22 static int tls_process_server_key_exchange(struct tlsv1_client *conn, u8 ct,
24 static int tls_process_certificate_request(struct tlsv1_client *conn, u8 ct,
26 static int tls_process_server_hello_done(struct tlsv1_client *conn, u8 ct,
30 static int tls_process_server_hello(struct tlsv1_client *conn, u8 ct,
41 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
56 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
82 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
90 	conn->rl.tls_version = tls_version;
96 	os_memcpy(conn->server_random, pos, TLS_RANDOM_LEN);
99 		    conn->server_random, TLS_RANDOM_LEN);
106 	if (conn->session_id_len && conn->session_id_len == *pos &&
107 	    os_memcmp(conn->session_id, pos + 1, conn->session_id_len) == 0) {
108 		pos += 1 + conn->session_id_len;
110 		conn->session_resumed = 1;
112 		conn->session_id_len = *pos;
114 		os_memcpy(conn->session_id, pos, conn->session_id_len);
115 		pos += conn->session_id_len;
118 		    conn->session_id, conn->session_id_len);
125 	for (i = 0; i < conn->num_cipher_suites; i++) {
126 		if (cipher_suite == conn->cipher_suites[i])
129 	if (i == conn->num_cipher_suites) {
132 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
137 	if (conn->session_resumed && cipher_suite != conn->prev_cipher_suite) {
140 			   "0x%04x)", cipher_suite, conn->prev_cipher_suite);
141 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
146 	if (tlsv1_record_set_cipher_suite(&conn->rl, cipher_suite) < 0) {
149 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
154 	conn->prev_cipher_suite = cipher_suite;
162 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
175 	if (conn->session_ticket_included && conn->session_ticket_cb) {
178 		int res = conn->session_ticket_cb(
179 			conn->session_ticket_cb_ctx, NULL, 0,
180 			conn->client_random, conn->server_random,
181 			conn->master_secret);
185 			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
189 		conn->use_session_ticket = !!res;
192 	if ((conn->session_resumed || conn->use_session_ticket) &&
193 	    tls_derive_keys(conn, NULL, 0)) {
195 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
202 	conn->state = (conn->session_resumed || conn->use_session_ticket) ?
209 	tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
214 static int tls_process_certificate(struct tlsv1_client *conn, u8 ct,
226 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
237 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
250 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
255 		return tls_process_server_key_exchange(conn, ct, in_data,
258 		return tls_process_certificate_request(conn, ct, in_data,
261 		return tls_process_server_hello_done(conn, ct, in_data,
268 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
290 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
302 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
311 			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
325 			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
335 			crypto_public_key_free(conn->server_rsa_key);
337 					   &conn->server_rsa_key)) {
340 				tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
351 			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
367 	if (conn->cred &&
368 	    x509_certificate_chain_validate(conn->cred->trusted_certs, chain,
369 					    &reason, conn->disable_time_checks)
397 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, tls_reason);
406 	conn->state = SERVER_KEY_EXCHANGE;
412 static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
417 	tlsv1_client_free_dh(conn);
424 	conn->dh_p_len = WPA_GET_BE16(pos);
426 	if (conn->dh_p_len == 0 || end - pos < (int) conn->dh_p_len) {
428 			   (unsigned long) conn->dh_p_len);
431 	conn->dh_p = os_malloc(conn->dh_p_len);
432 	if (conn->dh_p == NULL)
434 	os_memcpy(conn->dh_p, pos, conn->dh_p_len);
435 	pos += conn->dh_p_len;
437 		    conn->dh_p, conn->dh_p_len);
441 	conn->dh_g_len = WPA_GET_BE16(pos);
443 	if (conn->dh_g_len == 0 || end - pos < (int) conn->dh_g_len)
445 	conn->dh_g = os_malloc(conn->dh_g_len);
446 	if (conn->dh_g == NULL)
448 	os_memcpy(conn->dh_g, pos, conn->dh_g_len);
449 	pos += conn->dh_g_len;
451 		    conn->dh_g, conn->dh_g_len);
452 	if (conn->dh_g_len == 1 && conn->dh_g[0] < 2)
457 	conn->dh_ys_len = WPA_GET_BE16(pos);
459 	if (conn->dh_ys_len == 0 || end - pos < (int) conn->dh_ys_len)
461 	conn->dh_ys = os_malloc(conn->dh_ys_len);
462 	if (conn->dh_ys == NULL)
464 	os_memcpy(conn->dh_ys, pos, conn->dh_ys_len);
465 	pos += conn->dh_ys_len;
467 		    conn->dh_ys, conn->dh_ys_len);
473 	tlsv1_client_free_dh(conn);
478 static int tls_process_server_key_exchange(struct tlsv1_client *conn, u8 ct,
489 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
500 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
513 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
520 		return tls_process_certificate_request(conn, ct, in_data,
523 		return tls_process_server_hello_done(conn, ct, in_data,
529 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
536 	if (!tls_server_key_exchange_allowed(conn->rl.cipher_suite)) {
539 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
545 	suite = tls_get_cipher_suite(conn->rl.cipher_suite);
547 		if (tlsv1_process_diffie_hellman(conn, pos, len) < 0) {
548 			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
554 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
561 	conn->state = SERVER_CERTIFICATE_REQUEST;
567 static int tls_process_certificate_request(struct tlsv1_client *conn, u8 ct,
577 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
588 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
601 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
608 		return tls_process_server_hello_done(conn, ct, in_data,
614 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
621 	conn->certificate_requested = 1;
625 	conn->state = SERVER_HELLO_DONE;
631 static int tls_process_server_hello_done(struct tlsv1_client *conn, u8 ct,
641 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
652 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
665 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
673 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
682 	conn->state = CLIENT_KEY_EXCHANGE;
688 static int tls_process_server_change_cipher_spec(struct tlsv1_client *conn,
698 		if (conn->use_session_ticket) {
702 			conn->use_session_ticket = 0;
705 			res = conn->session_ticket_cb(
706 				conn->session_ticket_cb_ctx, NULL, 0, NULL,
711 				tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
716 			conn->state = SERVER_CERTIFICATE;
717 			return tls_process_certificate(conn, ct, in_data,
720 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
730 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECODE_ERROR);
737 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
743 	if (tlsv1_record_change_read_cipher(&conn->rl) < 0) {
746 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
753 	conn->state = SERVER_FINISHED;
759 static int tls_process_server_finished(struct tlsv1_client *conn, u8 ct,
770 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
782 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
790 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
804 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
813 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
821 	if (conn->rl.tls_version >= TLS_VERSION_1_2) {
823 		if (conn->verify.sha256_server == NULL ||
824 		    crypto_hash_finish(conn->verify.sha256_server, hash, &hlen)
826 			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
828 			conn->verify.sha256_server = NULL;
831 		conn->verify.sha256_server = NULL;
836 	if (conn->verify.md5_server == NULL ||
837 	    crypto_hash_finish(conn->verify.md5_server, hash, &hlen) < 0) {
838 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
840 		conn->verify.md5_server = NULL;
841 		crypto_hash_finish(conn->verify.sha1_server, NULL, NULL);
842 		conn->verify.sha1_server = NULL;
845 	conn->verify.md5_server = NULL;
847 	if (conn->verify.sha1_server == NULL ||
848 	    crypto_hash_finish(conn->verify.sha1_server, hash + MD5_MAC_LEN,
850 		conn->verify.sha1_server = NULL;
851 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
855 	conn->verify.sha1_server = NULL;
862 	if (tls_prf(conn->rl.tls_version,
863 		    conn->master_secret, TLS_MASTER_SECRET_LEN,
867 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
883 	conn->state = (conn->session_resumed || conn->use_session_ticket) ?
890 static int tls_process_application_data(struct tlsv1_client *conn, u8 ct,
900 		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
921 int tlsv1_client_process_handshake(struct tlsv1_client *conn, u8 ct,
928 			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
935 		conn->state = FAILED;
944 			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
953 	switch (conn->state) {
955 		if (tls_process_server_hello(conn, ct, buf, len))
959 		if (tls_process_certificate(conn, ct, buf, len))
963 		if (tls_process_server_key_exchange(conn, ct, buf, len))
967 		if (tls_process_certificate_request(conn, ct, buf, len))
971 		if (tls_process_server_hello_done(conn, ct, buf, len))
975 		if (tls_process_server_change_cipher_spec(conn, ct, buf, len))
979 		if (tls_process_server_finished(conn, ct, buf, len))
984 		    tls_process_application_data(conn, ct, buf, len, out_data,
991 			   conn->state);
996 		tls_verify_hash_add(&conn->verify, buf, *len);

Indexes created Sun Jun 23 19:15:37 MDT 2024