23 static int tls_process_client_key_exchange(struct tlsv1_server *conn, u8 ct,
25 static int tls_process_change_cipher_spec(struct tlsv1_server *conn,
30 static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
43 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
58 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
80 	conn->client_version = WPA_GET_BE16(pos);
82 		   conn->client_version >> 8, conn->client_version & 0xff);
83 	if (conn->client_version < TLS_VERSION_1) {
86 			   conn->client_version >> 8,
87 			   conn->client_version & 0xff);
88 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
95 		conn->rl.tls_version = TLS_VERSION_1;
97 	else if (conn->client_version >= TLS_VERSION_1_2)
98 		conn->rl.tls_version = TLS_VERSION_1_2;
100 	else if (conn->client_version > TLS_VERSION_1_1)
101 		conn->rl.tls_version = TLS_VERSION_1_1;
103 		conn->rl.tls_version = conn->client_version;
105 		   tls_version_str(conn->rl.tls_version));
111 	os_memcpy(conn->client_random, pos, TLS_RANDOM_LEN);
114 		    conn->client_random, TLS_RANDOM_LEN);
139 	for (i = 0; !cipher_suite && i < conn->num_cipher_suites; i++) {
144 			if (!cipher_suite && tmp == conn->cipher_suites[i]) {
154 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
159 	if (tlsv1_record_set_cipher_suite(&conn->rl, cipher_suite) < 0) {
162 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
167 	conn->cipher_suite = cipher_suite;
185 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
248 				os_free(conn->session_ticket);
249 				conn->session_ticket = os_malloc(ext_len);
250 				if (conn->session_ticket) {
251 					os_memcpy(conn->session_ticket, pos,
253 					conn->session_ticket_len = ext_len;
265 	conn->state = SERVER_HELLO;
271 	tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
277 static int tls_process_certificate(struct tlsv1_server *conn, u8 ct,
289 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
300 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
314 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
320 		if (conn->verify_peer) {
323 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
328 		return tls_process_client_key_exchange(conn, ct, in_data,
335 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
357 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
370 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
380 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
394 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
404 			crypto_public_key_free(conn->client_rsa_key);
406 					   &conn->client_rsa_key)) {
409 				tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
420 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
436 	if (x509_certificate_chain_validate(conn->cred->trusted_certs, chain,
464 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, tls_reason);
473 	conn->state = CLIENT_KEY_EXCHANGE;
480 	struct tlsv1_server *conn, const u8 *pos, const u8 *end)
489 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
500 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
509 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
532 	if (crypto_private_key_decrypt_pkcs1_v15(conn->cred->key,
547 	if (!use_random && WPA_GET_BE16(out) != conn->client_version) {
561 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
568 	res = tlsv1_server_derive_keys(conn, out, outlen);
576 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
586 	struct tlsv1_server *conn, const u8 *pos, const u8 *end)
609 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
617 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
628 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
636 	if (conn->cred == NULL || conn->cred->dh_p == NULL ||
637 	    conn->dh_secret == NULL) {
639 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
644 	shared_len = conn->cred->dh_p_len;
649 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
655 	if (crypto_mod_exp(dh_yc, dh_yc_len, conn->dh_secret,
656 			   conn->dh_secret_len,
657 			   conn->cred->dh_p, conn->cred->dh_p_len,
660 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
667 	os_memset(conn->dh_secret, 0, conn->dh_secret_len);
668 	os_free(conn->dh_secret);
669 	conn->dh_secret = NULL;
671 	res = tlsv1_server_derive_keys(conn, shared, shared_len);
679 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
688 static int tls_process_client_key_exchange(struct tlsv1_server *conn, u8 ct,
700 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
711 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
725 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
735 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
744 	suite = tls_get_cipher_suite(conn->rl.cipher_suite);
751 	    tls_process_client_key_exchange_dh_anon(conn, pos, end) < 0)
755 	    tls_process_client_key_exchange_rsa(conn, pos, end) < 0)
760 	conn->state = CERTIFICATE_VERIFY;
766 static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
778 		if (conn->verify_peer) {
781 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
786 		return tls_process_change_cipher_spec(conn, ct, in_data,
793 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
804 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
818 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
828 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
844 	if (conn->rl.tls_version == TLS_VERSION_1_2) {
856 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
865 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
872 		if (conn->verify.sha256_cert == NULL ||
873 		    crypto_hash_finish(conn->verify.sha256_cert, hpos, &hlen) <
875 			conn->verify.sha256_cert = NULL;
876 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
880 		conn->verify.sha256_cert = NULL;
886 		if (conn->verify.md5_cert == NULL ||
887 		    crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0)
889 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
891 			conn->verify.md5_cert = NULL;
892 			crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
893 			conn->verify.sha1_cert = NULL;
898 		crypto_hash_finish(conn->verify.md5_cert, NULL, NULL);
900 	conn->verify.md5_cert = NULL;
902 	if (conn->verify.sha1_cert == NULL ||
903 	    crypto_hash_finish(conn->verify.sha1_cert, hpos, &hlen) < 0) {
904 		conn->verify.sha1_cert = NULL;
905 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
909 	conn->verify.sha1_cert = NULL;
921 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
928 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
934 	if (conn->client_rsa_key == NULL) {
937 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
944 	if (crypto_public_key_decrypt_pkcs1(conn->client_rsa_key,
949 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
958 	if (conn->rl.tls_version >= TLS_VERSION_1_2) {
985 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
997 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1006 	conn->state = CHANGE_CIPHER_SPEC;
1012 static int tls_process_change_cipher_spec(struct tlsv1_server *conn,
1022 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1032 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1040 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1046 	if (tlsv1_record_change_read_cipher(&conn->rl) < 0) {
1049 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1056 	conn->state = CLIENT_FINISHED;
1062 static int tls_process_client_finished(struct tlsv1_server *conn, u8 ct,
1073 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1085 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1093 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1107 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1116 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1124 	if (conn->rl.tls_version >= TLS_VERSION_1_2) {
1126 		if (conn->verify.sha256_client == NULL ||
1127 		    crypto_hash_finish(conn->verify.sha256_client, hash, &hlen)
1129 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1131 			conn->verify.sha256_client = NULL;
1134 		conn->verify.sha256_client = NULL;
1139 	if (conn->verify.md5_client == NULL ||
1140 	    crypto_hash_finish(conn->verify.md5_client, hash, &hlen) < 0) {
1141 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1143 		conn->verify.md5_client = NULL;
1144 		crypto_hash_finish(conn->verify.sha1_client, NULL, NULL);
1145 		conn->verify.sha1_client = NULL;
1148 	conn->verify.md5_client = NULL;
1150 	if (conn->verify.sha1_client == NULL ||
1151 	    crypto_hash_finish(conn->verify.sha1_client, hash + MD5_MAC_LEN,
1153 		conn->verify.sha1_client = NULL;
1154 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1158 	conn->verify.sha1_client = NULL;
1165 	if (tls_prf(conn->rl.tls_version,
1166 		    conn->master_secret, TLS_MASTER_SECRET_LEN,
1170 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1186 	if (conn->use_session_ticket) {
1190 		conn->state = ESTABLISHED;
1193 		conn->state = SERVER_CHANGE_CIPHER_SPEC;
1200 int tlsv1_server_process_handshake(struct tlsv1_server *conn, u8 ct,
1206 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
1213 		conn->state = FAILED;
1217 	switch (conn->state) {
1219 		if (tls_process_client_hello(conn, ct, buf, len))
1223 		if (tls_process_certificate(conn, ct, buf, len))
1227 		if (tls_process_client_key_exchange(conn, ct, buf, len))
1231 		if (tls_process_certificate_verify(conn, ct, buf, len))
1235 		if (tls_process_change_cipher_spec(conn, ct, buf, len))
1239 		if (tls_process_client_finished(conn, ct, buf, len))
1245 			   conn->state);
1250 		tls_verify_hash_add(&conn->verify, buf, *len);

Indexes created Sun Jun 23 19:15:37 MDT 2024