| tlsv1_client_write.c (302408) | tlsv1_client_write.c (337817) |
|---|---|
| 1/* 2 * TLSv1 client - write handshake message | 1/* 2 * TLSv1 client - write handshake message |
| 3 * Copyright (c) 2006-2014, Jouni Malinen <j@w1.fi> | 3 * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi> |
| 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#include "common.h" --- 30 unchanged lines hidden (view full) --- 42} 43 44 45u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len) 46{ 47 u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr; 48 struct os_time now; 49 size_t len, i; | 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#include "common.h" --- 30 unchanged lines hidden (view full) --- 42} 43 44 45u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len) 46{ 47 u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr; 48 struct os_time now; 49 size_t len, i; |
| 50 u8 *ext_start; 51 u16 tls_version = TLS_VERSION; |
|
| 50 | 52 |
| 51 wpa_printf(MSG_DEBUG, "TLSv1: Send ClientHello"); | 53 /* Pick the highest locally enabled TLS version */ 54#ifdef CONFIG_TLSV12 55 if ((conn->flags & TLS_CONN_DISABLE_TLSv1_2) && 56 tls_version == TLS_VERSION_1_2) 57 tls_version = TLS_VERSION_1_1; 58#endif /* CONFIG_TLSV12 */ 59#ifdef CONFIG_TLSV11 60 if ((conn->flags & TLS_CONN_DISABLE_TLSv1_1) && 61 tls_version == TLS_VERSION_1_1) 62 tls_version = TLS_VERSION_1; 63#endif /* CONFIG_TLSV11 */ 64 if ((conn->flags & TLS_CONN_DISABLE_TLSv1_0) && 65 tls_version == TLS_VERSION_1) { 66 wpa_printf(MSG_INFO, "TLSv1: No TLS version allowed"); 67 return NULL; 68 } 69 70 wpa_printf(MSG_DEBUG, "TLSv1: Send ClientHello (ver %s)", 71 tls_version_str(tls_version)); |
| 52 *out_len = 0; 53 54 os_get_time(&now); 55 WPA_PUT_BE32(conn->client_random, now.sec); 56 if (random_get_bytes(conn->client_random + 4, TLS_RANDOM_LEN - 4)) { 57 wpa_printf(MSG_ERROR, "TLSv1: Could not generate " 58 "client_random"); 59 return NULL; 60 } 61 wpa_hexdump(MSG_MSGDUMP, "TLSv1: client_random", 62 conn->client_random, TLS_RANDOM_LEN); 63 | 72 *out_len = 0; 73 74 os_get_time(&now); 75 WPA_PUT_BE32(conn->client_random, now.sec); 76 if (random_get_bytes(conn->client_random + 4, TLS_RANDOM_LEN - 4)) { 77 wpa_printf(MSG_ERROR, "TLSv1: Could not generate " 78 "client_random"); 79 return NULL; 80 } 81 wpa_hexdump(MSG_MSGDUMP, "TLSv1: client_random", 82 conn->client_random, TLS_RANDOM_LEN); 83 |
| 64 len = 100 + conn->num_cipher_suites * 2 + conn->client_hello_ext_len; | 84 len = 150 + conn->num_cipher_suites * 2 + conn->client_hello_ext_len; |
| 65 hello = os_malloc(len); 66 if (hello == NULL) 67 return NULL; 68 end = hello + len; 69 70 rhdr = hello; 71 pos = rhdr + TLS_RECORD_HEADER_LEN; 72 73 /* opaque fragment[TLSPlaintext.length] */ 74 75 /* Handshake */ 76 hs_start = pos; 77 /* HandshakeType msg_type */ 78 *pos++ = TLS_HANDSHAKE_TYPE_CLIENT_HELLO; 79 /* uint24 length (to be filled) */ 80 hs_length = pos; 81 pos += 3; 82 /* body - ClientHello */ 83 /* ProtocolVersion client_version */ | 85 hello = os_malloc(len); 86 if (hello == NULL) 87 return NULL; 88 end = hello + len; 89 90 rhdr = hello; 91 pos = rhdr + TLS_RECORD_HEADER_LEN; 92 93 /* opaque fragment[TLSPlaintext.length] */ 94 95 /* Handshake */ 96 hs_start = pos; 97 /* HandshakeType msg_type */ 98 *pos++ = TLS_HANDSHAKE_TYPE_CLIENT_HELLO; 99 /* uint24 length (to be filled) */ 100 hs_length = pos; 101 pos += 3; 102 /* body - ClientHello */ 103 /* ProtocolVersion client_version */ |
| 84 WPA_PUT_BE16(pos, TLS_VERSION); | 104 WPA_PUT_BE16(pos, tls_version); |
| 85 pos += 2; 86 /* Random random: uint32 gmt_unix_time, opaque random_bytes */ 87 os_memcpy(pos, conn->client_random, TLS_RANDOM_LEN); 88 pos += TLS_RANDOM_LEN; 89 /* SessionID session_id */ 90 *pos++ = conn->session_id_len; 91 os_memcpy(pos, conn->session_id, conn->session_id_len); 92 pos += conn->session_id_len; 93 /* CipherSuite cipher_suites<2..2^16-1> */ 94 WPA_PUT_BE16(pos, 2 * conn->num_cipher_suites); 95 pos += 2; 96 for (i = 0; i < conn->num_cipher_suites; i++) { 97 WPA_PUT_BE16(pos, conn->cipher_suites[i]); 98 pos += 2; 99 } 100 /* CompressionMethod compression_methods<1..2^8-1> */ 101 *pos++ = 1; 102 *pos++ = TLS_COMPRESSION_NULL; 103 | 105 pos += 2; 106 /* Random random: uint32 gmt_unix_time, opaque random_bytes */ 107 os_memcpy(pos, conn->client_random, TLS_RANDOM_LEN); 108 pos += TLS_RANDOM_LEN; 109 /* SessionID session_id */ 110 *pos++ = conn->session_id_len; 111 os_memcpy(pos, conn->session_id, conn->session_id_len); 112 pos += conn->session_id_len; 113 /* CipherSuite cipher_suites<2..2^16-1> */ 114 WPA_PUT_BE16(pos, 2 * conn->num_cipher_suites); 115 pos += 2; 116 for (i = 0; i < conn->num_cipher_suites; i++) { 117 WPA_PUT_BE16(pos, conn->cipher_suites[i]); 118 pos += 2; 119 } 120 /* CompressionMethod compression_methods<1..2^8-1> */ 121 *pos++ = 1; 122 *pos++ = TLS_COMPRESSION_NULL; 123 |
| 124 /* Extension */ 125 ext_start = pos; 126 pos += 2; 127 128#ifdef CONFIG_TLSV12 129 if (conn->rl.tls_version >= TLS_VERSION_1_2) { 130 /* 131 * Add signature_algorithms extension since we support only 132 * SHA256 (and not the default SHA1) with TLSv1.2. 133 */ 134 /* ExtensionsType extension_type = signature_algorithms(13) */ 135 WPA_PUT_BE16(pos, TLS_EXT_SIGNATURE_ALGORITHMS); 136 pos += 2; 137 /* opaque extension_data<0..2^16-1> length */ 138 WPA_PUT_BE16(pos, 8); 139 pos += 2; 140 /* supported_signature_algorithms<2..2^16-2> length */ 141 WPA_PUT_BE16(pos, 6); 142 pos += 2; 143 /* supported_signature_algorithms */ 144 *pos++ = TLS_HASH_ALG_SHA512; 145 *pos++ = TLS_SIGN_ALG_RSA; 146 *pos++ = TLS_HASH_ALG_SHA384; 147 *pos++ = TLS_SIGN_ALG_RSA; 148 *pos++ = TLS_HASH_ALG_SHA256; 149 *pos++ = TLS_SIGN_ALG_RSA; 150 } 151#endif /* CONFIG_TLSV12 */ 152 |
|
| 104 if (conn->client_hello_ext) { 105 os_memcpy(pos, conn->client_hello_ext, 106 conn->client_hello_ext_len); 107 pos += conn->client_hello_ext_len; 108 } 109 | 153 if (conn->client_hello_ext) { 154 os_memcpy(pos, conn->client_hello_ext, 155 conn->client_hello_ext_len); 156 pos += conn->client_hello_ext_len; 157 } 158 |
| 159 if (conn->flags & TLS_CONN_REQUEST_OCSP) { 160 wpa_printf(MSG_DEBUG, 161 "TLSv1: Add status_request extension for OCSP stapling"); 162 /* ExtensionsType extension_type = status_request(5) */ 163 WPA_PUT_BE16(pos, TLS_EXT_STATUS_REQUEST); 164 pos += 2; 165 /* opaque extension_data<0..2^16-1> length */ 166 WPA_PUT_BE16(pos, 5); 167 pos += 2; 168 169 /* 170 * RFC 6066, 8: 171 * struct { 172 * CertificateStatusType status_type; 173 * select (status_type) { 174 * case ocsp: OCSPStatusRequest; 175 * } request; 176 * } CertificateStatusRequest; 177 * 178 * enum { ocsp(1), (255) } CertificateStatusType; 179 */ 180 *pos++ = 1; /* status_type = ocsp(1) */ 181 182 /* 183 * struct { 184 * ResponderID responder_id_list<0..2^16-1>; 185 * Extensions request_extensions; 186 * } OCSPStatusRequest; 187 * 188 * opaque ResponderID<1..2^16-1>; 189 * opaque Extensions<0..2^16-1>; 190 */ 191 WPA_PUT_BE16(pos, 0); /* responder_id_list(empty) */ 192 pos += 2; 193 WPA_PUT_BE16(pos, 0); /* request_extensions(empty) */ 194 pos += 2; 195 196 wpa_printf(MSG_DEBUG, 197 "TLSv1: Add status_request_v2 extension for OCSP stapling"); 198 /* ExtensionsType extension_type = status_request_v2(17) */ 199 WPA_PUT_BE16(pos, TLS_EXT_STATUS_REQUEST_V2); 200 pos += 2; 201 /* opaque extension_data<0..2^16-1> length */ 202 WPA_PUT_BE16(pos, 7); 203 pos += 2; 204 205 /* 206 * RFC 6961, 2.2: 207 * struct { 208 * CertificateStatusType status_type; 209 * uint16 request_length; 210 * select (status_type) { 211 * case ocsp: OCSPStatusRequest; 212 * case ocsp_multi: OCSPStatusRequest; 213 * } request; 214 * } CertificateStatusRequestItemV2; 215 * 216 * enum { ocsp(1), ocsp_multi(2), (255) } CertificateStatusType; 217 * 218 * struct { 219 * CertificateStatusRequestItemV2 220 * certificate_status_req_list<1..2^16-1>; 221 * } CertificateStatusRequestListV2; 222 */ 223 224 /* certificate_status_req_list<1..2^16-1> */ 225 WPA_PUT_BE16(pos, 5); 226 pos += 2; 227 228 /* CertificateStatusRequestItemV2 */ 229 *pos++ = 2; /* status_type = ocsp_multi(2) */ 230 /* OCSPStatusRequest as shown above for v1 */ 231 WPA_PUT_BE16(pos, 0); /* responder_id_list(empty) */ 232 pos += 2; 233 WPA_PUT_BE16(pos, 0); /* request_extensions(empty) */ 234 pos += 2; 235 } 236 237 if (pos == ext_start + 2) 238 pos -= 2; /* no extensions */ 239 else 240 WPA_PUT_BE16(ext_start, pos - ext_start - 2); 241 |
|
| 110 WPA_PUT_BE24(hs_length, pos - hs_length - 3); 111 tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start); 112 113 if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE, 114 rhdr, end - rhdr, hs_start, pos - hs_start, 115 out_len) < 0) { 116 wpa_printf(MSG_DEBUG, "TLSv1: Failed to create TLS record"); 117 tls_alert(conn, TLS_ALERT_LEVEL_FATAL, --- 11 unchanged lines hidden (view full) --- 129static int tls_write_client_certificate(struct tlsv1_client *conn, 130 u8 **msgpos, u8 *end) 131{ 132 u8 *pos, *rhdr, *hs_start, *hs_length, *cert_start; 133 size_t rlen; 134 struct x509_certificate *cert; 135 136 pos = *msgpos; | 242 WPA_PUT_BE24(hs_length, pos - hs_length - 3); 243 tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start); 244 245 if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE, 246 rhdr, end - rhdr, hs_start, pos - hs_start, 247 out_len) < 0) { 248 wpa_printf(MSG_DEBUG, "TLSv1: Failed to create TLS record"); 249 tls_alert(conn, TLS_ALERT_LEVEL_FATAL, --- 11 unchanged lines hidden (view full) --- 261static int tls_write_client_certificate(struct tlsv1_client *conn, 262 u8 **msgpos, u8 *end) 263{ 264 u8 *pos, *rhdr, *hs_start, *hs_length, *cert_start; 265 size_t rlen; 266 struct x509_certificate *cert; 267 268 pos = *msgpos; |
| 269 if (TLS_RECORD_HEADER_LEN + 1 + 3 + 3 > end - pos) { 270 tls_alert(conn, TLS_ALERT_LEVEL_FATAL, 271 TLS_ALERT_INTERNAL_ERROR); 272 return -1; 273 } |
|
| 137 138 wpa_printf(MSG_DEBUG, "TLSv1: Send Certificate"); 139 rhdr = pos; 140 pos += TLS_RECORD_HEADER_LEN; 141 142 /* opaque fragment[TLSPlaintext.length] */ 143 144 /* Handshake */ --- 4 unchanged lines hidden (view full) --- 149 hs_length = pos; 150 pos += 3; 151 /* body - Certificate */ 152 /* uint24 length (to be filled) */ 153 cert_start = pos; 154 pos += 3; 155 cert = conn->cred ? conn->cred->cert : NULL; 156 while (cert) { | 274 275 wpa_printf(MSG_DEBUG, "TLSv1: Send Certificate"); 276 rhdr = pos; 277 pos += TLS_RECORD_HEADER_LEN; 278 279 /* opaque fragment[TLSPlaintext.length] */ 280 281 /* Handshake */ --- 4 unchanged lines hidden (view full) --- 286 hs_length = pos; 287 pos += 3; 288 /* body - Certificate */ 289 /* uint24 length (to be filled) */ 290 cert_start = pos; 291 pos += 3; 292 cert = conn->cred ? conn->cred->cert : NULL; 293 while (cert) { |
| 157 if (pos + 3 + cert->cert_len > end) { | 294 if (3 + cert->cert_len > (size_t) (end - pos)) { |
| 158 wpa_printf(MSG_DEBUG, "TLSv1: Not enough buffer space " 159 "for Certificate (cert_len=%lu left=%lu)", 160 (unsigned long) cert->cert_len, 161 (unsigned long) (end - pos)); 162 tls_alert(conn, TLS_ALERT_LEVEL_FATAL, 163 TLS_ALERT_INTERNAL_ERROR); 164 return -1; 165 } --- 94 unchanged lines hidden (view full) --- 260 os_free(csecret); 261 os_free(dh_yc); 262 return -1; 263 } 264 265 wpa_hexdump(MSG_DEBUG, "TLSv1: DH Yc (client's public value)", 266 dh_yc, dh_yc_len); 267 | 295 wpa_printf(MSG_DEBUG, "TLSv1: Not enough buffer space " 296 "for Certificate (cert_len=%lu left=%lu)", 297 (unsigned long) cert->cert_len, 298 (unsigned long) (end - pos)); 299 tls_alert(conn, TLS_ALERT_LEVEL_FATAL, 300 TLS_ALERT_INTERNAL_ERROR); 301 return -1; 302 } --- 94 unchanged lines hidden (view full) --- 397 os_free(csecret); 398 os_free(dh_yc); 399 return -1; 400 } 401 402 wpa_hexdump(MSG_DEBUG, "TLSv1: DH Yc (client's public value)", 403 dh_yc, dh_yc_len); 404 |
| 405 if (end - *pos < 2) { 406 tls_alert(conn, TLS_ALERT_LEVEL_FATAL, 407 TLS_ALERT_INTERNAL_ERROR); 408 os_free(csecret); 409 os_free(dh_yc); 410 return -1; 411 } |
|
| 268 WPA_PUT_BE16(*pos, dh_yc_len); 269 *pos += 2; | 412 WPA_PUT_BE16(*pos, dh_yc_len); 413 *pos += 2; |
| 270 if (*pos + dh_yc_len > end) { | 414 if (dh_yc_len > (size_t) (end - *pos)) { |
| 271 wpa_printf(MSG_DEBUG, "TLSv1: Not enough room in the " 272 "message buffer for Yc"); 273 tls_alert(conn, TLS_ALERT_LEVEL_FATAL, 274 TLS_ALERT_INTERNAL_ERROR); 275 os_free(csecret); 276 os_free(dh_yc); 277 return -1; 278 } --- 505 unchanged lines hidden (view full) --- 784 os_free(msg); 785 return NULL; 786 } 787 788 *out_len = pos - msg; 789 790 wpa_printf(MSG_DEBUG, "TLSv1: Session resumption completed " 791 "successfully"); | 415 wpa_printf(MSG_DEBUG, "TLSv1: Not enough room in the " 416 "message buffer for Yc"); 417 tls_alert(conn, TLS_ALERT_LEVEL_FATAL, 418 TLS_ALERT_INTERNAL_ERROR); 419 os_free(csecret); 420 os_free(dh_yc); 421 return -1; 422 } --- 505 unchanged lines hidden (view full) --- 928 os_free(msg); 929 return NULL; 930 } 931 932 *out_len = pos - msg; 933 934 wpa_printf(MSG_DEBUG, "TLSv1: Session resumption completed " 935 "successfully"); |
| 936 if (!conn->session_resumed && conn->use_session_ticket) 937 conn->session_resumed = 1; |
|
| 792 conn->state = ESTABLISHED; 793 794 return msg; 795} 796 797 798u8 * tlsv1_client_handshake_write(struct tlsv1_client *conn, size_t *out_len, 799 int no_appl_data) --- 61 unchanged lines hidden --- | 938 conn->state = ESTABLISHED; 939 940 return msg; 941} 942 943 944u8 * tlsv1_client_handshake_write(struct tlsv1_client *conn, size_t *out_len, 945 int no_appl_data) --- 61 unchanged lines hidden --- |