14 11:19:38 +0100 | [diff] [blame] | 4584 | } |
| 4585 | |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 4586 | #if defined(POLARSSL_SSL_SESSION_TICKETS) |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 4587 | polarssl_free( ssl->ticket_keys ); |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 4588 | #endif |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 4589 | |
Paul Bakker | 0be444a | 2013-08-27 21:55:01 +0200 | [diff] [blame] | 4590 | #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 4591 | if ( ssl->hostname != NULL ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4592 | { |
| 4593 | memset( ssl->hostname, 0, ssl->hostname_len ); |
Paul Bakker | 6e339b5 | 2013-07-03 13:37:05 +0200 | [diff] [blame] | 4594 | polarssl_free( ssl->hostname ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4595 | ssl->hostname_len = 0; |
| 4596 | } |
Paul Bakker | 0be444a | 2013-08-27 21:55:01 +0200 | [diff] [blame] | 4597 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4598 | |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 4599 | #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 4600 | if( ssl->psk != NULL ) |
| 4601 | { |
| 4602 | memset( ssl->psk, 0, ssl->psk_len ); |
| 4603 | memset( ssl->psk_identity, 0, ssl->psk_identity_len ); |
| 4604 | polarssl_free( ssl->psk ); |
| 4605 | polarssl_free( ssl->psk_identity ); |
| 4606 | ssl->psk_len = 0; |
| 4607 | ssl->psk_identity_len = 0; |
| 4608 | } |
| 4609 | #endif |
| 4610 | |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 4611 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Manuel Pégourié-Gonnard | 705fcca | 2013-09-23 20:04:20 +0200 | [diff] [blame] | 4612 | ssl_key_cert_free( ssl->key_cert ); |
| 4613 | #endif |
Manuel Pégourié-Gonnard | 070cc7f | 2013-08-21 15:09:31 +0200 | [diff] [blame] | 4614 | |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 4615 | #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) |
| 4616 | if( ssl_hw_record_finish != NULL ) |
| 4617 | { |
| 4618 | SSL_DEBUG_MSG( 2, ( "going for ssl_hw_record_finish()" ) ); |
| 4619 | ssl_hw_record_finish( ssl ); |
| 4620 | } |
| 4621 | #endif |
| 4622 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4623 | SSL_DEBUG_MSG( 2, ( "<= free" ) ); |
Paul Bakker | 2da561c | 2009-02-05 18:00:28 +0000 | [diff] [blame] | 4624 | |
Paul Bakker | 86f04f4 | 2013-02-14 11:20:09 +0100 | [diff] [blame] | 4625 | /* Actually clear after last debug message */ |
Paul Bakker | 2da561c | 2009-02-05 18:00:28 +0000 | [diff] [blame] | 4626 | memset( ssl, 0, sizeof( ssl_context ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4627 | } |
| 4628 | |
Manuel Pégourié-Gonnard | 1a48383 | 2013-09-20 12:29:15 +0200 | [diff] [blame] | 4629 | #if defined(POLARSSL_PK_C) |
Manuel Pégourié-Gonnard | 0d42049 | 2013-08-21 16:14:26 +0200 | [diff] [blame] | 4630 | /* |
Manuel Pégourié-Gonnard | 1a48383 | 2013-09-20 12:29:15 +0200 | [diff] [blame] | 4631 | * Convert between POLARSSL_PK_XXX and SSL_SIG_XXX |
Manuel Pégourié-Gonnard | 0d42049 | 2013-08-21 16:14:26 +0200 | [diff] [blame] | 4632 | */ |
| 4633 | unsigned char ssl_sig_from_pk( pk_context *pk ) |
| 4634 | { |
| 4635 | #if defined(POLARSSL_RSA_C) |
| 4636 | if( pk_can_do( pk, POLARSSL_PK_RSA ) ) |
| 4637 | return( SSL_SIG_RSA ); |
| 4638 | #endif |
| 4639 | #if defined(POLARSSL_ECDSA_C) |
| 4640 | if( pk_can_do( pk, POLARSSL_PK_ECDSA ) ) |
| 4641 | return( SSL_SIG_ECDSA ); |
| 4642 | #endif |
| 4643 | return( SSL_SIG_ANON ); |
| 4644 | } |
| 4645 | |
Manuel Pégourié-Gonnard | a20c58c | 2013-08-22 13:52:48 +0200 | [diff] [blame] | 4646 | pk_type_t ssl_pk_alg_from_sig( unsigned char sig ) |
| 4647 | { |
| 4648 | switch( sig ) |
| 4649 | { |
| 4650 | #if defined(POLARSSL_RSA_C) |
| 4651 | case SSL_SIG_RSA: |
| 4652 | return( POLARSSL_PK_RSA ); |
| 4653 | #endif |
| 4654 | #if defined(POLARSSL_ECDSA_C) |
| 4655 | case SSL_SIG_ECDSA: |
| 4656 | return( POLARSSL_PK_ECDSA ); |
| 4657 | #endif |
| 4658 | default: |
| 4659 | return( POLARSSL_PK_NONE ); |
| 4660 | } |
| 4661 | } |
Manuel Pégourié-Gonnard | 1a48383 | 2013-09-20 12:29:15 +0200 | [diff] [blame] | 4662 | #endif |
Manuel Pégourié-Gonnard | a20c58c | 2013-08-22 13:52:48 +0200 | [diff] [blame] | 4663 | |
Manuel Pégourié-Gonnard | 1a48383 | 2013-09-20 12:29:15 +0200 | [diff] [blame] | 4664 | /* |
| 4665 | * Convert between SSL_HASH_XXX and POLARSSL_MD_XXX |
| 4666 | */ |
Manuel Pégourié-Gonnard | a20c58c | 2013-08-22 13:52:48 +0200 | [diff] [blame] | 4667 | md_type_t ssl_md_alg_from_hash( unsigned char hash ) |
| 4668 | { |
| 4669 | switch( hash ) |
| 4670 | { |
| 4671 | #if defined(POLARSSL_MD5_C) |
| 4672 | case SSL_HASH_MD5: |
| 4673 | return( POLARSSL_MD_MD5 ); |
| 4674 | #endif |
| 4675 | #if defined(POLARSSL_SHA1_C) |
| 4676 | case SSL_HASH_SHA1: |
| 4677 | return( POLARSSL_MD_SHA1 ); |
| 4678 | #endif |
| 4679 | #if defined(POLARSSL_SHA256_C) |
| 4680 | case SSL_HASH_SHA224: |
| 4681 | return( POLARSSL_MD_SHA224 ); |
| 4682 | case SSL_HASH_SHA256: |
| 4683 | return( POLARSSL_MD_SHA256 ); |
| 4684 | #endif |
| 4685 | #if defined(POLARSSL_SHA512_C) |
| 4686 | case SSL_HASH_SHA384: |
| 4687 | return( POLARSSL_MD_SHA384 ); |
| 4688 | case SSL_HASH_SHA512: |
| 4689 | return( POLARSSL_MD_SHA512 ); |
| 4690 | #endif |
| 4691 | default: |
| 4692 | return( POLARSSL_MD_NONE ); |
| 4693 | } |
| 4694 | } |
| 4695 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 4696 | #endif |
Gergely Budai | 987bfb5 | 2014-01-19 21:48:42 +0100 | [diff] [blame] | 4697 | |
Manuel Pégourié-Gonnard | ab24010 | 2014-02-04 16:18:07 +0100 | [diff] [blame] | 4698 | #if defined(POLARSSL_SSL_SET_CURVES) |
| 4699 | /* |
| 4700 | * Check is a curve proposed by the peer is in our list. |
| 4701 | * Return 1 if we're willing to use it, 0 otherwise. |
| 4702 | */ |
| 4703 | int ssl_curve_is_acceptable( const ssl_context *ssl, ecp_group_id grp_id ) |
| 4704 | { |
| 4705 | const ecp_group_id *gid; |
| 4706 | |
| 4707 | for( gid = ssl->curve_list; *gid != POLARSSL_ECP_DP_NONE; gid++ ) |
| 4708 | if( *gid == grp_id ) |
| 4709 | return( 1 ); |
| 4710 | |
| 4711 | return( 0 ); |
| 4712 | } |
| 4713 | #endif |