24 static size_t tls_server_cert_chain_der_len(struct tlsv1_server *conn)
29 	cert = conn->cred->cert;
34 		cert = x509_certificate_get_subject(conn->cred->trusted_certs,
42 static int tls_write_server_hello(struct tlsv1_server *conn,
56 	WPA_PUT_BE32(conn->server_random, now.sec);
57 	if (random_get_bytes(conn->server_random + 4, TLS_RANDOM_LEN - 4)) {
63 		    conn->server_random, TLS_RANDOM_LEN);
65 	conn->session_id_len = TLS_SESSION_ID_MAX_LEN;
66 	if (random_get_bytes(conn->session_id, conn->session_id_len)) {
72 		    conn->session_id, conn->session_id_len);
85 	WPA_PUT_BE16(pos, conn->rl.tls_version);
88 	os_memcpy(pos, conn->server_random, TLS_RANDOM_LEN);
91 	*pos++ = conn->session_id_len;
92 	os_memcpy(pos, conn->session_id, conn->session_id_len);
93 	pos += conn->session_id_len;
95 	WPA_PUT_BE16(pos, conn->cipher_suite);
100 	if (conn->session_ticket && conn->session_ticket_cb) {
101 		int res = conn->session_ticket_cb(
102 			conn->session_ticket_cb_ctx,
103 			conn->session_ticket, conn->session_ticket_len,
104 			conn->client_random, conn->server_random,
105 			conn->master_secret);
109 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
113 		conn->use_session_ticket = res;
115 		if (conn->use_session_ticket) {
116 			if (tlsv1_server_derive_keys(conn, NULL, 0) < 0) {
119 				tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
138 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
140 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
144 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
156 static int tls_write_server_certificate(struct tlsv1_server *conn,
164 	suite = tls_get_cipher_suite(conn->rl.cipher_suite);
190 	cert = conn->cred->cert;
197 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
208 		cert = x509_certificate_get_subject(conn->cred->trusted_certs,
211 	if (cert == conn->cred->cert || cert == NULL) {
225 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
229 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
235 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
243 static int tls_write_server_key_exchange(struct tlsv1_server *conn,
253 	suite = tls_get_cipher_suite(conn->rl.cipher_suite);
259 	if (!tls_server_key_exchange_allowed(conn->rl.cipher_suite)) {
271 	if (conn->cred == NULL || conn->cred->dh_p == NULL ||
272 	    conn->cred->dh_g == NULL) {
278 	os_free(conn->dh_secret);
279 	conn->dh_secret_len = conn->cred->dh_p_len;
280 	conn->dh_secret = os_malloc(conn->dh_secret_len);
281 	if (conn->dh_secret == NULL) {
284 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
288 	if (random_get_bytes(conn->dh_secret, conn->dh_secret_len)) {
291 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
293 		os_free(conn->dh_secret);
294 		conn->dh_secret = NULL;
298 	if (os_memcmp(conn->dh_secret, conn->cred->dh_p, conn->dh_secret_len) >
300 		conn->dh_secret[0] = 0; /* make sure secret < p */
302 	pos = conn->dh_secret;
303 	while (pos + 1 < conn->dh_secret + conn->dh_secret_len && *pos == 0)
305 	if (pos != conn->dh_secret) {
306 		os_memmove(conn->dh_secret, pos,
307 			   conn->dh_secret_len - (pos - conn->dh_secret));
308 		conn->dh_secret_len -= pos - conn->dh_secret;
311 			conn->dh_secret, conn->dh_secret_len);
314 	dh_ys_len = conn->cred->dh_p_len;
319 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
323 	if (crypto_mod_exp(conn->cred->dh_g, conn->cred->dh_g_len,
324 			   conn->dh_secret, conn->dh_secret_len,
325 			   conn->cred->dh_p, conn->cred->dh_p_len,
327 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
373 	if (pos + 2 + conn->cred->dh_p_len > end) {
376 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
381 	WPA_PUT_BE16(pos, conn->cred->dh_p_len);
383 	os_memcpy(pos, conn->cred->dh_p, conn->cred->dh_p_len);
384 	pos += conn->cred->dh_p_len;
387 	if (pos + 2 + conn->cred->dh_g_len > end) {
390 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
395 	WPA_PUT_BE16(pos, conn->cred->dh_g_len);
397 	os_memcpy(pos, conn->cred->dh_g, conn->cred->dh_g_len);
398 	pos += conn->cred->dh_g_len;
404 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
417 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
421 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
427 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
435 static int tls_write_server_certificate_request(struct tlsv1_server *conn,
441 	if (!conn->verify_peer) {
483 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
487 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
493 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
501 static int tls_write_server_hello_done(struct tlsv1_server *conn,
521 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
525 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
530 	tls_verify_hash_add(&conn->verify, payload, pos - payload);
538 static int tls_write_server_change_cipher_spec(struct tlsv1_server *conn,
548 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC,
552 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
557 	if (tlsv1_record_change_write_cipher(&conn->rl) < 0) {
560 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
571 static int tls_write_server_finished(struct tlsv1_server *conn,
586 	if (conn->rl.tls_version >= TLS_VERSION_1_2) {
588 		if (conn->verify.sha256_server == NULL ||
589 		    crypto_hash_finish(conn->verify.sha256_server, hash, &hlen)
591 			conn->verify.sha256_server = NULL;
592 			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
596 		conn->verify.sha256_server = NULL;
601 	if (conn->verify.md5_server == NULL ||
602 	    crypto_hash_finish(conn->verify.md5_server, hash, &hlen) < 0) {
603 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
605 		conn->verify.md5_server = NULL;
606 		crypto_hash_finish(conn->verify.sha1_server, NULL, NULL);
607 		conn->verify.sha1_server = NULL;
610 	conn->verify.md5_server = NULL;
612 	if (conn->verify.sha1_server == NULL ||
613 	    crypto_hash_finish(conn->verify.sha1_server, hash + MD5_MAC_LEN,
615 		conn->verify.sha1_server = NULL;
616 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
620 	conn->verify.sha1_server = NULL;
627 	if (tls_prf(conn->rl.tls_version,
628 		    conn->master_secret, TLS_MASTER_SECRET_LEN,
632 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
647 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
649 	if (tlsv1_record_send(&conn->rl, TLS_CONTENT_TYPE_HANDSHAKE,
653 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
664 static u8 * tls_send_server_hello(struct tlsv1_server *conn, size_t *out_len)
671 	msglen = 1000 + tls_server_cert_chain_der_len(conn);
680 	if (tls_write_server_hello(conn, &pos, end) < 0) {
685 	if (conn->use_session_ticket) {
687 		if (tls_write_server_change_cipher_spec(conn, &pos, end) < 0 ||
688 		    tls_write_server_finished(conn, &pos, end) < 0) {
695 		conn->state = CHANGE_CIPHER_SPEC;
701 	if (tls_write_server_certificate(conn, &pos, end) < 0 ||
702 	    tls_write_server_key_exchange(conn, &pos, end) < 0 ||
703 	    tls_write_server_certificate_request(conn, &pos, end) < 0 ||
704 	    tls_write_server_hello_done(conn, &pos, end) < 0) {
711 	conn->state = CLIENT_CERTIFICATE;
717 static u8 * tls_send_change_cipher_spec(struct tlsv1_server *conn,
731 	if (tls_write_server_change_cipher_spec(conn, &pos, end) < 0 ||
732 	    tls_write_server_finished(conn, &pos, end) < 0) {
740 	conn->state = ESTABLISHED;
746 u8 * tlsv1_server_handshake_write(struct tlsv1_server *conn, size_t *out_len)
748 	switch (conn->state) {
750 		return tls_send_server_hello(conn, out_len);
752 		return tls_send_change_cipher_spec(conn, out_len);
754 		if (conn->state == ESTABLISHED && conn->use_session_ticket) {
759 			   "generating reply", conn->state);
765 u8 * tlsv1_server_send_alert(struct tlsv1_server *conn, u8 level,
783 	WPA_PUT_BE16(pos, conn->rl.tls_version ? conn->rl.tls_version :

Indexes created Sun Jun 23 19:15:37 MDT 2024