47 	u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr;
71 	pos = rhdr + TLS_RECORD_HEADER_LEN;
76 	hs_start = pos;
78 	*pos++ = TLS_HANDSHAKE_TYPE_CLIENT_HELLO;
80 	hs_length = pos;
81 	pos += 3;
84 	WPA_PUT_BE16(pos, TLS_VERSION);
85 	pos += 2;
87 	os_memcpy(pos, conn->client_random, TLS_RANDOM_LEN);
88 	pos += TLS_RANDOM_LEN;
90 	*pos++ = conn->session_id_len;
91 	os_memcpy(pos, conn->session_id, conn->session_id_len);
92 	pos += conn->session_id_len;
94 	WPA_PUT_BE16(pos, 2 * conn->num_cipher_suites);
95 	pos += 2;
97 		WPA_PUT_BE16(pos, conn->cipher_suites[i]);
98 		pos += 2;
101 	*pos++ = 1;
102 	*pos++ = TLS_COMPRESSION_NULL;
105 		os_memcpy(pos, conn->client_hello_ext,
107 		pos += conn->client_hello_ext_len;
110 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);
111 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
114 			      rhdr, end - rhdr, hs_start, pos - hs_start,
132 	u8 *pos, *rhdr, *hs_start, *hs_length, *cert_start;
136 	pos = *msgpos;
139 	rhdr = pos;
140 	pos += TLS_RECORD_HEADER_LEN;
145 	hs_start = pos;
147 	*pos++ = TLS_HANDSHAKE_TYPE_CERTIFICATE;
149 	hs_length = pos;
150 	pos += 3;
153 	cert_start = pos;
154 	pos += 3;
157 		if (pos + 3 + cert->cert_len > end) {
161 				   (unsigned long) (end - pos));
166 		WPA_PUT_BE24(pos, cert->cert_len);
167 		pos += 3;
168 		os_memcpy(pos, cert->cert_start, cert->cert_len);
169 		pos += cert->cert_len;
186 	WPA_PUT_BE24(cert_start, pos - cert_start - 3);
188 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);
191 			      rhdr, end - rhdr, hs_start, pos - hs_start,
198 	pos = rhdr + rlen;
200 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
202 	*msgpos = pos;
208 static int tlsv1_key_x_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)
268 	WPA_PUT_BE16(*pos, dh_yc_len);
269 	*pos += 2;
270 	if (*pos + dh_yc_len > end) {
279 	os_memcpy(*pos, dh_yc, dh_yc_len);
280 	*pos += dh_yc_len;
324 static int tlsv1_key_x_rsa(struct tlsv1_client *conn, u8 **pos, u8 *end)
349 	*pos += 2;
350 	clen = end - *pos;
354 		*pos, &clen);
362 	WPA_PUT_BE16(*pos - 2, clen);
364 		    *pos, clen);
365 	*pos += clen;
374 	u8 *pos, *rhdr, *hs_start, *hs_length;
385 	pos = *msgpos;
389 	rhdr = pos;
390 	pos += TLS_RECORD_HEADER_LEN;
395 	hs_start = pos;
397 	*pos++ = TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE;
399 	hs_length = pos;
400 	pos += 3;
403 		if (tlsv1_key_x_dh(conn, &pos, end) < 0)
406 		if (tlsv1_key_x_rsa(conn, &pos, end) < 0)
410 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);
413 			      rhdr, end - rhdr, hs_start, pos - hs_start,
420 	pos = rhdr + rlen;
421 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
423 	*msgpos = pos;
432 	u8 *pos, *rhdr, *hs_start, *hs_length, *signed_start;
436 	pos = *msgpos;
439 	rhdr = pos;
440 	pos += TLS_RECORD_HEADER_LEN;
443 	hs_start = pos;
445 	*pos++ = TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY;
447 	hs_length = pos;
448 	pos += 3;
550 		*pos++ = TLS_HASH_ALG_SHA256;
551 		*pos++ = TLS_SIGN_ALG_RSA;
566 	signed_start = pos; /* length to be filled */
567 	pos += 2;
568 	clen = end - pos;
571 					  pos, &clen) < 0) {
579 	pos += clen;
581 	WPA_PUT_BE24(hs_length, pos - hs_length - 3);
584 			      rhdr, end - rhdr, hs_start, pos - hs_start,
591 	pos = rhdr + rlen;
593 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
595 	*msgpos = pos;
637 	u8 *pos, *hs_start;
701 	pos = hs_start = verify_data;
703 	*pos++ = TLS_HANDSHAKE_TYPE_FINISHED;
705 	WPA_PUT_BE24(pos, TLS_VERIFY_DATA_LEN);
706 	pos += 3;
707 	pos += TLS_VERIFY_DATA_LEN; /* verify_data already in place */
708 	tls_verify_hash_add(&conn->verify, hs_start, pos - hs_start);
711 			      *msgpos, end - *msgpos, hs_start, pos - hs_start,
728 	u8 *msg, *end, *pos;
741 	pos = msg;
745 		if (tls_write_client_certificate(conn, &pos, end) < 0) {
751 	if (tls_write_client_key_exchange(conn, &pos, end) < 0 ||
753 	     tls_write_client_certificate_verify(conn, &pos, end) < 0) ||
754 	    tls_write_client_change_cipher_spec(conn, &pos, end) < 0 ||
755 	    tls_write_client_finished(conn, &pos, end) < 0) {
760 	*out_len = pos - msg;
771 	u8 *msg, *end, *pos;
779 	pos = msg;
782 	if (tls_write_client_change_cipher_spec(conn, &pos, end) < 0 ||
783 	    tls_write_client_finished(conn, &pos, end) < 0) {
788 	*out_len = pos - msg;
827 	u8 *alert, *pos, *length;
836 	pos = alert;
840 	*pos++ = TLS_CONTENT_TYPE_ALERT;
842 	WPA_PUT_BE16(pos, conn->rl.tls_version ? conn->rl.tls_version :
844 	pos += 2;
846 	length = pos;
847 	pos += 2;
852 	*pos++ = level;
854 	*pos++ = description;
856 	WPA_PUT_BE16(length, pos - length - 2);
857 	*out_len = pos - alert;

Indexes created Sun Aug 18 21:54:11 MDT 2024